Aller au contenu

Kana

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    5

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Kana

  1. Kana
    OK c'est que sa a marché alors. Par contre j'ai des fichiers système qui se sont ajouter a C:\ après que j'ai utiliser ComboFix c'est normal ? oO Les fichiers sont :: autoexec.bat bootmgr config.sys hiberfil.sys IO.SYS MSDOQ.SYS pagefile.sys Je ne sais pas si c'est des copies ou pas j'ai préféré rien toucher.
  2. Kana
    Voilà le 2ème rapport en entier :: ComboFix 09-08-10.06 - Adrien 13/08/2009 14:28.3.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2002 [GMT 2:00] Running from: c:\users\Adrien\Downloads\ComboFix.exe Command switches used :: c:\users\Adrien\Desktop\CFScript.txt SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\program files\AskBarDis\bar\bin\askBar.dll" "c:\program files\AskBarDis\bar\bin\AskService.exe" "c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe" "c:\program files\Bonjour\mDNSResponder.exe" "c:\windows\system32\GameMon.des" . ADS - system32: deleted 12 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\AskBarDis\bar\bin\askBar.dll c:\program files\AskBarDis\bar\bin\AskService.exe c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\GameMon.des . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Bonjour Service -------\Service_npggsvc -------\Service_ASKService -------\Service_ASKUpgrade ((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 ))))))))))))))))))))))))))))))) . 2009-08-13 12:35 . 2009-08-13 22:08 -------- d-----w- c:\users\Adrien\AppData\Local\temp 2009-08-13 12:35 . 2009-08-13 12:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-08-12 21:28 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll 2009-08-12 21:28 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-08-12 21:27 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-08-12 21:27 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-08-12 21:27 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-08-12 21:27 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-08-12 21:27 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-08-12 21:27 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-08-10 20:09 . 2009-08-11 10:15 -------- d-----w- c:\program files\gPotato.eu 2009-08-10 15:32 . 2009-08-10 16:39 -------- d-----w- c:\users\Adrien\AppData\Roaming\Hamachi 2009-08-10 15:32 . 2009-08-10 15:32 -------- d-----w- c:\program files\Hamachi 2009-08-10 15:32 . 2009-08-10 15:32 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2009-08-02 22:54 . 2009-08-02 23:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-08-02 22:54 . 2009-08-02 22:54 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-01 13:27 . 2009-08-01 13:27 422 ----a-w- c:\users\Adrien\AppData\Roaming\Azureus\mario.exe 2009-08-01 13:27 . 2009-08-01 13:27 16141 ----a-w- c:\users\Adrien\AppData\Roaming\CyberLink\flamiks32.exe 2009-08-01 13:27 . 2009-08-01 13:27 145131 ----a-w- c:\users\Adrien\AppData\Roaming\Bioshock\pingo.dll 2009-08-01 13:27 . 2009-08-01 13:27 13221 ----a-w- c:\users\Adrien\AppData\Roaming\Apple Computer\xl12.exe 2009-08-01 13:27 . 2009-08-01 13:27 11232 ----a-w- c:\users\Adrien\AppData\Roaming\Adobe\norigami.dll 2009-07-16 17:10 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-07-16 17:10 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-07-16 17:10 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-07-16 17:10 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-13 12:34 . 2008-10-18 14:55 -------- d-----w- c:\program files\Bonjour 2009-08-13 12:14 . 2008-07-31 16:00 27430 ----a-w- c:\users\Adrien\AppData\Roaming\nvModes.dat 2009-08-13 12:06 . 2008-08-03 20:16 -------- d-----w- c:\program files\Steam 2009-08-13 11:38 . 2008-08-03 20:16 -------- d-----w- c:\program files\Common Files\Steam 2009-08-13 00:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-08-12 21:20 . 2008-09-04 17:01 -------- d-----w- c:\programdata\Google Updater 2009-08-11 08:53 . 2008-02-22 22:20 669566 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-11 08:53 . 2008-02-22 22:20 123556 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-10 18:07 . 2008-02-22 14:21 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-03 20:40 . 2009-03-29 13:40 -------- d-----w- c:\users\Adrien\AppData\Roaming\Mumble 2009-08-03 20:38 . 2009-01-05 20:17 -------- d-----w- c:\users\Adrien\AppData\Roaming\Skype 2009-08-01 13:27 . 2009-06-15 17:20 -------- d-----w- c:\users\Adrien\AppData\Roaming\Bioshock 2009-08-01 13:27 . 2009-05-04 07:53 -------- d-----w- c:\users\Adrien\AppData\Roaming\Azureus 2009-08-01 13:27 . 2008-09-01 18:21 -------- d-----w- c:\users\Adrien\AppData\Roaming\Apple Computer 2009-08-01 13:27 . 2008-08-01 15:13 -------- d-----w- c:\users\Adrien\AppData\Roaming\CyberLink 2009-07-18 16:06 . 2009-07-29 09:56 827904 ----a-w- c:\windows\system32\wininet.dll 2009-07-18 16:01 . 2009-07-29 09:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-07-18 09:46 . 2009-07-29 09:56 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-09 21:13 . 2009-01-11 20:58 -------- d-----w- c:\users\Adrien\AppData\Roaming\teamspeak2 2009-06-30 13:36 . 2009-07-23 14:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe 2009-06-30 13:10 . 2009-07-23 14:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe 2009-06-30 13:03 . 2009-07-23 14:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe 2009-06-30 10:44 . 2009-07-23 14:50 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe 2009-06-26 16:36 . 2009-07-23 14:50 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe 2009-06-22 13:04 . 2008-07-31 16:29 -------- d-----w- c:\program files\Windows Live 2009-06-22 13:03 . 2009-06-22 13:03 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-06-22 13:01 . 2009-06-22 13:01 -------- d-----w- c:\program files\Microsoft 2009-06-22 13:00 . 2009-06-22 13:00 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-06-22 12:54 . 2009-06-22 12:54 -------- d-----w- c:\program files\Common Files\Windows Live 2009-06-18 06:25 . 2009-06-18 06:25 -------- d-----w- c:\program files\Avira 2009-06-18 06:25 . 2009-05-18 13:30 -------- d-----w- c:\programdata\Avira 2009-06-10 08:56 . 2009-06-10 08:56 1878984 ----a-w- c:\users\Adrien\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-06-06 13:38 . 2009-06-06 13:38 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2009-06-05 17:25 . 2009-06-05 17:11 21840 ----atw- c:\windows\system32\SIntfNT.dll 2009-06-05 17:25 . 2009-06-05 17:11 17212 ----atw- c:\windows\system32\SIntf32.dll 2009-06-05 17:25 . 2009-06-05 17:11 12067 ----atw- c:\windows\system32\SIntf16.dll 2009-06-05 17:23 . 2009-06-05 17:23 0 ----a-w- c:\windows\nsreg.dat 2009-06-03 09:04 . 2008-07-31 11:01 89912 ----a-w- c:\users\Adrien\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-03 07:33 . 2009-06-03 07:32 15190152 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\fr\Installers\SetupGamesClient.exe 2009-05-26 09:19 . 2009-05-26 09:19 1 ----a-w- c:\users\Adrien\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-05-26 09:11 . 2008-09-16 16:28 1 ----a-w- c:\users\Adrien\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2008-02-22 22:54 . 2008-02-22 22:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((( SnapShot@2009-08-03_11.10.28 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-12 21:28 . 2009-06-10 11:44 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msvidc32.dll + 2009-08-12 21:28 . 2009-06-10 11:44 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msrle32.dll + 2009-08-12 21:28 . 2009-06-10 11:44 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\mciavi32.dll + 2009-08-12 21:28 . 2009-06-10 11:42 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\avifil32.dll + 2009-08-12 21:28 . 2009-06-10 11:42 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\avicap32.dll + 2008-09-20 14:16 . 2008-01-19 07:35 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvidc32.dll + 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msrle32.dll + 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\mciavi32.dll + 2009-08-12 21:28 . 2009-06-10 11:38 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\avifil32.dll + 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\avicap32.dll + 2009-08-12 21:28 . 2009-06-10 11:58 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msvidc32.dll + 2009-08-12 21:28 . 2009-06-10 11:57 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msrle32.dll + 2009-08-12 21:28 . 2009-06-10 11:56 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\mciavi32.dll + 2009-08-12 21:28 . 2009-06-10 11:52 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\avifil32.dll + 2009-08-12 21:28 . 2009-06-10 11:52 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\avicap32.dll + 2008-09-20 14:16 . 2008-01-19 07:35 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvidc32.dll + 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msrle32.dll + 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\mciavi32.dll + 2009-08-12 21:28 . 2009-06-10 12:07 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\avifil32.dll + 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\avicap32.dll + 2009-08-12 21:28 . 2009-06-10 12:03 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msvidc32.dll + 2009-08-12 21:27 . 2009-06-10 12:03 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msrle32.dll + 2009-08-12 21:28 . 2009-06-10 12:00 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\mciavi32.dll + 2009-08-12 21:28 . 2009-06-10 11:57 88576 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\avifil32.dll + 2009-08-12 21:28 . 2009-06-10 11:57 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\avicap32.dll + 2009-08-12 21:27 . 2009-06-10 12:10 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msvidc32.dll + 2009-08-12 21:27 . 2009-06-10 12:09 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msrle32.dll + 2009-08-12 21:28 . 2009-06-10 12:07 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\mciavi32.dll + 2009-08-12 21:28 . 2009-06-10 12:04 88576 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\avifil32.dll + 2009-08-12 21:28 . 2009-06-10 12:04 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\avicap32.dll + 2009-08-12 21:27 . 2009-06-04 10:52 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\tsgqec.dll + 2009-08-12 21:27 . 2009-04-11 06:28 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\tsgqec.dll + 2009-08-12 21:27 . 2009-06-04 12:35 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\tsgqec.dll + 2008-09-20 14:18 . 2008-01-19 07:36 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\tsgqec.dll + 2009-08-12 21:27 . 2009-06-04 12:34 36352 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\tsgqec.dll + 2009-08-12 21:27 . 2009-06-04 12:47 36352 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\tsgqec.dll + 2009-08-12 21:28 . 2009-07-17 14:15 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.22179_none_ad4da751702700f0\atl.dll + 2009-08-12 21:28 . 2009-07-17 13:54 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.18070_none_acbb07ec57117d17\atl.dll + 2009-08-12 21:28 . 2009-07-17 14:24 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.22474_none_ab6233f773052d19\atl.dll + 2009-08-12 21:28 . 2009-07-17 14:35 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f52459f8aeb3\atl.dll + 2009-08-12 21:28 . 2009-07-17 14:39 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.21088_none_a974fcc975e35390\atl.dll + 2009-08-12 21:28 . 2009-07-17 14:52 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db\atl.dll + 2008-02-22 14:17 . 2009-08-13 09:44 60116 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-08-13 09:44 93692 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-07-31 10:49 . 2009-08-13 09:44 13252 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-442295509-33632100-3987800110-1000_UserData.bin - 2008-07-31 10:49 . 2009-08-03 11:10 13252 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-442295509-33632100-3987800110-1000_UserData.bin + 2008-07-31 10:29 . 2009-08-13 21:19 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-07-31 10:29 . 2009-08-03 11:08 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-07-31 10:29 . 2009-08-03 11:08 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-07-31 10:29 . 2009-08-13 21:19 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-08-12 21:27 . 2009-07-15 12:46 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\spwmp.dll + 2009-08-12 21:27 . 2009-07-15 12:46 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\dxmasf.dll + 2009-08-12 21:27 . 2009-07-15 12:39 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\spwmp.dll + 2009-08-12 21:27 . 2009-07-15 12:39 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\dxmasf.dll + 2009-08-12 21:27 . 2009-07-15 14:51 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\spwmp.dll + 2009-08-12 21:27 . 2009-07-15 14:51 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\dxmasf.dll + 2009-08-12 21:27 . 2009-07-14 12:58 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\spwmp.dll + 2009-08-12 21:27 . 2009-07-14 12:59 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\dxmasf.dll + 2009-08-12 21:27 . 2009-07-15 14:42 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\spwmp.dll + 2009-08-12 21:27 . 2009-07-15 14:43 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\dxmasf.dll + 2009-08-12 21:27 . 2009-07-14 13:00 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\spwmp.dll + 2009-08-12 21:27 . 2009-07-14 13:01 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\dxmasf.dll + 2009-08-13 12:37 . 2009-08-13 12:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-08-03 11:08 . 2009-08-03 11:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-08-13 12:37 . 2009-08-13 12:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-08-03 11:08 . 2009-08-03 11:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-08-12 21:27 . 2009-06-10 11:46 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6002.22150_none_ce741cb6ed3e398c\wkssvc.dll + 2009-08-12 21:27 . 2009-06-10 11:42 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6002.18049_none_cdfe5271d41061e0\wkssvc.dll + 2009-08-12 21:27 . 2009-06-10 12:00 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.22447_none_cc9f7cc0f00979d8\wkssvc.dll + 2009-08-12 21:27 . 2009-06-10 12:12 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.18270_none_cbee6c45d70a7f59\wkssvc.dll + 2009-08-12 21:27 . 2009-06-10 12:06 158208 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6000.21065_none_caa173eaf2f52436\wkssvc.dll + 2009-08-12 21:27 . 2009-06-10 12:16 156160 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6000.16868_none_ca1affdbd9d49d2f\wkssvc.dll + 2009-08-12 21:28 . 2009-06-10 11:44 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msvfw32.dll + 2008-09-20 14:16 . 2008-01-19 07:35 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvfw32.dll + 2009-08-12 21:28 . 2009-06-10 11:58 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msvfw32.dll + 2008-09-20 14:16 . 2008-01-19 07:35 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvfw32.dll + 2009-08-12 21:28 . 2009-06-10 12:03 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msvfw32.dll + 2009-08-12 21:28 . 2009-06-10 12:10 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msvfw32.dll + 2009-08-12 21:27 . 2009-06-04 12:54 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\aaclient.dll + 2009-08-12 21:27 . 2009-04-11 06:28 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\aaclient.dll + 2009-08-12 21:27 . 2009-06-04 12:29 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\aaclient.dll + 2008-09-20 14:18 . 2008-01-19 07:33 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\aaclient.dll + 2009-08-12 21:27 . 2009-06-04 12:25 116736 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\aaclient.dll + 2009-08-12 21:27 . 2009-06-04 12:36 116736 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\aaclient.dll + 2009-08-12 21:27 . 2009-07-15 12:46 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.22172_none_a65e88df3e466bbf\wmpdxm.dll + 2009-08-12 21:27 . 2009-07-15 12:39 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.18065_none_a5e2bcde251dfc09\wmpdxm.dll + 2009-08-12 21:27 . 2009-07-15 14:52 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.22470_none_a47616634121e3ed\wmpdxm.dll + 2009-08-12 21:27 . 2009-07-14 13:00 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.18289_none_a3eaaa60280446fc\wmpdxm.dll + 2009-08-12 21:27 . 2009-07-15 14:44 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.21083_none_a287deeb4400f10d\wmpdxm.dll + 2009-08-12 21:27 . 2009-07-14 13:02 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.16885_none_a2006a922ae150af\wmpdxm.dll + 2009-08-12 21:27 . 2009-07-15 12:45 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpshare.exe + 2009-08-12 21:27 . 2009-07-15 12:46 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmplayer.exe + 2009-08-12 21:27 . 2009-07-15 12:46 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpconfig.exe + 2009-08-12 21:27 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpshare.exe + 2009-08-12 21:27 . 2009-07-15 12:39 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmplayer.exe + 2009-08-12 21:27 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpconfig.exe + 2009-08-12 21:27 . 2009-07-15 13:05 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpshare.exe + 2009-08-12 21:27 . 2009-07-15 13:06 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmplayer.exe + 2009-08-12 21:27 . 2009-07-15 13:06 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpconfig.exe + 2009-08-12 21:27 . 2009-07-14 10:58 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpshare.exe + 2009-08-12 21:27 . 2009-07-14 10:59 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmplayer.exe + 2009-08-12 21:27 . 2009-07-14 10:59 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpconfig.exe + 2009-08-12 21:27 . 2009-07-15 12:53 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpshare.exe + 2009-08-12 21:27 . 2009-07-15 12:53 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmplayer.exe + 2009-08-12 21:27 . 2009-07-15 12:53 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpconfig.exe + 2009-08-12 21:27 . 2009-07-14 11:10 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpshare.exe + 2009-08-12 21:27 . 2009-07-14 11:10 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe + 2009-08-12 21:27 . 2009-07-14 11:11 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpconfig.exe + 2006-11-02 10:33 . 2009-08-11 08:53 587178 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-08-03 10:57 587178 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2009-08-11 08:53 101250 c:\windows\System32\perfc009.dat - 2006-11-02 10:33 . 2009-08-03 10:57 101250 c:\windows\System32\perfc009.dat - 2008-07-31 10:29 . 2009-08-03 11:08 491520 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-07-31 10:29 . 2009-08-13 21:19 491520 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-08-13 12:35 . 2009-08-13 12:35 221184 c:\windows\ERDNT\subs\Users\00000002\ntuser.dat + 2009-08-13 12:35 . 2009-08-13 12:35 217088 c:\windows\ERDNT\subs\Users\00000001\ntuser.dat + 2009-08-12 21:27 . 2009-06-04 12:56 2067968 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\mstscax.dll + 2009-08-12 21:27 . 2009-06-04 12:07 2066432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\mstscax.dll + 2009-08-12 21:27 . 2009-06-04 12:33 2067968 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\mstscax.dll + 2009-08-12 21:27 . 2009-06-04 12:34 2066432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\mstscax.dll + 2009-08-12 21:27 . 2009-06-04 12:31 1874432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\mstscax.dll + 2009-08-12 21:27 . 2009-06-04 12:43 1871872 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\mstscax.dll + 2009-08-12 21:27 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22179_none_f4b581af81eee730\OESpamFilter.dat + 2009-08-12 21:27 . 2009-07-02 07:48 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18070_none_f422e24a68d96357\OESpamFilter.dat + 2009-08-12 21:27 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22474_none_f2ca0e5584cd1359\OESpamFilter.dat + 2009-08-12 21:27 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18293_none_f229cf826bc094f3\OESpamFilter.dat + 2009-08-12 21:27 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21088_none_f0dcd72787ab39d0\OESpamFilter.dat + 2009-08-12 21:27 . 2009-07-02 07:48 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16889_none_f05462846e8c801b\OESpamFilter.dat + 2009-08-12 21:27 . 2009-07-15 12:47 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmploc.DLL + 2009-08-12 21:27 . 2009-07-15 12:40 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmploc.DLL + 2009-08-12 21:27 . 2009-07-15 13:07 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmploc.DLL + 2009-08-12 21:27 . 2009-07-14 10:59 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmploc.DLL + 2009-08-12 21:27 . 2009-07-15 12:53 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmploc.DLL + 2009-08-12 21:27 . 2009-07-14 11:11 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmploc.DLL + 2006-11-02 10:22 . 2009-08-13 12:35 6332416 c:\windows\System32\SMI\Store\Machine\schema.dat + 2006-11-02 12:47 . 2009-08-13 09:40 2642640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat - 2006-11-02 12:47 . 2009-03-11 16:45 2642640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat + 2009-08-13 12:35 . 2009-08-13 12:35 3452928 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat + 2009-08-13 12:35 . 2009-08-13 12:35 6332416 c:\windows\ERDNT\subs\schema.dat + 2009-08-13 12:21 . 2009-08-13 12:27 6332416 c:\windows\ERDNT\Hiv-backup\schema.dat + 2009-08-12 21:27 . 2009-07-15 14:36 10628096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmp.dll + 2009-08-12 21:27 . 2009-07-15 14:30 10628096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmp.dll + 2009-08-12 21:27 . 2009-07-15 14:52 10627584 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmp.dll + 2009-08-12 21:27 . 2009-07-14 13:00 10626048 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmp.dll + 2009-08-12 21:27 . 2009-07-15 14:44 10622464 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmp.dll + 2009-08-12 21:27 . 2009-07-14 13:02 10621952 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmp.dll + 2009-08-12 21:27 . 2009-07-14 13:00 10626048 c:\windows\System32\wmp.dll + 2006-11-02 10:24 . 2009-07-30 00:49 24281536 c:\windows\System32\mrt.exe + 2009-08-13 12:35 . 2009-08-13 12:35 15867904 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat + 2009-05-05 21:15 . 2009-08-12 21:27 103969935 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-04 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] c:\users\Adrien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{BC064E70-32DE-4DB1-BF5F-0E8A1F5BB8E9}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{F7FF614E-A0A2-47BB-8B48-0AEEF5D2D326}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{46218270-9523-4EB1-A9B5-C7BC53FDFF8E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{85F3E4A2-15C8-41EC-92BB-340AF7B1161B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B59C9D50-D069-464B-9354-E0E731DB870A}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{46E8AB0F-BCFE-4DDA-B663-5AD0041973C0}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{EEF84569-4930-401D-B0BA-B50044F6776D}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "TCP Query User{E81079F9-5FA8-416C-8A9A-4901872A77BD}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader> "UDP Query User{815096EF-EF25-4C0B-9B04-D62D33F8E130}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader> "TCP Query User{C5AB275C-E663-4C04-A450-48DC8BC9AF71}c:\\ijji\\english\\gunz\\gunz.exe"= UDP:c:\ijji\english\gunz\gunz.exe:Gunz "UDP Query User{704029B8-5CAB-41ED-A007-F512AC11D94B}c:\\ijji\\english\\gunz\\gunz.exe"= TCP:c:\ijji\english\gunz\gunz.exe:Gunz "TCP Query User{72FF5E10-F162-4EAB-8583-88BEBEF376BD}c:\\rohan\\rohanclient.exe"= UDP:c:\rohan\rohanclient.exe:Rohan Online Game "UDP Query User{D441AD18-A320-4A1A-92EF-30916DB60741}c:\\rohan\\rohanclient.exe"= TCP:c:\rohan\rohanclient.exe:Rohan Online Game "TCP Query User{314CE429-B838-40EB-9C8E-A10B43FA82A7}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader> "UDP Query User{341FA58D-79EE-40BB-AB4B-46E909101D4B}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader> "TCP Query User{6955AB7D-E15B-494A-8C7B-69D3E7B2F06A}c:\\rohan\\rohanclient.exe"= UDP:c:\rohan\rohanclient.exe:Rohan Online Game "UDP Query User{76F2C442-8746-44FE-B87B-C42138AC82CE}c:\\rohan\\rohanclient.exe"= TCP:c:\rohan\rohanclient.exe:Rohan Online Game "TCP Query User{D5A41E45-001E-4223-9E2E-D633A304D942}c:\\ijji\\english\\gunz\\gunz.exe"= UDP:c:\ijji\english\gunz\gunz.exe:Gunz "UDP Query User{B605508C-90B8-4C29-91F1-18486D10B72D}c:\\ijji\\english\\gunz\\gunz.exe"= TCP:c:\ijji\english\gunz\gunz.exe:Gunz "TCP Query User{9F8A8F35-0D65-48DE-A1AE-CE32FBA235C2}c:\\program files\\steam\\steamapps\\kana299\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\kana299\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{8EEC0520-F938-4477-824A-BDF28BE9B8F8}c:\\program files\\steam\\steamapps\\kana299\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\kana299\counter-strike\hl.exe:Half-Life Launcher "TCP Query User{20F8F3DE-F455-4E16-801E-1FF44D29488C}c:\\program files\\steam\\steamapps\\kana299\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\kana299\counter-strike source\hl2.exe:hl2 "UDP Query User{EA9BCF5A-F801-40E0-A668-CB2743F6AFD0}c:\\program files\\steam\\steamapps\\kana299\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\kana299\counter-strike source\hl2.exe:hl2 "TCP Query User{7F82B11A-DBF1-4EF2-84B6-571E26953509}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{DA74D705-E420-46C7-B41A-745B875BEB45}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "{9467E63C-E957-42E4-9DB4-3D991ADC73AE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{C430FCD6-D246-455E-B11B-71D47863AE6A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{90D8609D-8E07-4978-AD2F-DDDFB5A5E769}c:\\users\\adrien\\desktop\\quake iii\\quake3.exe"= UDP:c:\users\adrien\desktop\quake iii\quake3.exe:quake3.exe "UDP Query User{6DE8BA7F-AF26-4103-9144-A6B085952A86}c:\\users\\adrien\\desktop\\quake iii\\quake3.exe"= TCP:c:\users\adrien\desktop\quake iii\quake3.exe:quake3.exe "{F6AFE5EB-381C-44FC-98AD-0920A3431301}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{FA926E32-48A3-407A-9381-41B34E10E903}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{01BC6BD1-890F-40DA-9CFE-62394F7ABA32}c:\\ijji\\english\\u_sf.exe"= UDP:c:\ijji\english\u_sf.exe:<ijji Downloader> "UDP Query User{B87D6FE5-525D-4BBD-B789-6E970A27B321}c:\\ijji\\english\\u_sf.exe"= TCP:c:\ijji\english\u_sf.exe:<ijji Downloader> "TCP Query User{6E012D25-519B-4701-91E6-319D276D8563}c:\\ijji\\english\\u_sf\\soldierfront.exe"= UDP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront "UDP Query User{3685066D-5E5C-439B-B632-348C6542B6F8}c:\\ijji\\english\\u_sf\\soldierfront.exe"= TCP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront "{DC81F1DA-11A5-4FA2-A5B2-7FC7F423C004}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{7ED57C19-A4C5-43D8-A8CA-C24919871E7F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{09C9CD8F-3731-4889-91CA-E667F4F8B794}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet "UDP Query User{6B9731BE-1C4B-4879-B2AF-32865A663B7E}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet "TCP Query User{51F4D2D7-39B0-4772-9866-7665A6D667A7}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet "UDP Query User{C8245F77-0609-4888-9959-52582172D18F}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet "TCP Query User{8468EFDD-4F11-498D-81B0-3F2B686F9D22}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher "UDP Query User{09A98941-A965-4D4F-AB2A-E393D00424E6}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher "TCP Query User{FAE544A5-5A2E-4F29-8A6F-4AFED6BA2C13}c:\\users\\adrien\\desktop\\quake iii\\openarena-0.8.1\\openarena.exe"= UDP:c:\users\adrien\desktop\quake iii\openarena-0.8.1\openarena.exe:openarena.exe "UDP Query User{0ECEAACD-266B-476E-AB3B-36371E037106}c:\\users\\adrien\\desktop\\quake iii\\openarena-0.8.1\\openarena.exe"= TCP:c:\users\adrien\desktop\quake iii\openarena-0.8.1\openarena.exe:openarena.exe "{03D5C0D1-597B-4BBD-AC17-C7EF6C3ED147}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{5D1EBBDF-84E7-4C54-A61D-C68FA54236BF}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC "UDP Query User{D1C83354-4798-4197-A0E7-7CA7DC9EF77A}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC "{D523567B-9628-4A3C-96A2-562EF93D729C}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box "{F57FAE58-81EC-423B-90AC-36EA5CA72CCA}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box "{01AB1E89-272E-48EB-96D2-46FE47DB0062}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box "{07C65317-C2D6-4176-8404-01F864E0BAD1}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box "{A90FDDF1-8D9A-495E-9F46-7249E5DDF075}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box "{F36DA6C1-FD0C-46CB-B2A6-5D29E58A4CC2}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box "TCP Query User{22E44081-FCFA-4578-AF93-065BB0B8E00C}c:\\xampplite\\apache\\bin\\apache.exe"= UDP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server "UDP Query User{AD8E2071-93A4-40A8-96F5-2C0D73929B2D}c:\\xampplite\\apache\\bin\\apache.exe"= TCP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server "TCP Query User{C9052E50-9568-43E3-AEE8-AC96DDB6CFD9}c:\\xampplite\\mysql\\bin\\mysqld.exe"= UDP:c:\xampplite\mysql\bin\mysqld.exe:mysqld "UDP Query User{F173C1C4-C70D-4022-91F2-5DFE3A02DA05}c:\\xampplite\\mysql\\bin\\mysqld.exe"= TCP:c:\xampplite\mysql\bin\mysqld.exe:mysqld "TCP Query User{792FC590-D8B9-4B0C-B911-D14BA470967C}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "UDP Query User{4A4A96DD-5B71-417F-B532-C6EEBF5A145E}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "{8345EAFD-9FA6-469C-B69C-DCD5528F88E3}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{D9134F82-4EE4-45E3-A164-3369D6E59501}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "TCP Query User{A2D3B39A-2A30-4072-BA05-17A61203EB3B}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= UDP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta "UDP Query User{F51EFE5B-C911-4EE7-951E-0E0A52BE3B27}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= TCP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta "{FEE24400-0EB8-41AB-86AE-8DC4E4155818}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{53E4A263-1A59-4DB8-A79B-F883CC941C71}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{DC1416BB-16B3-444B-A29E-AEE39695E32F}c:\\xampplite\\apache\\bin\\apache.exe"= UDP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server "UDP Query User{59E47160-C419-4B11-A9C4-BE778AD1561D}c:\\xampplite\\apache\\bin\\apache.exe"= TCP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server "TCP Query User{0E1A9A7C-53FB-4242-B5F2-4913C0E0E01C}c:\\xampplite\\mysql\\bin\\mysqld.exe"= UDP:c:\xampplite\mysql\bin\mysqld.exe:mysqld "UDP Query User{B230D41D-8C2C-4F8B-AF9A-5181E90B9AF5}c:\\xampplite\\mysql\\bin\\mysqld.exe"= TCP:c:\xampplite\mysql\bin\mysqld.exe:mysqld "{2F9DA5ED-7ED7-4330-A696-4B13E3D12E8D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{CADEBB1A-E671-4FB7-B8BE-B14A41EDCEF5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{C1E11625-BCA4-4325-BAAE-DE9CD8890AAF}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{D1EF55DB-13FB-4B96-AAF9-E70F050F8661}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{8CF646F4-A40F-4CFB-9797-2799C100063B}c:\\program files\\easymule\\emule.exe"= UDP:c:\program files\easymule\emule.exe:easyMule "UDP Query User{F1060486-385A-4450-88E7-D0A40480C461}c:\\program files\\easymule\\emule.exe"= TCP:c:\program files\easymule\emule.exe:easyMule "TCP Query User{E2D53D45-348E-48A1-AB4F-C3F200459495}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= UDP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine "UDP Query User{0CA8F821-6D68-4097-A5EA-628373002FCF}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= TCP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine "TCP Query User{6213DE5A-3F12-4AEE-A58E-5013D62B880B}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{3162F6CD-AF85-45C5-9067-56944B7E2264}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "TCP Query User{770FC926-40D7-44A0-996A-8174F1CBFFCA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{C881DABA-9EA2-46F9-AF31-4739E1E86C58}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "TCP Query User{B4DA3868-7EB8-473E-AF2F-1E7A97B713BC}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "UDP Query User{5F24205E-2E84-456C-80D0-143B2FDAD802}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "{564BCBA4-3CD2-4FC9-97DA-2836B17F7D52}"= UDP:c:\program files\Pando Networks\Pando\pando.exe:Pando Application "{AAC8BBFF-891A-4C9F-A609-2192800AC054}"= TCP:c:\program files\Pando Networks\Pando\pando.exe:Pando Application "{E8D0688A-9FE9-4A25-BAC4-6E83560ECB8A}"= UDP:57243:Pando P2P TCP Listening Port "{3D7F9471-7145-4B42-9B79-1CA3A015A316}"= TCP:57243:Pando P2P UDP Listening Port "TCP Query User{643EB77F-3B01-4F7B-980D-8352AAB44EA2}c:\\users\\adrien\\games\\unreal tournament 3\\binaries\\ut3.exe"= UDP:c:\users\adrien\games\unreal tournament 3\binaries\ut3.exe:ut3.exe "UDP Query User{E8B7C6F3-EB18-48C2-9765-88E3F3B59A44}c:\\users\\adrien\\games\\unreal tournament 3\\binaries\\ut3.exe"= TCP:c:\users\adrien\games\unreal tournament 3\binaries\ut3.exe:ut3.exe "{265DA783-31A4-44BA-8B79-3AF715991B00}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [03/08/2009 00:54 1153368] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-08-13 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-04 17:43] 2009-08-12 c:\windows\Tasks\User_Feed_Synchronization-{AB5DEB27-85AF-4037-92B4-29575A3AE33B}.job - c:\windows\system32\msfeedssync.exe [2008-09-20 07:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Adrien\AppData\Roaming\Mozilla\Firefox\Profiles\aom3px09.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://google.com FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q= FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-14 00:07 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(5168) c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Avira\AntiVir Desktop\sched.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\System32\drivers\XAudio.exe c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe c:\program files\Hp\QuickPlay\Kernel\TV\QPSched.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\System32\conime.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\program files\Synaptics\SynTP\SynTPEnh.exe c:\windows\ehome\ehmsas.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-08-13 0:12 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-13 22:12 ComboFix2.txt 2009-08-03 11:19 Pre-Run: 68 750 970 880 octets libres Post-Run: 75 462 463 488 octets libres 499 --- E O F --- 2009-08-13 00:21
  3. Kana
  4. Kana
    Désolé de ne répondre que maintenant mais j'étais pas chez moi pendant quelques jours. Je viens de faire ce que tu ma dit voici le rapport :: ComboFix 09-08-10.06 - Adrien 13/08/2009 14:28.3.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2002 [GMT 2:00] Running from: c:\users\Adrien\Downloads\ComboFix.exe Command switches used :: c:\users\Adrien\Desktop\CFScript.txt SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\program files\AskBarDis\bar\bin\askBar.dll" "c:\program files\AskBarDis\bar\bin\AskService.exe" "c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe" "c:\program files\Bonjour\mDNSResponder.exe" "c:\windows\system32\GameMon.des" . ADS - system32: deleted 12 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\AskBarDis\bar\bin\askBar.dll c:\program files\AskBarDis\bar\bin\AskService.exe c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\GameMon.des . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Bonjour Service -------\Service_npggsvc -------\Service_ASKService -------\Service_ASKUpgrade
  5. Kana
    Bonjour, Alors, j'ai utiliser combofix recommandé par un ami car mon PC était infecté par un virus particulièrement coriace. J'ai fait tout comme il fallait et le virus a été supprimer. Par contre maintenant j'aurai besoin de quelqu'un qui puisse décrypter le rapport Combofix que je joint juste ici :: ComboFix 09-08-02.04 - Adrien 03/08/2009 12:59.1.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2033 [GMT 2:00] Running from: c:\users\Adrien\Desktop\ComboFix.exe SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1453765893-1662031185-888260578-500 c:\$recycle.bin\S-1-5-21-442295509-33632100-3987800110-500 c:\program files\IEToolbar c:\program files\IEToolbar\ECO Bar\basis.xml c:\program files\IEToolbar\ECO Bar\icons.bmp c:\program files\IEToolbar\ECO Bar\info.txt c:\program files\IEToolbar\ECO Bar\version.txt c:\program files\IEToolbar\ECO Bar\your_logo.png c:\program files\runit c:\program files\runit\config.txt c:\program files\Search Settings c:\program files\Search Settings\kb127\SearchSettings.dll c:\program files\Search Settings\kb127\SearchSettingsRes409.dll c:\program files\Search Settings\SearchSettings.exe c:\users\Adrien\AppData\Local\couuuws.dat c:\users\Adrien\AppData\Local\couuuws_nav.dat c:\users\Adrien\AppData\Local\couuuws_navps.dat c:\users\Adrien\AppData\Local\smage.dat c:\users\Adrien\AppData\Local\smage_nav.dat c:\users\Adrien\AppData\Local\smage_navps.dat c:\users\Adrien\AppData\Roaming\Google\dwms.exe c:\users\Adrien\AppData\Roaming\Google\Shell32.dll c:\windows\Installer\1f80d0.msi c:\windows\Installer\52617.msi c:\windows\system32\KBL.LOG c:\windows\system32\xxclnrqhkqwh.dll . ((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 ))))))))))))))))))))))))))))))) . 2009-08-02 22:54 . 2009-08-02 23:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-08-02 22:54 . 2009-08-02 22:54 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-01 13:27 . 2009-08-01 13:27 422 ----a-w- c:\users\Adrien\AppData\Roaming\Azureus\mario.exe 2009-08-01 13:27 . 2009-08-01 13:27 16141 ----a-w- c:\users\Adrien\AppData\Roaming\CyberLink\flamiks32.exe 2009-08-01 13:27 . 2009-08-01 13:27 145131 ----a-w- c:\users\Adrien\AppData\Roaming\Bioshock\pingo.dll 2009-08-01 13:27 . 2009-08-01 13:27 13221 ----a-w- c:\users\Adrien\AppData\Roaming\Apple Computer\xl12.exe 2009-08-01 13:27 . 2009-08-01 13:27 11232 ----a-w- c:\users\Adrien\AppData\Roaming\Adobe\norigami.dll 2009-07-16 17:10 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-07-16 17:10 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-07-16 17:10 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-07-16 17:10 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-03 11:15 . 2008-02-22 22:20 669566 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-03 11:15 . 2008-02-22 22:20 123556 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-03 10:55 . 2008-08-03 20:16 -------- d-----w- c:\program files\Steam 2009-08-03 00:48 . 2008-07-31 16:00 27430 ----a-w- c:\users\Adrien\AppData\Roaming\nvModes.dat 2009-08-02 21:30 . 2009-01-05 20:17 -------- d-----w- c:\users\Adrien\AppData\Roaming\Skype 2009-08-02 14:40 . 2008-09-04 17:01 -------- d-----w- c:\programdata\Google Updater 2009-08-01 13:27 . 2009-06-15 17:20 -------- d-----w- c:\users\Adrien\AppData\Roaming\Bioshock 2009-08-01 13:27 . 2009-05-04 07:53 -------- d-----w- c:\users\Adrien\AppData\Roaming\Azureus 2009-08-01 13:27 . 2008-09-01 18:21 -------- d-----w- c:\users\Adrien\AppData\Roaming\Apple Computer 2009-08-01 13:27 . 2008-08-01 15:13 -------- d-----w- c:\users\Adrien\AppData\Roaming\CyberLink 2009-07-28 13:34 . 2009-03-29 13:40 -------- d-----w- c:\users\Adrien\AppData\Roaming\Mumble 2009-07-18 16:06 . 2009-07-29 09:56 827904 ----a-w- c:\windows\system32\wininet.dll 2009-07-18 16:01 . 2009-07-29 09:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-07-18 09:46 . 2009-07-29 09:56 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-16 22:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-09 21:13 . 2009-01-11 20:58 -------- d-----w- c:\users\Adrien\AppData\Roaming\teamspeak2 2009-07-03 10:39 . 2008-08-03 20:16 -------- d-----w- c:\program files\Common Files\Steam 2009-06-30 13:36 . 2009-07-23 14:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe 2009-06-30 13:10 . 2009-07-23 14:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe 2009-06-30 13:03 . 2009-07-23 14:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe 2009-06-30 10:44 . 2009-07-23 14:50 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe 2009-06-28 18:01 . 2008-02-22 14:21 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-26 16:36 . 2009-07-23 14:50 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe 2009-06-22 13:04 . 2008-07-31 16:29 -------- d-----w- c:\program files\Windows Live 2009-06-22 13:03 . 2009-06-22 13:03 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-06-22 13:01 . 2009-06-22 13:01 -------- d-----w- c:\program files\Microsoft 2009-06-22 13:00 . 2009-06-22 13:00 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-06-22 12:54 . 2009-06-22 12:54 -------- d-----w- c:\program files\Common Files\Windows Live 2009-06-18 06:25 . 2009-06-18 06:25 -------- d-----w- c:\program files\Avira 2009-06-18 06:25 . 2009-05-18 13:30 -------- d-----w- c:\programdata\Avira 2009-06-11 20:53 . 2008-02-22 14:53 -------- d-----w- c:\program files\Microsoft Works 2009-06-11 20:52 . 2008-02-22 15:15 -------- d-----w- c:\programdata\Microsoft Help 2009-06-11 11:40 . 2009-06-11 11:40 -------- d-----w- c:\program files\Pando Networks 2009-06-10 16:42 . 2009-06-10 16:42 -------- d-----w- c:\programdata\Trymedia 2009-06-10 13:55 . 2009-06-10 13:55 -------- d-----w- c:\programdata\WindowsSearch 2009-06-10 08:56 . 2009-06-10 08:56 1878984 ----a-w- c:\users\Adrien\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-06-08 14:34 . 2009-06-08 14:31 -------- d-----w- c:\program files\CommViewWiFi 2009-06-08 14:18 . 2009-06-08 14:18 -------- d-----w- c:\users\Adrien\AppData\Roaming\Games 2009-06-08 08:25 . 2008-08-02 10:28 -------- d-----w- c:\users\Adrien\AppData\Roaming\LimeWire 2009-06-08 07:01 . 2009-06-08 06:47 27378 ----a-w- c:\windows\DIIUnin.dat 2009-06-08 06:47 . 2009-06-08 06:47 2829 ----a-w- c:\windows\DIIUnin.pif 2009-06-08 06:47 . 2009-06-08 06:47 94208 ----a-w- c:\windows\DIIUnin.exe 2009-06-07 17:30 . 2008-05-20 02:15 -------- d-----w- c:\programdata\WildTangent 2009-06-06 13:38 . 2009-06-06 13:38 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2009-06-05 17:25 . 2009-06-05 17:11 21840 ----atw- c:\windows\system32\SIntfNT.dll 2009-06-05 17:25 . 2009-06-05 17:11 17212 ----atw- c:\windows\system32\SIntf32.dll 2009-06-05 17:25 . 2009-06-05 17:11 12067 ----atw- c:\windows\system32\SIntf16.dll 2009-06-05 17:23 . 2009-06-05 17:23 0 ----a-w- c:\windows\nsreg.dat 2009-06-04 14:22 . 2008-02-22 14:17 -------- d-----w- c:\program files\Hewlett-Packard 2009-06-03 09:04 . 2008-07-31 11:01 89912 ----a-w- c:\users\Adrien\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-03 07:33 . 2009-06-03 07:32 15190152 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\fr\Installers\SetupGamesClient.exe 2009-05-26 09:19 . 2009-05-26 09:19 1 ----a-w- c:\users\Adrien\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-05-26 09:11 . 2008-09-16 16:28 1 ----a-w- c:\users\Adrien\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2009-05-08 19:13 . 2008-08-16 18:28 680 ----a-w- c:\users\Adrien\AppData\Local\d3d9caps.dat 2009-07-22 18:44 . 2008-11-13 18:04 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2008-02-22 22:54 . 2008-02-22 22:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-12-09 16:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-04 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] c:\users\Adrien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{BC064E70-32DE-4DB1-BF5F-0E8A1F5BB8E9}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{F7FF614E-A0A2-47BB-8B48-0AEEF5D2D326}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{46218270-9523-4EB1-A9B5-C7BC53FDFF8E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{85F3E4A2-15C8-41EC-92BB-340AF7B1161B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B59C9D50-D069-464B-9354-E0E731DB870A}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{46E8AB0F-BCFE-4DDA-B663-5AD0041973C0}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{EEF84569-4930-401D-B0BA-B50044F6776D}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "TCP Query User{E81079F9-5FA8-416C-8A9A-4901872A77BD}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader> "UDP Query User{815096EF-EF25-4C0B-9B04-D62D33F8E130}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader> "TCP Query User{C5AB275C-E663-4C04-A450-48DC8BC9AF71}c:\\ijji\\english\\gunz\\gunz.exe"= UDP:c:\ijji\english\gunz\gunz.exe:Gunz "UDP Query User{704029B8-5CAB-41ED-A007-F512AC11D94B}c:\\ijji\\english\\gunz\\gunz.exe"= TCP:c:\ijji\english\gunz\gunz.exe:Gunz "TCP Query User{72FF5E10-F162-4EAB-8583-88BEBEF376BD}c:\\rohan\\rohanclient.exe"= UDP:c:\rohan\rohanclient.exe:Rohan Online Game "UDP Query User{D441AD18-A320-4A1A-92EF-30916DB60741}c:\\rohan\\rohanclient.exe"= TCP:c:\rohan\rohanclient.exe:Rohan Online Game "TCP Query User{314CE429-B838-40EB-9C8E-A10B43FA82A7}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader> "UDP Query User{341FA58D-79EE-40BB-AB4B-46E909101D4B}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader> "TCP Query User{6955AB7D-E15B-494A-8C7B-69D3E7B2F06A}c:\\rohan\\rohanclient.exe"= UDP:c:\rohan\rohanclient.exe:Rohan Online Game "UDP Query User{76F2C442-8746-44FE-B87B-C42138AC82CE}c:\\rohan\\rohanclient.exe"= TCP:c:\rohan\rohanclient.exe:Rohan Online Game "TCP Query User{D5A41E45-001E-4223-9E2E-D633A304D942}c:\\ijji\\english\\gunz\\gunz.exe"= UDP:c:\ijji\english\gunz\gunz.exe:Gunz "UDP Query User{B605508C-90B8-4C29-91F1-18486D10B72D}c:\\ijji\\english\\gunz\\gunz.exe"= TCP:c:\ijji\english\gunz\gunz.exe:Gunz "TCP Query User{9F8A8F35-0D65-48DE-A1AE-CE32FBA235C2}c:\\program files\\steam\\steamapps\\kana299\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\kana299\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{8EEC0520-F938-4477-824A-BDF28BE9B8F8}c:\\program files\\steam\\steamapps\\kana299\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\kana299\counter-strike\hl.exe:Half-Life Launcher "TCP Query User{20F8F3DE-F455-4E16-801E-1FF44D29488C}c:\\program files\\steam\\steamapps\\kana299\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\kana299\counter-strike source\hl2.exe:hl2 "UDP Query User{EA9BCF5A-F801-40E0-A668-CB2743F6AFD0}c:\\program files\\steam\\steamapps\\kana299\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\kana299\counter-strike source\hl2.exe:hl2 "TCP Query User{7F82B11A-DBF1-4EF2-84B6-571E26953509}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{DA74D705-E420-46C7-B41A-745B875BEB45}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "{9467E63C-E957-42E4-9DB4-3D991ADC73AE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{C430FCD6-D246-455E-B11B-71D47863AE6A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{90D8609D-8E07-4978-AD2F-DDDFB5A5E769}c:\\users\\adrien\\desktop\\quake iii\\quake3.exe"= UDP:c:\users\adrien\desktop\quake iii\quake3.exe:quake3.exe "UDP Query User{6DE8BA7F-AF26-4103-9144-A6B085952A86}c:\\users\\adrien\\desktop\\quake iii\\quake3.exe"= TCP:c:\users\adrien\desktop\quake iii\quake3.exe:quake3.exe "{F6AFE5EB-381C-44FC-98AD-0920A3431301}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{FA926E32-48A3-407A-9381-41B34E10E903}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{01BC6BD1-890F-40DA-9CFE-62394F7ABA32}c:\\ijji\\english\\u_sf.exe"= UDP:c:\ijji\english\u_sf.exe:<ijji Downloader> "UDP Query User{B87D6FE5-525D-4BBD-B789-6E970A27B321}c:\\ijji\\english\\u_sf.exe"= TCP:c:\ijji\english\u_sf.exe:<ijji Downloader> "TCP Query User{6E012D25-519B-4701-91E6-319D276D8563}c:\\ijji\\english\\u_sf\\soldierfront.exe"= UDP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront "UDP Query User{3685066D-5E5C-439B-B632-348C6542B6F8}c:\\ijji\\english\\u_sf\\soldierfront.exe"= TCP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront "{DC81F1DA-11A5-4FA2-A5B2-7FC7F423C004}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{7ED57C19-A4C5-43D8-A8CA-C24919871E7F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{09C9CD8F-3731-4889-91CA-E667F4F8B794}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet "UDP Query User{6B9731BE-1C4B-4879-B2AF-32865A663B7E}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet "TCP Query User{51F4D2D7-39B0-4772-9866-7665A6D667A7}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet "UDP Query User{C8245F77-0609-4888-9959-52582172D18F}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet "TCP Query User{8468EFDD-4F11-498D-81B0-3F2B686F9D22}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher "UDP Query User{09A98941-A965-4D4F-AB2A-E393D00424E6}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher "TCP Query User{FAE544A5-5A2E-4F29-8A6F-4AFED6BA2C13}c:\\users\\adrien\\desktop\\quake iii\\openarena-0.8.1\\openarena.exe"= UDP:c:\users\adrien\desktop\quake iii\openarena-0.8.1\openarena.exe:openarena.exe "UDP Query User{0ECEAACD-266B-476E-AB3B-36371E037106}c:\\users\\adrien\\desktop\\quake iii\\openarena-0.8.1\\openarena.exe"= TCP:c:\users\adrien\desktop\quake iii\openarena-0.8.1\openarena.exe:openarena.exe "{03D5C0D1-597B-4BBD-AC17-C7EF6C3ED147}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{5D1EBBDF-84E7-4C54-A61D-C68FA54236BF}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC "UDP Query User{D1C83354-4798-4197-A0E7-7CA7DC9EF77A}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC "{D523567B-9628-4A3C-96A2-562EF93D729C}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box "{F57FAE58-81EC-423B-90AC-36EA5CA72CCA}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box "{01AB1E89-272E-48EB-96D2-46FE47DB0062}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box "{07C65317-C2D6-4176-8404-01F864E0BAD1}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box "{A90FDDF1-8D9A-495E-9F46-7249E5DDF075}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box "{F36DA6C1-FD0C-46CB-B2A6-5D29E58A4CC2}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box "{2F7A76AA-F5DB-410C-8751-4EA182627EFA}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box "{16EF196A-6807-4617-8D0F-9C4B8F9151DF}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box "{5F5D2093-B972-4E4B-9C6D-D59112986595}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box "{4EE8B531-6E81-4292-AF83-196821576166}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box "{6F75987A-21E5-4F02-8324-2A0BD9ACE181}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box "{C454B2F2-D2B7-4BAE-8E0E-93248152B197}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box "TCP Query User{22E44081-FCFA-4578-AF93-065BB0B8E00C}c:\\xampplite\\apache\\bin\\apache.exe"= UDP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server "UDP Query User{AD8E2071-93A4-40A8-96F5-2C0D73929B2D}c:\\xampplite\\apache\\bin\\apache.exe"= TCP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server "TCP Query User{C9052E50-9568-43E3-AEE8-AC96DDB6CFD9}c:\\xampplite\\mysql\\bin\\mysqld.exe"= UDP:c:\xampplite\mysql\bin\mysqld.exe:mysqld "UDP Query User{F173C1C4-C70D-4022-91F2-5DFE3A02DA05}c:\\xampplite\\mysql\\bin\\mysqld.exe"= TCP:c:\xampplite\mysql\bin\mysqld.exe:mysqld "TCP Query User{792FC590-D8B9-4B0C-B911-D14BA470967C}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "UDP Query User{4A4A96DD-5B71-417F-B532-C6EEBF5A145E}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "{8345EAFD-9FA6-469C-B69C-DCD5528F88E3}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{D9134F82-4EE4-45E3-A164-3369D6E59501}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "TCP Query User{A2D3B39A-2A30-4072-BA05-17A61203EB3B}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= UDP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta "UDP Query User{F51EFE5B-C911-4EE7-951E-0E0A52BE3B27}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= TCP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta "{FEE24400-0EB8-41AB-86AE-8DC4E4155818}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{53E4A263-1A59-4DB8-A79B-F883CC941C71}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{DC1416BB-16B3-444B-A29E-AEE39695E32F}c:\\xampplite\\apache\\bin\\apache.exe"= UDP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server "UDP Query User{59E47160-C419-4B11-A9C4-BE778AD1561D}c:\\xampplite\\apache\\bin\\apache.exe"= TCP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server "TCP Query User{0E1A9A7C-53FB-4242-B5F2-4913C0E0E01C}c:\\xampplite\\mysql\\bin\\mysqld.exe"= UDP:c:\xampplite\mysql\bin\mysqld.exe:mysqld "UDP Query User{B230D41D-8C2C-4F8B-AF9A-5181E90B9AF5}c:\\xampplite\\mysql\\bin\\mysqld.exe"= TCP:c:\xampplite\mysql\bin\mysqld.exe:mysqld "{2F9DA5ED-7ED7-4330-A696-4B13E3D12E8D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{CADEBB1A-E671-4FB7-B8BE-B14A41EDCEF5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{C1E11625-BCA4-4325-BAAE-DE9CD8890AAF}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{D1EF55DB-13FB-4B96-AAF9-E70F050F8661}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{8CF646F4-A40F-4CFB-9797-2799C100063B}c:\\program files\\easymule\\emule.exe"= UDP:c:\program files\easymule\emule.exe:easyMule "UDP Query User{F1060486-385A-4450-88E7-D0A40480C461}c:\\program files\\easymule\\emule.exe"= TCP:c:\program files\easymule\emule.exe:easyMule "TCP Query User{E2D53D45-348E-48A1-AB4F-C3F200459495}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= UDP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine "UDP Query User{0CA8F821-6D68-4097-A5EA-628373002FCF}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= TCP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine "TCP Query User{6213DE5A-3F12-4AEE-A58E-5013D62B880B}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{3162F6CD-AF85-45C5-9067-56944B7E2264}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "TCP Query User{770FC926-40D7-44A0-996A-8174F1CBFFCA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{C881DABA-9EA2-46F9-AF31-4739E1E86C58}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "TCP Query User{B4DA3868-7EB8-473E-AF2F-1E7A97B713BC}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "UDP Query User{5F24205E-2E84-456C-80D0-143B2FDAD802}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "{564BCBA4-3CD2-4FC9-97DA-2836B17F7D52}"= UDP:c:\program files\Pando Networks\Pando\pando.exe:Pando Application "{AAC8BBFF-891A-4C9F-A609-2192800AC054}"= TCP:c:\program files\Pando Networks\Pando\pando.exe:Pando Application "{E8D0688A-9FE9-4A25-BAC4-6E83560ECB8A}"= UDP:57243:Pando P2P TCP Listening Port "{3D7F9471-7145-4B42-9B79-1CA3A015A316}"= TCP:57243:Pando P2P UDP Listening Port "TCP Query User{643EB77F-3B01-4F7B-980D-8352AAB44EA2}c:\\users\\adrien\\games\\unreal tournament 3\\binaries\\ut3.exe"= UDP:c:\users\adrien\games\unreal tournament 3\binaries\ut3.exe:ut3.exe "UDP Query User{E8B7C6F3-EB18-48C2-9765-88E3F3B59A44}c:\\users\\adrien\\games\\unreal tournament 3\\binaries\\ut3.exe"= TCP:c:\users\adrien\games\unreal tournament 3\binaries\ut3.exe:ut3.exe "{265DA783-31A4-44BA-8B79-3AF715991B00}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [04/05/2009 09:53 464264] R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [04/05/2009 09:53 234888] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [03/08/2009 00:54 1153368] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-08-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-04 17:43] 2009-08-02 c:\windows\Tasks\User_Feed_Synchronization-{AB5DEB27-85AF-4037-92B4-29575A3AE33B}.job - c:\windows\system32\msfeedssync.exe [2008-09-20 07:33] . - - - - ORPHANS REMOVED - - - - BHO-{46C7409E-47E6-33B1-3419-AE3171544596} - (no file) BHO-{DD98A46B-507E-C058-39DB-95AE20F11026} - c:\windows\system32\xxclnrqhkqwh.dll HKCU-Run-realteks - c:\users\Adrien\AppData\Roaming\Google\dwms.exe HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe HKLM-Run-bfekodewgb - c:\windows\system32\xxclnrqhkqwh.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Adrien\AppData\Roaming\Mozilla\Firefox\Profiles\aom3px09.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://google.com FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q= FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(584) c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Avira\AntiVir Desktop\sched.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\System32\drivers\XAudio.exe c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe c:\program files\Hp\QuickPlay\Kernel\TV\QPSched.exe c:\windows\System32\conime.exe c:\program files\Synaptics\SynTP\SynTPEnh.exe c:\windows\System32\rundll32.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\ehome\ehmsas.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\iPod\bin\iPodService.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe . ************************************************************************** . Completion time: 2009-08-03 13:19 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-03 11:19 Pre-Run: 60 144 590 848 octets libres Post-Run: 60 042 440 704 octets libres 372 --- E O F --- 2009-07-30 00:52 J'espere que quelqu'un pourra m'aider bien que je viens de lire un sujet comme quoi Combofix n'été pas à utiliser. Merci d'avance Adrien
×
×
  • Créer...