Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Besoin d'un assistant Combofix

Kana

Par Kana
dans Analyses et éradication malwares

 Partager

Messages recommandés

Kana Junior Member

Kana

Posté(e)
Posté(e)

Bonjour,

 

Alors, j'ai utiliser combofix recommandé par un ami car mon PC était infecté par un virus particulièrement coriace.

J'ai fait tout comme il fallait et le virus a été supprimer.

Par contre maintenant j'aurai besoin de quelqu'un qui puisse décrypter le rapport Combofix que je joint juste ici ::

 

ComboFix 09-08-02.04 - Adrien 03/08/2009 12:59.1.2 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2033 [GMT 2:00]

Running from: c:\users\Adrien\Desktop\ComboFix.exe

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-1453765893-1662031185-888260578-500

c:\$recycle.bin\S-1-5-21-442295509-33632100-3987800110-500

c:\program files\IEToolbar

c:\program files\IEToolbar\ECO Bar\basis.xml

c:\program files\IEToolbar\ECO Bar\icons.bmp

c:\program files\IEToolbar\ECO Bar\info.txt

c:\program files\IEToolbar\ECO Bar\version.txt

c:\program files\IEToolbar\ECO Bar\your_logo.png

c:\program files\runit

c:\program files\runit\config.txt

c:\program files\Search Settings

c:\program files\Search Settings\kb127\SearchSettings.dll

c:\program files\Search Settings\kb127\SearchSettingsRes409.dll

c:\program files\Search Settings\SearchSettings.exe

c:\users\Adrien\AppData\Local\couuuws.dat

c:\users\Adrien\AppData\Local\couuuws_nav.dat

c:\users\Adrien\AppData\Local\couuuws_navps.dat

c:\users\Adrien\AppData\Local\smage.dat

c:\users\Adrien\AppData\Local\smage_nav.dat

c:\users\Adrien\AppData\Local\smage_navps.dat

c:\users\Adrien\AppData\Roaming\Google\dwms.exe

c:\users\Adrien\AppData\Roaming\Google\Shell32.dll

c:\windows\Installer\1f80d0.msi

c:\windows\Installer\52617.msi

c:\windows\system32\KBL.LOG

c:\windows\system32\xxclnrqhkqwh.dll

 

.

((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))

.

 

2009-08-02 22:54 . 2009-08-02 23:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2009-08-02 22:54 . 2009-08-02 22:54 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-08-01 13:27 . 2009-08-01 13:27 422 ----a-w- c:\users\Adrien\AppData\Roaming\Azureus\mario.exe

2009-08-01 13:27 . 2009-08-01 13:27 16141 ----a-w- c:\users\Adrien\AppData\Roaming\CyberLink\flamiks32.exe

2009-08-01 13:27 . 2009-08-01 13:27 145131 ----a-w- c:\users\Adrien\AppData\Roaming\Bioshock\pingo.dll

2009-08-01 13:27 . 2009-08-01 13:27 13221 ----a-w- c:\users\Adrien\AppData\Roaming\Apple Computer\xl12.exe

2009-08-01 13:27 . 2009-08-01 13:27 11232 ----a-w- c:\users\Adrien\AppData\Roaming\Adobe\norigami.dll

2009-07-16 17:10 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-07-16 17:10 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-07-16 17:10 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-07-16 17:10 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-03 11:15 . 2008-02-22 22:20 669566 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-03 11:15 . 2008-02-22 22:20 123556 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-03 10:55 . 2008-08-03 20:16 -------- d-----w- c:\program files\Steam

2009-08-03 00:48 . 2008-07-31 16:00 27430 ----a-w- c:\users\Adrien\AppData\Roaming\nvModes.dat

2009-08-02 21:30 . 2009-01-05 20:17 -------- d-----w- c:\users\Adrien\AppData\Roaming\Skype

2009-08-02 14:40 . 2008-09-04 17:01 -------- d-----w- c:\programdata\Google Updater

2009-08-01 13:27 . 2009-06-15 17:20 -------- d-----w- c:\users\Adrien\AppData\Roaming\Bioshock

2009-08-01 13:27 . 2009-05-04 07:53 -------- d-----w- c:\users\Adrien\AppData\Roaming\Azureus

2009-08-01 13:27 . 2008-09-01 18:21 -------- d-----w- c:\users\Adrien\AppData\Roaming\Apple Computer

2009-08-01 13:27 . 2008-08-01 15:13 -------- d-----w- c:\users\Adrien\AppData\Roaming\CyberLink

2009-07-28 13:34 . 2009-03-29 13:40 -------- d-----w- c:\users\Adrien\AppData\Roaming\Mumble

2009-07-18 16:06 . 2009-07-29 09:56 827904 ----a-w- c:\windows\system32\wininet.dll

2009-07-18 16:01 . 2009-07-29 09:56 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-07-18 09:46 . 2009-07-29 09:56 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-16 22:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-07-09 21:13 . 2009-01-11 20:58 -------- d-----w- c:\users\Adrien\AppData\Roaming\teamspeak2

2009-07-03 10:39 . 2008-08-03 20:16 -------- d-----w- c:\program files\Common Files\Steam

2009-06-30 13:36 . 2009-07-23 14:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe

2009-06-30 13:10 . 2009-07-23 14:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe

2009-06-30 13:03 . 2009-07-23 14:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe

2009-06-30 10:44 . 2009-07-23 14:50 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe

2009-06-28 18:01 . 2008-02-22 14:21 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-06-26 16:36 . 2009-07-23 14:50 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe

2009-06-22 13:04 . 2008-07-31 16:29 -------- d-----w- c:\program files\Windows Live

2009-06-22 13:03 . 2009-06-22 13:03 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2009-06-22 13:01 . 2009-06-22 13:01 -------- d-----w- c:\program files\Microsoft

2009-06-22 13:00 . 2009-06-22 13:00 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-06-22 12:54 . 2009-06-22 12:54 -------- d-----w- c:\program files\Common Files\Windows Live

2009-06-18 06:25 . 2009-06-18 06:25 -------- d-----w- c:\program files\Avira

2009-06-18 06:25 . 2009-05-18 13:30 -------- d-----w- c:\programdata\Avira

2009-06-11 20:53 . 2008-02-22 14:53 -------- d-----w- c:\program files\Microsoft Works

2009-06-11 20:52 . 2008-02-22 15:15 -------- d-----w- c:\programdata\Microsoft Help

2009-06-11 11:40 . 2009-06-11 11:40 -------- d-----w- c:\program files\Pando Networks

2009-06-10 16:42 . 2009-06-10 16:42 -------- d-----w- c:\programdata\Trymedia

2009-06-10 13:55 . 2009-06-10 13:55 -------- d-----w- c:\programdata\WindowsSearch

2009-06-10 08:56 . 2009-06-10 08:56 1878984 ----a-w- c:\users\Adrien\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

2009-06-08 14:34 . 2009-06-08 14:31 -------- d-----w- c:\program files\CommViewWiFi

2009-06-08 14:18 . 2009-06-08 14:18 -------- d-----w- c:\users\Adrien\AppData\Roaming\Games

2009-06-08 08:25 . 2008-08-02 10:28 -------- d-----w- c:\users\Adrien\AppData\Roaming\LimeWire

2009-06-08 07:01 . 2009-06-08 06:47 27378 ----a-w- c:\windows\DIIUnin.dat

2009-06-08 06:47 . 2009-06-08 06:47 2829 ----a-w- c:\windows\DIIUnin.pif

2009-06-08 06:47 . 2009-06-08 06:47 94208 ----a-w- c:\windows\DIIUnin.exe

2009-06-07 17:30 . 2008-05-20 02:15 -------- d-----w- c:\programdata\WildTangent

2009-06-06 13:38 . 2009-06-06 13:38 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2009-06-05 17:25 . 2009-06-05 17:11 21840 ----atw- c:\windows\system32\SIntfNT.dll

2009-06-05 17:25 . 2009-06-05 17:11 17212 ----atw- c:\windows\system32\SIntf32.dll

2009-06-05 17:25 . 2009-06-05 17:11 12067 ----atw- c:\windows\system32\SIntf16.dll

2009-06-05 17:23 . 2009-06-05 17:23 0 ----a-w- c:\windows\nsreg.dat

2009-06-04 14:22 . 2008-02-22 14:17 -------- d-----w- c:\program files\Hewlett-Packard

2009-06-03 09:04 . 2008-07-31 11:01 89912 ----a-w- c:\users\Adrien\AppData\Local\GDIPFONTCACHEV1.DAT

2009-06-03 07:33 . 2009-06-03 07:32 15190152 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\fr\Installers\SetupGamesClient.exe

2009-05-26 09:19 . 2009-05-26 09:19 1 ----a-w- c:\users\Adrien\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-05-26 09:11 . 2008-09-16 16:28 1 ----a-w- c:\users\Adrien\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys

2009-05-08 19:13 . 2008-08-16 18:28 680 ----a-w- c:\users\Adrien\AppData\Local\d3d9caps.dat

2009-07-22 18:44 . 2008-11-13 18:04 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

2008-02-22 22:54 . 2008-02-22 22:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-12-09 16:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-04 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

c:\users\Adrien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{BC064E70-32DE-4DB1-BF5F-0E8A1F5BB8E9}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{F7FF614E-A0A2-47BB-8B48-0AEEF5D2D326}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{46218270-9523-4EB1-A9B5-C7BC53FDFF8E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{85F3E4A2-15C8-41EC-92BB-340AF7B1161B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{B59C9D50-D069-464B-9354-E0E731DB870A}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{46E8AB0F-BCFE-4DDA-B663-5AD0041973C0}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{EEF84569-4930-401D-B0BA-B50044F6776D}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"TCP Query User{E81079F9-5FA8-416C-8A9A-4901872A77BD}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader>

"UDP Query User{815096EF-EF25-4C0B-9B04-D62D33F8E130}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader>

"TCP Query User{C5AB275C-E663-4C04-A450-48DC8BC9AF71}c:\\ijji\\english\\gunz\\gunz.exe"= UDP:c:\ijji\english\gunz\gunz.exe:Gunz

"UDP Query User{704029B8-5CAB-41ED-A007-F512AC11D94B}c:\\ijji\\english\\gunz\\gunz.exe"= TCP:c:\ijji\english\gunz\gunz.exe:Gunz

"TCP Query User{72FF5E10-F162-4EAB-8583-88BEBEF376BD}c:\\rohan\\rohanclient.exe"= UDP:c:\rohan\rohanclient.exe:Rohan Online Game

"UDP Query User{D441AD18-A320-4A1A-92EF-30916DB60741}c:\\rohan\\rohanclient.exe"= TCP:c:\rohan\rohanclient.exe:Rohan Online Game

"TCP Query User{314CE429-B838-40EB-9C8E-A10B43FA82A7}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader>

"UDP Query User{341FA58D-79EE-40BB-AB4B-46E909101D4B}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader>

"TCP Query User{6955AB7D-E15B-494A-8C7B-69D3E7B2F06A}c:\\rohan\\rohanclient.exe"= UDP:c:\rohan\rohanclient.exe:Rohan Online Game

"UDP Query User{76F2C442-8746-44FE-B87B-C42138AC82CE}c:\\rohan\\rohanclient.exe"= TCP:c:\rohan\rohanclient.exe:Rohan Online Game

"TCP Query User{D5A41E45-001E-4223-9E2E-D633A304D942}c:\\ijji\\english\\gunz\\gunz.exe"= UDP:c:\ijji\english\gunz\gunz.exe:Gunz

"UDP Query User{B605508C-90B8-4C29-91F1-18486D10B72D}c:\\ijji\\english\\gunz\\gunz.exe"= TCP:c:\ijji\english\gunz\gunz.exe:Gunz

"TCP Query User{9F8A8F35-0D65-48DE-A1AE-CE32FBA235C2}c:\\program files\\steam\\steamapps\\kana299\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\kana299\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{8EEC0520-F938-4477-824A-BDF28BE9B8F8}c:\\program files\\steam\\steamapps\\kana299\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\kana299\counter-strike\hl.exe:Half-Life Launcher

"TCP Query User{20F8F3DE-F455-4E16-801E-1FF44D29488C}c:\\program files\\steam\\steamapps\\kana299\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\kana299\counter-strike source\hl2.exe:hl2

"UDP Query User{EA9BCF5A-F801-40E0-A668-CB2743F6AFD0}c:\\program files\\steam\\steamapps\\kana299\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\kana299\counter-strike source\hl2.exe:hl2

"TCP Query User{7F82B11A-DBF1-4EF2-84B6-571E26953509}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{DA74D705-E420-46C7-B41A-745B875BEB45}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"{9467E63C-E957-42E4-9DB4-3D991ADC73AE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{C430FCD6-D246-455E-B11B-71D47863AE6A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{90D8609D-8E07-4978-AD2F-DDDFB5A5E769}c:\\users\\adrien\\desktop\\quake iii\\quake3.exe"= UDP:c:\users\adrien\desktop\quake iii\quake3.exe:quake3.exe

"UDP Query User{6DE8BA7F-AF26-4103-9144-A6B085952A86}c:\\users\\adrien\\desktop\\quake iii\\quake3.exe"= TCP:c:\users\adrien\desktop\quake iii\quake3.exe:quake3.exe

"{F6AFE5EB-381C-44FC-98AD-0920A3431301}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{FA926E32-48A3-407A-9381-41B34E10E903}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{01BC6BD1-890F-40DA-9CFE-62394F7ABA32}c:\\ijji\\english\\u_sf.exe"= UDP:c:\ijji\english\u_sf.exe:<ijji Downloader>

"UDP Query User{B87D6FE5-525D-4BBD-B789-6E970A27B321}c:\\ijji\\english\\u_sf.exe"= TCP:c:\ijji\english\u_sf.exe:<ijji Downloader>

"TCP Query User{6E012D25-519B-4701-91E6-319D276D8563}c:\\ijji\\english\\u_sf\\soldierfront.exe"= UDP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront

"UDP Query User{3685066D-5E5C-439B-B632-348C6542B6F8}c:\\ijji\\english\\u_sf\\soldierfront.exe"= TCP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront

"{DC81F1DA-11A5-4FA2-A5B2-7FC7F423C004}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{7ED57C19-A4C5-43D8-A8CA-C24919871E7F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{09C9CD8F-3731-4889-91CA-E667F4F8B794}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet

"UDP Query User{6B9731BE-1C4B-4879-B2AF-32865A663B7E}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet

"TCP Query User{51F4D2D7-39B0-4772-9866-7665A6D667A7}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet

"UDP Query User{C8245F77-0609-4888-9959-52582172D18F}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet

"TCP Query User{8468EFDD-4F11-498D-81B0-3F2B686F9D22}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher

"UDP Query User{09A98941-A965-4D4F-AB2A-E393D00424E6}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher

"TCP Query User{FAE544A5-5A2E-4F29-8A6F-4AFED6BA2C13}c:\\users\\adrien\\desktop\\quake iii\\openarena-0.8.1\\openarena.exe"= UDP:c:\users\adrien\desktop\quake iii\openarena-0.8.1\openarena.exe:openarena.exe

"UDP Query User{0ECEAACD-266B-476E-AB3B-36371E037106}c:\\users\\adrien\\desktop\\quake iii\\openarena-0.8.1\\openarena.exe"= TCP:c:\users\adrien\desktop\quake iii\openarena-0.8.1\openarena.exe:openarena.exe

"{03D5C0D1-597B-4BBD-AC17-C7EF6C3ED147}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{5D1EBBDF-84E7-4C54-A61D-C68FA54236BF}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC

"UDP Query User{D1C83354-4798-4197-A0E7-7CA7DC9EF77A}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC

"{D523567B-9628-4A3C-96A2-562EF93D729C}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box

"{F57FAE58-81EC-423B-90AC-36EA5CA72CCA}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box

"{01AB1E89-272E-48EB-96D2-46FE47DB0062}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box

"{07C65317-C2D6-4176-8404-01F864E0BAD1}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box

"{A90FDDF1-8D9A-495E-9F46-7249E5DDF075}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box

"{F36DA6C1-FD0C-46CB-B2A6-5D29E58A4CC2}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box

"{2F7A76AA-F5DB-410C-8751-4EA182627EFA}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box

"{16EF196A-6807-4617-8D0F-9C4B8F9151DF}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box

"{5F5D2093-B972-4E4B-9C6D-D59112986595}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box

"{4EE8B531-6E81-4292-AF83-196821576166}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box

"{6F75987A-21E5-4F02-8324-2A0BD9ACE181}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box

"{C454B2F2-D2B7-4BAE-8E0E-93248152B197}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box

"TCP Query User{22E44081-FCFA-4578-AF93-065BB0B8E00C}c:\\xampplite\\apache\\bin\\apache.exe"= UDP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server

"UDP Query User{AD8E2071-93A4-40A8-96F5-2C0D73929B2D}c:\\xampplite\\apache\\bin\\apache.exe"= TCP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server

"TCP Query User{C9052E50-9568-43E3-AEE8-AC96DDB6CFD9}c:\\xampplite\\mysql\\bin\\mysqld.exe"= UDP:c:\xampplite\mysql\bin\mysqld.exe:mysqld

"UDP Query User{F173C1C4-C70D-4022-91F2-5DFE3A02DA05}c:\\xampplite\\mysql\\bin\\mysqld.exe"= TCP:c:\xampplite\mysql\bin\mysqld.exe:mysqld

"TCP Query User{792FC590-D8B9-4B0C-B911-D14BA470967C}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary

"UDP Query User{4A4A96DD-5B71-417F-B532-C6EEBF5A145E}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary

"{8345EAFD-9FA6-469C-B69C-DCD5528F88E3}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

"{D9134F82-4EE4-45E3-A164-3369D6E59501}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

"TCP Query User{A2D3B39A-2A30-4072-BA05-17A61203EB3B}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= UDP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta

"UDP Query User{F51EFE5B-C911-4EE7-951E-0E0A52BE3B27}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= TCP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta

"{FEE24400-0EB8-41AB-86AE-8DC4E4155818}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{53E4A263-1A59-4DB8-A79B-F883CC941C71}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{DC1416BB-16B3-444B-A29E-AEE39695E32F}c:\\xampplite\\apache\\bin\\apache.exe"= UDP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server

"UDP Query User{59E47160-C419-4B11-A9C4-BE778AD1561D}c:\\xampplite\\apache\\bin\\apache.exe"= TCP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server

"TCP Query User{0E1A9A7C-53FB-4242-B5F2-4913C0E0E01C}c:\\xampplite\\mysql\\bin\\mysqld.exe"= UDP:c:\xampplite\mysql\bin\mysqld.exe:mysqld

"UDP Query User{B230D41D-8C2C-4F8B-AF9A-5181E90B9AF5}c:\\xampplite\\mysql\\bin\\mysqld.exe"= TCP:c:\xampplite\mysql\bin\mysqld.exe:mysqld

"{2F9DA5ED-7ED7-4330-A696-4B13E3D12E8D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{CADEBB1A-E671-4FB7-B8BE-B14A41EDCEF5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{C1E11625-BCA4-4325-BAAE-DE9CD8890AAF}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{D1EF55DB-13FB-4B96-AAF9-E70F050F8661}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{8CF646F4-A40F-4CFB-9797-2799C100063B}c:\\program files\\easymule\\emule.exe"= UDP:c:\program files\easymule\emule.exe:easyMule

"UDP Query User{F1060486-385A-4450-88E7-D0A40480C461}c:\\program files\\easymule\\emule.exe"= TCP:c:\program files\easymule\emule.exe:easyMule

"TCP Query User{E2D53D45-348E-48A1-AB4F-C3F200459495}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= UDP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine

"UDP Query User{0CA8F821-6D68-4097-A5EA-628373002FCF}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= TCP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine

"TCP Query User{6213DE5A-3F12-4AEE-A58E-5013D62B880B}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus

"UDP Query User{3162F6CD-AF85-45C5-9067-56944B7E2264}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

"TCP Query User{770FC926-40D7-44A0-996A-8174F1CBFFCA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus

"UDP Query User{C881DABA-9EA2-46F9-AF31-4739E1E86C58}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

"TCP Query User{B4DA3868-7EB8-473E-AF2F-1E7A97B713BC}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary

"UDP Query User{5F24205E-2E84-456C-80D0-143B2FDAD802}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary

"{564BCBA4-3CD2-4FC9-97DA-2836B17F7D52}"= UDP:c:\program files\Pando Networks\Pando\pando.exe:Pando Application

"{AAC8BBFF-891A-4C9F-A609-2192800AC054}"= TCP:c:\program files\Pando Networks\Pando\pando.exe:Pando Application

"{E8D0688A-9FE9-4A25-BAC4-6E83560ECB8A}"= UDP:57243:Pando P2P TCP Listening Port

"{3D7F9471-7145-4B42-9B79-1CA3A015A316}"= TCP:57243:Pando P2P UDP Listening Port

"TCP Query User{643EB77F-3B01-4F7B-980D-8352AAB44EA2}c:\\users\\adrien\\games\\unreal tournament 3\\binaries\\ut3.exe"= UDP:c:\users\adrien\games\unreal tournament 3\binaries\ut3.exe:ut3.exe

"UDP Query User{E8B7C6F3-EB18-48C2-9765-88E3F3B59A44}c:\\users\\adrien\\games\\unreal tournament 3\\binaries\\ut3.exe"= TCP:c:\users\adrien\games\unreal tournament 3\binaries\ut3.exe:ut3.exe

"{265DA783-31A4-44BA-8B79-3AF715991B00}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

 

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [04/05/2009 09:53 464264]

R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [04/05/2009 09:53 234888]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [03/08/2009 00:54 1153368]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

 

2009-08-03 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-04 17:43]

 

2009-08-02 c:\windows\Tasks\User_Feed_Synchronization-{AB5DEB27-85AF-4037-92B4-29575A3AE33B}.job

- c:\windows\system32\msfeedssync.exe [2008-09-20 07:33]

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{46C7409E-47E6-33B1-3419-AE3171544596} - (no file)

BHO-{DD98A46B-507E-C058-39DB-95AE20F11026} - c:\windows\system32\xxclnrqhkqwh.dll

HKCU-Run-realteks - c:\users\Adrien\AppData\Roaming\Google\dwms.exe

HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe

HKLM-Run-bfekodewgb - c:\windows\system32\xxclnrqhkqwh.dll

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.fr/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = *.local

IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html

IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm

IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Adrien\AppData\Roaming\Mozilla\Firefox\Profiles\aom3px09.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://google.com

FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

.

 

**************************************************************************

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files:

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'Explorer.exe'(584)

c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\Avira\AntiVir Desktop\sched.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\System32\drivers\XAudio.exe

c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\program files\Hp\QuickPlay\Kernel\TV\QPSched.exe

c:\windows\System32\conime.exe

c:\program files\Synaptics\SynTP\SynTPEnh.exe

c:\windows\System32\rundll32.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\iPod\bin\iPodService.exe

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

.

**************************************************************************

.

Completion time: 2009-08-03 13:19 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-03 11:19

 

Pre-Run: 60 144 590 848 octets libres

Post-Run: 60 042 440 704 octets libres

 

372 --- E O F --- 2009-07-30 00:52

 

 

 

J'espere que quelqu'un pourra m'aider bien que je viens de lire un sujet comme quoi Combofix n'été pas à utiliser.

 

Merci d'avance

Adrien

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonsoir,

 

J'espere que quelqu'un pourra m'aider bien que je viens de lire un sujet comme quoi Combofix n'été pas à utiliser
.

Dommage que vous ne l'ayez pas lu avant.

 

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

 

KillAll::

Folder::

Driver::

npggsvc

Bonjour Service

File::

c:\program files\AskBarDis\bar\bin\AskService.exe

c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe

c:\program files\AskBarDis\bar\bin\askBar.dll

c:\program files\AskBarDis\bar\bin\askBar.dll

c:\windows\system32\GameMon.des

c:\program files\Bonjour\mDNSResponder.exe

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

animation1md2.gif

 

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

Kana Junior Member

Kana

Posté(e)
  • Auteur
Posté(e)
Bonsoir,

 

.

Dommage que vous ne l'ayez pas lu avant.

 

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

 

KillAll::

Folder::

Driver::

npggsvc

Bonjour Service

File::

c:\program files\AskBarDis\bar\bin\AskService.exe

c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe

c:\program files\AskBarDis\bar\bin\askBar.dll

c:\program files\AskBarDis\bar\bin\askBar.dll

c:\windows\system32\GameMon.des

c:\program files\Bonjour\mDNSResponder.exe

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

animation1md2.gif

 

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

 

 

Désolé de ne répondre que maintenant mais j'étais pas chez moi pendant quelques jours.

Je viens de faire ce que tu ma dit voici le rapport ::

 

ComboFix 09-08-10.06 - Adrien 13/08/2009 14:28.3.2 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2002 [GMT 2:00]

Running from: c:\users\Adrien\Downloads\ComboFix.exe

Command switches used :: c:\users\Adrien\Desktop\CFScript.txt

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

FILE ::

"c:\program files\AskBarDis\bar\bin\askBar.dll"

"c:\program files\AskBarDis\bar\bin\AskService.exe"

"c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe"

"c:\program files\Bonjour\mDNSResponder.exe"

"c:\windows\system32\GameMon.des"

.

ADS - system32: deleted 12 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\AskBarDis\bar\bin\askBar.dll

c:\program files\AskBarDis\bar\bin\AskService.exe

c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\GameMon.des

 

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_Bonjour Service

-------\Service_npggsvc

-------\Service_ASKService

-------\Service_ASKUpgrade

Kana Junior Member

Kana

Posté(e)
  • Auteur
Posté(e)
Non, vous n'avez pas tout copié.

Il se trouve à c:\combofix.txt

 

 

Voilà le 2ème rapport en entier ::

 

 

ComboFix 09-08-10.06 - Adrien 13/08/2009 14:28.3.2 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2002 [GMT 2:00]

Running from: c:\users\Adrien\Downloads\ComboFix.exe

Command switches used :: c:\users\Adrien\Desktop\CFScript.txt

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

FILE ::

"c:\program files\AskBarDis\bar\bin\askBar.dll"

"c:\program files\AskBarDis\bar\bin\AskService.exe"

"c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe"

"c:\program files\Bonjour\mDNSResponder.exe"

"c:\windows\system32\GameMon.des"

.

ADS - system32: deleted 12 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\AskBarDis\bar\bin\askBar.dll

c:\program files\AskBarDis\bar\bin\AskService.exe

c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\GameMon.des

 

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_Bonjour Service

-------\Service_npggsvc

-------\Service_ASKService

-------\Service_ASKUpgrade

 

 

((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))

.

 

2009-08-13 12:35 . 2009-08-13 22:08 -------- d-----w- c:\users\Adrien\AppData\Local\temp

2009-08-13 12:35 . 2009-08-13 12:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-08-12 21:28 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll

2009-08-12 21:28 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll

2009-08-12 21:27 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2009-08-12 21:27 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-08-12 21:27 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll

2009-08-12 21:27 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-08-12 21:27 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll

2009-08-12 21:27 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-08-10 20:09 . 2009-08-11 10:15 -------- d-----w- c:\program files\gPotato.eu

2009-08-10 15:32 . 2009-08-10 16:39 -------- d-----w- c:\users\Adrien\AppData\Roaming\Hamachi

2009-08-10 15:32 . 2009-08-10 15:32 -------- d-----w- c:\program files\Hamachi

2009-08-10 15:32 . 2009-08-10 15:32 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys

2009-08-02 22:54 . 2009-08-02 23:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2009-08-02 22:54 . 2009-08-02 22:54 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-08-01 13:27 . 2009-08-01 13:27 422 ----a-w- c:\users\Adrien\AppData\Roaming\Azureus\mario.exe

2009-08-01 13:27 . 2009-08-01 13:27 16141 ----a-w- c:\users\Adrien\AppData\Roaming\CyberLink\flamiks32.exe

2009-08-01 13:27 . 2009-08-01 13:27 145131 ----a-w- c:\users\Adrien\AppData\Roaming\Bioshock\pingo.dll

2009-08-01 13:27 . 2009-08-01 13:27 13221 ----a-w- c:\users\Adrien\AppData\Roaming\Apple Computer\xl12.exe

2009-08-01 13:27 . 2009-08-01 13:27 11232 ----a-w- c:\users\Adrien\AppData\Roaming\Adobe\norigami.dll

2009-07-16 17:10 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-07-16 17:10 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-07-16 17:10 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-07-16 17:10 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-13 12:34 . 2008-10-18 14:55 -------- d-----w- c:\program files\Bonjour

2009-08-13 12:14 . 2008-07-31 16:00 27430 ----a-w- c:\users\Adrien\AppData\Roaming\nvModes.dat

2009-08-13 12:06 . 2008-08-03 20:16 -------- d-----w- c:\program files\Steam

2009-08-13 11:38 . 2008-08-03 20:16 -------- d-----w- c:\program files\Common Files\Steam

2009-08-13 00:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-08-12 21:20 . 2008-09-04 17:01 -------- d-----w- c:\programdata\Google Updater

2009-08-11 08:53 . 2008-02-22 22:20 669566 ----a-w- c:\windows\system32\perfh00C.dat

2009-08-11 08:53 . 2008-02-22 22:20 123556 ----a-w- c:\windows\system32\perfc00C.dat

2009-08-10 18:07 . 2008-02-22 14:21 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-03 20:40 . 2009-03-29 13:40 -------- d-----w- c:\users\Adrien\AppData\Roaming\Mumble

2009-08-03 20:38 . 2009-01-05 20:17 -------- d-----w- c:\users\Adrien\AppData\Roaming\Skype

2009-08-01 13:27 . 2009-06-15 17:20 -------- d-----w- c:\users\Adrien\AppData\Roaming\Bioshock

2009-08-01 13:27 . 2009-05-04 07:53 -------- d-----w- c:\users\Adrien\AppData\Roaming\Azureus

2009-08-01 13:27 . 2008-09-01 18:21 -------- d-----w- c:\users\Adrien\AppData\Roaming\Apple Computer

2009-08-01 13:27 . 2008-08-01 15:13 -------- d-----w- c:\users\Adrien\AppData\Roaming\CyberLink

2009-07-18 16:06 . 2009-07-29 09:56 827904 ----a-w- c:\windows\system32\wininet.dll

2009-07-18 16:01 . 2009-07-29 09:56 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-07-18 09:46 . 2009-07-29 09:56 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-09 21:13 . 2009-01-11 20:58 -------- d-----w- c:\users\Adrien\AppData\Roaming\teamspeak2

2009-06-30 13:36 . 2009-07-23 14:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe

2009-06-30 13:10 . 2009-07-23 14:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe

2009-06-30 13:03 . 2009-07-23 14:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe

2009-06-30 10:44 . 2009-07-23 14:50 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe

2009-06-26 16:36 . 2009-07-23 14:50 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe

2009-06-22 13:04 . 2008-07-31 16:29 -------- d-----w- c:\program files\Windows Live

2009-06-22 13:03 . 2009-06-22 13:03 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2009-06-22 13:01 . 2009-06-22 13:01 -------- d-----w- c:\program files\Microsoft

2009-06-22 13:00 . 2009-06-22 13:00 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-06-22 12:54 . 2009-06-22 12:54 -------- d-----w- c:\program files\Common Files\Windows Live

2009-06-18 06:25 . 2009-06-18 06:25 -------- d-----w- c:\program files\Avira

2009-06-18 06:25 . 2009-05-18 13:30 -------- d-----w- c:\programdata\Avira

2009-06-10 08:56 . 2009-06-10 08:56 1878984 ----a-w- c:\users\Adrien\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

2009-06-06 13:38 . 2009-06-06 13:38 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2009-06-05 17:25 . 2009-06-05 17:11 21840 ----atw- c:\windows\system32\SIntfNT.dll

2009-06-05 17:25 . 2009-06-05 17:11 17212 ----atw- c:\windows\system32\SIntf32.dll

2009-06-05 17:25 . 2009-06-05 17:11 12067 ----atw- c:\windows\system32\SIntf16.dll

2009-06-05 17:23 . 2009-06-05 17:23 0 ----a-w- c:\windows\nsreg.dat

2009-06-03 09:04 . 2008-07-31 11:01 89912 ----a-w- c:\users\Adrien\AppData\Local\GDIPFONTCACHEV1.DAT

2009-06-03 07:33 . 2009-06-03 07:32 15190152 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\fr\Installers\SetupGamesClient.exe

2009-05-26 09:19 . 2009-05-26 09:19 1 ----a-w- c:\users\Adrien\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-05-26 09:11 . 2008-09-16 16:28 1 ----a-w- c:\users\Adrien\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys

2008-02-22 22:54 . 2008-02-22 22:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((( SnapShot@2009-08-03_11.10.28 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-12 21:28 . 2009-06-10 11:44 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msvidc32.dll

+ 2009-08-12 21:28 . 2009-06-10 11:44 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msrle32.dll

+ 2009-08-12 21:28 . 2009-06-10 11:44 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\mciavi32.dll

+ 2009-08-12 21:28 . 2009-06-10 11:42 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\avifil32.dll

+ 2009-08-12 21:28 . 2009-06-10 11:42 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\avicap32.dll

+ 2008-09-20 14:16 . 2008-01-19 07:35 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvidc32.dll

+ 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msrle32.dll

+ 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\mciavi32.dll

+ 2009-08-12 21:28 . 2009-06-10 11:38 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\avifil32.dll

+ 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\avicap32.dll

+ 2009-08-12 21:28 . 2009-06-10 11:58 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msvidc32.dll

+ 2009-08-12 21:28 . 2009-06-10 11:57 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msrle32.dll

+ 2009-08-12 21:28 . 2009-06-10 11:56 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\mciavi32.dll

+ 2009-08-12 21:28 . 2009-06-10 11:52 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\avifil32.dll

+ 2009-08-12 21:28 . 2009-06-10 11:52 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\avicap32.dll

+ 2008-09-20 14:16 . 2008-01-19 07:35 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvidc32.dll

+ 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msrle32.dll

+ 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\mciavi32.dll

+ 2009-08-12 21:28 . 2009-06-10 12:07 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\avifil32.dll

+ 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\avicap32.dll

+ 2009-08-12 21:28 . 2009-06-10 12:03 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msvidc32.dll

+ 2009-08-12 21:27 . 2009-06-10 12:03 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msrle32.dll

+ 2009-08-12 21:28 . 2009-06-10 12:00 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\mciavi32.dll

+ 2009-08-12 21:28 . 2009-06-10 11:57 88576 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\avifil32.dll

+ 2009-08-12 21:28 . 2009-06-10 11:57 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\avicap32.dll

+ 2009-08-12 21:27 . 2009-06-10 12:10 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msvidc32.dll

+ 2009-08-12 21:27 . 2009-06-10 12:09 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msrle32.dll

+ 2009-08-12 21:28 . 2009-06-10 12:07 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\mciavi32.dll

+ 2009-08-12 21:28 . 2009-06-10 12:04 88576 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\avifil32.dll

+ 2009-08-12 21:28 . 2009-06-10 12:04 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\avicap32.dll

+ 2009-08-12 21:27 . 2009-06-04 10:52 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\tsgqec.dll

+ 2009-08-12 21:27 . 2009-04-11 06:28 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\tsgqec.dll

+ 2009-08-12 21:27 . 2009-06-04 12:35 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\tsgqec.dll

+ 2008-09-20 14:18 . 2008-01-19 07:36 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\tsgqec.dll

+ 2009-08-12 21:27 . 2009-06-04 12:34 36352 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\tsgqec.dll

+ 2009-08-12 21:27 . 2009-06-04 12:47 36352 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\tsgqec.dll

+ 2009-08-12 21:28 . 2009-07-17 14:15 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.22179_none_ad4da751702700f0\atl.dll

+ 2009-08-12 21:28 . 2009-07-17 13:54 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.18070_none_acbb07ec57117d17\atl.dll

+ 2009-08-12 21:28 . 2009-07-17 14:24 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.22474_none_ab6233f773052d19\atl.dll

+ 2009-08-12 21:28 . 2009-07-17 14:35 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f52459f8aeb3\atl.dll

+ 2009-08-12 21:28 . 2009-07-17 14:39 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.21088_none_a974fcc975e35390\atl.dll

+ 2009-08-12 21:28 . 2009-07-17 14:52 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db\atl.dll

+ 2008-02-22 14:17 . 2009-08-13 09:44 60116 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:05 . 2009-08-13 09:44 93692 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-07-31 10:49 . 2009-08-13 09:44 13252 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-442295509-33632100-3987800110-1000_UserData.bin

- 2008-07-31 10:49 . 2009-08-03 11:10 13252 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-442295509-33632100-3987800110-1000_UserData.bin

+ 2008-07-31 10:29 . 2009-08-13 21:19 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-07-31 10:29 . 2009-08-03 11:08 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-07-31 10:29 . 2009-08-03 11:08 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-07-31 10:29 . 2009-08-13 21:19 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-08-12 21:27 . 2009-07-15 12:46 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\spwmp.dll

+ 2009-08-12 21:27 . 2009-07-15 12:46 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\dxmasf.dll

+ 2009-08-12 21:27 . 2009-07-15 12:39 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\spwmp.dll

+ 2009-08-12 21:27 . 2009-07-15 12:39 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\dxmasf.dll

+ 2009-08-12 21:27 . 2009-07-15 14:51 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\spwmp.dll

+ 2009-08-12 21:27 . 2009-07-15 14:51 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\dxmasf.dll

+ 2009-08-12 21:27 . 2009-07-14 12:58 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\spwmp.dll

+ 2009-08-12 21:27 . 2009-07-14 12:59 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\dxmasf.dll

+ 2009-08-12 21:27 . 2009-07-15 14:42 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\spwmp.dll

+ 2009-08-12 21:27 . 2009-07-15 14:43 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\dxmasf.dll

+ 2009-08-12 21:27 . 2009-07-14 13:00 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\spwmp.dll

+ 2009-08-12 21:27 . 2009-07-14 13:01 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\dxmasf.dll

+ 2009-08-13 12:37 . 2009-08-13 12:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-08-03 11:08 . 2009-08-03 11:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-08-13 12:37 . 2009-08-13 12:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-08-03 11:08 . 2009-08-03 11:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-08-12 21:27 . 2009-06-10 11:46 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6002.22150_none_ce741cb6ed3e398c\wkssvc.dll

+ 2009-08-12 21:27 . 2009-06-10 11:42 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6002.18049_none_cdfe5271d41061e0\wkssvc.dll

+ 2009-08-12 21:27 . 2009-06-10 12:00 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.22447_none_cc9f7cc0f00979d8\wkssvc.dll

+ 2009-08-12 21:27 . 2009-06-10 12:12 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.18270_none_cbee6c45d70a7f59\wkssvc.dll

+ 2009-08-12 21:27 . 2009-06-10 12:06 158208 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6000.21065_none_caa173eaf2f52436\wkssvc.dll

+ 2009-08-12 21:27 . 2009-06-10 12:16 156160 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6000.16868_none_ca1affdbd9d49d2f\wkssvc.dll

+ 2009-08-12 21:28 . 2009-06-10 11:44 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msvfw32.dll

+ 2008-09-20 14:16 . 2008-01-19 07:35 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvfw32.dll

+ 2009-08-12 21:28 . 2009-06-10 11:58 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msvfw32.dll

+ 2008-09-20 14:16 . 2008-01-19 07:35 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvfw32.dll

+ 2009-08-12 21:28 . 2009-06-10 12:03 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msvfw32.dll

+ 2009-08-12 21:28 . 2009-06-10 12:10 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msvfw32.dll

+ 2009-08-12 21:27 . 2009-06-04 12:54 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\aaclient.dll

+ 2009-08-12 21:27 . 2009-04-11 06:28 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\aaclient.dll

+ 2009-08-12 21:27 . 2009-06-04 12:29 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\aaclient.dll

+ 2008-09-20 14:18 . 2008-01-19 07:33 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\aaclient.dll

+ 2009-08-12 21:27 . 2009-06-04 12:25 116736 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\aaclient.dll

+ 2009-08-12 21:27 . 2009-06-04 12:36 116736 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\aaclient.dll

+ 2009-08-12 21:27 . 2009-07-15 12:46 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.22172_none_a65e88df3e466bbf\wmpdxm.dll

+ 2009-08-12 21:27 . 2009-07-15 12:39 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.18065_none_a5e2bcde251dfc09\wmpdxm.dll

+ 2009-08-12 21:27 . 2009-07-15 14:52 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.22470_none_a47616634121e3ed\wmpdxm.dll

+ 2009-08-12 21:27 . 2009-07-14 13:00 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.18289_none_a3eaaa60280446fc\wmpdxm.dll

+ 2009-08-12 21:27 . 2009-07-15 14:44 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.21083_none_a287deeb4400f10d\wmpdxm.dll

+ 2009-08-12 21:27 . 2009-07-14 13:02 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.16885_none_a2006a922ae150af\wmpdxm.dll

+ 2009-08-12 21:27 . 2009-07-15 12:45 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpshare.exe

+ 2009-08-12 21:27 . 2009-07-15 12:46 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmplayer.exe

+ 2009-08-12 21:27 . 2009-07-15 12:46 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpconfig.exe

+ 2009-08-12 21:27 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpshare.exe

+ 2009-08-12 21:27 . 2009-07-15 12:39 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmplayer.exe

+ 2009-08-12 21:27 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpconfig.exe

+ 2009-08-12 21:27 . 2009-07-15 13:05 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpshare.exe

+ 2009-08-12 21:27 . 2009-07-15 13:06 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmplayer.exe

+ 2009-08-12 21:27 . 2009-07-15 13:06 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpconfig.exe

+ 2009-08-12 21:27 . 2009-07-14 10:58 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpshare.exe

+ 2009-08-12 21:27 . 2009-07-14 10:59 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmplayer.exe

+ 2009-08-12 21:27 . 2009-07-14 10:59 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpconfig.exe

+ 2009-08-12 21:27 . 2009-07-15 12:53 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpshare.exe

+ 2009-08-12 21:27 . 2009-07-15 12:53 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmplayer.exe

+ 2009-08-12 21:27 . 2009-07-15 12:53 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpconfig.exe

+ 2009-08-12 21:27 . 2009-07-14 11:10 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpshare.exe

+ 2009-08-12 21:27 . 2009-07-14 11:10 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe

+ 2009-08-12 21:27 . 2009-07-14 11:11 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpconfig.exe

+ 2006-11-02 10:33 . 2009-08-11 08:53 587178 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-08-03 10:57 587178 c:\windows\System32\perfh009.dat

+ 2006-11-02 10:33 . 2009-08-11 08:53 101250 c:\windows\System32\perfc009.dat

- 2006-11-02 10:33 . 2009-08-03 10:57 101250 c:\windows\System32\perfc009.dat

- 2008-07-31 10:29 . 2009-08-03 11:08 491520 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-07-31 10:29 . 2009-08-13 21:19 491520 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-08-13 12:35 . 2009-08-13 12:35 221184 c:\windows\ERDNT\subs\Users\00000002\ntuser.dat

+ 2009-08-13 12:35 . 2009-08-13 12:35 217088 c:\windows\ERDNT\subs\Users\00000001\ntuser.dat

+ 2009-08-12 21:27 . 2009-06-04 12:56 2067968 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\mstscax.dll

+ 2009-08-12 21:27 . 2009-06-04 12:07 2066432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\mstscax.dll

+ 2009-08-12 21:27 . 2009-06-04 12:33 2067968 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\mstscax.dll

+ 2009-08-12 21:27 . 2009-06-04 12:34 2066432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\mstscax.dll

+ 2009-08-12 21:27 . 2009-06-04 12:31 1874432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\mstscax.dll

+ 2009-08-12 21:27 . 2009-06-04 12:43 1871872 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\mstscax.dll

+ 2009-08-12 21:27 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22179_none_f4b581af81eee730\OESpamFilter.dat

+ 2009-08-12 21:27 . 2009-07-02 07:48 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18070_none_f422e24a68d96357\OESpamFilter.dat

+ 2009-08-12 21:27 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22474_none_f2ca0e5584cd1359\OESpamFilter.dat

+ 2009-08-12 21:27 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18293_none_f229cf826bc094f3\OESpamFilter.dat

+ 2009-08-12 21:27 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21088_none_f0dcd72787ab39d0\OESpamFilter.dat

+ 2009-08-12 21:27 . 2009-07-02 07:48 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16889_none_f05462846e8c801b\OESpamFilter.dat

+ 2009-08-12 21:27 . 2009-07-15 12:47 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmploc.DLL

+ 2009-08-12 21:27 . 2009-07-15 12:40 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmploc.DLL

+ 2009-08-12 21:27 . 2009-07-15 13:07 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmploc.DLL

+ 2009-08-12 21:27 . 2009-07-14 10:59 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmploc.DLL

+ 2009-08-12 21:27 . 2009-07-15 12:53 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmploc.DLL

+ 2009-08-12 21:27 . 2009-07-14 11:11 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmploc.DLL

+ 2006-11-02 10:22 . 2009-08-13 12:35 6332416 c:\windows\System32\SMI\Store\Machine\schema.dat

+ 2006-11-02 12:47 . 2009-08-13 09:40 2642640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat

- 2006-11-02 12:47 . 2009-03-11 16:45 2642640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat

+ 2009-08-13 12:35 . 2009-08-13 12:35 3452928 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat

+ 2009-08-13 12:35 . 2009-08-13 12:35 6332416 c:\windows\ERDNT\subs\schema.dat

+ 2009-08-13 12:21 . 2009-08-13 12:27 6332416 c:\windows\ERDNT\Hiv-backup\schema.dat

+ 2009-08-12 21:27 . 2009-07-15 14:36 10628096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmp.dll

+ 2009-08-12 21:27 . 2009-07-15 14:30 10628096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmp.dll

+ 2009-08-12 21:27 . 2009-07-15 14:52 10627584 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmp.dll

+ 2009-08-12 21:27 . 2009-07-14 13:00 10626048 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmp.dll

+ 2009-08-12 21:27 . 2009-07-15 14:44 10622464 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmp.dll

+ 2009-08-12 21:27 . 2009-07-14 13:02 10621952 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmp.dll

+ 2009-08-12 21:27 . 2009-07-14 13:00 10626048 c:\windows\System32\wmp.dll

+ 2006-11-02 10:24 . 2009-07-30 00:49 24281536 c:\windows\System32\mrt.exe

+ 2009-08-13 12:35 . 2009-08-13 12:35 15867904 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat

+ 2009-05-05 21:15 . 2009-08-12 21:27 103969935 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-04 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

c:\users\Adrien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{BC064E70-32DE-4DB1-BF5F-0E8A1F5BB8E9}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{F7FF614E-A0A2-47BB-8B48-0AEEF5D2D326}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{46218270-9523-4EB1-A9B5-C7BC53FDFF8E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{85F3E4A2-15C8-41EC-92BB-340AF7B1161B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{B59C9D50-D069-464B-9354-E0E731DB870A}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{46E8AB0F-BCFE-4DDA-B663-5AD0041973C0}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{EEF84569-4930-401D-B0BA-B50044F6776D}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"TCP Query User{E81079F9-5FA8-416C-8A9A-4901872A77BD}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader>

"UDP Query User{815096EF-EF25-4C0B-9B04-D62D33F8E130}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader>

"TCP Query User{C5AB275C-E663-4C04-A450-48DC8BC9AF71}c:\\ijji\\english\\gunz\\gunz.exe"= UDP:c:\ijji\english\gunz\gunz.exe:Gunz

"UDP Query User{704029B8-5CAB-41ED-A007-F512AC11D94B}c:\\ijji\\english\\gunz\\gunz.exe"= TCP:c:\ijji\english\gunz\gunz.exe:Gunz

"TCP Query User{72FF5E10-F162-4EAB-8583-88BEBEF376BD}c:\\rohan\\rohanclient.exe"= UDP:c:\rohan\rohanclient.exe:Rohan Online Game

"UDP Query User{D441AD18-A320-4A1A-92EF-30916DB60741}c:\\rohan\\rohanclient.exe"= TCP:c:\rohan\rohanclient.exe:Rohan Online Game

"TCP Query User{314CE429-B838-40EB-9C8E-A10B43FA82A7}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader>

"UDP Query User{341FA58D-79EE-40BB-AB4B-46E909101D4B}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader>

"TCP Query User{6955AB7D-E15B-494A-8C7B-69D3E7B2F06A}c:\\rohan\\rohanclient.exe"= UDP:c:\rohan\rohanclient.exe:Rohan Online Game

"UDP Query User{76F2C442-8746-44FE-B87B-C42138AC82CE}c:\\rohan\\rohanclient.exe"= TCP:c:\rohan\rohanclient.exe:Rohan Online Game

"TCP Query User{D5A41E45-001E-4223-9E2E-D633A304D942}c:\\ijji\\english\\gunz\\gunz.exe"= UDP:c:\ijji\english\gunz\gunz.exe:Gunz

"UDP Query User{B605508C-90B8-4C29-91F1-18486D10B72D}c:\\ijji\\english\\gunz\\gunz.exe"= TCP:c:\ijji\english\gunz\gunz.exe:Gunz

"TCP Query User{9F8A8F35-0D65-48DE-A1AE-CE32FBA235C2}c:\\program files\\steam\\steamapps\\kana299\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\kana299\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{8EEC0520-F938-4477-824A-BDF28BE9B8F8}c:\\program files\\steam\\steamapps\\kana299\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\kana299\counter-strike\hl.exe:Half-Life Launcher

"TCP Query User{20F8F3DE-F455-4E16-801E-1FF44D29488C}c:\\program files\\steam\\steamapps\\kana299\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\kana299\counter-strike source\hl2.exe:hl2

"UDP Query User{EA9BCF5A-F801-40E0-A668-CB2743F6AFD0}c:\\program files\\steam\\steamapps\\kana299\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\kana299\counter-strike source\hl2.exe:hl2

"TCP Query User{7F82B11A-DBF1-4EF2-84B6-571E26953509}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{DA74D705-E420-46C7-B41A-745B875BEB45}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"{9467E63C-E957-42E4-9DB4-3D991ADC73AE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{C430FCD6-D246-455E-B11B-71D47863AE6A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{90D8609D-8E07-4978-AD2F-DDDFB5A5E769}c:\\users\\adrien\\desktop\\quake iii\\quake3.exe"= UDP:c:\users\adrien\desktop\quake iii\quake3.exe:quake3.exe

"UDP Query User{6DE8BA7F-AF26-4103-9144-A6B085952A86}c:\\users\\adrien\\desktop\\quake iii\\quake3.exe"= TCP:c:\users\adrien\desktop\quake iii\quake3.exe:quake3.exe

"{F6AFE5EB-381C-44FC-98AD-0920A3431301}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{FA926E32-48A3-407A-9381-41B34E10E903}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{01BC6BD1-890F-40DA-9CFE-62394F7ABA32}c:\\ijji\\english\\u_sf.exe"= UDP:c:\ijji\english\u_sf.exe:<ijji Downloader>

"UDP Query User{B87D6FE5-525D-4BBD-B789-6E970A27B321}c:\\ijji\\english\\u_sf.exe"= TCP:c:\ijji\english\u_sf.exe:<ijji Downloader>

"TCP Query User{6E012D25-519B-4701-91E6-319D276D8563}c:\\ijji\\english\\u_sf\\soldierfront.exe"= UDP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront

"UDP Query User{3685066D-5E5C-439B-B632-348C6542B6F8}c:\\ijji\\english\\u_sf\\soldierfront.exe"= TCP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront

"{DC81F1DA-11A5-4FA2-A5B2-7FC7F423C004}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{7ED57C19-A4C5-43D8-A8CA-C24919871E7F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{09C9CD8F-3731-4889-91CA-E667F4F8B794}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet

"UDP Query User{6B9731BE-1C4B-4879-B2AF-32865A663B7E}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet

"TCP Query User{51F4D2D7-39B0-4772-9866-7665A6D667A7}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet

"UDP Query User{C8245F77-0609-4888-9959-52582172D18F}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet

"TCP Query User{8468EFDD-4F11-498D-81B0-3F2B686F9D22}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher

"UDP Query User{09A98941-A965-4D4F-AB2A-E393D00424E6}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher

"TCP Query User{FAE544A5-5A2E-4F29-8A6F-4AFED6BA2C13}c:\\users\\adrien\\desktop\\quake iii\\openarena-0.8.1\\openarena.exe"= UDP:c:\users\adrien\desktop\quake iii\openarena-0.8.1\openarena.exe:openarena.exe

"UDP Query User{0ECEAACD-266B-476E-AB3B-36371E037106}c:\\users\\adrien\\desktop\\quake iii\\openarena-0.8.1\\openarena.exe"= TCP:c:\users\adrien\desktop\quake iii\openarena-0.8.1\openarena.exe:openarena.exe

"{03D5C0D1-597B-4BBD-AC17-C7EF6C3ED147}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{5D1EBBDF-84E7-4C54-A61D-C68FA54236BF}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC

"UDP Query User{D1C83354-4798-4197-A0E7-7CA7DC9EF77A}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC

"{D523567B-9628-4A3C-96A2-562EF93D729C}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box

"{F57FAE58-81EC-423B-90AC-36EA5CA72CCA}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box

"{01AB1E89-272E-48EB-96D2-46FE47DB0062}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box

"{07C65317-C2D6-4176-8404-01F864E0BAD1}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box

"{A90FDDF1-8D9A-495E-9F46-7249E5DDF075}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box

"{F36DA6C1-FD0C-46CB-B2A6-5D29E58A4CC2}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box

"TCP Query User{22E44081-FCFA-4578-AF93-065BB0B8E00C}c:\\xampplite\\apache\\bin\\apache.exe"= UDP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server

"UDP Query User{AD8E2071-93A4-40A8-96F5-2C0D73929B2D}c:\\xampplite\\apache\\bin\\apache.exe"= TCP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server

"TCP Query User{C9052E50-9568-43E3-AEE8-AC96DDB6CFD9}c:\\xampplite\\mysql\\bin\\mysqld.exe"= UDP:c:\xampplite\mysql\bin\mysqld.exe:mysqld

"UDP Query User{F173C1C4-C70D-4022-91F2-5DFE3A02DA05}c:\\xampplite\\mysql\\bin\\mysqld.exe"= TCP:c:\xampplite\mysql\bin\mysqld.exe:mysqld

"TCP Query User{792FC590-D8B9-4B0C-B911-D14BA470967C}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary

"UDP Query User{4A4A96DD-5B71-417F-B532-C6EEBF5A145E}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary

"{8345EAFD-9FA6-469C-B69C-DCD5528F88E3}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

"{D9134F82-4EE4-45E3-A164-3369D6E59501}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

"TCP Query User{A2D3B39A-2A30-4072-BA05-17A61203EB3B}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= UDP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta

"UDP Query User{F51EFE5B-C911-4EE7-951E-0E0A52BE3B27}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= TCP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta

"{FEE24400-0EB8-41AB-86AE-8DC4E4155818}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{53E4A263-1A59-4DB8-A79B-F883CC941C71}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{DC1416BB-16B3-444B-A29E-AEE39695E32F}c:\\xampplite\\apache\\bin\\apache.exe"= UDP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server

"UDP Query User{59E47160-C419-4B11-A9C4-BE778AD1561D}c:\\xampplite\\apache\\bin\\apache.exe"= TCP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server

"TCP Query User{0E1A9A7C-53FB-4242-B5F2-4913C0E0E01C}c:\\xampplite\\mysql\\bin\\mysqld.exe"= UDP:c:\xampplite\mysql\bin\mysqld.exe:mysqld

"UDP Query User{B230D41D-8C2C-4F8B-AF9A-5181E90B9AF5}c:\\xampplite\\mysql\\bin\\mysqld.exe"= TCP:c:\xampplite\mysql\bin\mysqld.exe:mysqld

"{2F9DA5ED-7ED7-4330-A696-4B13E3D12E8D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{CADEBB1A-E671-4FB7-B8BE-B14A41EDCEF5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{C1E11625-BCA4-4325-BAAE-DE9CD8890AAF}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{D1EF55DB-13FB-4B96-AAF9-E70F050F8661}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{8CF646F4-A40F-4CFB-9797-2799C100063B}c:\\program files\\easymule\\emule.exe"= UDP:c:\program files\easymule\emule.exe:easyMule

"UDP Query User{F1060486-385A-4450-88E7-D0A40480C461}c:\\program files\\easymule\\emule.exe"= TCP:c:\program files\easymule\emule.exe:easyMule

"TCP Query User{E2D53D45-348E-48A1-AB4F-C3F200459495}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= UDP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine

"UDP Query User{0CA8F821-6D68-4097-A5EA-628373002FCF}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= TCP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine

"TCP Query User{6213DE5A-3F12-4AEE-A58E-5013D62B880B}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus

"UDP Query User{3162F6CD-AF85-45C5-9067-56944B7E2264}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

"TCP Query User{770FC926-40D7-44A0-996A-8174F1CBFFCA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus

"UDP Query User{C881DABA-9EA2-46F9-AF31-4739E1E86C58}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

"TCP Query User{B4DA3868-7EB8-473E-AF2F-1E7A97B713BC}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary

"UDP Query User{5F24205E-2E84-456C-80D0-143B2FDAD802}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary

"{564BCBA4-3CD2-4FC9-97DA-2836B17F7D52}"= UDP:c:\program files\Pando Networks\Pando\pando.exe:Pando Application

"{AAC8BBFF-891A-4C9F-A609-2192800AC054}"= TCP:c:\program files\Pando Networks\Pando\pando.exe:Pando Application

"{E8D0688A-9FE9-4A25-BAC4-6E83560ECB8A}"= UDP:57243:Pando P2P TCP Listening Port

"{3D7F9471-7145-4B42-9B79-1CA3A015A316}"= TCP:57243:Pando P2P UDP Listening Port

"TCP Query User{643EB77F-3B01-4F7B-980D-8352AAB44EA2}c:\\users\\adrien\\games\\unreal tournament 3\\binaries\\ut3.exe"= UDP:c:\users\adrien\games\unreal tournament 3\binaries\ut3.exe:ut3.exe

"UDP Query User{E8B7C6F3-EB18-48C2-9765-88E3F3B59A44}c:\\users\\adrien\\games\\unreal tournament 3\\binaries\\ut3.exe"= TCP:c:\users\adrien\games\unreal tournament 3\binaries\ut3.exe:ut3.exe

"{265DA783-31A4-44BA-8B79-3AF715991B00}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

 

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [03/08/2009 00:54 1153368]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

 

2009-08-13 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-04 17:43]

 

2009-08-12 c:\windows\Tasks\User_Feed_Synchronization-{AB5DEB27-85AF-4037-92B4-29575A3AE33B}.job

- c:\windows\system32\msfeedssync.exe [2008-09-20 07:33]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.fr/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop

uInternet Settings,ProxyOverride = *.local

IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html

IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm

IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Adrien\AppData\Roaming\Mozilla\Firefox\Profiles\aom3px09.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://google.com

FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-14 00:07

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'Explorer.exe'(5168)

c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\Avira\AntiVir Desktop\sched.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\System32\drivers\XAudio.exe

c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\program files\Hp\QuickPlay\Kernel\TV\QPSched.exe

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\System32\conime.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\program files\Synaptics\SynTP\SynTPEnh.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2009-08-13 0:12 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-13 22:12

ComboFix2.txt 2009-08-03 11:19

 

Pre-Run: 68 750 970 880 octets libres

Post-Run: 75 462 463 488 octets libres

 

499 --- E O F --- 2009-08-13 00:21

Kana Junior Member

Kana

Posté(e)
  • Auteur
Posté(e)

OK c'est que sa a marché alors. Par contre j'ai des fichiers système qui se sont ajouter a C:\ après que j'ai utiliser ComboFix c'est normal ? oO

Les fichiers sont ::

autoexec.bat

bootmgr

config.sys

hiberfil.sys

IO.SYS

MSDOQ.SYS

pagefile.sys

 

 

Je ne sais pas si c'est des copies ou pas j'ai préféré rien toucher.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...