Probleme virus
franck castle
Messages postés
136
Statut
Membre
-
franck castle Messages postés 136 Statut Membre -
franck castle Messages postés 136 Statut Membre -
Bonjour,a tous
j'ai un gros probleme aidez moi svp g un ron rouge avec une croix qui s'affiche et met probleme you have a security probleme et sa met sur un site quand je clic dessu pour me refiler un entivirus et sa me refile 1 cheval de troi merci de m'aider
ps; g vista
j'ai un gros probleme aidez moi svp g un ron rouge avec une croix qui s'affiche et met probleme you have a security probleme et sa met sur un site quand je clic dessu pour me refiler un entivirus et sa me refile 1 cheval de troi merci de m'aider
ps; g vista
A voir également:
- Probleme virus
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
19 réponses
Merci Anthony salut :)
pas grave le topic partira aux oubliettes et il reviendra.....
que veux-tu y faire ? lol
on peut pas forcer les gens a avoir un pc sain !!
;)
pas grave le topic partira aux oubliettes et il reviendra.....
que veux-tu y faire ? lol
on peut pas forcer les gens a avoir un pc sain !!
;)
HAHAHA!!! pardon .... :)
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Vas dans "Démarrer" puis Panneau de configuration.
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre.
Tuto
ensuite :
Salut,
commences par ceci pour voir ce qu'il en est,avoir un diagnostic précis et donc repérer les infections possibles et les neutraliser:
Télécharges et installes le logiciel de diagnostic :
ici Hijackthis
ou ici Hijackthis
ou ici Hijackthis
1- Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
tuto pour utilisation :(merci balltrap34)
Regardes ici, c'est parfaitement expliqué en images ,
( Ne fixes encore AUCUNE ligne de ton plein gré, cela pourrait empêcher ton PC de fonctionner correctement )
2- !! Déconnectes toi et fermes toute tes applications en cours !!
Cliques sur le raccourci du bureau pour lancer le prg :
S'il ne se lance pas clique ici
fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile"
--->copies-colles le rapport généré pour analyse
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Vas dans "Démarrer" puis Panneau de configuration.
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre.
Tuto
ensuite :
Salut,
commences par ceci pour voir ce qu'il en est,avoir un diagnostic précis et donc repérer les infections possibles et les neutraliser:
Télécharges et installes le logiciel de diagnostic :
ici Hijackthis
ou ici Hijackthis
ou ici Hijackthis
1- Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
tuto pour utilisation :(merci balltrap34)
Regardes ici, c'est parfaitement expliqué en images ,
( Ne fixes encore AUCUNE ligne de ton plein gré, cela pourrait empêcher ton PC de fonctionner correctement )
2- !! Déconnectes toi et fermes toute tes applications en cours !!
Cliques sur le raccourci du bureau pour lancer le prg :
S'il ne se lance pas clique ici
fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile"
--->copies-colles le rapport généré pour analyse
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:47, on 08/04/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Famille PAN\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Windows\System32\mobsync.exe
C:\Windows\comrepl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\userload.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Users\théophane\Program Files\DNA\btdna.exe
C:\Users\théophane\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\WINDOWS\promo.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\icardagt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\THOPHA~1\LOCALS~1\APPLIC~1\clipsrv.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ALUAlert] "C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [restor] C:\Windows\system32\userload.exe -a
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\Famille PAN\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\théophane\Program Files\DNA\btdna.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.30618; SPOFRB/1.0; .NET CLR 3.5.30729; .NET CLR 1.1.4322; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; MSN Optimized;FR)" -"http://www1.rasterwerks.com/game/phosphor/beta1.asp"
O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\Users\THOPHA~1\LOCALS~1\APPLIC~1\cisvc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\Windows\esentutl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\Users\THOPHA~1\AppData\Roaming\MICROS~1\clipsrv.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [MqtgSVC] C:\Users\THOPHA~1\AppData\Roaming\MICROS~1\mqtgsvc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\Users\THOPHA~1\AppData\Roaming\mstsc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\Windows\comrepl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Spool] C:\Users\THOPHA~1\AppData\Local\Temp\spoolsv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\Windows\System\sessmgr.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\Windows\mqtgsvc.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MstInit] C:\Windows\System32\drivers\mstinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MstInit] C:\Windows\System32\drivers\mstinit.exe /waitservice (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = ?
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
Scan saved at 12:49:47, on 08/04/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Famille PAN\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Windows\System32\mobsync.exe
C:\Windows\comrepl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\userload.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Users\théophane\Program Files\DNA\btdna.exe
C:\Users\théophane\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\WINDOWS\promo.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\icardagt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\THOPHA~1\LOCALS~1\APPLIC~1\clipsrv.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ALUAlert] "C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [restor] C:\Windows\system32\userload.exe -a
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\Famille PAN\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\théophane\Program Files\DNA\btdna.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.30618; SPOFRB/1.0; .NET CLR 3.5.30729; .NET CLR 1.1.4322; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; MSN Optimized;FR)" -"http://www1.rasterwerks.com/game/phosphor/beta1.asp"
O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\Users\THOPHA~1\LOCALS~1\APPLIC~1\cisvc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\Windows\esentutl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\Users\THOPHA~1\AppData\Roaming\MICROS~1\clipsrv.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [MqtgSVC] C:\Users\THOPHA~1\AppData\Roaming\MICROS~1\mqtgsvc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\Users\THOPHA~1\AppData\Roaming\mstsc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\Windows\comrepl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Spool] C:\Users\THOPHA~1\AppData\Local\Temp\spoolsv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\Windows\System\sessmgr.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\Windows\mqtgsvc.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MstInit] C:\Windows\System32\drivers\mstinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MstInit] C:\Windows\System32\drivers\mstinit.exe /waitservice (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = ?
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok vive Avast !! lol
*****************************************************
************** Option A (Recherche) **************
*****************************************************
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
? Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
? Double clique sur l'icône Ad-removersituée sur ton bureau
? Au menu principal choisi l'option "Recherche"
? Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall)
Aides en images (Installation)
Aides en images (Recherche)
ensuite :
Télécharge TOOLBAR S&D ( de Eric_71/Team IDN ) sur ton bureau :
!! Déconnecte toi,desactive tes protections résidentes, et ferme toutes tes applications en cours le temps de la manip. !!
* Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...
--> Tapes ( option " recherche " ) puis tape sur [Entrée].
Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse
( le rapport est en outre sauvegardé ici -> C:\TB.txt )
Tutoriel
*****************************************************
************** Option A (Recherche) **************
*****************************************************
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
? Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
? Double clique sur l'icône Ad-removersituée sur ton bureau
? Au menu principal choisi l'option "Recherche"
? Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall)
Aides en images (Installation)
Aides en images (Recherche)
ensuite :
Télécharge TOOLBAR S&D ( de Eric_71/Team IDN ) sur ton bureau :
!! Déconnecte toi,desactive tes protections résidentes, et ferme toutes tes applications en cours le temps de la manip. !!
* Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...
--> Tapes ( option " recherche " ) puis tape sur [Entrée].
Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse
( le rapport est en outre sauvegardé ici -> C:\TB.txt )
Tutoriel
bon comme tu m as l air pressé,te plaindre toutes les 5 mn , et de rien vouloir comprendre on va passer au plus lourd comme cela ce sera reglé
/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\
______________________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
===========================================================
Lors de son exécution,
ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur votre PC avant toute suppression de nuisibles.
Elle vous permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.
Suivez les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows
et lorsque cela vous est demandé, acceptez le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.
Sous XP
Sous Vista
**Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.
A Lire , Impératif !!!!
Télécharges Combofix :
Et important, enregistre le sous <>souligne"moi.exe"</souligne> sur le bureau.
Avant d'utiliser ComboFix :
______________________________________________________________________
? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
la protection en temps réel de ton Antivirus et de tes Antispywares,
qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
Une fois fait, sur ton bureau double-clic sur "moi.exe"
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc ni de tout autre periphérique ,et n'ouvre aucun programme.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
? Reviens sur le forum, et
copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\
______________________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
===========================================================
Lors de son exécution,
ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur votre PC avant toute suppression de nuisibles.
Elle vous permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.
Suivez les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows
et lorsque cela vous est demandé, acceptez le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.
Sous XP
Sous Vista
**Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.
A Lire , Impératif !!!!
Télécharges Combofix :
Et important, enregistre le sous <>souligne"moi.exe"</souligne> sur le bureau.
Avant d'utiliser ComboFix :
______________________________________________________________________
? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
la protection en temps réel de ton Antivirus et de tes Antispywares,
qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
Une fois fait, sur ton bureau double-clic sur "moi.exe"
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc ni de tout autre periphérique ,et n'ouvre aucun programme.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
? Reviens sur le forum, et
copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
ComboFix 09-04-04.01 - théophane 2009-04-08 13:58:42.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.3327.2282 [GMT 2:00]
Lancé depuis: c:\users\théophane\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090407-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\CrucialSoft Ltd
c:\users\Famille PAN\AppData\Local\ggaaqu.dat
c:\users\Famille PAN\AppData\Local\ggaaqu_nav.dat
c:\users\Famille PAN\AppData\Local\ggaaqu_navps.dat
c:\users\Famille PAN\AppData\Local\ooywyoq.dat
c:\users\Famille PAN\AppData\Local\ooywyoq_nav.dat
c:\users\Famille PAN\AppData\Local\ooywyoq_navps.dat
c:\users\Famille PAN\AppData\Local\wimmuqogq.dat
c:\users\Famille PAN\AppData\Local\wimmuqogq_nav.dat
c:\users\Famille PAN\AppData\Local\wimmuqogq_navps.dat
c:\windows\system\sessmgr.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-08 au 2009-04-08 ))))))))))))))))))))))))))))))))))))
.
2009-04-08 13:19 . 2009-03-19 19:24 86,016 --a------ c:\windows\system\clipsrv.exe
2009-04-08 12:49 . 2009-04-08 12:49 <REP> d-------- c:\program files\Trend Micro
2009-04-08 12:15 . 2009-04-08 12:15 <REP> d-------- c:\users\Famille PAN\AppData\Roaming\Logs
2009-04-08 11:53 . 2009-04-08 11:53 <REP> d-------- c:\users\théophane\AppData\Roaming\dvdcss
2009-04-08 11:50 . 2009-04-08 11:50 <REP> d-------- c:\users\théophane\Program Files
2009-04-08 11:50 . 2009-04-08 11:50 <REP> d-------- c:\users\théophane\Program Files
2009-04-08 11:21 . 2009-04-08 11:24 <REP> d-------- C:\FindyKill
2009-04-08 11:20 . 2009-04-08 11:20 <REP> d-------- c:\program files\CCleaner
2009-04-08 11:14 . 2009-04-08 11:14 2,560 --a------ c:\windows\_MSRSTRT.EXE
2009-04-08 11:12 . 2009-04-08 11:06 68,608 --a------ c:\windows\System32\Ú
2009-04-08 11:06 . 2009-04-08 11:06 68,608 --a------ c:\windows\promo.exe
2009-04-08 11:06 . 2009-04-08 11:06 31,744 --a------ c:\windows\System32\userload.exe
2009-04-07 13:33 . 2009-03-19 19:24 86,016 --a------ c:\windows\comrepl.exe
2009-04-06 17:25 . 2009-04-06 17:25 <REP> d-------- c:\users\théophane\Documents
2009-04-06 17:25 . 2009-04-06 17:25 <REP> d-------- c:\users\théophane\Documents
2009-04-06 17:25 . 2009-04-06 17:25 <REP> d-------- c:\users\All Users\3A26E
2009-04-06 17:25 . 2009-04-06 17:25 <REP> d-------- c:\programdata\3A26E
2009-04-02 12:51 . 2009-03-19 19:24 86,016 --a------ c:\users\théophane\AppData\Roaming\mstsc.exe
2009-04-01 12:30 . 2006-05-03 22:53 174,592 --a------ c:\windows\System32\framedyn.dll
2009-04-01 12:24 . 2006-07-24 16:05 5,632 --a------ c:\windows\System32\drivers\StarOpen.sys
2009-04-01 12:22 . 2007-07-03 16:54 80,552 --a------ c:\windows\System32\drivers\sscdbus.sys
2009-04-01 12:22 . 2007-07-03 17:00 9,256 --a------ c:\windows\System32\drivers\sscdwhnt.sys
2009-04-01 12:22 . 2007-07-03 17:00 9,256 --a------ c:\windows\System32\drivers\sscdwh.sys
2009-04-01 12:19 . 2009-04-01 12:27 <REP> d-------- c:\windows\System32\Samsung_USB_Drivers
2009-04-01 12:19 . 2009-04-01 12:19 <REP> d-------- c:\program files\Samsung
2009-04-01 12:19 . 2005-08-28 20:51 766 --a------ c:\windows\System32\Uninstall.ico
2009-03-29 09:50 . 2009-03-29 09:54 <REP> d-------- c:\users\Famille PAN\Phone Browser
2009-03-29 09:10 . 2009-03-19 19:24 86,016 --a------ c:\windows\System32\drivers\mstinit.exe
2009-03-28 15:49 . 2009-03-28 15:49 <REP> d-------- c:\windows\Sun
2009-03-24 18:20 . 2009-03-19 19:24 86,016 --a------ c:\windows\mqtgsvc.exe
2009-03-23 19:43 . 2009-03-25 10:13 <REP> d-------- c:\users\théophane\AppData\Roaming\BitTorrent
2009-03-23 19:41 . 2009-03-23 19:41 <REP> d-------- c:\users\théophane\AppData\Roaming\Mozilla
2009-03-23 19:41 . 2009-04-08 14:01 <REP> d-------- c:\users\théophane\AppData\Roaming\DNA
2009-03-23 19:41 . 2009-03-23 19:41 <REP> d-------- c:\program files\BitTorrent
2009-03-23 19:41 . 2009-03-23 19:41 <REP> d-------- c:\program files\AskBarDis
2009-03-22 10:08 . 2009-04-08 12:10 <REP> d-------- c:\users\Famille PAN\Tracing
2009-03-22 10:07 . 2009-02-05 23:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-03-21 17:05 . 2009-04-08 13:41 <REP> d-------- c:\users\théophane\Tracing
2009-03-21 17:05 . 2009-04-08 13:41 <REP> d-------- c:\users\théophane\Tracing
2009-03-21 17:05 . 2009-02-06 19:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys
2009-03-21 17:04 . 2009-03-21 17:04 <REP> d-------- c:\program files\Microsoft Sync Framework
2009-03-21 17:02 . 2009-03-21 17:02 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-03-21 17:00 . 2009-03-21 17:00 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-03-21 17:00 . 2009-03-21 17:05 <REP> d-------- c:\program files\Microsoft
2009-03-21 13:43 . 2009-03-21 14:27 <REP> d-------- c:\program files\FindyKill
2009-03-21 13:33 . 2009-03-21 13:33 0 --ah----- c:\users\Default.LOG2
2009-03-21 13:33 . 2009-03-21 13:33 0 --ah----- c:\users\Default.LOG1
2009-03-21 13:33 . 2009-03-21 13:33 0 --ah----- C:\ProgramData.LOG2
2009-03-21 13:33 . 2009-03-21 13:33 0 --ah----- C:\ProgramData.LOG1
2009-03-21 09:31 . 2009-03-21 09:31 <REP> d-------- c:\users\Famille PAN\AppData\Roaming\Webroot
2009-03-21 09:30 . 2009-03-19 19:24 86,016 --a------ c:\windows\esentutl.exe
2009-03-21 09:30 . 2009-03-19 19:24 86,016 --a------ c:\users\Famille PAN\AppData\Roaming\sessmgr.exe
2009-03-20 18:19 . 2009-03-20 18:19 <REP> d-------- c:\program files\Webroot
2009-03-20 14:07 . 2009-03-21 14:24 <REP> d-------- c:\program files\Microsoft Silverlight
2009-03-18 14:25 . 2009-04-08 12:10 <REP> d-------- c:\program files\Steam
2009-03-18 14:25 . 2009-03-18 20:33 <REP> d-------- c:\program files\Common Files\Steam
2009-03-18 11:36 . 2009-03-18 11:36 <REP> d-------- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-18 11:36 . 2009-03-18 11:36 <REP> d-------- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-18 11:36 . 2009-03-18 11:36 <REP> d-------- c:\program files\iTunes
2009-03-18 11:36 . 2009-03-18 11:36 <REP> d-------- c:\program files\iPod
2009-03-18 11:36 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-03-18 11:36 . 2009-01-15 13:19 23,848 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-03-18 11:33 . 2009-03-18 11:34 <REP> d-------- c:\program files\QuickTime
2009-03-16 20:37 . 2009-03-16 20:39 <REP> d-------- c:\program files\RAR Password Cracker
2009-03-16 20:30 . 2009-03-16 20:39 <REP> d-------- c:\program files\MessenPass
2009-03-16 20:30 . 2009-03-16 20:30 39,424 --a------ c:\windows\zipinst.exe
2009-03-16 19:08 . 2009-03-16 19:08 <REP> d-------- c:\users\théophane\AppData\Roaming\DonationCoder
2009-03-16 19:08 . 2009-03-16 19:08 <REP> d-------- c:\users\All Users\DonationCoder
2009-03-16 19:08 . 2009-03-16 19:08 <REP> d-------- c:\programdata\DonationCoder
2009-03-16 19:08 . 2009-03-16 19:12 <REP> d-------- c:\program files\URLSnooper2
2009-03-16 19:08 . 2009-03-16 19:08 46 --a------ c:\windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
2009-03-15 19:57 . 2009-03-15 19:57 <REP> d-------- c:\windows\System32\AGEIA
2009-03-15 19:57 . 2009-03-15 19:57 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-15 19:57 . 2009-03-15 19:58 <REP> d-------- c:\program files\AGEIA Technologies
2009-03-15 19:57 . 2008-03-05 16:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll
2009-03-15 19:57 . 2007-10-12 16:14 3,734,536 --a------ c:\windows\System32\d3dx9_36.dll
2009-03-15 19:57 . 2008-03-05 16:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll
2009-03-15 19:57 . 2007-10-12 16:14 1,374,232 --a------ c:\windows\System32\D3DCompiler_36.dll
2009-03-15 19:57 . 2008-03-05 17:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll
2009-03-15 19:57 . 2008-02-06 00:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll
2009-03-15 19:57 . 2007-10-02 10:56 444,776 --a------ c:\windows\System32\d3dx10_36.dll
2009-03-15 19:57 . 2007-10-22 04:39 267,272 --a------ c:\windows\System32\xactengine2_10.dll
2009-03-15 19:57 . 2008-03-05 17:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll
2009-03-15 19:57 . 2008-03-05 17:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll
2009-03-15 19:57 . 2007-10-22 04:37 17,928 --a------ c:\windows\System32\X3DAudio1_2.dll
2009-03-13 09:50 . 2009-03-13 09:50 <REP> d-------- c:\users\théophane\AppData\Roaming\vghd
2009-03-13 09:50 . 2009-03-13 09:50 <REP> d-------- c:\program files\vghd
2009-03-13 09:50 . 2009-03-13 09:50 152,904 --a------ c:\windows\System32\vghd.scr
2009-03-13 09:50 . 2009-03-13 09:51 3 --a------ c:\windows\sbacknt.bin
2009-03-12 19:24 . 2009-03-12 19:24 <REP> d-------- c:\users\All Users\251BC
2009-03-12 19:24 . 2009-03-12 19:24 <REP> d-------- c:\programdata\251BC
2009-03-11 18:14 . 2009-03-11 18:14 <REP> d-------- c:\users\All Users\1C372
2009-03-11 18:14 . 2009-03-11 18:14 <REP> d-------- c:\programdata\1C372
2009-03-11 18:01 . 2009-03-11 18:01 <REP> d-------- c:\users\All Users\14176
2009-03-11 18:01 . 2009-03-11 18:01 <REP> d-------- c:\programdata\14176
2009-03-11 16:52 . 2009-03-11 16:52 <REP> d-------- c:\program files\NOS
2009-03-11 12:32 . 2009-03-11 12:32 <REP> d-------- c:\users\All Users\2C3DD
2009-03-11 12:32 . 2009-03-11 12:32 <REP> d-------- c:\programdata\2C3DD
2009-03-11 10:10 . 2009-03-11 10:10 <REP> d-------- c:\users\All Users\1013C
2009-03-11 10:10 . 2009-03-11 10:10 <REP> d-------- c:\programdata\1013C
2009-03-11 10:09 . 2009-03-15 20:09 <REP> d-------- c:\program files\iMesh Applications
2009-03-11 09:04 . 2008-12-16 06:00 8,147,968 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 09:04 . 2009-02-09 03:54 2,030,080 --a------ c:\windows\System32\win32k.sys
2009-03-11 09:04 . 2008-11-27 06:42 269,824 --a------ c:\windows\System32\schannel.dll
2009-03-11 09:04 . 2008-12-16 07:53 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 09:04 . 2008-12-16 07:53 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 09:04 . 2008-12-16 07:53 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-10 18:42 . 2009-03-24 19:33 <REP> d-------- C:\divx
2009-03-09 21:53 . 2009-03-09 21:53 <REP> d-------- c:\users\Famille PAN\AppData\Roaming\DeepBurner
2009-03-09 21:53 . 2009-03-13 09:51 <REP> d-------- c:\program files\Astonsoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 12:04 4,718,592 --sha-w c:\users\théophane\ntuser.dat
2009-04-08 12:04 4,718,592 --sha-w c:\users\théophane\ntuser.dat
2009-04-08 12:04 --------- d-s---w c:\users\théophane\AppData\Roaming\Microsoft
2009-04-08 12:01 --------- d-----w c:\users\théophane\AppData\Roaming\DNA
2009-04-08 11:51 --------- d-----w c:\program files\Arovax AntiSpyware
2009-04-08 11:41 --------- d-----w c:\program files\DNA
2009-04-08 10:17 --------- d-----w c:\users\Famille PAN\AppData\Roaming\DNA
2009-04-08 09:53 --------- d-----w c:\users\théophane\AppData\Roaming\dvdcss
2009-04-08 09:13 --------- d-----w c:\program files\DivX
2009-04-04 23:08 --------- d-----w c:\programdata\Lx_cats
2009-04-01 16:00 --------- d-----w c:\program files\Norton Security Scan
2009-04-01 11:02 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-01 10:17 --------- d-----w c:\program files\Common Files\Adobe
2009-03-29 11:20 --------- d-----w c:\programdata\eMule
2009-03-29 11:20 --------- d-----w c:\program files\eMule
2009-03-25 08:13 --------- d-----w c:\users\théophane\AppData\Roaming\BitTorrent
2009-03-23 17:41 --------- d-----w c:\users\théophane\AppData\Roaming\Mozilla
2009-03-23 16:35 --------- d-----w c:\users\théophane\AppData\Roaming\PC Suite
2009-03-21 16:23 --------- d-----w c:\users\théophane\AppData\Roaming\FaxCtr
2009-03-21 15:05 --------- d-----w c:\program files\Windows Live
2009-03-20 17:38 --------- d-----w c:\programdata\Microsoft Help
2009-03-19 17:24 86,016 ----a-w c:\users\théophane\AppData\Roaming\mstsc.exe
2009-03-18 09:36 --------- d-----w c:\programdata\Apple Computer
2009-03-18 09:36 --------- d-----w c:\program files\Common Files\Apple
2009-03-16 17:08 --------- d-----w c:\users\théophane\AppData\Roaming\DonationCoder
2009-03-13 07:50 --------- d-----w c:\users\théophane\AppData\Roaming\vghd
2009-03-11 15:20 --------- d-----w c:\program files\Windows Mail
2009-03-11 15:20 --------- d-----w c:\program files\Google
2009-03-11 15:13 --------- d-----w c:\program files\GRETECH
2009-03-11 15:12 --------- d-----w c:\users\théophane\AppData\Roaming\Adobe
2009-03-11 14:52 --------- d-----w c:\programdata\NOS
2009-03-10 12:21 --------- d-----w c:\users\Famille PAN\AppData\Roaming\DivX
2009-03-09 11:57 --------- d-----w c:\programdata\Media Center Programs
2009-03-02 19:22 --------- d-----w c:\program files\Apowersoft
2009-03-02 10:57 --------- d-----w c:\users\théophane\AppData\Roaming\Desktopicon
2009-03-02 10:57 --------- d-----w c:\program files\FormatFactory
2009-03-02 10:55 --------- d-----w c:\program files\WinAVI MP4 Converter
2009-03-02 09:29 --------- d-----w c:\program files\QuickMediaConverter
2009-03-02 09:27 --------- d-----w c:\users\théophane\AppData\Roaming\MPEG Streamclip
2009-03-02 09:23 --------- d-----w c:\programdata\Video Converter Studio
2009-03-02 09:17 --------- d---a-w c:\programdata\TEMP
2009-03-02 08:43 --------- d-----w c:\program files\Common Files\AVSMedia
2009-03-02 08:43 --------- d-----w c:\program files\AVS4YOU
2009-03-01 09:11 --------- d-----w c:\programdata\1D34B
2009-02-26 18:00 --------- d-----w c:\users\théophane\AppData\Roaming\STOIK
2009-02-26 12:13 --------- d-----w c:\users\théophane\AppData\Roaming\AVS4YOU
2009-02-26 12:13 --------- d-----w c:\programdata\AVS4YOU
2009-02-25 13:28 --------- d-----w c:\users\théophane\AppData\Roaming\Apple Computer
2009-02-25 12:47 --------- d-----w c:\program files\AdVantage
2009-02-25 08:46 --------- d-----w c:\programdata\8331
2009-02-24 17:57 --------- d-----w c:\programdata\262A3
2009-02-24 11:34 --------- d-----w c:\users\théophane\AppData\Roaming\Lexmark Productivity Studio
2009-02-23 12:48 --------- d-----w c:\users\théophane\AppData\Roaming\DivX
2009-02-23 11:58 --------- d-----w c:\users\théophane\AppData\Roaming\OpenOffice.org
2009-02-23 11:55 --------- d-----w c:\programdata\2165
2009-02-22 18:55 --------- d-----w c:\programdata\27246
2009-02-21 20:40 --------- d-----w c:\programdata\6E4
2009-02-21 13:23 --------- d-----w c:\program files\Disc2Phone
2009-02-17 17:50 --------- d-----w c:\users\théophane\AppData\Roaming\vlc
2009-02-16 15:58 --------- d-----w c:\program files\Safari
2009-02-16 15:41 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-16 12:07 --------- d-----w c:\users\théophane\AppData\Roaming\Macromedia
2009-02-15 20:01 --------- d-----w c:\users\théophane\AppData\Roaming\Identities
2009-02-11 14:07 --------- d-----w c:\programdata\795
2009-02-10 17:14 --------- d-----w c:\programdata\F115
2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-12-25 16:01 41,623,352 ----a-w c:\users\Famille PAN\mpman-mpmanager-2008b1107.exe
2008-12-11 19:01 174 --sha-w c:\program files\desktop.ini
2008-10-08 10:43 22,328 ----a-w c:\users\Famille PAN\AppData\Roaming\PnkBstrK.sys
2008-04-23 08:28 0 ----a-w c:\users\Famille PAN\AppData\Roaming\wklnhst.dat
2008-09-22 15:50 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-05-17 13:26 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-17 13:26 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-05-17 13:26 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 18:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-22 29744]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALuNotify.exe" [2009-03-21 492912]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-01 136600]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-27 320168]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SoftwareHelper"="c:\users\Famille PAN\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Esent Utl"="c:\windows\esentutl.exe" [2009-03-19 86016]
"ClipSrv"="c:\users\THOPHA~1\AppData\Roaming\MICROS~1\clipsrv.exe" [2009-03-19 86016]
"MqtgSVC"="c:\users\THOPHA~1\AppData\Roaming\MICROS~1\mqtgsvc.exe" [2009-03-19 86016]
"Mstsc"="c:\users\THOPHA~1\AppData\Roaming\mstsc.exe" [2009-03-19 86016]
"ComRepl"="c:\windows\comrepl.exe" [2009-03-19 86016]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"SessMgr"="c:\windows\System\sessmgr.exe" [2009-03-19 86016]
"MqtgSVC"="c:\windows\mqtgsvc.exe" [2009-03-19 86016]
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MstInit"="c:\windows\System32\drivers\mstinit.exe" [2009-03-19 86016]
c:\users\Famille PAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
Outil de notification Live Search.lnk - c:\users\th‚ophane\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2009-02-16 0]
c:\users\th‚ophane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - c:\users\th‚ophane\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-03-20 135680]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=c:\windows\comrepl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uSsiEfr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2309030696-2253269824-909287681-1000]
"EnableNotificationsRef"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2309030696-2253269824-909287681-1001]
"EnableNotificationsRef"=dword:0000000d
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FCE3843E-947B-4B0B-AFB0-5635BBD95CBE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{096D003D-7744-44AD-9C59-0476734F0AF0}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FA285CC9-B882-4F36-968C-B2C54B82140D}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{C413447A-CC10-4991-AE27-D136FB2B2C50}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{2DDC3B4C-205C-4A55-93A5-3073CAC8ED8C}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{A8FBD885-9F4B-43AB-A015-0B6D0CB90C40}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{E87773EC-5138-4EB7-8AD3-C31F0CA49BDD}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C800FD2A-C74E-440C-890E-1474CD7755A7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6E0EB91F-5D9F-4EC3-A4B7-A1356B023946}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{0EC5FE34-1353-4904-A5F9-0678723A3E3F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{32FEAFA3-77FD-4399-ACA8-9809B6C42639}"= UDP:63331:Windows Live OneCare
"{35CA1D66-0716-48BD-9AF9-9C6345343432}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{AB83A57D-8FC4-4C65-87F5-4E63EFC589C2}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{4E64AB0C-6B83-411E-BEAB-A151FB72C1A3}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{6F4C1CFC-E2E8-4F94-8D50-C3DB9060EF4F}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{34FEBB6C-801C-4C35-A807-9AA746BAA467}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{8683D8C7-1E47-487F-A42A-014E4DE0C69C}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"TCP Query User{A997877A-D30B-45AA-A3A4-ABED132494F3}c:\\program files\\ubisoft\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:c:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"UDP Query User{BF1F1E61-BE8F-4A91-94EB-B193C7DD9601}c:\\program files\\ubisoft\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:c:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"TCP Query User{FB634251-72E3-48FC-8428-2DC5885CA15D}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{27C7AE50-BB25-4538-A465-8D61C8725D60}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{F3271332-69A7-44D0-BE11-769784BBA194}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{852CBCAD-2713-4CB9-BB9C-BFA44ED57562}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{5FE7C8BC-337B-4209-A22A-901FFC9CF08B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A6829B10-1E99-46E5-937C-37207FA16C31}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{0CF2647D-1175-4FAC-9325-3D5617DDA79C}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{080709FE-BECD-4972-93D3-BA7157391AFA}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{FCA721B0-D1BE-4DFF-B039-4278D095AE6B}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{4D84CC21-6650-45F4-88E3-CEB0C7B32D2D}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{F242C707-8967-4CE7-B852-8499A760B7F5}c:\\program files\\steam\\steamapps\\_the___punisher\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\_the___punisher\zombie panic! source\hl2.exe:hl2
"UDP Query User{7405BFDA-7B47-4B48-8FED-4F7AC29ED03C}c:\\program files\\steam\\steamapps\\_the___punisher\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\_the___punisher\zombie panic! source\hl2.exe:hl2
"{81D0EAE7-33B4-4B73-8658-7B09690A74AA}"= UDP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"{380FE089-3EE8-40A7-9C2A-494316548E37}"= TCP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"TCP Query User{3B9EE6C6-AD1F-496D-9E02-1DCE507E898E}c:\\program files\\steam\\steamapps\\butcher169\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\butcher169\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{B825417D-604D-44B3-A5CD-38AF99D6EDD9}c:\\program files\\steam\\steamapps\\butcher169\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\butcher169\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{D19699F2-E2F5-401C-A6ED-F758CD956834}c:\\program files\\steam\\steamapps\\butcher169\\deathmatch classic\\hl.exe"= UDP:c:\program files\steam\steamapps\butcher169\deathmatch classic\hl.exe:Half-Life Launcher
"UDP Query User{11D16FBA-55D6-4D38-9098-5583522A19D2}c:\\program files\\steam\\steamapps\\butcher169\\deathmatch classic\\hl.exe"= TCP:c:\program files\steam\steamapps\butcher169\deathmatch classic\hl.exe:Half-Life Launcher
"TCP Query User{3FE8D1E6-8342-4549-BF92-95BD00786868}c:\\program files\\steam\\steamapps\\butcher169\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\butcher169\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{0A1BAF07-4E35-420E-BBB8-14B14570E76D}c:\\program files\\steam\\steamapps\\butcher169\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\butcher169\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{A00D7C05-0E2D-48A2-A47A-D56A75A9D476}c:\\program files\\steam\\steamapps\\butcher169\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\butcher169\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{975D9803-E862-490F-9B25-AD4FAEB8AE02}c:\\program files\\steam\\steamapps\\butcher169\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\butcher169\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{8E001DBF-1782-48D1-BBE0-5B6F128E6B5A}c:\\program files\\steam\\steamapps\\butcher169\\condition zero deleted scenes\\hl.exe"= UDP:c:\program files\steam\steamapps\butcher169\condition zero deleted scenes\hl.exe:Half-Life Launcher
"UDP Query User{12D66D83-07E4-45C3-BA23-109FA3C1B023}c:\\program files\\steam\\steamapps\\butcher169\\condition zero deleted scenes\\hl.exe"= TCP:c:\program files\steam\steamapps\butcher169\condition zero deleted scenes\hl.exe:Half-Life Launcher
"{6815DFA2-D9EF-4C9B-A47C-219127A052A8}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D6262AA8-45BC-4374-9906-36C4B359DE89}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{710A385F-6CAB-4BEA-A8C0-47D3F5816DE6}c:\\program files\\lexmark 2600 series\\lxdnmon.exe"= UDP:c:\program files\lexmark 2600 series\lxdnmon.exe:Printer Device Monitor
"UDP Query User{DF65B4E5-84A6-4ECA-A03D-02748F16CCFE}c:\\program files\\lexmark 2600 series\\lxdnmon.exe"= TCP:c:\program files\lexmark 2600 series\lxdnmon.exe:Printer Device Monitor
"{DD1E18DA-9CF4-4292-8CA4-D6BF90F29F8D}"= UDP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{F22C2D86-6879-40C8-8DE3-2DE2EFC5D367}"= TCP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{5C3E55B5-767E-4340-AEF9-A7E5232404BD}"= UDP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{12AF702A-03A7-443C-897B-0A2F37D1E4C9}"= TCP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{75163519-765E-4BDF-82DE-5B07FE223AF2}"= UDP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{B6D40139-4C3B-40E1-858E-6EAAE0696724}"= TCP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{D56B155E-E285-411F-9C66-B15FCBE192F3}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{C0D53BCF-6C9F-4B92-9317-CB8F0A27261E}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{9756A846-D457-4007-9098-3A9E9D4945F8}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{DEB11E15-0018-4CDC-AF3D-5EADD6C866B4}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{0E4F212C-E2C0-4CFE-A332-8E9DEFFF614E}"= UDP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{5A361414-6175-4D72-AE12-A3E24C220654}"= TCP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{2943698A-5D94-4618-9BAA-A648C9514DD8}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"{96DD9968-0F08-4DEF-855B-435E26306BBE}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"{FEBB640A-831D-46D7-93D5-DE10FDAB4893}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdntime.exe:Lexmark Connect Time Executable
"{E2E3AD91-6A12-485D-904F-811545ECDA82}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdntime.exe:Lexmark Connect Time Executable
"{3CA7B2DE-42BC-4DC3-8355-D2D4E6AC703D}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdnjswx.exe:Job Status Window Interface
"{850680C4-5AFB-4DBD-906E-EE9667986439}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdnjswx.exe:Job Status Window Interface
"{EE917F18-EB59-4C4E-BB98-EB1B7C76943F}"= UDP:c:\program files\Lexmark 2600 Series\lxdnlscn.exe:
"{B50422EF-A9E4-4DB3-94BF-6AC7EF4B9BC7}"= TCP:c:\program files\Lexmark 2600 Series\lxdnlscn.exe:
"TCP Query User{AE43BC0C-DF46-4A6B-973E-2D583E141F52}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"= UDP:c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"UDP Query User{748213E9-E85B-4C25-BAFC-4BD3C0839C63}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"= TCP:c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"TCP Query User{969CEE82-6433-47E7-A774-0E11FAC243C3}c:\\program files\\lexmark 2600 series\\lxdnlscn.exe"= UDP:c:\program files\lexmark 2600 series\lxdnlscn.exe:lxdnlscn
"UDP Query User{8B52E4A6-5DC6-4AB8-8A24-6796BEBE1F0A}c:\\program files\\lexmark 2600 series\\lxdnlscn.exe"= TCP:c:\program files\lexmark 2600 series\lxdnlscn.exe:lxdnlscn
"TCP Query User{108E483E-51A8-418F-B0F0-43F91317F899}c:\\program files\\steam\\steamapps\\butcher169\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\butcher169\zombie panic! source\hl2.exe:hl2
"UDP Query User{28592FD0-157E-4899-B5DB-C0D6EB083EEF}c:\\program files\\steam\\steamapps\\butcher169\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\butcher169\zombie panic! source\hl2.exe:hl2
"TCP Query User{EF88354B-75F7-446C-8392-26AC86F8B200}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{6F613F71-EAA1-4F80-A5C7-492EBDE6DE1A}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{950BC655-1510-4733-9E5C-9D8B6BD73E15}c:\\users\\famille pan\\program files\\dna\\btdna.exe"= UDP:c:\users\famille pan\program files\dna\btdna.exe:btdna.exe
"UDP Query User{CF17C5C0-CA41-4977-9421-5321C7C3B67D}c:\\users\\famille pan\\program files\\dna\\btdna.exe"= TCP:c:\users\famille pan\program files\dna\btdna.exe:btdna.exe
"{E1B5B499-A4E3-4E17-96EF-215D95196DDD}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{80BA07BC-6219-45B6-8800-8E076C3C7AD4}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"TCP Query User{B68925CA-1704-477F-B002-E9C1E95D7D4E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{875A1777-0E16-4B6A-B3FB-D428338063AE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{874C6288-DAEE-4A83-889A-652727B4526D}c:\\program files\\lphant\\elephantclient.exe"= UDP:c:\program files\lphant\elephantclient.exe:lphant Client
"UDP Query User{413AF0C8-F3CE-470C-AF76-C37DBDE2C306}c:\\program files\\lphant\\elephantclient.exe"= TCP:c:\program files\lphant\elephantclient.exe:lphant Client
"{BED05B2E-C28D-46BB-9148-CD806AF391B9}"= UDP:c:\program files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{231D910E-E9F5-42B4-9199-D86CC62C4D8D}"= TCP:c:\program files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{F04DB7B7-39D4-4950-B35C-2B17CAD3EC69}"= UDP:c:\program files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"{56B9BF10-D97F-41D8-94D0-1B8E5B5533C1}"= TCP:c:\program files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"{8991BC56-DFF0-437D-9C41-93AE2999C14C}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead demo\left4dead.exe:Left 4 Dead Demo
"{C8FDAB96-5A56-4376-90D4-D1F6D1E2A26D}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead demo\left4dead.exe:Left 4 Dead Demo
"TCP Query User{C106139E-31E2-4239-93CF-6403AFEFE31F}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{688F6A14-90D5-479F-A100-9DD13FF43266}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"{B67F45FE-B6BE-45FF-89A0-D4A032CE66B6}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EE108D82-36E4-4F97-A217-0349713E2F16}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{376565C5-BF98-4F60-A5D7-09DC88BFF599}c:\\windows\\system32\\wintems.exe"= UDP:c:\windows\system32\wintems.exe:wintems
"UDP Query User{116BC459-1287-4B8A-8653-65B7D063518A}c:\\windows\\system32\\wintems.exe"= TCP:c:\windows\system32\wintems.exe:wintems
"{05D718F8-D2C8-4C77-874A-507CE2C45B68}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{D047F26E-01FB-40D4-A5B4-6B0A8083E67C}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{4E4A3E57-F566-49FE-9528-B36546D5EBB8}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{F95101C5-9060-4758-9A10-CC4E035CCA8F}"= UDP:c:\program files\Steam\steamapps\common\quake 3 arena demo\quake3.exe:Quake 3 Arena Demo
"{690AFBA0-1095-43CE-B31C-C0E9575F4C0D}"= TCP:c:\program files\Steam\steamapps\common\quake 3 arena demo\quake3.exe:Quake 3 Arena Demo
"{D8058AF8-BF87-4BEA-A924-BC87ED1AA927}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{167B538D-34D6-4D41-A578-1EF10BCB1A3E}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-03-22 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-03-22 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-03-22 51792]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdnserv.exe [2008-02-28 98984]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-03-21 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-11 33176]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-01-01 29744]
.
Contenu du dossier 'Tâches planifiées'
2009-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2309030696-2253269824-909287681-1000.job
- c:\users\Famille PAN\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 09:25]
2009-04-01 c:\windows\Tasks\Norton Security Scan for Famille PAN.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-11 20:20]
2009-04-08 c:\windows\Tasks\User_Feed_Synchronization-{7E4E7836-E76C-49C3-A51C-F4D73B5F562F}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-RunOnce-Shockwave Updater - c:\windows\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.30618; SPOFRB/1.0; .NET CLR 3.5.30729; .NET
HKLM-Explorer_Run-Cisvc - c:\users\THOPHA~1\LOCALS~1\APPLIC~1\cisvc.exe
HKLM-Explorer_Run-Spool - c:\users\THOPHA~1\AppData\Local\Temp\spoolsv.exe
HKU-Default-Explorer_Run-ClipSrv - c:\users\FAMILL~1\LOCALS~1\APPLIC~1\clipsrv.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
mStart Page = hxxp://fr.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 14:05:00
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\lxdncoms.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\users\théophane\AppData\Local\cisvc.exe
c:\users\théophane\AppData\Roaming\Microsoft\mqtgsvc.exe
c:\combofix\hidec.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\users\théophane\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\combofix\Catchme.tmp
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2009-04-08 14:09:50 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-08 12:08:31
Avant-CF: 224 567 066 624 octets libres
Après-CF: 224,895,291,392 octets libres
468 --- E O F --- 2009-04-06 15:16:21
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.3327.2282 [GMT 2:00]
Lancé depuis: c:\users\théophane\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090407-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\CrucialSoft Ltd
c:\users\Famille PAN\AppData\Local\ggaaqu.dat
c:\users\Famille PAN\AppData\Local\ggaaqu_nav.dat
c:\users\Famille PAN\AppData\Local\ggaaqu_navps.dat
c:\users\Famille PAN\AppData\Local\ooywyoq.dat
c:\users\Famille PAN\AppData\Local\ooywyoq_nav.dat
c:\users\Famille PAN\AppData\Local\ooywyoq_navps.dat
c:\users\Famille PAN\AppData\Local\wimmuqogq.dat
c:\users\Famille PAN\AppData\Local\wimmuqogq_nav.dat
c:\users\Famille PAN\AppData\Local\wimmuqogq_navps.dat
c:\windows\system\sessmgr.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-08 au 2009-04-08 ))))))))))))))))))))))))))))))))))))
.
2009-04-08 13:19 . 2009-03-19 19:24 86,016 --a------ c:\windows\system\clipsrv.exe
2009-04-08 12:49 . 2009-04-08 12:49 <REP> d-------- c:\program files\Trend Micro
2009-04-08 12:15 . 2009-04-08 12:15 <REP> d-------- c:\users\Famille PAN\AppData\Roaming\Logs
2009-04-08 11:53 . 2009-04-08 11:53 <REP> d-------- c:\users\théophane\AppData\Roaming\dvdcss
2009-04-08 11:50 . 2009-04-08 11:50 <REP> d-------- c:\users\théophane\Program Files
2009-04-08 11:50 . 2009-04-08 11:50 <REP> d-------- c:\users\théophane\Program Files
2009-04-08 11:21 . 2009-04-08 11:24 <REP> d-------- C:\FindyKill
2009-04-08 11:20 . 2009-04-08 11:20 <REP> d-------- c:\program files\CCleaner
2009-04-08 11:14 . 2009-04-08 11:14 2,560 --a------ c:\windows\_MSRSTRT.EXE
2009-04-08 11:12 . 2009-04-08 11:06 68,608 --a------ c:\windows\System32\Ú
2009-04-08 11:06 . 2009-04-08 11:06 68,608 --a------ c:\windows\promo.exe
2009-04-08 11:06 . 2009-04-08 11:06 31,744 --a------ c:\windows\System32\userload.exe
2009-04-07 13:33 . 2009-03-19 19:24 86,016 --a------ c:\windows\comrepl.exe
2009-04-06 17:25 . 2009-04-06 17:25 <REP> d-------- c:\users\théophane\Documents
2009-04-06 17:25 . 2009-04-06 17:25 <REP> d-------- c:\users\théophane\Documents
2009-04-06 17:25 . 2009-04-06 17:25 <REP> d-------- c:\users\All Users\3A26E
2009-04-06 17:25 . 2009-04-06 17:25 <REP> d-------- c:\programdata\3A26E
2009-04-02 12:51 . 2009-03-19 19:24 86,016 --a------ c:\users\théophane\AppData\Roaming\mstsc.exe
2009-04-01 12:30 . 2006-05-03 22:53 174,592 --a------ c:\windows\System32\framedyn.dll
2009-04-01 12:24 . 2006-07-24 16:05 5,632 --a------ c:\windows\System32\drivers\StarOpen.sys
2009-04-01 12:22 . 2007-07-03 16:54 80,552 --a------ c:\windows\System32\drivers\sscdbus.sys
2009-04-01 12:22 . 2007-07-03 17:00 9,256 --a------ c:\windows\System32\drivers\sscdwhnt.sys
2009-04-01 12:22 . 2007-07-03 17:00 9,256 --a------ c:\windows\System32\drivers\sscdwh.sys
2009-04-01 12:19 . 2009-04-01 12:27 <REP> d-------- c:\windows\System32\Samsung_USB_Drivers
2009-04-01 12:19 . 2009-04-01 12:19 <REP> d-------- c:\program files\Samsung
2009-04-01 12:19 . 2005-08-28 20:51 766 --a------ c:\windows\System32\Uninstall.ico
2009-03-29 09:50 . 2009-03-29 09:54 <REP> d-------- c:\users\Famille PAN\Phone Browser
2009-03-29 09:10 . 2009-03-19 19:24 86,016 --a------ c:\windows\System32\drivers\mstinit.exe
2009-03-28 15:49 . 2009-03-28 15:49 <REP> d-------- c:\windows\Sun
2009-03-24 18:20 . 2009-03-19 19:24 86,016 --a------ c:\windows\mqtgsvc.exe
2009-03-23 19:43 . 2009-03-25 10:13 <REP> d-------- c:\users\théophane\AppData\Roaming\BitTorrent
2009-03-23 19:41 . 2009-03-23 19:41 <REP> d-------- c:\users\théophane\AppData\Roaming\Mozilla
2009-03-23 19:41 . 2009-04-08 14:01 <REP> d-------- c:\users\théophane\AppData\Roaming\DNA
2009-03-23 19:41 . 2009-03-23 19:41 <REP> d-------- c:\program files\BitTorrent
2009-03-23 19:41 . 2009-03-23 19:41 <REP> d-------- c:\program files\AskBarDis
2009-03-22 10:08 . 2009-04-08 12:10 <REP> d-------- c:\users\Famille PAN\Tracing
2009-03-22 10:07 . 2009-02-05 23:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-03-21 17:05 . 2009-04-08 13:41 <REP> d-------- c:\users\théophane\Tracing
2009-03-21 17:05 . 2009-04-08 13:41 <REP> d-------- c:\users\théophane\Tracing
2009-03-21 17:05 . 2009-02-06 19:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys
2009-03-21 17:04 . 2009-03-21 17:04 <REP> d-------- c:\program files\Microsoft Sync Framework
2009-03-21 17:02 . 2009-03-21 17:02 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-03-21 17:00 . 2009-03-21 17:00 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-03-21 17:00 . 2009-03-21 17:05 <REP> d-------- c:\program files\Microsoft
2009-03-21 13:43 . 2009-03-21 14:27 <REP> d-------- c:\program files\FindyKill
2009-03-21 13:33 . 2009-03-21 13:33 0 --ah----- c:\users\Default.LOG2
2009-03-21 13:33 . 2009-03-21 13:33 0 --ah----- c:\users\Default.LOG1
2009-03-21 13:33 . 2009-03-21 13:33 0 --ah----- C:\ProgramData.LOG2
2009-03-21 13:33 . 2009-03-21 13:33 0 --ah----- C:\ProgramData.LOG1
2009-03-21 09:31 . 2009-03-21 09:31 <REP> d-------- c:\users\Famille PAN\AppData\Roaming\Webroot
2009-03-21 09:30 . 2009-03-19 19:24 86,016 --a------ c:\windows\esentutl.exe
2009-03-21 09:30 . 2009-03-19 19:24 86,016 --a------ c:\users\Famille PAN\AppData\Roaming\sessmgr.exe
2009-03-20 18:19 . 2009-03-20 18:19 <REP> d-------- c:\program files\Webroot
2009-03-20 14:07 . 2009-03-21 14:24 <REP> d-------- c:\program files\Microsoft Silverlight
2009-03-18 14:25 . 2009-04-08 12:10 <REP> d-------- c:\program files\Steam
2009-03-18 14:25 . 2009-03-18 20:33 <REP> d-------- c:\program files\Common Files\Steam
2009-03-18 11:36 . 2009-03-18 11:36 <REP> d-------- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-18 11:36 . 2009-03-18 11:36 <REP> d-------- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-18 11:36 . 2009-03-18 11:36 <REP> d-------- c:\program files\iTunes
2009-03-18 11:36 . 2009-03-18 11:36 <REP> d-------- c:\program files\iPod
2009-03-18 11:36 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-03-18 11:36 . 2009-01-15 13:19 23,848 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-03-18 11:33 . 2009-03-18 11:34 <REP> d-------- c:\program files\QuickTime
2009-03-16 20:37 . 2009-03-16 20:39 <REP> d-------- c:\program files\RAR Password Cracker
2009-03-16 20:30 . 2009-03-16 20:39 <REP> d-------- c:\program files\MessenPass
2009-03-16 20:30 . 2009-03-16 20:30 39,424 --a------ c:\windows\zipinst.exe
2009-03-16 19:08 . 2009-03-16 19:08 <REP> d-------- c:\users\théophane\AppData\Roaming\DonationCoder
2009-03-16 19:08 . 2009-03-16 19:08 <REP> d-------- c:\users\All Users\DonationCoder
2009-03-16 19:08 . 2009-03-16 19:08 <REP> d-------- c:\programdata\DonationCoder
2009-03-16 19:08 . 2009-03-16 19:12 <REP> d-------- c:\program files\URLSnooper2
2009-03-16 19:08 . 2009-03-16 19:08 46 --a------ c:\windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
2009-03-15 19:57 . 2009-03-15 19:57 <REP> d-------- c:\windows\System32\AGEIA
2009-03-15 19:57 . 2009-03-15 19:57 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-15 19:57 . 2009-03-15 19:58 <REP> d-------- c:\program files\AGEIA Technologies
2009-03-15 19:57 . 2008-03-05 16:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll
2009-03-15 19:57 . 2007-10-12 16:14 3,734,536 --a------ c:\windows\System32\d3dx9_36.dll
2009-03-15 19:57 . 2008-03-05 16:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll
2009-03-15 19:57 . 2007-10-12 16:14 1,374,232 --a------ c:\windows\System32\D3DCompiler_36.dll
2009-03-15 19:57 . 2008-03-05 17:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll
2009-03-15 19:57 . 2008-02-06 00:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll
2009-03-15 19:57 . 2007-10-02 10:56 444,776 --a------ c:\windows\System32\d3dx10_36.dll
2009-03-15 19:57 . 2007-10-22 04:39 267,272 --a------ c:\windows\System32\xactengine2_10.dll
2009-03-15 19:57 . 2008-03-05 17:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll
2009-03-15 19:57 . 2008-03-05 17:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll
2009-03-15 19:57 . 2007-10-22 04:37 17,928 --a------ c:\windows\System32\X3DAudio1_2.dll
2009-03-13 09:50 . 2009-03-13 09:50 <REP> d-------- c:\users\théophane\AppData\Roaming\vghd
2009-03-13 09:50 . 2009-03-13 09:50 <REP> d-------- c:\program files\vghd
2009-03-13 09:50 . 2009-03-13 09:50 152,904 --a------ c:\windows\System32\vghd.scr
2009-03-13 09:50 . 2009-03-13 09:51 3 --a------ c:\windows\sbacknt.bin
2009-03-12 19:24 . 2009-03-12 19:24 <REP> d-------- c:\users\All Users\251BC
2009-03-12 19:24 . 2009-03-12 19:24 <REP> d-------- c:\programdata\251BC
2009-03-11 18:14 . 2009-03-11 18:14 <REP> d-------- c:\users\All Users\1C372
2009-03-11 18:14 . 2009-03-11 18:14 <REP> d-------- c:\programdata\1C372
2009-03-11 18:01 . 2009-03-11 18:01 <REP> d-------- c:\users\All Users\14176
2009-03-11 18:01 . 2009-03-11 18:01 <REP> d-------- c:\programdata\14176
2009-03-11 16:52 . 2009-03-11 16:52 <REP> d-------- c:\program files\NOS
2009-03-11 12:32 . 2009-03-11 12:32 <REP> d-------- c:\users\All Users\2C3DD
2009-03-11 12:32 . 2009-03-11 12:32 <REP> d-------- c:\programdata\2C3DD
2009-03-11 10:10 . 2009-03-11 10:10 <REP> d-------- c:\users\All Users\1013C
2009-03-11 10:10 . 2009-03-11 10:10 <REP> d-------- c:\programdata\1013C
2009-03-11 10:09 . 2009-03-15 20:09 <REP> d-------- c:\program files\iMesh Applications
2009-03-11 09:04 . 2008-12-16 06:00 8,147,968 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 09:04 . 2009-02-09 03:54 2,030,080 --a------ c:\windows\System32\win32k.sys
2009-03-11 09:04 . 2008-11-27 06:42 269,824 --a------ c:\windows\System32\schannel.dll
2009-03-11 09:04 . 2008-12-16 07:53 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 09:04 . 2008-12-16 07:53 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 09:04 . 2008-12-16 07:53 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-10 18:42 . 2009-03-24 19:33 <REP> d-------- C:\divx
2009-03-09 21:53 . 2009-03-09 21:53 <REP> d-------- c:\users\Famille PAN\AppData\Roaming\DeepBurner
2009-03-09 21:53 . 2009-03-13 09:51 <REP> d-------- c:\program files\Astonsoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 12:04 4,718,592 --sha-w c:\users\théophane\ntuser.dat
2009-04-08 12:04 4,718,592 --sha-w c:\users\théophane\ntuser.dat
2009-04-08 12:04 --------- d-s---w c:\users\théophane\AppData\Roaming\Microsoft
2009-04-08 12:01 --------- d-----w c:\users\théophane\AppData\Roaming\DNA
2009-04-08 11:51 --------- d-----w c:\program files\Arovax AntiSpyware
2009-04-08 11:41 --------- d-----w c:\program files\DNA
2009-04-08 10:17 --------- d-----w c:\users\Famille PAN\AppData\Roaming\DNA
2009-04-08 09:53 --------- d-----w c:\users\théophane\AppData\Roaming\dvdcss
2009-04-08 09:13 --------- d-----w c:\program files\DivX
2009-04-04 23:08 --------- d-----w c:\programdata\Lx_cats
2009-04-01 16:00 --------- d-----w c:\program files\Norton Security Scan
2009-04-01 11:02 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-01 10:17 --------- d-----w c:\program files\Common Files\Adobe
2009-03-29 11:20 --------- d-----w c:\programdata\eMule
2009-03-29 11:20 --------- d-----w c:\program files\eMule
2009-03-25 08:13 --------- d-----w c:\users\théophane\AppData\Roaming\BitTorrent
2009-03-23 17:41 --------- d-----w c:\users\théophane\AppData\Roaming\Mozilla
2009-03-23 16:35 --------- d-----w c:\users\théophane\AppData\Roaming\PC Suite
2009-03-21 16:23 --------- d-----w c:\users\théophane\AppData\Roaming\FaxCtr
2009-03-21 15:05 --------- d-----w c:\program files\Windows Live
2009-03-20 17:38 --------- d-----w c:\programdata\Microsoft Help
2009-03-19 17:24 86,016 ----a-w c:\users\théophane\AppData\Roaming\mstsc.exe
2009-03-18 09:36 --------- d-----w c:\programdata\Apple Computer
2009-03-18 09:36 --------- d-----w c:\program files\Common Files\Apple
2009-03-16 17:08 --------- d-----w c:\users\théophane\AppData\Roaming\DonationCoder
2009-03-13 07:50 --------- d-----w c:\users\théophane\AppData\Roaming\vghd
2009-03-11 15:20 --------- d-----w c:\program files\Windows Mail
2009-03-11 15:20 --------- d-----w c:\program files\Google
2009-03-11 15:13 --------- d-----w c:\program files\GRETECH
2009-03-11 15:12 --------- d-----w c:\users\théophane\AppData\Roaming\Adobe
2009-03-11 14:52 --------- d-----w c:\programdata\NOS
2009-03-10 12:21 --------- d-----w c:\users\Famille PAN\AppData\Roaming\DivX
2009-03-09 11:57 --------- d-----w c:\programdata\Media Center Programs
2009-03-02 19:22 --------- d-----w c:\program files\Apowersoft
2009-03-02 10:57 --------- d-----w c:\users\théophane\AppData\Roaming\Desktopicon
2009-03-02 10:57 --------- d-----w c:\program files\FormatFactory
2009-03-02 10:55 --------- d-----w c:\program files\WinAVI MP4 Converter
2009-03-02 09:29 --------- d-----w c:\program files\QuickMediaConverter
2009-03-02 09:27 --------- d-----w c:\users\théophane\AppData\Roaming\MPEG Streamclip
2009-03-02 09:23 --------- d-----w c:\programdata\Video Converter Studio
2009-03-02 09:17 --------- d---a-w c:\programdata\TEMP
2009-03-02 08:43 --------- d-----w c:\program files\Common Files\AVSMedia
2009-03-02 08:43 --------- d-----w c:\program files\AVS4YOU
2009-03-01 09:11 --------- d-----w c:\programdata\1D34B
2009-02-26 18:00 --------- d-----w c:\users\théophane\AppData\Roaming\STOIK
2009-02-26 12:13 --------- d-----w c:\users\théophane\AppData\Roaming\AVS4YOU
2009-02-26 12:13 --------- d-----w c:\programdata\AVS4YOU
2009-02-25 13:28 --------- d-----w c:\users\théophane\AppData\Roaming\Apple Computer
2009-02-25 12:47 --------- d-----w c:\program files\AdVantage
2009-02-25 08:46 --------- d-----w c:\programdata\8331
2009-02-24 17:57 --------- d-----w c:\programdata\262A3
2009-02-24 11:34 --------- d-----w c:\users\théophane\AppData\Roaming\Lexmark Productivity Studio
2009-02-23 12:48 --------- d-----w c:\users\théophane\AppData\Roaming\DivX
2009-02-23 11:58 --------- d-----w c:\users\théophane\AppData\Roaming\OpenOffice.org
2009-02-23 11:55 --------- d-----w c:\programdata\2165
2009-02-22 18:55 --------- d-----w c:\programdata\27246
2009-02-21 20:40 --------- d-----w c:\programdata\6E4
2009-02-21 13:23 --------- d-----w c:\program files\Disc2Phone
2009-02-17 17:50 --------- d-----w c:\users\théophane\AppData\Roaming\vlc
2009-02-16 15:58 --------- d-----w c:\program files\Safari
2009-02-16 15:41 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-16 12:07 --------- d-----w c:\users\théophane\AppData\Roaming\Macromedia
2009-02-15 20:01 --------- d-----w c:\users\théophane\AppData\Roaming\Identities
2009-02-11 14:07 --------- d-----w c:\programdata\795
2009-02-10 17:14 --------- d-----w c:\programdata\F115
2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-12-25 16:01 41,623,352 ----a-w c:\users\Famille PAN\mpman-mpmanager-2008b1107.exe
2008-12-11 19:01 174 --sha-w c:\program files\desktop.ini
2008-10-08 10:43 22,328 ----a-w c:\users\Famille PAN\AppData\Roaming\PnkBstrK.sys
2008-04-23 08:28 0 ----a-w c:\users\Famille PAN\AppData\Roaming\wklnhst.dat
2008-09-22 15:50 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-05-17 13:26 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-17 13:26 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-05-17 13:26 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 18:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-22 29744]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALuNotify.exe" [2009-03-21 492912]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-01 136600]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-27 320168]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SoftwareHelper"="c:\users\Famille PAN\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Esent Utl"="c:\windows\esentutl.exe" [2009-03-19 86016]
"ClipSrv"="c:\users\THOPHA~1\AppData\Roaming\MICROS~1\clipsrv.exe" [2009-03-19 86016]
"MqtgSVC"="c:\users\THOPHA~1\AppData\Roaming\MICROS~1\mqtgsvc.exe" [2009-03-19 86016]
"Mstsc"="c:\users\THOPHA~1\AppData\Roaming\mstsc.exe" [2009-03-19 86016]
"ComRepl"="c:\windows\comrepl.exe" [2009-03-19 86016]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"SessMgr"="c:\windows\System\sessmgr.exe" [2009-03-19 86016]
"MqtgSVC"="c:\windows\mqtgsvc.exe" [2009-03-19 86016]
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MstInit"="c:\windows\System32\drivers\mstinit.exe" [2009-03-19 86016]
c:\users\Famille PAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
Outil de notification Live Search.lnk - c:\users\th‚ophane\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2009-02-16 0]
c:\users\th‚ophane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - c:\users\th‚ophane\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-03-20 135680]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=c:\windows\comrepl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uSsiEfr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2309030696-2253269824-909287681-1000]
"EnableNotificationsRef"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2309030696-2253269824-909287681-1001]
"EnableNotificationsRef"=dword:0000000d
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FCE3843E-947B-4B0B-AFB0-5635BBD95CBE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{096D003D-7744-44AD-9C59-0476734F0AF0}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FA285CC9-B882-4F36-968C-B2C54B82140D}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{C413447A-CC10-4991-AE27-D136FB2B2C50}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{2DDC3B4C-205C-4A55-93A5-3073CAC8ED8C}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{A8FBD885-9F4B-43AB-A015-0B6D0CB90C40}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{E87773EC-5138-4EB7-8AD3-C31F0CA49BDD}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C800FD2A-C74E-440C-890E-1474CD7755A7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6E0EB91F-5D9F-4EC3-A4B7-A1356B023946}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{0EC5FE34-1353-4904-A5F9-0678723A3E3F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{32FEAFA3-77FD-4399-ACA8-9809B6C42639}"= UDP:63331:Windows Live OneCare
"{35CA1D66-0716-48BD-9AF9-9C6345343432}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{AB83A57D-8FC4-4C65-87F5-4E63EFC589C2}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{4E64AB0C-6B83-411E-BEAB-A151FB72C1A3}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{6F4C1CFC-E2E8-4F94-8D50-C3DB9060EF4F}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{34FEBB6C-801C-4C35-A807-9AA746BAA467}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{8683D8C7-1E47-487F-A42A-014E4DE0C69C}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"TCP Query User{A997877A-D30B-45AA-A3A4-ABED132494F3}c:\\program files\\ubisoft\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:c:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"UDP Query User{BF1F1E61-BE8F-4A91-94EB-B193C7DD9601}c:\\program files\\ubisoft\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:c:\program files\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"TCP Query User{FB634251-72E3-48FC-8428-2DC5885CA15D}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{27C7AE50-BB25-4538-A465-8D61C8725D60}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{F3271332-69A7-44D0-BE11-769784BBA194}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{852CBCAD-2713-4CB9-BB9C-BFA44ED57562}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{5FE7C8BC-337B-4209-A22A-901FFC9CF08B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A6829B10-1E99-46E5-937C-37207FA16C31}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{0CF2647D-1175-4FAC-9325-3D5617DDA79C}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{080709FE-BECD-4972-93D3-BA7157391AFA}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{FCA721B0-D1BE-4DFF-B039-4278D095AE6B}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{4D84CC21-6650-45F4-88E3-CEB0C7B32D2D}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{F242C707-8967-4CE7-B852-8499A760B7F5}c:\\program files\\steam\\steamapps\\_the___punisher\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\_the___punisher\zombie panic! source\hl2.exe:hl2
"UDP Query User{7405BFDA-7B47-4B48-8FED-4F7AC29ED03C}c:\\program files\\steam\\steamapps\\_the___punisher\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\_the___punisher\zombie panic! source\hl2.exe:hl2
"{81D0EAE7-33B4-4B73-8658-7B09690A74AA}"= UDP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"{380FE089-3EE8-40A7-9C2A-494316548E37}"= TCP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"TCP Query User{3B9EE6C6-AD1F-496D-9E02-1DCE507E898E}c:\\program files\\steam\\steamapps\\butcher169\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\butcher169\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{B825417D-604D-44B3-A5CD-38AF99D6EDD9}c:\\program files\\steam\\steamapps\\butcher169\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\butcher169\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{D19699F2-E2F5-401C-A6ED-F758CD956834}c:\\program files\\steam\\steamapps\\butcher169\\deathmatch classic\\hl.exe"= UDP:c:\program files\steam\steamapps\butcher169\deathmatch classic\hl.exe:Half-Life Launcher
"UDP Query User{11D16FBA-55D6-4D38-9098-5583522A19D2}c:\\program files\\steam\\steamapps\\butcher169\\deathmatch classic\\hl.exe"= TCP:c:\program files\steam\steamapps\butcher169\deathmatch classic\hl.exe:Half-Life Launcher
"TCP Query User{3FE8D1E6-8342-4549-BF92-95BD00786868}c:\\program files\\steam\\steamapps\\butcher169\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\butcher169\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{0A1BAF07-4E35-420E-BBB8-14B14570E76D}c:\\program files\\steam\\steamapps\\butcher169\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\butcher169\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{A00D7C05-0E2D-48A2-A47A-D56A75A9D476}c:\\program files\\steam\\steamapps\\butcher169\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\butcher169\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{975D9803-E862-490F-9B25-AD4FAEB8AE02}c:\\program files\\steam\\steamapps\\butcher169\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\butcher169\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{8E001DBF-1782-48D1-BBE0-5B6F128E6B5A}c:\\program files\\steam\\steamapps\\butcher169\\condition zero deleted scenes\\hl.exe"= UDP:c:\program files\steam\steamapps\butcher169\condition zero deleted scenes\hl.exe:Half-Life Launcher
"UDP Query User{12D66D83-07E4-45C3-BA23-109FA3C1B023}c:\\program files\\steam\\steamapps\\butcher169\\condition zero deleted scenes\\hl.exe"= TCP:c:\program files\steam\steamapps\butcher169\condition zero deleted scenes\hl.exe:Half-Life Launcher
"{6815DFA2-D9EF-4C9B-A47C-219127A052A8}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D6262AA8-45BC-4374-9906-36C4B359DE89}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{710A385F-6CAB-4BEA-A8C0-47D3F5816DE6}c:\\program files\\lexmark 2600 series\\lxdnmon.exe"= UDP:c:\program files\lexmark 2600 series\lxdnmon.exe:Printer Device Monitor
"UDP Query User{DF65B4E5-84A6-4ECA-A03D-02748F16CCFE}c:\\program files\\lexmark 2600 series\\lxdnmon.exe"= TCP:c:\program files\lexmark 2600 series\lxdnmon.exe:Printer Device Monitor
"{DD1E18DA-9CF4-4292-8CA4-D6BF90F29F8D}"= UDP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{F22C2D86-6879-40C8-8DE3-2DE2EFC5D367}"= TCP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{5C3E55B5-767E-4340-AEF9-A7E5232404BD}"= UDP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{12AF702A-03A7-443C-897B-0A2F37D1E4C9}"= TCP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{75163519-765E-4BDF-82DE-5B07FE223AF2}"= UDP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{B6D40139-4C3B-40E1-858E-6EAAE0696724}"= TCP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{D56B155E-E285-411F-9C66-B15FCBE192F3}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{C0D53BCF-6C9F-4B92-9317-CB8F0A27261E}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{9756A846-D457-4007-9098-3A9E9D4945F8}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{DEB11E15-0018-4CDC-AF3D-5EADD6C866B4}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{0E4F212C-E2C0-4CFE-A332-8E9DEFFF614E}"= UDP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{5A361414-6175-4D72-AE12-A3E24C220654}"= TCP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{2943698A-5D94-4618-9BAA-A648C9514DD8}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"{96DD9968-0F08-4DEF-855B-435E26306BBE}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"{FEBB640A-831D-46D7-93D5-DE10FDAB4893}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdntime.exe:Lexmark Connect Time Executable
"{E2E3AD91-6A12-485D-904F-811545ECDA82}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdntime.exe:Lexmark Connect Time Executable
"{3CA7B2DE-42BC-4DC3-8355-D2D4E6AC703D}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdnjswx.exe:Job Status Window Interface
"{850680C4-5AFB-4DBD-906E-EE9667986439}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdnjswx.exe:Job Status Window Interface
"{EE917F18-EB59-4C4E-BB98-EB1B7C76943F}"= UDP:c:\program files\Lexmark 2600 Series\lxdnlscn.exe:
"{B50422EF-A9E4-4DB3-94BF-6AC7EF4B9BC7}"= TCP:c:\program files\Lexmark 2600 Series\lxdnlscn.exe:
"TCP Query User{AE43BC0C-DF46-4A6B-973E-2D583E141F52}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"= UDP:c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"UDP Query User{748213E9-E85B-4C25-BAFC-4BD3C0839C63}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"= TCP:c:\windows\system32\spool\drivers\w32x86\3\lxdnpswx.exe:Printer Status Window Interface
"TCP Query User{969CEE82-6433-47E7-A774-0E11FAC243C3}c:\\program files\\lexmark 2600 series\\lxdnlscn.exe"= UDP:c:\program files\lexmark 2600 series\lxdnlscn.exe:lxdnlscn
"UDP Query User{8B52E4A6-5DC6-4AB8-8A24-6796BEBE1F0A}c:\\program files\\lexmark 2600 series\\lxdnlscn.exe"= TCP:c:\program files\lexmark 2600 series\lxdnlscn.exe:lxdnlscn
"TCP Query User{108E483E-51A8-418F-B0F0-43F91317F899}c:\\program files\\steam\\steamapps\\butcher169\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\butcher169\zombie panic! source\hl2.exe:hl2
"UDP Query User{28592FD0-157E-4899-B5DB-C0D6EB083EEF}c:\\program files\\steam\\steamapps\\butcher169\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\butcher169\zombie panic! source\hl2.exe:hl2
"TCP Query User{EF88354B-75F7-446C-8392-26AC86F8B200}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{6F613F71-EAA1-4F80-A5C7-492EBDE6DE1A}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{950BC655-1510-4733-9E5C-9D8B6BD73E15}c:\\users\\famille pan\\program files\\dna\\btdna.exe"= UDP:c:\users\famille pan\program files\dna\btdna.exe:btdna.exe
"UDP Query User{CF17C5C0-CA41-4977-9421-5321C7C3B67D}c:\\users\\famille pan\\program files\\dna\\btdna.exe"= TCP:c:\users\famille pan\program files\dna\btdna.exe:btdna.exe
"{E1B5B499-A4E3-4E17-96EF-215D95196DDD}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{80BA07BC-6219-45B6-8800-8E076C3C7AD4}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"TCP Query User{B68925CA-1704-477F-B002-E9C1E95D7D4E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{875A1777-0E16-4B6A-B3FB-D428338063AE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{874C6288-DAEE-4A83-889A-652727B4526D}c:\\program files\\lphant\\elephantclient.exe"= UDP:c:\program files\lphant\elephantclient.exe:lphant Client
"UDP Query User{413AF0C8-F3CE-470C-AF76-C37DBDE2C306}c:\\program files\\lphant\\elephantclient.exe"= TCP:c:\program files\lphant\elephantclient.exe:lphant Client
"{BED05B2E-C28D-46BB-9148-CD806AF391B9}"= UDP:c:\program files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{231D910E-E9F5-42B4-9199-D86CC62C4D8D}"= TCP:c:\program files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:TrackMania Nations Forever
"{F04DB7B7-39D4-4950-B35C-2B17CAD3EC69}"= UDP:c:\program files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"{56B9BF10-D97F-41D8-94D0-1B8E5B5533C1}"= TCP:c:\program files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:TrackMania Nations Forever
"{8991BC56-DFF0-437D-9C41-93AE2999C14C}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead demo\left4dead.exe:Left 4 Dead Demo
"{C8FDAB96-5A56-4376-90D4-D1F6D1E2A26D}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead demo\left4dead.exe:Left 4 Dead Demo
"TCP Query User{C106139E-31E2-4239-93CF-6403AFEFE31F}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{688F6A14-90D5-479F-A100-9DD13FF43266}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"{B67F45FE-B6BE-45FF-89A0-D4A032CE66B6}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EE108D82-36E4-4F97-A217-0349713E2F16}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{376565C5-BF98-4F60-A5D7-09DC88BFF599}c:\\windows\\system32\\wintems.exe"= UDP:c:\windows\system32\wintems.exe:wintems
"UDP Query User{116BC459-1287-4B8A-8653-65B7D063518A}c:\\windows\\system32\\wintems.exe"= TCP:c:\windows\system32\wintems.exe:wintems
"{05D718F8-D2C8-4C77-874A-507CE2C45B68}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{D047F26E-01FB-40D4-A5B4-6B0A8083E67C}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{4E4A3E57-F566-49FE-9528-B36546D5EBB8}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{F95101C5-9060-4758-9A10-CC4E035CCA8F}"= UDP:c:\program files\Steam\steamapps\common\quake 3 arena demo\quake3.exe:Quake 3 Arena Demo
"{690AFBA0-1095-43CE-B31C-C0E9575F4C0D}"= TCP:c:\program files\Steam\steamapps\common\quake 3 arena demo\quake3.exe:Quake 3 Arena Demo
"{D8058AF8-BF87-4BEA-A924-BC87ED1AA927}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{167B538D-34D6-4D41-A578-1EF10BCB1A3E}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-03-22 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-03-22 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-03-22 51792]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdnserv.exe [2008-02-28 98984]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-03-21 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-11 33176]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-01-01 29744]
.
Contenu du dossier 'Tâches planifiées'
2009-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2309030696-2253269824-909287681-1000.job
- c:\users\Famille PAN\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 09:25]
2009-04-01 c:\windows\Tasks\Norton Security Scan for Famille PAN.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-11 20:20]
2009-04-08 c:\windows\Tasks\User_Feed_Synchronization-{7E4E7836-E76C-49C3-A51C-F4D73B5F562F}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-RunOnce-Shockwave Updater - c:\windows\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.30618; SPOFRB/1.0; .NET CLR 3.5.30729; .NET
HKLM-Explorer_Run-Cisvc - c:\users\THOPHA~1\LOCALS~1\APPLIC~1\cisvc.exe
HKLM-Explorer_Run-Spool - c:\users\THOPHA~1\AppData\Local\Temp\spoolsv.exe
HKU-Default-Explorer_Run-ClipSrv - c:\users\FAMILL~1\LOCALS~1\APPLIC~1\clipsrv.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
mStart Page = hxxp://fr.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 14:05:00
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\lxdncoms.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\users\théophane\AppData\Local\cisvc.exe
c:\users\théophane\AppData\Roaming\Microsoft\mqtgsvc.exe
c:\combofix\hidec.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\users\théophane\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\combofix\Catchme.tmp
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2009-04-08 14:09:50 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-08 12:08:31
Avant-CF: 224 567 066 624 octets libres
Après-CF: 224,895,291,392 octets libres
468 --- E O F --- 2009-04-06 15:16:21
Salut ;)
Apparemment franck castle ne revient jamais jusqu'au bout des désinfections :(
Exemple : http://www.commentcamarche.net/forum/affich 11622019 probleme antivirus
En plus c'est un adepte des cracks : infections bagle sur le sujet cité plus haut, et ici trojan Calac, qui s'attrapent tous deux par l'intermédiaire de cracks infectés....
@+
Apparemment franck castle ne revient jamais jusqu'au bout des désinfections :(
Exemple : http://www.commentcamarche.net/forum/affich 11622019 probleme antivirus
En plus c'est un adepte des cracks : infections bagle sur le sujet cité plus haut, et ici trojan Calac, qui s'attrapent tous deux par l'intermédiaire de cracks infectés....
@+
Salut,
Fais ce que gen-hackman t'a indiqué ici : http://www.commentcamarche.net/forum/affich 11900388 probleme virus?#3
Désactive ton antivirus AVANT de télécharger ces 2 logiciels, il fait des fausses alertes sur ces programmes
Attention, la désinfection ne sera pas terminée après ça !
Tu as aussi un trojan Calac, très difficile à supprimer --> il faudra faire un script Combofix.
Fais ce que gen-hackman t'a indiqué ici : http://www.commentcamarche.net/forum/affich 11900388 probleme virus?#3
Désactive ton antivirus AVANT de télécharger ces 2 logiciels, il fait des fausses alertes sur ces programmes
Attention, la désinfection ne sera pas terminée après ça !
Tu as aussi un trojan Calac, très difficile à supprimer --> il faudra faire un script Combofix.
merci Anthony j'etais pas trop present ces derniers moments (soucis de VM + depannage PC a dom :))
bonjour quand meme :)
bonjour quand meme :)
