Rapport combofix :
ComboFix 08-08-30.03 - Damien 2008-08-31 22:00:38.3 - NTFSx86 MINIMAL
Microsoft® Windows Vista Édition Intégrale 6.0.6001.1.1252.1.1036.18.1669 [GMT 2:00]
Endroit: C:\Users\Damien\Downloads\ComboFix.exe
Command switches used :: C:\Users\Damien\Desktop\CFScript.txt
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\winxgo32.rom
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 19:56 --------- d-----w C:\Users\Damien\AppData\Roaming\uTorrent
2008-08-31 18:57 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-08-31 17:31 --------- d-----w C:\Program Files\Navilog1
2008-08-31 15:23 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-31 12:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-30 20:50 --------- d-----w C:\Program Files\PC Health Optimizer Free Edition
2008-08-30 18:59 --------- d-----w C:\Program Files\Enigma Software Group
2008-08-30 11:24 --------- d-----w C:\Users\Damien\AppData\Roaming\Malwarebytes
2008-08-30 11:24 --------- d-----w C:\ProgramData\Malwarebytes
2008-08-30 11:20 24,576 ----a-w C:\Windows\System32\VundoFixSVC.exe
2008-08-15 07:24 --------- d-----w C:\ProgramData\NVIDIA
2008-08-14 13:54 296,777 ----a-w C:\Users\Damien\AppData\Roaming\mdb.bin
2008-08-14 06:41 --------- d-----w C:\Program Files\Windows Mail
2008-08-04 18:38 --------- d-----w C:\ProgramData\Xfire
2008-07-31 17:51 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-07-31 17:07 --------- d-----w C:\ProgramData\Media Center Programs
2008-07-31 16:53 --------- d-----w C:\Program Files\THQ
2008-07-29 18:23 136,888 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-07-29 18:23 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-07-25 20:50 --------- d-----w C:\Users\Damien\AppData\Roaming\Xfire
2008-07-24 08:21 --------- d-----w C:\Users\Damien\AppData\Roaming\Turbine
2008-07-22 11:31 --------- d-----w C:\Program Files\Xfire
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-17 15:07 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-07-17 06:59 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-07-17 06:34 22,328 ----a-w C:\Users\Damien\AppData\Roaming\PnkBstrK.sys
2008-07-17 06:11 --------- d-----w C:\Program Files\Activision
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-15 23:09 42,320 ----a-w C:\Windows\System32\xfcodec.dll
2008-07-14 18:59 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-07-06 16:35 --------- d-----w C:\Users\Damien\AppData\Roaming\teamspeak2
2008-07-06 16:35 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-07-06 16:29 --------- d-----w C:\Users\Damien\AppData\Roaming\RetinaX
2008-07-02 08:16 --------- d-----w C:\Program Files\Intel Corporation
2008-06-30 20:34 0 —ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-28 17:00 0 —ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-24 08:31 174 --sha-w C:\Program Files\desktop.ini
2008-06-24 08:15 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-24 08:15 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
2004-11-12 11:49 207,872 ----a-w C:\Program Files\mozilla firefox\plugins\IN_MP3.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-08-31_20.13.18.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-31 17:36:23 1,310,720 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-08-31 19:56:58 1,310,720 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-08-31 17:41:18 1,310,720 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-08-31 19:56:58 1,310,720 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-08-31 17:36:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-31 18:19:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-31 17:36:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-31 18:19:20 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-31 17:36:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-31 18:19:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-31 17:36:58 13,130 ----a-w C:\Windows\System32\WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2510773631-1177197948-1542983943-1000_UserData.bin
- 2008-08-31 18:20:29 13,130 ----a-w C:\Windows\System32\WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2510773631-1177197948-1542983943-1000_UserData.bin
- 2008-08-31 17:36:58 96,148 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-31 18:20:29 96,210 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-31 17:36:57 50,588 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-08-31 18:20:27 50,612 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ehTray.exe”=“C:\Windows\ehome\ehTray.exe” [2008-01-19 09:33 125952]
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-01-19 09:33 1233920]
“NVIDIA nTune”=“C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe” [2007-09-04 19:25 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 22:16 39792]
“Launch LCDMon”=“C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe” [2007-04-18 11:34 774168]
“Launch LGDCore”=“C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe” [2007-04-18 11:55 1132056]
“NvCplDaemon”=“C:\Windows\system32\NvCpl.dll” [2008-05-03 05:46 13535776]
“NvMediaCenter”=“C:\Windows\system32\NvMcTray.dll” [2008-05-03 05:46 92704]
“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2006-12-18 21:34 868352]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-07-19 16:38 78008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
“GrpConv”=“grpconv -o” [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
“EnableLUA”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-11-16 16:57 450646 C:\Windows\System32\PRISMAPI.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.sl_anet”= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
“vidc.yv12”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
“vidc.divx”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
“vidc.iyuv”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
“vidc.yvu9”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
“vidc.uyvy”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
“vidc.yuy2”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
“vidc.yvyu”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
“msacm.msaudio1”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
“VIDC.XFR1”= xfcodec.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
“Sidebar”=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
“NvSvc”=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{3B2CB8D9-C06A-4D3B-844D-BA9BCE1C84C4}”= UDP:9052:BitComet 9052 TCP
“{7FF9E015-AD66-4722-AEBE-1C6EF7C69346}”= TCP:9052:BitComet 9052 UDP
“TCP Query User{FAB147FA-ED34-4959-BF1E-1491D2CC485E}C:\program files\bitcomet\bitcomet.exe”= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
“UDP Query User{22849820-82F6-46EF-9D89-7F4AB709F15F}C:\program files\bitcomet\bitcomet.exe”= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
“TCP Query User{469F3FA0-BE55-439F-9B7A-64417ECD6C0B}C:\program files\codemasters\le seigneur des anneaux online\lotroclient.exe”= UDP:C:\program files\codemasters\le seigneur des anneaux online\lotroclient.exe:lotroclient.exe
“UDP Query User{0D9FA8BC-133C-40C6-949F-7E7CFF3620FF}C:\program files\codemasters\le seigneur des anneaux online\lotroclient.exe”= TCP:C:\program files\codemasters\le seigneur des anneaux online\lotroclient.exe:lotroclient.exe
“TCP Query User{6A190C05-A0D7-4A49-BE56-70AE4B9AED69}C:\users\damien\desktop\company_of_heroes_patch_fr_1_20.exe”= UDP:C:\users\damien\desktop\company_of_heroes_patch_fr_1_20.exe:company_of_heroes_patch_fr_1_20.exe
“UDP Query User{84AD2408-754C-4D2C-BC7B-9DC33EB01C61}C:\users\damien\desktop\company_of_heroes_patch_fr_1_20.exe”= TCP:C:\users\damien\desktop\company_of_heroes_patch_fr_1_20.exe:company_of_heroes_patch_fr_1_20.exe
“TCP Query User{5EC2671D-C078-4C64-A522-7412D7A3846A}C:\users\damien\desktop\company_of_heroes_patch_1-3.exe”= UDP:C:\users\damien\desktop\company_of_heroes_patch_1-3.exe:company_of_heroes_patch_1-3.exe
“UDP Query User{6CD3334C-4A68-4EB0-973F-C1F27620D446}C:\users\damien\desktop\company_of_heroes_patch_1-3.exe”= TCP:C:\users\damien\desktop\company_of_heroes_patch_1-3.exe:company_of_heroes_patch_1-3.exe
“TCP Query User{4177EE4F-C5C4-4941-A18A-6E90C752A750}C:\users\damien\desktop\company_of_heroes_patch_1-2_to_1-3.exe”= UDP:C:\users\damien\desktop\company_of_heroes_patch_1-2_to_1-3.exe:company_of_heroes_patch_1-2_to_1-3.exe
“UDP Query User{CF7557ED-1060-45EF-9C79-6E343917DD4F}C:\users\damien\desktop\company_of_heroes_patch_1-2_to_1-3.exe”= TCP:C:\users\damien\desktop\company_of_heroes_patch_1-2_to_1-3.exe:company_of_heroes_patch_1-2_to_1-3.exe
“{E1DDDA66-2DAD-4727-A869-AA7DE9BE967C}”= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
“{65F061C8-8A2A-4740-856A-91640559C651}”= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
“{A5491510-8723-423D-85D9-16ABC7D033E3}”= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
“{2792E4EC-171B-49ED-89CF-6252A1AC95CD}”= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
“{2E6C621E-D409-4A3C-B771-3C878AB7E44D}”= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
“{9578CD5D-2976-4E65-8C30-3D66D0866511}”= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“{69EADB3E-A48F-4459-9BCE-8CB0AC3E4ED4}”= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
“{06C4F2CE-3D69-4B90-A9C5-CDE920926662}”= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
“{95A2587A-45C7-4516-A5C7-B6D1F859DBA6}”= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
“{2CDA990D-0FC6-48A2-8A2B-A8EAE7DC9D44}”= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
“{3A6B835E-F2F1-4955-A39A-83081F7AE0E4}”= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
“TCP Query User{94C1ECA4-745A-4891-9F34-D951F830AAE6}C:\users\damien\desktop\wow-frfr-installer-downloader.exe”= UDP:C:\users\damien\desktop\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
“UDP Query User{CDE1DA49-8D4D-4ACC-BCFB-D432B92D3B27}C:\users\damien\desktop\wow-frfr-installer-downloader.exe”= TCP:C:\users\damien\desktop\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
“{FA7734A6-7F65-48FB-A274-E51C978C5A6A}”= UDP:3724:Blizzard Downloader
“{5071498C-66BF-4FF6-B84D-B1D6F637F52C}”= UDP:6112:Blizzard Downloader
“{CC221DFD-61B7-407E-A5D5-E2743DB6053A}”= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
“{822030E5-531D-4DB4-A63A-AABBB6FD6B93}”= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
“{7C60BACB-851A-468C-A975-5FF28E248114}”= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
“{52B66C93-FB7F-43D9-BDDA-A10298338683}”= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
“{185331FB-E9C4-4394-A80F-7A1549DE6278}”= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
“{6320D17A-696F-4A5A-96C1-15E34A221062}”= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
“{1BDE75C1-C874-43E9-9904-8B95451DAB35}”= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
“{09F28361-04BA-4687-A4DC-900F29DBF742}”= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
“{938A1F68-37B2-4B05-B1DB-D6264C34BFA9}”= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
“TCP Query User{25E0FAE5-EB9D-4887-BEC3-8532E197633A}C:\program files\codemasters\rf online;\rf.exe”= UDP:C:\program files\codemasters\rf online;\rf.exe:RFLauncher
“UDP Query User{FAD0F95A-DC93-42C8-BB10-A31CA6EAFB78}C:\program files\codemasters\rf online;\rf.exe”= TCP:C:\program files\codemasters\rf online;\rf.exe:RFLauncher
“TCP Query User{5A829D3A-97A4-4AFE-B2FE-A66225C9E57C}C:\program files\common files\nero\nero web\setupx.exe”= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
“UDP Query User{6A1BB185-E029-4279-986B-0F3309818243}C:\program files\common files\nero\nero web\setupx.exe”= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
“TCP Query User{B066D794-D398-4124-805A-574C5B007B7B}C:\program files\sony\station\launchpad\launchpad.exe”= UDP:C:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
“UDP Query User{802FE977-DA4C-48AF-9897-6057FB418053}C:\program files\sony\station\launchpad\launchpad.exe”= TCP:C:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
“TCP Query User{25FC9B26-0DD1-4777-92B7-46D4CF2A0170}C:\program files\xfire\xfire.exe”= UDP:C:\program files\xfire\xfire.exe:Xfire
“UDP Query User{BA4CF34D-B81E-4DA1-A128-F5658DBE6EB5}C:\program files\xfire\xfire.exe”= TCP:C:\program files\xfire\xfire.exe:Xfire
“TCP Query User{9854FF93-E92C-42DF-9463-07700F4294A8}C:\program files\emule\emule.exe”= UDP:C:\program files\emule\emule.exe:eMule
“UDP Query User{CAD2801E-F8AF-4A63-8392-0F61DFF26132}C:\program files\emule\emule.exe”= TCP:C:\program files\emule\emule.exe:eMule
“TCP Query User{F2CE9A1E-3145-467D-A0E8-C97219E23AC3}C:\windows\temp\navbrowser.exe”= UDP:C:\windows\temp\navbrowser.exe:navbrowser.exe
“UDP Query User{8A9B137D-2196-4CCE-86C0-50C71623F2CC}C:\windows\temp\navbrowser.exe”= TCP:C:\windows\temp\navbrowser.exe:navbrowser.exe
“TCP Query User{FE20476A-34FA-499C-B187-E05218A309B8}C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe”= UDP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
“UDP Query User{C5380C8D-0917-4AB4-8EC0-DB220E595820}C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe”= TCP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
“{E08F6C01-9DB3-462C-862B-70F3E683E1D9}”= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
“{64A1684D-2DFC-42A9-8E9B-6A34E5928CFE}”= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
“{4D627972-29D3-4108-AA24-8FC09EDCAD8B}”= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
“{0E4CBE3E-1A52-45D7-8FD5-FA5F4BBD7529}”= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
“TCP Query User{5A8D12EC-0989-4147-A525-33A25BC24D6C}C:\program files\xfire\xfire.exe”= UDP:C:\program files\xfire\xfire.exe:Xfire
“UDP Query User{95C1A641-8959-4AB8-BEC8-C6FE1C08909B}C:\program files\xfire\xfire.exe”= TCP:C:\program files\xfire\xfire.exe:Xfire
“{2F212F9A-2B42-4AFE-B7EC-CA416EA832F0}”= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
“{C48CD45F-E4B1-41B3-AC76-3F22AB7499D8}”= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
“{C7248625-7A33-431F-8C73-E8390ECDC0D8}”= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
“{2D194D10-6A45-444E-9ACA-5A419FC72637}”= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
“{F4D791FF-F584-4B23-BA25-638481CDCAE5}”= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
“{A55C07C4-0BEA-44BD-B4CD-593A0D9D84E2}”= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
“{4ED5893E-B57D-4A9D-BD4B-A86CC2811AF3}”= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
“{B813227B-8D8B-4E8C-BDAD-57E19AE25E54}”= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
“TCP Query User{84E3F1C2-5124-4C0C-BC5D-0F4380306F3A}C:\program files\thq\company of heroes\reliccoh.exe”= UDP:C:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
“UDP Query User{287A018C-42B0-49E9-BDFD-4D45CD8B4EE1}C:\program files\thq\company of heroes\reliccoh.exe”= TCP:C:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
“{DECC8098-BA78-418D-9D2C-FD3125E6602A}”= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
“{914E687D-1843-4609-A678-42EB580648C3}”= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-06-24 10:35]
S1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
S2 TimerStop;TimerStop;C:\Windows\system32\timerstop.sys [2006-12-22 17:44]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 12:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 12:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 12:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 12:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s125obex.sys [2007-04-24 12:33]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2c81e25d-62a9-11dc-9f3e-000b6b9b4c89}]
\shell\AutoRun\command - E:\Launch.exe
Newly Created Service - ECACHE
.
Contenu du dossier ‘Scheduled Tasks/Tâches planifiées’
2008-08-31 C:\Windows\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe []
. -
-
-
- ORPHANS REMOVED - - - -
-
-
HKCU-Run-MSSMSGS - winxgo32.rom
HKLM-RunOnce-@ - (no file)
Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:05:10, on 31/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode
Running processes:
C:\Windows\system32\PRISMSVR.EXE
C:\Windows\Explorer.exe
C:\Users\Damien\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [Launch LCDMon] “C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe”
O4 - HKLM…\Run: [Launch LGDCore] “C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe” /SHOWHIDE
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\RunOnce: [GrpConv] grpconv -o
O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [NVIDIA nTune] “C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe” clear
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
–
End of file - 4056 bytes