Voilà J'ai fais Exactement Se Que Vous Avez Dit , J'éspere que ça à marcher , voilà le rapport :
ComboFix 08-10-30.04 - Anne-laure 2008-10-30 9:58:32.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1222 [GMT 1:00]
Lancé depuis: C:\Users\Anne-laure\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FBrowserAdvisor
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk
C:\Users\Véronique\AppData\Roaming\inst.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
.
2008-10-29 20:37 . 2008-10-29 20:37 401,720 --a------ C:\Users\Anne-laure\HiJackThis.exe
2008-10-29 19:52 . 2008-10-29 19:52 <REP> d-------- C:\Program Files\Trend Micro
2008-10-29 18:04 . 2008-10-29 18:04 <REP> d-------- C:\VundoFix Backups
2008-10-29 15:48 . 2008-10-29 15:55 <REP> d-------- C:\Users\Anne-laure\DoctorWeb
2008-10-29 13:09 . 2008-10-29 13:51 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-29 13:09 . 2008-10-29 13:51 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-29 13:09 . 2008-10-29 13:22 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-29 11:00 . 2008-10-29 11:00 <REP> d-------- C:\Program Files\Defenza
2008-10-29 11:00 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\System32\Machnm1.exe
2008-10-29 11:00 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\System32\Machnm64.sys
2008-10-29 11:00 . 2008-10-29 11:00 3,120 --a------ C:\WINDOWS\System32\118290.54
2008-10-29 11:00 . 2008-10-29 11:00 3,120 --a------ C:\WINDOWS\118294.78
2008-10-29 11:00 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\System32\Machnm32.sys
2008-10-29 08:38 . 2008-08-12 04:39 443,392 --a------ C:\WINDOWS\System32\win32spl.dll
2008-10-29 08:38 . 2008-09-18 05:56 147,456 --a------ C:\WINDOWS\System32\Faultrep.dll
2008-10-29 08:38 . 2008-09-18 05:56 125,952 --a------ C:\WINDOWS\System32\wersvc.dll
2008-10-28 09:31 . 2008-10-28 09:32 <REP> d-------- C:\Program Files\Photo Story 3 for Windows
2008-10-26 19:53 . 2008-10-28 20:35 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-10-26 10:28 . 2008-10-26 10:28 <REP> d-------- C:\Program Files\The Cleaner Demo
2008-10-26 10:12 . 2008-10-26 10:57 <REP> d-------- C:\Program Files\Trojan Remover
2008-10-23 20:34 . 2008-10-23 20:34 <REP> d-------- C:\Users\All Users\UDL
2008-10-23 20:34 . 2008-10-23 20:34 <REP> d-------- C:\ProgramData\UDL
2008-10-23 20:24 . 2006-12-08 03:04 76,800 --a------ C:\WINDOWS\System32\E_FLBBZE.DLL
2008-10-23 20:24 . 2006-04-19 03:00 62,976 --a------ C:\WINDOWS\System32\E_FD4BBZE.DLL
2008-10-23 20:24 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\System32\E_DCINST.DLL
2008-10-23 20:23 . 2008-10-23 20:29 <REP> d-------- C:\Users\All Users\EPSON
2008-10-23 20:23 . 2008-10-23 20:29 <REP> d-------- C:\ProgramData\EPSON
2008-10-23 20:23 . 2008-10-23 20:32 <REP> d-------- C:\Program Files\EPSON
2008-10-23 20:22 . 2008-10-23 20:22 25 --a------ C:\WINDOWS\CDED92Euro.ini
2008-10-23 07:55 . 2008-08-05 10:49 428,544 --a------ C:\WINDOWS\System32\EncDec.dll
2008-10-23 07:55 . 2008-08-05 10:49 293,376 --a------ C:\WINDOWS\System32\psisdecd.dll
2008-10-23 07:55 . 2008-08-05 10:48 217,088 --a------ C:\WINDOWS\System32\psisrndr.ax
2008-10-23 07:55 . 2008-08-05 10:48 177,664 --a------ C:\WINDOWS\System32\mpg2splt.ax
2008-10-23 07:55 . 2008-08-05 10:48 80,896 --a------ C:\WINDOWS\System32\MSNP.ax
2008-10-18 19:12 . 2008-10-26 10:23 <REP> d-------- C:\Users\Anne-laure\AppData\Roaming\Hamachi
2008-10-18 19:11 . 2008-10-18 19:11 25,280 --a------ C:\WINDOWS\System32\drivers\hamachi.sys
2008-10-18 17:10 . 2008-10-18 17:55 <REP> d-------- C:\Program Files\Dofus
2008-10-15 10:11 . 2008-10-15 10:11 <REP> d-------- C:\Users\Anne-laure\AppData\Roaming\Media Player Classic
2008-10-15 07:40 . 2008-09-18 06:09 3,601,464 --a------ C:\WINDOWS\System32\ntkrnlpa.exe
2008-10-15 07:40 . 2008-09-18 06:09 3,549,240 --a------ C:\WINDOWS\System32\ntoskrnl.exe
2008-10-15 07:40 . 2008-09-18 03:16 2,032,640 --a------ C:\WINDOWS\System32\win32k.sys
2008-10-15 07:40 . 2008-10-02 04:49 827,392 --a------ C:\WINDOWS\System32\wininet.dll
2008-10-15 07:40 . 2008-09-03 04:59 468,992 --a------ C:\WINDOWS\System32\newdev.dll
2008-10-15 07:40 . 2008-08-27 02:06 288,768 --a------ C:\WINDOWS\System32\drivers\srv.sys
2008-10-15 07:40 . 2008-09-03 04:58 74,752 --a------ C:\WINDOWS\System32\newdev.exe
2008-10-15 07:39 . 2008-10-02 02:32 1,383,424 --a------ C:\WINDOWS\System32\mshtml.tlb
2008-10-14 18:21 . 2008-10-14 18:21 <REP> d-------- C:\Program Files\Audacity
2008-10-14 18:16 . 2008-10-14 18:16 <REP> d-------- C:\Program Files\Common Files\DVDVIDEOSOFT
2008-10-14 18:16 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\System32\msvcr70.dll
2008-10-14 17:42 . 2008-03-21 21:30 3,596,288 --a------ C:\WINDOWS\System32\qt-dx331.dll
2008-10-14 17:42 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\System32\xvidcore.dll
2008-10-14 17:42 . 2008-03-31 22:25 682,496 --a------ C:\WINDOWS\System32\divx.dll
2008-10-14 17:42 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\System32\lameACM.acm
2008-10-14 17:42 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\System32\yv12vfw.dll
2008-10-14 17:42 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\System32\unrar.dll
2008-10-14 17:42 . 2008-01-10 13:16 159,839 --a------ C:\WINDOWS\System32\xvidvfw.dll
2008-10-14 17:42 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\System32\ac3acm.acm
2008-10-14 17:42 . 2008-03-21 21:28 81,920 --a------ C:\WINDOWS\System32\dpl100.dll
2008-10-14 17:42 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\System32\lame_acm.xml
2008-10-14 17:41 . 2008-10-14 17:42 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-10-14 17:41 . 2008-03-28 18:41 7,680 --a------ C:\WINDOWS\System32\ff_vfw.dll
2008-10-14 17:41 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\System32\ff_vfw.dll.manifest
2008-10-12 20:24 . 2008-10-28 13:14 <REP> d-------- C:\Users\Anne-laure\AppData\Roaming\LimeWire
2008-10-11 21:56 . 2008-10-26 10:48 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-10-11 21:56 . 2008-10-11 21:56 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-10-11 21:20 . 2006-11-29 12:06 3,426,072 --a------ C:\WINDOWS\System32\d3dx9_32.dll
2008-10-11 21:17 . 2008-06-26 04:21 712,704 --a------ C:\WINDOWS\System32\WindowsCodecs.dll
2008-10-11 21:17 . 2008-06-26 04:21 347,648 --a------ C:\WINDOWS\System32\WindowsCodecsExt.dll
2008-10-11 21:14 . 2008-10-11 21:14 <REP> d-------- C:\Program Files\Microsoft
2008-10-11 21:10 . 2008-10-11 21:10 <REP> d-------- C:\Program Files\Common Files\Windows Live
2008-10-11 21:07 . 2008-10-23 20:44 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-10-11 17:17 . 2008-10-11 17:19 <REP> d-------- C:\Users\Anne-laure\AppData\Roaming\SecondLife
2008-10-10 11:38 . 2008-04-17 12:12 107,368 --a------ C:\WINDOWS\System32\GEARAspi.dll
2008-10-10 11:38 . 2008-04-17 12:12 15,464 --a------ C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
2008-10-10 11:37 . 2008-10-10 11:38 <REP> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-10 11:37 . 2008-10-10 11:38 <REP> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-10 11:37 . 2008-10-10 11:38 <REP> d-------- C:\Program Files\iTunes
2008-10-10 11:37 . 2008-10-10 11:37 <REP> d-------- C:\Program Files\iPod
2008-10-10 11:36 . 2008-10-10 11:36 <REP> d-------- C:\Program Files\Bonjour
2008-10-10 11:28 . 2008-10-10 11:28 <REP> d-------- C:\Program Files\Apple Software Update
2008-10-09 19:49 . 2008-10-09 19:49 <REP> d-------- C:\Program Files\Conjugaison
2008-10-09 19:24 . 2008-10-29 08:32 <REP> d-------- C:\Users\vero\AppData\Roaming\F-Secure
2008-10-09 18:26 . 2008-10-09 18:26 <REP> d-------- C:\Users\All Users\TomTom
2008-10-09 18:26 . 2008-10-09 18:26 <REP> d-------- C:\ProgramData\TomTom
2008-10-09 18:26 . 2008-10-30 09:53 <REP> d-------- C:\Program Files\TomTom HOME
2008-10-09 18:25 . 2008-10-09 18:25 <REP> d-------- C:\Users\vero\AppData\Roaming\TomTom
2008-10-09 18:25 . 2008-10-09 18:25 <REP> d-------- C:\Users\vero\AppData\Roaming\InstallShield
2008-10-09 18:24 . 2008-10-09 18:24 <REP> d-------- C:\Program Files\TomTom HOME 2
2008-10-09 18:23 . 2008-10-09 18:23 <REP> d-------- C:\Program Files\TomTom DesktopSuite
2008-10-08 12:24 . 2008-10-08 12:24 <REP> d-------- C:\Users\Anne-laure\AppData\Roaming\InstallShield
2008-10-08 11:24 . 2008-10-08 11:24 <REP> d-------- C:\Users\vero\AppData\Roaming\Apple Computer
2008-10-07 02:10 . 2008-07-16 02:32 2,048 --a------ C:\WINDOWS\System32\tzres.dll
2008-10-06 16:35 . 2008-10-29 10:49 <REP> d-------- C:\Users\Anne-laure\AppData\Roaming\F-Secure
2008-10-06 16:25 . 2008-04-23 17:15 572,512 --a------ C:\WINDOWS\System32\msvcp50.dll
2008-10-06 16:25 . 2008-10-29 10:36 60,064 --a------ C:\WINDOWS\System32\drivers\fsdfw.sys
2008-10-06 16:25 . 2008-04-23 17:11 34,752 --a------ C:\WINDOWS\System32\drivers\fses.sys
2008-10-06 16:24 . 2008-10-06 16:24 <REP> d-------- C:\Users\All Users\F-Secure
2008-10-06 16:24 . 2008-10-06 16:24 <REP> d-------- C:\ProgramData\F-Secure
2008-10-06 16:22 . 2008-10-06 16:22 <REP> d-------- C:\Program Files\Orange
2008-10-06 16:18 . 2008-10-14 09:04 <REP> d-------- C:\Users\All Users\fssg
2008-10-06 16:18 . 2008-10-14 09:04 <REP> d-------- C:\ProgramData\fssg
2008-10-06 15:08 . 2008-06-26 02:45 12,240,896 --a------ C:\WINDOWS\System32\NlsLexicons0007.dll
2008-10-06 15:08 . 2008-06-26 02:45 2,644,480 --a------ C:\WINDOWS\System32\NlsLexicons0009.dll
2008-10-06 15:07 . 2008-06-26 04:29 801,280 --a------ C:\WINDOWS\System32\NaturalLanguage6.dll
2008-10-06 15:05 . 2008-07-31 02:13 4,240,384 --a------ C:\WINDOWS\System32\GameUXLegacyGDFs.dll
2008-10-06 15:05 . 2008-04-26 09:26 891,448 --a------ C:\WINDOWS\System32\drivers\tcpip.sys
2008-10-06 15:05 . 2008-04-12 04:32 784,896 --a------ C:\WINDOWS\System32\rpcrt4.dll
2008-10-06 15:05 . 2008-06-19 04:31 361,984 --a------ C:\WINDOWS\System32\IPSECSVC.DLL
2008-10-06 15:05 . 2008-04-05 02:21 72,192 --a------ C:\WINDOWS\System32\drivers\pacer.sys
2008-10-06 15:05 . 2008-07-31 04:32 28,160 --a------ C:\WINDOWS\System32\Apphlpdm.dll
2008-10-06 15:05 . 2008-04-05 04:34 15,360 --a------ C:\WINDOWS\System32\pacerprf.dll
2008-10-06 14:41 . 2008-07-19 06:09 1,811,656 --a------ C:\WINDOWS\System32\wuaueng.dll
2008-10-06 14:41 . 2008-07-19 04:44 1,524,736 --a------ C:\WINDOWS\System32\wucltux.dll
2008-10-06 14:41 . 2008-07-19 06:09 563,912 --a------ C:\WINDOWS\System32\wuapi.dll
2008-10-06 14:41 . 2008-07-19 04:44 83,456 --a------ C:\WINDOWS\System32\wudriver.dll
2008-10-06 14:41 . 2008-07-19 06:10 53,448 --a------ C:\WINDOWS\System32\wuauclt.exe
2008-10-06 14:41 . 2008-07-19 06:10 45,768 --a------ C:\WINDOWS\System32\wups2.dll
2008-10-06 14:41 . 2008-07-19 06:10 36,552 --a------ C:\WINDOWS\System32\wups.dll
2008-10-06 14:40 . 2008-07-18 21:08 163,904 --a------ C:\WINDOWS\System32\wuwebv.dll
2008-10-06 14:40 . 2008-07-18 19:44 31,232 --a------ C:\WINDOWS\System32\wuapp.exe
2008-10-06 14:24 . 2008-10-06 14:24 <REP> d-------- C:\Program Files\Securitoo
2008-10-06 14:24 . 2006-11-28 19:46 28,224 --a------ C:\WINDOWS\System32\drivers\PCAMp50.sys
2008-10-06 14:24 . 2006-11-28 19:46 27,072 --a------ C:\WINDOWS\System32\drivers\PCASp50.sys
2008-10-06 14:22 . 2008-10-06 14:49 <REP> d-------- C:\Program Files\OrangeHSS
2008-10-06 14:22 . 2007-12-11 19:22 65,536 --a------ C:\WINDOWS\System32\Autodial2000.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 08:58 1,310,720 --sha-w C:\Users\Véronique\NTUSER.DAT
2008-10-30 08:58 1,310,720 --sha-w C:\Users\Véronique\NTUSER.DAT
2008-10-30 08:58 1,310,720 --sha-w C:\Users\Invité\NTUSER.DAT
2008-10-30 08:58 1,310,720 --sha-w C:\Users\Invité\NTUSER.DAT
2008-10-29 09:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-26 09:38 --------- d-----w C:\Program Files\Hamachi
2008-10-23 19:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-20 10:28 --------- d-----w C:\Program Files\Windows Live
2008-10-16 01:13 --------- d-----w C:\Program Files\Windows Mail
2008-10-16 01:04 --------- d-----w C:\ProgramData\Microsoft Help
2008-10-12 19:24 --------- d-----w C:\Program Files\LimeWire
2008-10-11 20:50 --------- d-----w C:\ProgramData\WLInstaller
2008-10-10 10:36 --------- d-----w C:\Program Files\QuickTime
2008-10-10 10:35 --------- d-----w C:\Program Files\Common Files\Apple
2008-10-08 11:31 --------- d-----w C:\Program Files\FinePixViewer
2008-10-08 11:27 --------- d-----w C:\Users\Anne-laure\AppData\Roaming\FUJIFILM
2008-10-08 11:23 --------- d-----w C:\Users\Véronique\AppData\Roaming\FUJIFILM
2008-08-29 08:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-20 17:38 1,435,224 ----a-w C:\Users\nanou\TMPGEnc-2.524.63.181-Free.zip
2008-06-20 17:05 1,665,325 ----a-w C:\Users\nanou\agfreesetup.exe
2008-06-20 16:31 1,579,972 ----a-w C:\Users\nanou\dvdaudioextractor.exe
2008-06-10 19:38 20,019 ----a-w C:\Users\nanou\unfreez.zip
2008-05-31 19:45 3,115,008 ----a-w C:\Users\nanou\AudioVideo_To_Exe(English).exe
2008-05-28 09:46 47,360 ----a-w C:\Users\Véronique\AppData\Roaming\pcouffin.sys
2008-05-26 13:09 605 ----a-w C:\Users\Véronique\.FCMaeUserData.dat
2008-05-26 13:09 605 ----a-w C:\Users\Véronique\.FCMaeUserData.dat
2008-04-28 01:45 174 --sha-w C:\Program Files\desktop.ini
2008-04-27 07:45 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-27 07:45 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-27 07:45 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 C:\WINDOWS\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"au"="C:\Program Files\Dealio\DealioAU.exe" [2008-04-16 591200]
"ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"F-Secure Manager"="C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2008-04-23 182936]
"F-Secure TNB"="C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-04-23 744032]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"PCDAS"="C:\Program Files\Defenza\pcd-as.exe" [2006-12-15 1359872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-03-07 44168]
C:\Users\Anne-laure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification Live Search.lnk - C:\Users\Anne-laure\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-10-20 143360]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2008-06-15 303104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2BF1B30A-E70B-40C0-A49B-E32E0357E594}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5DE2C203-A710-4888-A4A0-B03BC6F9F7EE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AB26A2BA-3E21-4EDC-BA86-74252A1E9B60}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{0F718442-4349-481B-B9BE-0434243B45CC}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2584FB02-825A-4197-BCA8-5DEFEA1D7FC3}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{7D89EE86-9CF5-4C71-B679-C896786B9327}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{23CCE833-C21A-4284-942A-1E2BDC544952}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{158F0404-1BBA-48A7-B105-4CFF6C637FA8}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"TCP Query User{E4240EF3-695C-4EAC-834B-580750BF9B6A}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{BA578043-7B5F-4C14-A5F0-DD1203936051}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{FB00228A-A7BB-43F6-A5BF-73A7D28205CB}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
"UDP Query User{440986FF-83C0-400D-93B1-ECA44E786697}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
"TCP Query User{AECC5E9E-BAE8-4888-9F67-6301045DAADA}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{23AB184E-67A6-4A61-8C12-79AEB04D7169}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{E3F29125-A2B2-4113-8259-25657DFDBDB6}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{9E030592-428F-49C6-A9A2-23D22441CF1A}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{63C96D9E-C7A9-44CE-88BE-0C515539437C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2192EAE9-5368-4EE8-8CD3-9C66A8912293}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{6D454281-F9A4-42A7-86FC-C5AE502DEEBA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A03C0C98-1D14-4B69-8834-7AF18EE7CBC7}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{AD2F44F6-5754-4B64-A8A8-4F6C6A2FA4BF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{112DB924-3F00-438F-ACB8-1C1D58D9EBA6}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{48480C3F-4276-4B3B-9D8B-488BD0F40DEA}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Orange\AntivirusFirewall\HIPS\fshs.sys [2008-10-29 41184]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2008-04-23 34752]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2008-10-29 60064]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsvista.sys [2008-04-23 12896]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [2008-04-23 62048]
S3 Brndis;External USB Cable Modem;C:\Windows\system32\DRIVERS\Brndis.sys [2004-02-06 16512]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 27072]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2008-04-23 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2008-04-23 25184]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f5f6184-012e-11dd-8acc-806e6f6e6963}]
\shell\AutoRun\command - E:\EPSETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{990fee76-9538-11dd-9d90-001bb97e2318}]
\shell\AutoRun\command - J:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9f1fc82-990f-11dd-bed9-001bb97e2318}]
\shell\AutoRun\command - K:\start.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-10-30 C:\Windows\Tasks\User_Feed_Synchronization-{2D2B0467-6BFE-4217-82E0-E7D63BCEFB92}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 08:33]
2008-10-30 C:\Windows\Tasks\User_Feed_Synchronization-{A3BD8618-9E38-4205-94E6-90329DCC055B}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Anne-laure\AppData\Roaming\Mozilla\Firefox\Profiles\leichzot.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.fr/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-10-30 10:04:59
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
