tout été fait
vundofix n’a rien trouve et je joins le rapport combofix
ComboFix 08-11-26.03 - utilisateur 2008-11-26 18:32:13.1 - NTFSx86
Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.993 [GMT 1:00]
Lancé depuis: c:\users\utilisateur\Desktop\ComboFix.exe
- Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\fbk.sts
c:\users\utilisateur\AppData\Roaming\inst.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-26 au 2008-11-26 ))))))))))))))))))))))))))))))))))))
.
2008-11-26 13:25 . 2008-11-26 13:25 d-------- C:\VundoFix Backups
2008-11-26 08:41 . 2008-11-26 08:41 d-------- c:\users\utilisateur\AppData\Roaming\Malwarebytes
2008-11-26 08:41 . 2008-11-26 08:41 d-------- c:\users\All Users\Malwarebytes
2008-11-26 08:41 . 2008-11-26 08:41 d-------- c:\programdata\Malwarebytes
2008-11-26 08:41 . 2008-11-26 11:15 d-------- c:\program files\Malwarebytes’ Anti-Malware
2008-11-26 08:41 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-26 08:41 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-24 13:42 . 2008-11-24 13:41 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-24 13:35 . 2008-11-24 13:35 d-------- c:\windows\BDOSCAN8
2008-11-23 15:12 . 2008-11-23 15:13 d-------- c:\windows\System32\X
2008-11-23 15:12 . 2008-11-24 09:09 d-------- c:\windows\System32\vo2
2008-11-23 15:12 . 2008-11-23 15:12 d-------- c:\windows\System32\qt2
2008-11-23 15:12 . 2008-11-26 11:16 d-------- c:\windows\System32\GI2
2008-11-23 15:12 . 2008-11-24 09:09 d-------- c:\windows\System32\dPI02
2008-11-23 15:12 . 2008-11-24 09:09 d–hs---- c:\windows\dXRpbGlzYXRldXI
2008-11-23 15:12 . 2008-11-23 15:12 d-------- c:\temp\FT62
2008-11-23 15:12 . 2008-11-23 15:12 46,080 --a------ c:\users\utilisateur\gif.exe
2008-11-23 15:12 . 2008-11-23 15:12 65 --a------ c:\users\utilisateur\ff.bat
2008-11-14 14:15 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-14 14:15 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-14 14:15 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-14 14:15 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-14 14:14 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-14 14:14 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-14 14:14 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-14 14:14 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-14 14:14 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-12 14:40 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 14:40 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 14:40 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-04 22:46 . 2008-11-04 22:46 d-------- c:\program files\WinUHA
2008-11-04 17:00 . 2008-11-13 18:06 d-------- c:\users\utilisateur\AppData\Roaming\Red Alert 3
2008-11-04 16:36 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2008-11-04 16:36 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2008-11-04 16:36 . 2007-07-19 18:14 1,358,192 --a------ c:\windows\System32\D3DCompiler_35.dll
2008-11-04 16:36 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2008-11-04 16:36 . 2007-07-19 18:14 444,776 --a------ c:\windows\System32\d3dx10_35.dll
2008-11-03 13:50 . 2008-11-03 13:56 d-------- C:\Lop SD
2008-11-03 13:47 . 2008-11-03 13:45 529,069 --a------ c:\users\Public\LopSD.exe
2008-11-03 13:43 . 2008-11-02 18:13 334,738 --a------ c:\users\Public\viamichelin.zip
2008-11-03 13:19 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-03 13:19 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-03 13:19 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-03 13:19 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-03 13:19 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-11-03 13:18 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-11-03 13:18 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-11-03 13:18 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 15:14 --------- d-----w c:\programdata\Google Updater
2008-11-24 12:41 --------- d-----w c:\program files\Java
2008-11-24 12:26 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-19 07:34 --------- d-----w c:\programdata\Microsoft Help
2008-11-18 18:02 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2008-11-15 08:41 --------- d-----w c:\program files\Common Files\Adobe
2008-11-14 13:16 --------- d-----w c:\program files\Google
2008-11-13 17:10 --------- d-----w c:\users\utilisateur\AppData\Roaming\Hamachi
2008-11-04 15:56 10,978 ----a-w c:\windows\System32\ealregsnapshot1.reg
2008-10-21 16:46 --------- d-----w c:\programdata\Messenger Plus!
2008-10-21 11:08 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-17 06:35 --------- d-----w c:\program files\Windows Mail
2008-10-15 06:27 355,584 ----a-w c:\windows\System32\TuneUpDefragService.exe
2008-10-15 06:27 --------- d-----w c:\users\utilisateur\AppData\Roaming\TuneUp Software
2008-10-15 06:27 --------- d-----w c:\programdata\TuneUp Software
2008-10-15 06:26 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-09 14:43 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-06 10:44 --------- d-----w c:\program files\Common Files\Softwin
2008-10-06 10:43 81,984 ----a-w c:\windows\System32\bdod.bin
2008-10-06 10:43 --------- d-----w c:\programdata\BitDefender
2008-10-06 08:38 --------- d-----w c:\programdata\PLUSHEARTKEEP
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 18:14 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-29 13:41 --------- d-----w c:\programdata\Media Center Programs
2008-09-29 13:41 --------- d-----w c:\program files\GUILD WARS
2008-09-24 18:21 38,459 ----a-w c:\users\utilisateur\AppData\Roaming\mdb.bin
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-04 13:42 253,116 ----a-w c:\windows\PDFCreator_Toolbar_Uninstaller_5867.exe
2008-09-04 13:25 112,436 ----a-w c:\windows\System32~.tmp
2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 07:53 65,536 ----a-w c:\windows\System32\jdns_sd.dll
2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-06-28 15:50 174 --sha-w c:\program files\desktop.ini
2008-02-21 15:40 225,280 ----a-w c:\users\utilisateur\AppData\Roaming\Rewire.dll
2008-02-17 09:20 47,360 ----a-w c:\users\utilisateur\AppData\Roaming\pcouffin.sys
2007-12-10 20:07 22,328 ----a-w c:\users\utilisateur\AppData\Roaming\PnkBstrK.sys
2006-05-03 09:06 163,328 --sh–r c:\windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh–r c:\windows\System32\msfDX.dll
2007-12-17 12:43 27,648 --sh–w c:\windows\System32\Smab0.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2008-01-19 1233920]
“Free Uploader Oe Integration”=“d:\program files\Free Download Manager\FUM\fumoei.exe” [2007-06-10 40960]
“ehTray.exe”=“c:\windows\ehome\ehTray.exe” [2008-01-19 125952]
“SpybotSD TeaTimer”=“c:\program files\Spybot - Search & Destroy\TeaTimer.exe” [2008-09-16 1833296]
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-11-18 81000]
“SystrayORAHSS”=“c:\program files\OrangeHSS\Systray\SystrayApp.exe” [2006-12-12 90112]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2008-11-24 136600]
“CloneCDTray”=“d:\program files\SlySoft\CloneCD\CloneCDTray.exe” [2006-09-28 57344]
“SMSTray”=“c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe” [2007-12-14 132624]
“NvSvc”=“c:\windows\system32\nvsvc.dll” [2007-09-12 86016]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2007-09-12 8497696]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2007-09-12 81920]
“H2O”=“c:\program files\SyncroSoft\Pos\H2O\cledx.exe” [2005-10-22 385024]
“SearchSettings”=“c:\program files\Search Settings\SearchSettings.exe” [2008-06-12 991584]
“NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 153136]
“QuickTime Task”=“d:\program files\QuickTime\QTTask.exe” [2008-09-06 413696]
“AppleSyncNotifier”=“c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe” [2008-09-03 111936]
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe” [2008-09-10 289576]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.I420”= i420vfw.dll
“msacm.l3fhg”= mp3fhg.acm
“msacm.divxa32”= divxa32.acm
“VIDC.X264”= x264vfw.dll
“VIDC.HFYU”= huffyuv.dll
“vidc.i263”= i263_32.drv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
“Device Detection”=d:\program files\Auchan Photogénie\dd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“TCP Query User{4602962D-D56D-42DE-A429-F9A402F99DEA}c:\program files\orangehss\browser\browser.exe”= UDP:c:\program files\orangehss\browser\browser.exe:Browser
“UDP Query User{C32BE9B1-5362-4EE8-BF9F-86DFD4AFD59F}c:\program files\orangehss\browser\browser.exe”= TCP:c:\program files\orangehss\browser\browser.exe:Browser
“TCP Query User{3428B782-B324-459D-9BD6-D6B89403E8F5}d:\program files\aspyr\guitar hero iii\gh3.exe”= UDP:d:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
“UDP Query User{2545E77E-36BF-4DE5-8D52-E49E18280617}d:\program files\aspyr\guitar hero iii\gh3.exe”= TCP:d:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
“{9FED0BB7-96DC-4584-8B80-5D7015855383}”= c:\program files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
“{A51C83EE-2E78-401E-9666-48DAF74371A4}”= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
“TCP Query User{DB420AA1-59E6-45CE-82C3-C01BC18A3B3B}d:\program files\firefox\firefox.exe”= UDP:d:\program files\firefox\firefox.exe:Firefox
“UDP Query User{944F9F38-53C1-491D-AADB-868631AB355B}d:\program files\firefox\firefox.exe”= TCP:d:\program files\firefox\firefox.exe:Firefox
“TCP Query User{07A5E0BE-3DA0-41A4-87A4-C4735B8ACC5B}g:\documents\music\freezer.v1.2\freezer.exe”= UDP:g:\documents\music\freezer.v1.2\freezer.exe:freezer
“UDP Query User{6BDC8538-58F0-47D7-A951-945C478A0DD9}g:\documents\music\freezer.v1.2\freezer.exe”= TCP:g:\documents\music\freezer.v1.2\freezer.exe:freezer
“{D7975EDA-8656-47BA-8445-8BF798DF7798}”= Disabled:UDP:d:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
“{50A3199F-548D-45C8-A612-80ED7CEFB17C}”= Disabled:TCP:d:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
“TCP Query User{006F1873-456F-4BDC-81A1-D18B8F2B6E82}d:\program files\valve\steam\steamapps\lolly76\counter-strike\hl.exe”= UDP:d:\program files\valve\steam\steamapps\lolly76\counter-strike\hl.exe:Half-Life Launcher
“UDP Query User{B9DA5047-8D87-4C6F-857A-CC37E19DE0BA}d:\program files\valve\steam\steamapps\lolly76\counter-strike\hl.exe”= TCP:d:\program files\valve\steam\steamapps\lolly76\counter-strike\hl.exe:Half-Life Launcher
“TCP Query User{5E9FB6AF-90CF-4F2C-8D11-B49DBF8A04F8}d:\alex\[()]serveur privé wow\v 2.4.1\serveur\realmd.exe”= UDP:d:\alex[()]serveur privé wow\v 2.4.1\serveur\realmd.exe:realmd
“UDP Query User{E72A1D26-E48B-4C14-AD18-ECE0C52C2FF6}d:\alex\[()]serveur privé wow\v 2.4.1\serveur\realmd.exe”= TCP:d:\alex[()]serveur privé wow\v 2.4.1\serveur\realmd.exe:realmd
“TCP Query User{8D203987-C54D-47F2-BAFA-D480AC7B6F8C}c:\wamp\apache2\bin\httpd.exe”= UDP:c:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
“UDP Query User{9846190D-5F19-466F-8EB4-FCFF18D34F38}c:\wamp\apache2\bin\httpd.exe”= TCP:c:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
“TCP Query User{76579543-0F1B-42A3-A307-2B29F63F5C45}d:\alex\[()]serveur privé wow\v 2.4.1\serveur\mangosd.exe”= UDP:d:\alex[()]serveur privé wow\v 2.4.1\serveur\mangosd.exe:mangosd
“UDP Query User{1AD36B6D-0EC2-4AE1-92A1-BB30F6EE2703}d:\alex\[()]serveur privé wow\v 2.4.1\serveur\mangosd.exe”= TCP:d:\alex[()]serveur privé wow\v 2.4.1\serveur\mangosd.exe:mangosd
“TCP Query User{694CFEE4-2C4B-44EF-BF09-36BEA42EDFAA}c:\program files\teamspeak2_rc2\server_windows.exe”= UDP:c:\program files\teamspeak2_rc2\server_windows.exe:Server
“UDP Query User{EC7ABD0C-A6A4-4B7E-8FC0-DE19078FE17C}c:\program files\teamspeak2_rc2\server_windows.exe”= TCP:c:\program files\teamspeak2_rc2\server_windows.exe:Server
“TCP Query User{6B9EC730-34A6-4C5C-9BAD-80AC120162E6}c:\users\utilisateur\desktop\freezer.exe”= UDP:c:\users\utilisateur\desktop\freezer.exe:freezer.exe
“UDP Query User{6641DE81-D55D-4308-8F44-169812EE873A}c:\users\utilisateur\desktop\freezer.exe”= TCP:c:\users\utilisateur\desktop\freezer.exe:freezer.exe
“TCP Query User{C6AC4569-E22F-4C6B-A033-587AB9A44F8D}c:\funserver\server\xampp\mercurymail\mercury.exe”= UDP:c:\funserver\server\xampp\mercurymail\mercury.exe:Mercury/32 Core Processing Module v4.52
“UDP Query User{0F0478C2-273D-4E39-93C6-016E59C3A64B}c:\funserver\server\xampp\mercurymail\mercury.exe”= TCP:c:\funserver\server\xampp\mercurymail\mercury.exe:Mercury/32 Core Processing Module v4.52
“TCP Query User{1ACC8968-D2DB-49C0-8859-3B0C59FFF801}d:\alex\[()]serveur privé wow\4340\4340\ascent-logonserver.exe”= UDP:d:\alex[()]serveur privé wow\4340\4340\ascent-logonserver.exe:ascent-logonserver
“UDP Query User{0B171426-C34F-4DA5-8288-A3655091D4CC}d:\alex\[()]serveur privé wow\4340\4340\ascent-logonserver.exe”= TCP:d:\alex[()]serveur privé wow\4340\4340\ascent-logonserver.exe:ascent-logonserver
“TCP Query User{28C7EC6E-C3C5-4081-9907-2C1C471C0C06}d:\alex\[()]serveur privé wow\4340\4340\ascent-world.exe”= UDP:d:\alex[()]serveur privé wow\4340\4340\ascent-world.exe:ascent-world
“UDP Query User{B4D808D1-D151-4FB7-A7F9-6700823EBB59}d:\alex\[()]serveur privé wow\4340\4340\ascent-world.exe”= TCP:d:\alex[()]serveur privé wow\4340\4340\ascent-world.exe:ascent-world
“TCP Query User{EBC7B30B-1C81-41FA-ADA8-E28691A62DFD}c:\funserver\ascent\ascent-logonserver.exe”= UDP:c:\funserver\ascent\ascent-logonserver.exe:ascent-logonserver
“UDP Query User{770DE37B-02D0-46B3-BBB8-96D19C2151E0}c:\funserver\ascent\ascent-logonserver.exe”= TCP:c:\funserver\ascent\ascent-logonserver.exe:ascent-logonserver
“TCP Query User{BB76452A-557E-4CC6-9CEE-9A95015013F7}c:\funserver\ascent\ascent-world.exe”= UDP:c:\funserver\ascent\ascent-world.exe:ascent-world
“UDP Query User{97778055-93E6-4FF6-BDEF-E1516BFE13AA}c:\funserver\ascent\ascent-world.exe”= TCP:c:\funserver\ascent\ascent-world.exe:ascent-world
“TCP Query User{372E4056-B864-4956-8D52-94745ED02D17}d:\program files\veoh networks\veoh\veohclient.exe”= UDP:d:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
“UDP Query User{4450710D-82FC-40CB-9ABC-4A4B45809298}d:\program files\veoh networks\veoh\veohclient.exe”= TCP:d:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
“TCP Query User{33C333C4-4B2C-4835-AA9A-DCC26407DBA1}c:\ac web ultimate repack\server\mysql\bin\mysqld.exe”= UDP:c:\ac web ultimate repack\server\mysql\bin\mysqld.exe:mysqld
“UDP Query User{8E33F856-433A-469D-8CAC-47A3F8176291}c:\ac web ultimate repack\server\mysql\bin\mysqld.exe”= TCP:c:\ac web ultimate repack\server\mysql\bin\mysqld.exe:mysqld
“TCP Query User{04756577-C332-40E4-A034-6587C4A5C111}c:\ac web ultimate repack\ascent\ascent-logonserver.exe”= UDP:c:\ac web ultimate repack\ascent\ascent-logonserver.exe:ascent-logonserver
“UDP Query User{1DBFF887-653B-429C-B903-B07D8B84336E}c:\ac web ultimate repack\ascent\ascent-logonserver.exe”= TCP:c:\ac web ultimate repack\ascent\ascent-logonserver.exe:ascent-logonserver
“TCP Query User{ADBE140B-F7FC-483F-81B4-D0AF5F17FBC8}c:\ac web ultimate repack\ascent\ascent-world.exe”= UDP:c:\ac web ultimate repack\ascent\ascent-world.exe:ascent-world
“UDP Query User{8EE92EA5-22EB-4C88-95B0-766309F36A5B}c:\ac web ultimate repack\ascent\ascent-world.exe”= TCP:c:\ac web ultimate repack\ascent\ascent-world.exe:ascent-world
“TCP Query User{B29C2C00-9551-4E8C-9F37-28AFBD53414B}c:\ac web ultimate repack\server\apache\bin\apache.exe”= UDP:c:\ac web ultimate repack\server\apache\bin\apache.exe:Apache HTTP Server
“UDP Query User{BC67681A-EEAA-47B3-B739-6D3143E6E31C}c:\ac web ultimate repack\server\apache\bin\apache.exe”= TCP:c:\ac web ultimate repack\server\apache\bin\apache.exe:Apache HTTP Server
“TCP Query User{03A9596A-8FC6-4DF3-A3CF-BEA4D61E235A}c:\funserver\server\cystem\mysql\bin\mysqld.exe”= UDP:c:\funserver\server\cystem\mysql\bin\mysqld.exe:mysqld
“UDP Query User{52521DF1-366D-43F0-BF71-7EE789FAC3C5}c:\funserver\server\cystem\mysql\bin\mysqld.exe”= TCP:c:\funserver\server\cystem\mysql\bin\mysqld.exe:mysqld
“TCP Query User{7B53CF79-A9CC-478A-9172-0C079C5E5E07}c:\liberkey\apps\amsn\app\amsn\bin\wish.exe”= UDP:c:\liberkey\apps\amsn\app\amsn\bin\wish.exe:Wish Application
“UDP Query User{A271E2DA-54DF-409B-A0FE-AA102BC0B516}c:\liberkey\apps\amsn\app\amsn\bin\wish.exe”= TCP:c:\liberkey\apps\amsn\app\amsn\bin\wish.exe:Wish Application
“TCP Query User{D0EAFF3D-51E3-4BD2-B8F5-69977D2FED4C}c:\funserver\server\xampp\apache\bin\apache.exe”= UDP:c:\funserver\server\xampp\apache\bin\apache.exe:Apache HTTP Server
“UDP Query User{C6F2B4E0-166F-4F01-A1C3-A9E1E95F34D6}c:\funserver\server\xampp\apache\bin\apache.exe”= TCP:c:\funserver\server\xampp\apache\bin\apache.exe:Apache HTTP Server
“TCP Query User{BF56F505-3B07-48DA-A292-5090B3988D95}c:\funserver\server\xampp\mysql\bin\mysqld.exe”= UDP:c:\funserver\server\xampp\mysql\bin\mysqld.exe:mysqld
“UDP Query User{367F85A0-9AD7-4317-814E-1ECB0929F696}c:\funserver\server\xampp\mysql\bin\mysqld.exe”= TCP:c:\funserver\server\xampp\mysql\bin\mysqld.exe:mysqld
“TCP Query User{1312AE3D-5831-4C33-AF8F-C3D47CA1E7E6}d:\alex\wotlk-ff-frfr-downloader.exe”= UDP:d:\alex\wotlk-ff-frfr-downloader.exe:Blizzard Downloader
“UDP Query User{F401FE1F-F40E-41FB-B9BA-C278567A05E9}d:\alex\wotlk-ff-frfr-downloader.exe”= TCP:d:\alex\wotlk-ff-frfr-downloader.exe:Blizzard Downloader
“TCP Query User{6912DC5E-5EB0-487A-AC2D-0AE2224F1044}c:\program files\utorrent\utorrent.exe”= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
“UDP Query User{7F850224-574D-4FE0-A321-140B9B746388}c:\program files\utorrent\utorrent.exe”= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
“TCP Query User{DB468C28-1FA4-4DBF-84C3-39457C24C072}c:\program files\pando networks\pando\pando.exe”= UDP:c:\program files\pando networks\pando\pando.exe:pando
“UDP Query User{C613D13B-02F7-4686-A9BA-F177A46A2102}c:\program files\pando networks\pando\pando.exe”= TCP:c:\program files\pando networks\pando\pando.exe:pando
“TCP Query User{A80D415C-6817-4C43-B4CE-BCC9AD9A1799}d:\program files\aspyr\guitar hero iii\gh3.exe”= UDP:d:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
“UDP Query User{46303275-13DF-4917-B874-973B1DE98440}d:\program files\aspyr\guitar hero iii\gh3.exe”= TCP:d:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
“TCP Query User{919AC6C9-C8AE-4E8A-B6BF-32D7CDB866E6}c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe”= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup
“UDP Query User{A944D273-249D-4A73-9845-A19BB8621ABC}c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe”= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup
“{84D7A855-E72F-4725-A962-A44244A750EB}”= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{2E8FDE03-6AD1-4E53-A915-6B64F2830B00}”= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“TCP Query User{CBD384B9-46B6-4996-BAEB-ACB06F8A2856}d:\program files\firefox\firefox.exe”= UDP:d:\program files\firefox\firefox.exe:Firefox
“UDP Query User{ABA7E4A7-A2F7-4286-A366-6816B26B7240}d:\program files\firefox\firefox.exe”= TCP:d:\program files\firefox\firefox.exe:Firefox
“{0BC5A6BC-8DD2-49AC-98A3-9A79A1B903BF}”= UDP:d:\program files\Piolet\Piolet.exe:Piolet
“{E25096AD-9878-4307-8497-48659FBC8A6D}”= TCP:d:\program files\Piolet\Piolet.exe:Piolet
“TCP Query User{BC721B01-A48B-4736-AAB0-764E23D1B997}c:\program files\common files\nero\nero web\setupx.exe”= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
“UDP Query User{7CE33E31-D98F-427E-8063-3056E8068F24}c:\program files\common files\nero\nero web\setupx.exe”= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
“TCP Query User{8A7124B2-ADF5-4F20-A997-95B3A0D0BE2F}c:\users\utilisateur\appdata\local\temp\onlineupdate8\setupxu.exe”= UDP:c:\users\utilisateur\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
“UDP Query User{9EDAFF47-AEAB-4A7C-9788-6EE14D9CBE1F}c:\users\utilisateur\appdata\local\temp\onlineupdate8\setupxu.exe”= TCP:c:\users\utilisateur\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
“{2946E6D9-A5AC-4995-B535-40DD61328031}”= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
“TCP Query User{5C8F7A08-B927-4F57-A04F-998CEA6DAA4A}c:\program files\vuze\azureus.exe”= UDP:c:\program files\vuze\azureus.exe:Azureus
“UDP Query User{328D7751-DA71-45DD-88B7-91C90AD0850E}c:\program files\vuze\azureus.exe”= TCP:c:\program files\vuze\azureus.exe:Azureus
“{5E645EC4-EBC4-4E22-AE2A-B3D81327FD36}”= UDP:c:\program files\iTunes\iTunes.exe:iTunes
“{45CB2428-3060-4E3A-8549-8798351776AB}”= TCP:c:\program files\iTunes\iTunes.exe:iTunes
“{AEF39037-58A1-451F-AEA5-E5D0E72E66BC}”= UDP:d:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
“{290BDD32-AA1D-4180-826A-F984D7C8FCA1}”= TCP:d:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
“TCP Query User{0059FD46-7D3A-4F3F-A126-3BFB03AD627B}c:\users\utilisateur\desktop\worms 4\4mayhem\worms 4 mayhem.exe”= UDP:c:\users\utilisateur\desktop\worms 4\4mayhem\worms 4 mayhem.exe:worms 4 mayhem.exe
“UDP Query User{C60006D7-80AB-45A9-8CD1-0706C444D54F}c:\users\utilisateur\desktop\worms 4\4mayhem\worms 4 mayhem.exe”= TCP:c:\users\utilisateur\desktop\worms 4\4mayhem\worms 4 mayhem.exe:worms 4 mayhem.exe
“TCP Query User{0C9D2896-3CC9-42D5-AFA6-D9F4F3D15922}d:\program files\team17 software ltd\worms forts under siege\wf.exe”= UDP:d:\program files\team17 software ltd\worms forts under siege\wf.exe:WF
“UDP Query User{CBFBA2F5-2F72-4721-80BA-D1D1A729E4D9}d:\program files\team17 software ltd\worms forts under siege\wf.exe”= TCP:d:\program files\team17 software ltd\worms forts under siege\wf.exe:WF
“{6D5FEE6B-3326-411B-AF01-CF4DFAE60EA3}”= Disabled:d:\program files\Electronic Arts\Command & Conquer 3\RetailExe\1.4\cnc3game.dat:Command & Conquer 3 Tiberium Wars
“{0F3057DB-7A7B-4BF4-8621-4B28763B87ED}”= UDP:c:\program files\iTunes\iTunes.exe:iTunes
“{30AC7465-9774-452E-80CD-3E6F1C23C446}”= TCP:c:\program files\iTunes\iTunes.exe:iTunes
“TCP Query User{4F4C7267-83D2-4588-B134-2FD6583095D7}c:\wamp\apache2\bin\httpd.exe”= Disabled:UDP:c:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
“UDP Query User{28335045-9072-492F-A2B5-B3FEBB083FB5}c:\wamp\apache2\bin\httpd.exe”= Disabled:TCP:c:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
“{3E35BAF4-7D96-4A1B-93DF-6EF0AC11167A}”= Disabled:UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{315692F7-A7C1-437A-B269-AB33B93478DB}”= Disabled:TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“TCP Query User{4425A569-6448-4E67-A662-E3C8C6FBE37B}d:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat”= Disabled:UDP:d:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars
“UDP Query User{BC0705B7-1E71-460F-A807-8DF720B50396}d:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat”= Disabled:TCP:d:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars
“{973AEE44-0529-4927-B972-B3FC1CB23D8E}”= Disabled:UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
“{84A0ED56-6FA4-4670-AFCC-F53BCCDF68E7}”= Disabled:TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
“{33BD4CAD-4502-4012-BB97-812C9F575AD6}”= Disabled:UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
“{97886719-B6E8-4400-B58F-3BF7DF7F5DC0}”= Disabled:TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
“{554C7B2C-645D-486E-9B14-36F4989A35FC}”= Disabled:UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
“{395BA585-CBE3-4ADC-8B93-BAD75C9F77F7}”= Disabled:TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
“TCP Query User{FD13B979-157B-45CC-A21A-62B4782A2FDE}d:\program files\electronic arts\alerte rouge 3\data\ra3_1.3.game”= UDP:d:\program files\electronic arts\alerte rouge 3\data\ra3_1.3.game:Command & Conquer Red Alert 3
“UDP Query User{F700A3DB-0C38-4BDC-B77E-A661431D0374}d:\program files\electronic arts\alerte rouge 3\data\ra3_1.3.game”= TCP:d:\program files\electronic arts\alerte rouge 3\data\ra3_1.3.game:Command & Conquer Red Alert 3
“TCP Query User{CFD4A78C-A1DC-41DD-A2E9-640891C2FAE3}d:\program files\electronic arts\alerte rouge 3\data\ra3_1.4.game”= UDP:d:\program files\electronic arts\alerte rouge 3\data\ra3_1.4.game:Command & Conquer Red Alert 3
“UDP Query User{0E58239B-D56E-4936-885C-1914F719A154}d:\program files\electronic arts\alerte rouge 3\data\ra3_1.4.game”= TCP:d:\program files\electronic arts\alerte rouge 3\data\ra3_1.4.game:Command & Conquer Red Alert 3
[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
“c:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe”= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-07 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-07 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2007-12-05 51792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-04-23 600912]
R2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe -k netsvcs [2008-06-10 21504]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2008-07-07 33792]
R3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2007-12-05 27072]
S3 L6TPortGX;Service - Line 6 TonePort GX;c:\windows\system32\Drivers\L6TPortGX.sys [2008-06-10 521472]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2007-12-05 28224]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-10-15 355584]
S3 wampapache;wampapache;“c:\wamp\apache2\bin\httpd.exe” -k runservice [2007-01-09 20539]
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld []
S4 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2008-06-05 87288]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9c8f6b1f-bf4c-11dc-8968-001a9206a69d}]
\shell\AutoRun\command - H:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f974b721-3ab5-11dd-bc53-001a9206a69d}]
\shell\AutoRun\command - PortableApps\PortableAppsMenu\PortableAppsMenu.exe
Newly Created Service - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier ‘Tâches planifiées’
2008-07-20 c:\windows\Tasks\1 Copernic Intra-Daily ~PC-de-utilisate utilisateur.job
- d:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]
2008-07-20 c:\windows\Tasks\2 Copernic Daily ~PC-de-utilisate utilisateur.job
- d:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]
2008-07-20 c:\windows\Tasks\3 Copernic Weekly ~PC-de-utilisate utilisateur.job
- d:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]
2008-07-20 c:\windows\Tasks\4 Copernic Monthly ~PC-de-utilisate utilisateur.job
- d:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]
2008-11-26 c:\windows\Tasks\Maintenance en 1 clic.job
- d:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]
2008-11-26 c:\windows\Tasks\User_Feed_Synchronization-{9D84138B-1A99-49E8-8808-364947D9EA09}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
-
-
-
- ORPHELINS SUPPRIMES - - - -
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\uy6vtohh.default
FireFox -: prefs.js - SEARCH.DEFAULTURL - search.conduit.com…
FireFox -: prefs.js - STARTUP.HOMEPAGE - fr.start2.mozilla.com…
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
FF -: plugin - d:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF -: plugin - d:\program files\DivX\DivX Web Player\npdivx32.dll
FF -: plugin - d:\program files\Firefox\plugins\np-mswmp.dll
FF -: plugin - d:\program files\Firefox\plugins\np32dsw.dll
FF -: plugin - d:\program files\Firefox\plugins\npdeploytk.dll
FF -: plugin - d:\program files\Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - d:\program files\Firefox\plugins\npmozax.dll
FF -: plugin - d:\program files\Firefox\plugins\npnul32.dll
FF -: plugin - d:\program files\Firefox\plugins\NPOFF12.DLL
FF -: plugin - d:\program files\Firefox\plugins\nppdf32.dll
FF -: plugin - d:\program files\Firefox\plugins\nppl3260.dll
FF -: plugin - d:\program files\Firefox\plugins\nppopcaploader.dll
FF -: plugin - d:\program files\Firefox\plugins\npqtplugin.dll
FF -: plugin - d:\program files\Firefox\plugins\npqtplugin2.dll
FF -: plugin - d:\program files\Firefox\plugins\npqtplugin3.dll
FF -: plugin - d:\program files\Firefox\plugins\npqtplugin4.dll
FF -: plugin - d:\program files\Firefox\plugins\npqtplugin5.dll
FF -: plugin - d:\program files\Firefox\plugins\npqtplugin6.dll
FF -: plugin - d:\program files\Firefox\plugins\npqtplugin7.dll
FF -: plugin - d:\program files\Firefox\plugins\nprpjplug.dll
FF -: plugin - d:\program files\Opera\program\plugins\npmmaud.dll
FF -: plugin - d:\program files\Opera\program\plugins\npmmprog.dll
FF -: plugin - d:\program files\Opera\program\plugins\npmmvid.dll
FF -: plugin - d:\program files\Opera\program\plugins\npmmzip.dll
FF -: plugin - d:\program files\Opera\program\plugins\nppopcaploader.dll
FF -: plugin - d:\program files\Opera\program\plugins\npqtplugin.dll
FF -: plugin - d:\program files\Opera\program\plugins\npqtplugin2.dll
FF -: plugin - d:\program files\Opera\program\plugins\npqtplugin3.dll
FF -: plugin - d:\program files\Opera\program\plugins\npqtplugin4.dll
FF -: plugin - d:\program files\Opera\program\plugins\npqtplugin5.dll
FF -: plugin - d:\program files\Opera\program\plugins\npqtplugin6.dll
FF -: plugin - d:\program files\Opera\program\plugins\npqtplugin7.dll
FF -: plugin - d:\program files\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF -: plugin - d:\program files\QuickTime\Plugins\npqtplugin7.dll
.
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-11-26 18:34:53
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés …
Recherche d’éléments en démarrage automatique cachés …
Recherche de fichiers cachés …
Scan terminé avec succès
Fichiers cachés: 0
.
Heure de fin: 2008-11-26 18:36:26
ComboFix-quarantined-files.txt 2008-11-26 17:36:24
Avant-CF: 91 870 601 216 octets libres
Après-CF: 92,158,898,176 octets libres
362 — E O F — 2008-11-25 14:07:13
pour l’instant explorer tourne tjrs a 60 %
merci pour tout et que peut on faire maintenant