Infection du PC

loloetseb Messages postés 5684 Statut Membre -  
 Utilisateur anonyme -
Bonjour,


Je t'ai fait un petit resumé de la situation si tu as une petite idée,voici le rapport zeb

Rapport de ZHPDiag v1.16.6 par Nicolas Coolman
Enregistré le 22/04/2009 23:52:26
Platform : Windows Vista (TM) Home Premium (6.0.6001) Service Pack 1
MSIE: Internet Explorer v7.0.6001.18000
MFIE: Mozilla Firefox (3.0.7)

---\\ Processus lancés
RtHDVCpl.exe
C:\Windows\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\WR_PopUp\WarReg_PopUp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\Ati2evxx.exe
%windir%\system32\svchost.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\SearchIndexer.exe

---\\ Modification d'une valeur System.ini (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=explorer.exe

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\policies\Explorer: [NoDrives] Data="0"
O4 - HKLM\..\policies\Explorer: [NoLogOff] Data="0"
O4 - HKLM\..\policies\Explorer: [NoControlPanel] Data="0"

---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: inetcpl.cpl=no

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFBARH.ICO

---\\ Valeur de registre AppInit_DLLs et sous-clés Winlogon Notify (O20)
O20 - Winlogon Notify: SABWINLOStartup - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
---\\ Clé de Registre autorun SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}

---\\ Services NT non Microsoft et non désactivés (O23)
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: (Ati External Event Utility) - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eRecovery Service (eRecoveryService) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - C:\Windows\system32\SLsvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - C:\Windows\system32\SearchIndexer.exe /Embedding

---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SA.DAT
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SCHEDLGU.TXT
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\WebReg PSC 1500 series.job

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: (no name) - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - (not file)
O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Adobe Shockwave Director 11.0.3 - {233C1507-6A77-46A4-9443-F871F945D258} - C:\Windows\System32\Adobe\Director\swdir.dll
O40 - ASIC: Adobe Shockwave Director 11.0.3 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
O40 - ASIC: (no name) - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.7 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file)
O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file)
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\system32\Macromed\Flash\Flash9f.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: (no object) (atikmdag) - C:\WINDOWS\system32\DRIVERS\atikmdag.sys
O41 - Driver: ATI PCI Express (3GIO) Filter (AtiPcie) - C:\WINDOWS\system32\DRIVERS\AtiPcie.sys
O41 - Driver: avgio (avgio) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
O41 - Driver: avgntflt (avgntflt) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
O41 - Driver: Pilote MS IEEE-1284.4 (Dot4) - C:\WINDOWS\system32\DRIVERS\Dot4.sys
O41 - Driver: Pilote de classe Imprimante pour IEEE-1284.4 (Dot4Print) - C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
O41 - Driver: MS Dot4USB Filter Dot4USB Filter (dot4usb) - C:\WINDOWS\system32\DRIVERS\dot4usb.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: Intel(R) PRO/1000 NDIS 6 Adapter Driver (E1G60) - C:\WINDOWS\system32\DRIVERS\E1G60I32.sys
O41 - Driver: Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio (HdAudAddService) - C:\WINDOWS\system32\drivers\HdAudio.sys
O41 - Driver: int15 (int15) - C:\Acer\Empowering Technology\eRecovery\int15.sys
O41 - Driver: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RTKVHDA.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32013 (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: IP in IP Tunnel Driver (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote d’E/S du mappage de découverte de topologie de la couche de liaison (lltdio) - C:\WINDOWS\system32\DRIVERS\lltdio.sys
O41 - Driver: Service Pilote de fonction de classe Moniteur Microsoft (monitor) - C:\WINDOWS\system32\DRIVERS\monitor.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Convertisseur en T/site-à-site de répartition Microsoft (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys
O41 - Driver: Filtre NativeWiFi (NativeWifiP) - C:\WINDOWS\system32\DRIVERS\nwifi.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32001 (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32002 (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: NetBIOS Interface (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: Upper Class Filter Driver (NTIDrvr) - C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
O41 - Driver: IPX Traffic Filter Driver (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: IPX Traffic Forwarder Driver (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: PCTAppEvent Driver (PCTAppEvent) - C:\Windows\system32\drivers\PCTAppEvent.sys
O41 - Driver: pctgntdi (pctgntdi) - C:\Windows\System32\drivers\pctgntdi.sys
O41 - Driver: pctplfw (pctplfw) - C:\Windows\System32\drivers\pctplfw.sys
O41 - Driver: Miniport réseau étendu WAN (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: @%SystemRoot%\System32\drivers\pacer.sys,-101 (PSched) - C:\WINDOWS\system32\DRIVERS\pacer.sys
O41 - Driver: (no object) (R300) - C:\WINDOWS\system32\DRIVERS\atikmdag.sys
O41 - Driver: Remote Access Auto Connection Driver (RasAcd) - C:\WINDOWS\System32\DRIVERS\rasacd.sys
O41 - Driver: Miniport réseau étendu WAN (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32007 (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: @%systemroot%\system32\sstpsvc.dll,-202 (RasSstp) - C:\WINDOWS\system32\DRIVERS\rassstp.sys
O41 - Driver: Répondeur de découverte de topologie de la couche de liaison (rspndr) - C:\WINDOWS\system32\DRIVERS\rspndr.sys
O41 - Driver: SASDIFSV (SASDIFSV) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
O41 - Driver: SASENUM (SASENUM) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
O41 - Driver: SASKUTIL (SASKUTIL) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
O41 - Driver: PCTools Driver (SFilter) - C:\WINDOWS\system32\DRIVERS\pctfw.sys
O41 - Driver: @%SystemRoot%\system32\tcpipcfg.dll,-50005 (Smb) - C:\WINDOWS\system32\DRIVERS\smb.sys
O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
O41 - Driver: Pilote de protocole IPv6 Microsoft (Tcpip6) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Pilote de carte miniport Microsoft Tun (tunmp) - C:\WINDOWS\system32\DRIVERS\tunmp.sys
O41 - Driver: Pilote de carte miniport Microsoft IPv6 Tunnel (tunnel) - C:\WINDOWS\system32\DRIVERS\tunnel.sys
O41 - Driver: Pilote de scanneur USB (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys
O41 - Driver: (no object) (vga) - C:\WINDOWS\system32\DRIVERS\vgapnp.sys
O41 - Driver: Remote Access IP ARP Driver (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Remote Access IPv6 ARP Driver (Wanarpv6) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: (no object) (WUDFRd) - C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
O41 - Driver: NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller (yukonwlh) - C:\WINDOWS\system32\DRIVERS\yk60x86.sys

---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Shockwave Player 11
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus
O42 - Logiciel: AuralogComponentsUninstall9
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: Defraggler (remove only)
O42 - Logiciel: eMule
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: HP Imaging Device Functions 8.0
O42 - Logiciel: HP Solution Center 8.0
O42 - Logiciel: HP Customer Participation Program 8.0
O42 - Logiciel: HP OCR Software 8.0
O42 - Logiciel: NTI CD & DVD-Maker
O42 - Logiciel: Security Update for CAPICOM (KB931906)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Motamo 4.22
O42 - Logiciel: Mozilla Firefox (3.0.7)
O42 - Logiciel: nCleaner second 2.3.4.0
O42 - Logiciel: PC Tools Firewall Plus 5.0
O42 - Logiciel: Microsoft Office Professional Plus 2007
O42 - Logiciel: scrabbleproB 1.0.11
O42 - Logiciel: Scrabble® 2003 Edition
O42 - Logiciel: SLD Codec Pack
O42 - Logiciel: UsbFix
O42 - Logiciel: VideoLAN VLC media player 0.8.6f
O42 - Logiciel: Archiveur WinRAR
O42 - Logiciel: ZebHelpProcess 2.33.6
O42 - Logiciel: Google Earth
O42 - Logiciel: Java(TM) 6 Update 12
O42 - Logiciel: Free Games Offer, Desktop Shortcut
O42 - Logiciel: HP Product Assistant
O42 - Logiciel: OpenOffice.org Installer 1.0
O42 - Logiciel: Acer Picture Slide DVD
O42 - Logiciel: Skype™ 3.8
O42 - Logiciel: NTI Backup NOW! 4.7
O42 - Logiciel: Acer ScreenSaver
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb962871)
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB956358)
O42 - Logiciel: Update for Microsoft Office Outlook 2007 (KB952142)
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB951338)
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB954326)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951944)
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB956828)
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB959997)
O42 - Logiciel: Update for Office 2007 (KB946691)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951550)
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB960003)
O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB950114)
O42 - Logiciel: Microsoft Office Access MUI (French) 2007
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007
O42 - Logiciel: Update for Microsoft Office Excel 2007 Help (KB957242)
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007
O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007
O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007
O42 - Logiciel: Update for Microsoft Office Outlook 2007 Help (KB957246)
O42 - Logiciel: Microsoft Office Word MUI (French) 2007
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007
O42 - Logiciel: Microsoft Office Proof (German) 2007
O42 - Logiciel: Microsoft Office Proof (English) 2007
O42 - Logiciel: Microsoft Office Proof (French) 2007
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007
O42 - Logiciel: Microsoft Office Proofing (French) 2007
O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007
O42 - Logiciel: Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
O42 - Logiciel: Acer Tour
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Galerie de photos Windows Live
O42 - Logiciel: Acer Zone SoftDMA
O42 - Logiciel: Acer Empowering Technology
O42 - Logiciel: Adobe Reader 9 - Français
O42 - Logiciel: Acer eDataSecurity Management
O42 - Logiciel: Acer Zone MakeDisk
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: MSXML 4.0 SP2 (KB941833)
O42 - Logiciel: HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
O42 - Logiciel: SUPERAntiSpyware Free Edition
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: Acer ePerformance Management
O42 - Logiciel: HP Photosmart Essential
O42 - Logiciel: HPSSupply
O42 - Logiciel: Acer Zone Main Page
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU]
O42 - Logiciel: Realtek High Definition Audio Driver
O42 - Logiciel: 32 Bit HP CIO Components Installer
O42 - Logiciel: Acer Plug and Record
O42 - Logiciel: Acer Zone MagicDirector
O42 - Logiciel: Windows Live installer
O42 - Logiciel: HP Update

---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Adobe
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Borland Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\DESIGNER
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Hewlett-Packard
O43 - CFD:Common File Directory - C:\Program Files\Common Files\HP
O43 - CFD:Common File Directory - C:\Program Files\Common Files\InstallShield
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Java
O43 - CFD:Common File Directory - C:\Program Files\Common Files\LightScribe
O43 - CFD:Common File Directory - C:\Program Files\Common Files\microsoft shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\MicroWorld
O43 - CFD:Common File Directory - C:\Program Files\Common Files\NewTech Infosystems
O43 - CFD:Common File Directory - C:\Program Files\Common Files\PC Tools
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Services
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Skype
O43 - CFD:Common File Directory - C:\Program Files\Common Files\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Steam
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Symantec Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\System
O43 - CFD:Common File Directory - C:\Program Files\Common Files\WindowsLiveInstaller
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Wise Installation Wizard

---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\Windows\System32\amxread.dll -->17/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\apilogen.dll -->17/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\Argument.html -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\axaltocm.dll -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\ControlSet.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\Debug.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\deploytk.dll -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\eEmpty.exe -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\ezsidmv.dat -->20/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\FNTCACHE.DAT -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\GenProc[].html -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\GenProc[].txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\html.iec -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasads.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasdatastore.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iashost.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasrecst.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieaksie.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iedkcs32.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieencode.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieframe.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iertutil.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieUnatt.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ifxcardm.dll -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\Interfaces.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\java.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\javaw.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\javaws.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\jsproxy.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\kernel32.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\lsasrv.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\mrt.exe -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\msfeeds.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.tlb -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mstime.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\msvcp80.dll -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\msvcr80.dll -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\ntkrnlpa.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ntoskrnl.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\occache.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\PathFF.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc009.dat -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc00C.dat -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh009.dat -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh00C.dat -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\PerfStringBackup.INI -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelineprxy.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelinesvc.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\Profils_FF.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\rpcss.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\sdohlp.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\secur32.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\Uninstall.html -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\Uninstall.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\urlmon.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\w32apiw.dll -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\win32k.sys -->09/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\wininet.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbam.sys -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbamswissarmy.sys -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\PCTCore.sys -->13/03/2009

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ACRORD32INFO.EXE-1C0557AA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgAppLaunch.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFaultHistory.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFgAppHistory.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlGlobalHistory.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgRobust.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ATTRIB.CFEXE-54625609.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ATTRIB.EXE-A990CB86.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVCENTER.EXE-AF580B74.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVGARKT-SETUP-1.1.0.42.EXE-9A2EA6CC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVGARKT.EXE-C9045B69.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVWSC.EXE-18A3FCA0.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CATCHME.CFEXE-828101DC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CATCHME.EXE-FE243694.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CATCHME.TMP-DAEB2D62.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CF22972.EXE-DB75C2AB.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CHCP.COM-61043047.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CHKNTFS.EXE-4D884E7D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CMD.EXE-4A81B364.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CMD.EXECF-C5C11419.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\COMBOFIX-DOWNLOAD.CFEXE-8DB4FB4F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\COMBOFIX.EXE-2BF42296.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONIME.EXE-9781FD5F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CSCRIPT.EXE-D1EF4768.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CUREIT.EXE-1DFD69FF.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-B2EB1806.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DUMPHIVE.CFEXE-8CBB994D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ERUNT.CFEXE-6260BB41.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FIND.EXE-E2237F6D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FINDSTR.CFEXE-2C31CDB5.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FINDSTR.EXE-2E9C6FE2.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GAVILA.EXE-B2359925.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GETPATHS.EXE-E690506B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GMER.EXE-E170290A.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GNC.EXE-27B06C3D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GNC.EXE-8FD53E34.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GNC.EXE-90940013.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GNC.EXE-A09CA6F0.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GREP.CFEXE-AF5B8A31.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GREP.CFEXE-F2435294.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GRPCONV.EXE-B823222B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GSAR.CFEXE-2E30A7CC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GSAR.CFEXE-7118702F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HANDLE.CFEXE-29220A7A.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HANDLE.CFEXE-A31F9D47.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HELPER.EXE-8AEDE3E3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HIDEC.EXE-0F1FADFA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HIDEC.EXE-FFBDB5DF.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HIJACKTHIS.EXE-9FD56571.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HJTINSTALL.EXE-88261B04.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IPCONFIG.EXE-912F3D5B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LBPKSXW41E.EXE-447FA942.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LOPSD.EXE-5FB3A725.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.EXE-A9F8D519.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-3CA56111.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM.EXE-305FF92C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAMGUI.EXE-4FE652ED.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MMLOADDRV.EXE-5475B7CC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MODE.COM-DB34C082.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MOVEEX.CFEXE-24ADA02F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MTEE.CFEXE-7F5BD862.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\N.COM-F61C6F88.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMD.CFEXE-5DB93D84.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMD.CFEXE-E3BBAAB7.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMD.COM-EEFEA6B0.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMD.EXE-3196DFA3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMDC.CFEXE-0814754B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\OSV.EXE-44EC46BD.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\OSV.EXE-4FE3C523.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PEV.CFEXE-CE4851CA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PEV.CFEXE-DDAA49E5.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PfSvPerfStats.bin -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PING.EXE-7E94E73E.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PSEXEC.CFEXE-B434A123.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PSEXESVC.EXE-7F956DAF.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PV.CFEXE-1E6D6CAC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PV.CFEXE-CDA21619.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PV.EXE-9B0EB19F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REG.EXE-E7E8BD26.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGCLEANER.EXE-9EE303F3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGEDIT.EXE-90FEEA06.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGT.CFEXE-D695AEFD.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ROUTE.EXE-5E3D06CB.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RSIT(3).EXE-DB20A599.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-9959F0A7.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-D8870C88.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNONCE.EXE-D0649312.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SED.CFEXE-428C1ABF.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SED.CFEXE-51EE12DA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SED.EXE-3A5D7D2E.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SETPATH.EXE-4749BC02.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SETUP.EXE-D31D1F84.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SF.EXE-3FF21543.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SORT.EXE-99A4F778.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SSUPDATE.EXE-FC6B201A.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.CFEXE-57B79243.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-3B27F432.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-599818A6.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-68FA10C1.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWSC.CFEXE-6CC4FA4B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWSC.EXE-BE627F88.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWXCACLS.CFEXE-8A6F12E6.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWXCACLS.CFEXE-FFBBFDE3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TAIL.CFEXE-024B57D5.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKLIST.EXE-C6CEE193.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UNZIP.CFEXE-CAB59F0C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VFIND.EXE-4E7A985D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERCON.EXE-E36BD04E.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WINRAR.EXE-94E7D80C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WSCRIPT.EXE-52CF1F0C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WSQMCONS.EXE-118B52B7.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\XTX847J.EXE-2F20DFC6.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ZHP2.EXE-B4567A37.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\_START.EXE-FF3D2E40.pf -->22/04/2009

---\\ Déni du service Local Security Authority (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\Windows\System32\scecli.dll

---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgrx.sys

---\\ Recherche d'infection de Base de Registres (O71)
O71 - BDRI:[hklm\software\microsoft\internet explorer\main]:start page - https://www.msn.com/fr-fr
A voir également:

80 réponses

Réponse 1 / 80
Bitpodech
 
Tu compte lui fère utilisé tous les tools 1 par 1 ?
1
Réponse 2 / 80
loloetseb Messages postés 5684 Statut Membre 174
 
Rapport hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:32, on 22/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\ZebHelpProcess\ZHP2.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecofree.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.tellmemorecampus.com
O15 - Trusted Zone: http://www.tellmemorecampus.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
0
Réponse 3 / 80
loloetseb Messages postés 5684 Statut Membre 174
 
Rapport combofix 1

ComboFix 09-04-22.A23 - Gavila 22/04/2009 17:37.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.894.284 [GMT 2:00]
Lancé depuis: c:\users\Gavila\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
FW: PC Tools Firewall Plus *enabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\1.txt
c:\windows\system32\tmp.reg
c:\windows\system32\w32apiw.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-22 au 2009-04-22 ))))))))))))))))))))))))))))))))))))
.

2009-04-22 15:30 . 2009-04-22 15:30 168 ----a-w c:\windows\system32\Uninstall.html
2009-04-22 15:30 . 2009-04-22 15:30 134 ----a-w c:\windows\system32\Argument.html
2009-04-22 15:30 . 2009-04-22 15:30 1149 ----a-w c:\windows\system32\GenProc[].html
2009-04-22 15:09 . 2009-04-22 15:09 17677729 ----a-w C:\upload_moi_PC-de-Gavila.tar.gz
2009-04-22 15:02 . 2009-04-22 15:14 -------- d-----w C:\FindyKill
2009-04-22 14:56 . 2009-04-22 14:56 -------- d---a-w c:\windows\system32\runouce.exe
2009-04-22 13:53 . 2009-04-22 14:56 52 ----a-w c:\windows\Lic.xxx
2009-04-22 13:52 . 2009-04-22 13:52 626688 ----a-w c:\windows\system32\msvcr80.dll
2009-04-22 13:52 . 2009-04-22 13:52 548864 ----a-w c:\windows\system32\msvcp80.dll
2009-04-22 13:52 . 2009-04-22 13:52 28672 ----a-w c:\windows\system32\eEmpty.exe
2009-04-22 13:52 . 2005-09-22 21:22 522 ----a-w c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-04-22 13:51 . 2009-04-22 13:51 -------- d-----w c:\users\All Users\MicroWorld
2009-04-22 13:51 . 2009-04-22 13:51 -------- d-----w c:\progra~2\MicroWorld
2009-04-22 12:03 . 2009-04-22 12:06 -------- d-----w C:\Rooter$
2009-04-22 12:01 . 2009-04-22 12:02 -------- d-----w C:\Rustbfix
2009-04-22 12:00 . 2009-04-22 12:00 -------- d-----w C:\GenProc
2009-04-22 11:53 . 2009-04-22 13:05 -------- d---a-w C:\autorun.inf
2009-04-22 11:45 . 2009-04-22 12:00 -------- d-----w C:\UsbFix
2009-04-22 11:26 . 2009-04-22 11:26 -------- d-----w C:\rsit
2009-04-17 19:07 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll
2009-04-17 11:34 . 2009-04-17 11:34 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-17 11:25 . 2009-04-17 11:25 -------- d-----w C:\PerfLogs
2009-04-16 06:29 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 06:29 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 06:29 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 15:19 . 2006-11-02 15:48 669328 ----a-w c:\windows\System32\perfh00C.dat
2009-04-22 15:19 . 2006-11-02 15:48 123350 ----a-w c:\windows\System32\perfc00C.dat
2009-04-22 15:15 . 2009-01-29 21:04 -------- d---a-w c:\progra~2\TEMP
2009-04-22 15:14 . 2009-04-22 15:13 2150 ----a-w C:\FindyKill.txt
2009-04-22 15:12 . 2009-04-22 15:11 733 ----a-w C:\rapport_clean.txt
2009-04-22 15:12 . 2009-02-20 18:28 636 ----a-w C:\resultat_clean.txt
2009-04-22 15:08 . 2009-02-20 13:51 -------- d-----w c:\program files\Trend Micro
2009-04-22 15:07 . 2009-04-22 13:49 2264 ----a-w C:\rapport.txt
2009-04-22 13:52 . 2009-04-22 13:52 -------- d-----w c:\program files\Common Files\MicroWorld
2009-04-22 13:47 . 2009-02-20 16:17 13030 ----a-w C:\PDOXUSRS.NET
2009-04-22 12:51 . 2009-04-22 12:08 3026 ----a-w C:\fixnavi.txt
2009-04-22 12:51 . 2009-04-22 12:07 -------- d-----w c:\program files\Navilog1
2009-04-22 12:36 . 2009-04-22 12:23 -------- d-----w c:\program files\Ad-remover
2009-04-22 12:34 . 2009-04-22 12:29 3212 ----a-w C:\Ad-Report-Clean-22.04.2009.log
2009-04-22 12:28 . 2009-04-22 12:23 2493 ----a-w C:\Ad-Report-Scan-22.04.2009.log
2009-04-22 12:22 . 2009-04-22 12:21 458 ----a-w C:\JavaRa.log
2009-04-22 11:25 . 2009-03-07 14:23 -------- d-----w c:\program files\ZebHelpProcess
2009-04-22 06:54 . 2008-01-30 23:22 -------- d-----w c:\program files\scrabbleproB1.0.7
2009-04-17 11:37 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-04-17 11:32 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat
2009-04-17 11:32 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-17 11:32 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-17 11:28 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar
2009-04-17 11:28 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Calendar
2009-04-17 11:28 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-17 11:28 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-17 11:28 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Journal
2009-04-17 11:28 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Collaboration
2009-04-17 11:28 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Defender
2009-04-17 11:25 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat
2009-04-17 07:22 . 2006-11-02 10:32 101888 ----a-w c:\windows\System32\ifxcardm.dll
2009-04-17 07:22 . 2006-11-02 10:32 82432 ----a-w c:\windows\System32\axaltocm.dll
2009-04-17 05:41 . 2008-05-01 12:29 -------- d-----w c:\progra~2\Microsoft Help
2009-03-29 13:00 . 2009-02-20 16:04 -------- d-----w c:\program files\SUPERAntiSpyware
2009-03-24 10:14 . 2009-03-24 10:14 -------- d-----w c:\program files\Motamo
2009-03-17 07:56 . 2009-03-07 18:31 -------- d-----w c:\program files\PC Tools Firewall Plus
2009-03-17 03:38 . 2009-04-16 06:28 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-16 06:28 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 06:28 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-13 07:24 . 2009-03-13 07:24 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-03-12 20:59 . 2009-01-24 01:39 -------- d-----w c:\progra~2\Zylom
2009-03-07 18:32 . 2009-01-29 21:07 -------- d-----w c:\program files\Common Files\PC Tools
2009-03-07 16:42 . 2009-02-20 16:45 3428 ----a-w C:\TCleaner.txt
2009-03-07 16:10 . 2008-01-20 20:43 -------- d-----w c:\program files\Windows Live
2009-03-07 15:52 . 2009-03-07 15:52 -------- d-----w c:\program files\RegCleaner
2009-03-07 15:45 . 2009-03-07 15:44 -------- d-----w c:\program files\Common Files\Adobe
2009-03-07 15:10 . 2009-03-07 15:10 -------- d-----w c:\program files\NKProds
2009-03-07 13:58 . 2008-01-25 23:53 -------- d-----w c:\program files\Java
2009-03-07 13:57 . 2009-02-20 13:47 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-06 23:40 . 2009-03-06 23:40 268 ---ha-w C:\sqmdata12.sqm
2009-03-06 23:40 . 2009-03-06 23:40 244 ---ha-w C:\sqmnoopt12.sqm
2009-03-06 09:29 . 2009-03-06 09:29 268 ---ha-w C:\sqmdata11.sqm
2009-03-06 09:29 . 2009-03-06 09:29 244 ---ha-w C:\sqmnoopt11.sqm
2009-03-06 00:44 . 2009-03-06 00:44 268 ---ha-w C:\sqmdata10.sqm
2009-03-06 00:44 . 2009-03-06 00:44 244 ---ha-w C:\sqmnoopt10.sqm
2009-03-05 07:16 . 2009-03-05 07:16 268 ---ha-w C:\sqmdata09.sqm
2009-03-05 07:16 . 2009-03-05 07:16 244 ---ha-w C:\sqmnoopt09.sqm
2009-03-04 22:39 . 2009-03-04 22:39 268 ---ha-w C:\sqmdata08.sqm
2009-03-04 22:39 . 2009-03-04 22:39 244 ---ha-w C:\sqmnoopt08.sqm
2009-03-04 05:30 . 2009-03-04 05:30 268 ---ha-w C:\sqmdata07.sqm
2009-03-04 05:30 . 2009-03-04 05:30 244 ---ha-w C:\sqmnoopt07.sqm
2009-03-03 04:46 . 2009-04-16 06:28 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 06:28 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 06:28 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-16 06:28 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 06:28 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 06:28 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 06:28 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 06:28 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 06:28 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-16 06:28 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 03:04 . 2009-04-16 06:28 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 06:28 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-16 06:28 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-27 14:54 . 2009-02-27 14:54 -------- d-----w c:\progra~2\HP Product Assistant
2009-02-24 22:09 . 2009-02-24 22:09 268 ---ha-w C:\sqmdata06.sqm
2009-02-24 22:09 . 2009-02-24 22:09 244 ---ha-w C:\sqmnoopt06.sqm
2009-02-23 22:28 . 2009-02-23 22:28 268 ---ha-w C:\sqmdata05.sqm
2009-02-23 22:28 . 2009-02-23 22:28 244 ---ha-w C:\sqmnoopt05.sqm
2009-02-22 13:36 . 2009-02-22 13:36 244 ---ha-w C:\sqmnoopt04.sqm
2009-02-22 13:36 . 2009-02-22 13:36 232 ---ha-w C:\sqmdata04.sqm
2009-02-22 13:35 . 2009-02-22 13:35 244 ---ha-w C:\sqmnoopt03.sqm
2009-02-22 13:35 . 2009-02-22 13:35 232 ---ha-w C:\sqmdata03.sqm
2009-02-20 18:21 . 2009-02-20 18:21 268 ---ha-w C:\sqmdata02.sqm
2009-02-20 18:21 . 2009-02-20 18:21 244 ---ha-w C:\sqmnoopt02.sqm
2009-02-20 15:50 . 2009-02-20 15:50 268 ---ha-w C:\sqmdata01.sqm
2009-02-20 15:50 . 2009-02-20 15:50 244 ---ha-w C:\sqmnoopt01.sqm
2009-02-20 15:29 . 2009-02-20 15:29 268 ---ha-w C:\sqmdata00.sqm
2009-02-20 15:29 . 2009-02-20 15:29 244 ---ha-w C:\sqmnoopt00.sqm
2009-02-13 08:49 . 2009-04-16 06:28 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-16 06:28 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 07:44 2033152 ----a-w c:\windows\System32\win32k.sys
2009-01-27 00:06 . 2009-01-23 09:37 164345 ----a-w c:\windows\hpoins19.dat
2008-02-24 09:35 . 2008-02-24 09:35 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-24 09:35 . 2008-02-24 09:35 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-24 09:35 . 2008-02-24 09:35 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-29 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-13 528384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{755DDF93-2A40-464C-8E19-14D57FDFE54C}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{9E139F13-729C-48A3-A542-F8D1B9041878}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{083C222B-2E43-435E-A4FA-69B43D170DBD}"= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{CCAC3715-6F13-4B05-AFE8-9CB066D07D09}"= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{7A11D0DC-4B4D-4D6B-9395-1FB0BB02F739}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{CAEDC0A9-FA60-4B8B-8EB7-4679892F69D7}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{3CF0A38F-BDCA-4850-B9CC-79DA144B0CA6}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{801EC1BA-4EA4-4830-8FE6-B53B0271F818}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{25C8D0F9-7579-488A-9363-C9EC507F3255}"= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{8C209F36-3196-43EF-AEA2-F7691A219A8D}"= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{A241450E-810E-4B10-8253-B1F7C675FB0E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{20C638C9-FD40-4D84-94E4-65ED66B03426}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{97AFC5DF-E008-4027-9C83-56B55E6160FC}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{413118EA-CABB-4F22-9776-5A85C036DD48}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{D4327A3E-F484-4F7D-822A-13E2504F147E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{623B3D23-0A70-4B73-95E0-490CC7B10EE3}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{2DF05712-50D8-4A89-B9DC-6180CBAA70A1}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{5EDD989F-D444-46A9-B3B2-4B8FFEF6E4B5}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{BF4BBAE4-2B77-4D5A-B24A-9A980BE8EB3A}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2008-12-11 159600]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-29 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2008-12-18 73840]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2009-01-21 95640]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf1f81a1-a7ea-11dd-a752-0019db575879}]
\shell\EmDesk\command - J:\EmDesk.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ecofree.org/
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: tellmemorecampus.com\www
Trusted Zone: tellmemorecampus.com\www
FF - ProfilePath - c:\users\Gavila\AppData\Roaming\Mozilla\Firefox\Profiles\v7838o5s.default\
FF - plugin: c:\users\Gavila\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 17:40
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\users\Gavila\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(1984)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
.
Heure de fin: 2009-04-22 17:42
ComboFix-quarantined-files.txt 2009-04-22 15:42
ComboFix2.txt 2009-04-22 13:19

Avant-CF: 48 178 585 600 octets libres
Après-CF: 48 059 187 200 octets libres

250 --- E O F --- 2009-04-18 01:02
0
Réponse 4 / 80
loloetseb Messages postés 5684 Statut Membre 174
 
J'ai refais combo,ceci est revenu et a ete encore supprimé

c:\windows\system32\w32apiw.dll

Rapport otview it avant plantage

OTViewIt logfile created on: 23/04/2009 00:27:06 - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Gavila\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

893,77 Mb Total Physical Memory | 295,73 Mb Available Physical Memory | 33,09% Memory free
2,01 Gb Paging File | 1,01 Gb Available in Paging File | 50,53% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 71,28 Gb Total Space | 43,94 Gb Free Space | 61,65% Space Free | Partition Type: NTFS
Drive D: | 70,94 Gb Total Space | 70,57 Gb Free Space | 99,49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-GAVILA
Current User Name: Gavila
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[color=orange]========== Processes ==========[/color]

[2008/01/19 09:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008/01/19 09:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/01/22 22:38:19 | 00,643,072 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2008/01/19 09:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2008/01/22 22:38:19 | 00,643,072 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2008/01/19 09:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008/01/19 09:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/10/15 14:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2006/12/18 14:27:12 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
[2008/10/15 14:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2006/10/19 14:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2008/12/11 17:58:44 | 00,146,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
[2005/01/21 13:37:16 | 00,143,360 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
[2008/05/27 07:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008/01/19 09:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2006/12/14 16:38:46 | 00,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
[2006/11/09 04:57:00 | 03,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2006/11/23 16:24:54 | 00,319,488 | ---- | M] () -- C:\Windows\System32\SysMonitor.exe
[2006/11/17 09:26:58 | 00,453,120 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
[2007/07/17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
[2008/06/12 14:28:40 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2009/02/23 11:49:16 | 02,652,056 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
[2008/01/19 09:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2009/03/29 15:00:56 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[2007/01/02 22:40:10 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2007/07/17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[2006/12/10 22:51:08 | 00,271,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
[2008/01/19 09:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2009/02/20 05:09:23 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/09/16 21:17:12 | 00,968,704 | ---- | M] () -- C:\Program Files\WinRAR\WinRAR.exe
[2009/04/22 23:05:12 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
[2008/01/19 09:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/05/27 07:18:16 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2008/05/27 07:17:55 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/04/22 22:55:18 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Gavila\Desktop\OTViewIt.exe

[color=orange]========== (O23) Win32 Services ==========[/color]

[2006/12/18 14:27:12 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService [Auto | Running])
File not found -- -- (AntiVirScheduler [Auto | Running])
File not found -- -- (AntiVirService [Auto | Running])
[2008/01/22 22:38:19 | 00,643,072 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Running])
[2008/07/27 20:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2008/01/19 09:33:06 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2008/01/19 09:34:06 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008/01/19 09:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 14:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2006/12/14 16:38:46 | 00,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService [Auto | Running])
[2008/01/05 13:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/01/19 09:34:25 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
File not found -- -- (LightScribeService [Auto | Running])
[2006/11/02 15:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/01/05 13:21:39 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (odserv [On_Demand | Stopped])
File not found -- -- (ose [On_Demand | Stopped])
File not found -- -- (PCToolsFirewallPlus [Auto | Running])
File not found -- -- (RichVideo [Auto | Running])
[2008/01/19 09:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2008/01/19 09:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 11:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
File not found -- -- (Steam Client Service [On_Demand | Stopped])
[2008/01/19 09:33:33 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2008/01/19 09:33:33 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
File not found -- -- (WLSetupSvc [On_Demand | Stopped])
[2008/05/27 07:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

[color=orange]========== Driver Services ==========[/color]

[2006/11/02 11:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 11:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 11:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 11:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 11:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 11:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 11:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 11:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 10:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 10:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2006/11/02 11:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 11:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2008/01/22 23:39:48 | 03,482,112 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag [On_Demand | Running])
[2006/10/30 17:22:26 | 00,008,192 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie [Boot | Running])
File not found -- -- (avgio [System | Running])
File not found -- -- (avgntflt [On_Demand | Running])
[2008/10/30 11:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb [System | Running])
[2008/01/19 07:28:26 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 10:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 10:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 10:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 10:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 10:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 10:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 10:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 10:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/01/19 09:42:58 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006/11/02 11:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 11:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 10:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008/01/19 07:28:20 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008/01/19 07:49:12 | 00,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4.sys -- (Dot4 [On_Demand | Stopped])
[2008/01/19 07:49:09 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2008/01/19 07:49:10 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4usb.sys -- (dot4usb [On_Demand | Stopped])
[2008/08/02 03:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 09:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/19 09:42:11 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006/11/02 11:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/01/19 07:28:01 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2008/01/19 09:42:31 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008/01/19 07:30:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006/11/02 11:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2006/11/02 09:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008/01/19 06:30:49 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 10:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 10:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 11:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/02 11:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/11/02 11:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2006/12/07 19:12:02 | 00,076,584 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15 [Auto | Running])
[2006/11/08 13:09:00 | 01,647,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/11/02 10:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008/01/19 09:42:35 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 11:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 11:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006/11/02 10:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2008/01/19 07:55:03 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 11:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 11:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 11:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008/01/19 07:30:36 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/11/02 11:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/19 07:52:19 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 11:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/01/19 07:54:46 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 11:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008/08/27 03:05:41 | 00,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/01/19 07:28:37 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 11:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 11:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008/01/19 09:41:14 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008/01/19 09:42:29 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/05/20 04:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2006/11/02 11:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008/01/19 07:55:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/12/13 11:34:05 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
[2006/11/02 09:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006/11/02 11:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 11:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006/11/02 11:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2008/12/18 13:16:56 | 00,073,840 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent [Auto | Running])
[2008/12/11 09:38:22 | 00,159,600 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi [System | Running])
[2009/01/21 11:38:32 | 00,095,640 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw [On_Demand | Running])
[2006/11/02 11:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2008/04/05 03:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2006/11/10 16:10:50 | 00,010,624 | ---- | M] (HiTRUST) -- C:\Windows\System32\drivers\psdfilter.sys -- (PSDFilter [Boot | Running])
[2006/11/10 16:21:16 | 00,007,936 | ---- | M] (HiTRUST) -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ [Boot | Running])
[2006/11/08 17:11:30 | 00,053,760 | ---- | M] (HiTRUST) -- C:\Windows\System32\drivers\psdvdisk.sys -- (psdvdisk [Boot | Running])
[2006/11/02 11:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 11:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008/01/19 07:56:07 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2008/01/22 23:39:48 | 03,482,112 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (R300 [On_Demand | Stopped])
[2008/01/19 07:56:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008/01/19 08:01:09 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008/01/19 07:55:03 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
File not found -- -- (SASDIFSV [System | Running])
File not found -- -- (SASENUM [On_Demand | Running])
File not found -- -- (SASKUTIL [System | Running])
[2006/11/02 11:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006/11/02 08:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/19 07:49:16 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006/11/02 10:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 10:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 10:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2008/09/22 13:29:18 | 00,097,408 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctfw.sys -- (SFilter [On_Demand | Running])
[2006/11/02 11:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 11:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 11:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/01/19 07:55:27 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2008/01/19 09:41:30 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008/01/19 07:29:15 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/01/19 07:29:12 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2007/11/08 19:03:26 | 00,021,248 | ---- | M] (AVIRA GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2006/11/02 11:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 11:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 11:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2008/01/19 07:56:07 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2008/01/19 07:55:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2008/01/19 08:01:15 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Running])
[2008/01/19 07:55:41 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008/01/19 07:55:50 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 11:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/08/29 04:30:04 | 00,013,952 | ---- | M] () -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper [Boot | Running])
[2006/11/02 11:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 11:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 11:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 11:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/01/19 07:53:40 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006/11/02 10:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2006/11/02 10:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 10:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 11:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/19 09:42:18 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008/01/19 09:43:03 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 11:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 10:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 11:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/01/19 09:43:27 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006/11/02 10:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2008/01/19 07:56:49 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2006/11/09 03:52:32 | 00,194,560 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh [On_Demand | Running])

[color=orange]========== (R ) Internet Explorer ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=https://www.google.com/?gws_rd=ssl
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\SYSTEM32\blank.htm
"Search Page"=https://www.google.com/?gws_rd=ssl
"Security Risk Page"=about:SecurityRisk
"Start Page"=https://www.msn.com/fr-fr

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://www.google.com/toolbar/ie8/sidebar.html

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_search_url"=https://www.google.com/?gws_rd=ssl
"Default_Secondary_Page_URL"=
"Local Page"=C:\Windows\SYSTEM32\blank.htm
"SEARCH PAGE"=https://www.google.com/?gws_rd=ssl
"Start Page"=https://www.msn.com/fr-fr/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[color=orange]========== (O1) Hosts File ==========[/color]

HOSTS File = (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

[color=orange]========== (O2) BHO's ==========[/color]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Programmes\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Programmes\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Programmes\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Programmes\Java\jre6\bin\jp2ssv.dll File not found

[color=orange]========== (O3) Toolbars ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}" (HKLM) -- C:\Windows\System32\eDStoolbar.dll (HiTRUST)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" (HKLM) -- C:\Windows\System32\eDStoolbar.dll (HiTRUST)

[color=orange]========== (O4) Run Keys ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s File not found
"Acer Empowering Technology Monitor"=C:\Windows\system32\SysMonitor.exe ()
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min File not found
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" File not found
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found

[color=orange]========== (O6 & O7) Current Version Policies ==========[/color]

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"HomePage"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0
"NoLogOff"=0
"NoControlPanel"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoWinKeys"=0
"NoDriveAutoRun"=FF FF FF FF [binary data]
"NoDriveTypeAutoRun"=36
"NoDrives"=0

[color=orange]========== (O8) IE Context Menu Extensions ==========[/color]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xporter vers Microsoft Excel: C:\Programmes\Microsoft Office\Office12\EXCEL.EXE File not found

[color=orange]========== (O9) IE Extensions ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %SystemDrive%\Programmes\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %SystemDrive%\Programmes\Microsoft Office\Office12\REFIEBAR.DLL File not found

[color=orange]========== (O12) Internet Explorer Plugins ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

[color=orange]========== (O13) Default Prefixes ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[color=orange]========== (O15) Trusted Sites ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
tellmemorecampus.com\www: http in Computer
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
mks.com.pl: https in Sites de confiance
tellmemorecampus.com\www: http in Computer
1 domain(s) and sub-domain(s) not assigned to a zone.

[color=orange]========== (O16) DPF ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab -- Java Plug-in 1.6.0_12
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab -- Java Plug-in 1.6.0_12
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab -- Java Plug-in 1.6.0_12

[color=orange]========== (O17) DNS Name Servers ==========[/color]

{33417D56-5BD1-4033-BD59-4783FF91B01D} (Servers: | Description: Generic Marvell Yukon 88E8056 based Ethernet Controller)

[color=orange]========== (O20) Winlogon Notify Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Programmes\SUPERAntiSpyware\SASWINLO.dll File not found

[color=orange]========== HKLM *SecurityProviders* ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/19 09:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

[color=orange]========== LSA *Security Packages* ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/19 09:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

[color=orange]========== Safeboot Options ==========[/color]

"AlternateShell"=cmd.exe

[color=orange]========== CDRom AutoRun Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

[color=orange]========== Autorun Files on Drives ==========[/color]

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 23:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

autorun.inf []
[2009/04/22 15:05:10 | 00,000,000 | ---D | M] -- C:\autorun.inf -- [ NTFS ]

autorun.inf []
[2009/04/22 13:53:17 | 00,000,000 | RHSD | M] -- D:\autorun.inf -- [ NTFS ]

[color=orange]========== Files/Folders - Created Within 30 Days ==========[/color]

[1 C:\Windows\System32\*.tmp files]
[2009/04/22 23:29:53 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/04/22 22:48:04 | 00,000,000 | ---D | C] -- C:\rsit
[2009/04/22 22:45:57 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/04/22 22:45:57 | 00,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/22 22:45:50 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/22 22:45:48 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/22 22:19:27 | 93,794,3040 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/22 20:38:21 | 00,000,000 | ---- | C] () -- C:\Windows\System32\w32apiw.dll
[2009/04/22 19:51:28 | 12,736,0296 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/04/22 19:33:29 | 00,000,026 | ---- | C] () -- C:\23990098.$$$
[2009/04/22 19:15:48 | 13,117,471 | ---- | C] () -- C:\Windows\REGBK00.ZIP
[2009/04/22 19:15:47 | 00,000,000 | ---D | C] -- C:\Windows\zts2.exe
[2009/04/22 19:15:47 | 00,000,000 | ---D | C] -- C:\Windows\System32\vcmgcd32.dll
[2009/04/22 19:15:47 | 00,000,000 | ---D | C] -- C:\Windows\System32\systems.txt
[2009/04/22 19:15:47 | 00,000,000 | ---D | C] -- C:\Windows\System32\iifgfgf.dll
[2009/04/22 19:15:47 | 00,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2009/04/22 19:15:47 | 00,000,000 | ---D | C] -- C:\Windows\rundl132.dll
[2009/04/22 19:15:47 | 00,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2009/04/22 17:40:44 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/04/22 17:30:34 | 00,000,168 | ---- | C] () -- C:\Windows\System32\Uninstall.html
[2009/04/22 17:30:34 | 00,000,134 | ---- | C] () -- C:\Windows\System32\Argument.html
[2009/04/22 17:30:33 | 00,001,149 | ---- | C] () -- C:\Windows\System32\GenProc[].html
[2009/04/22 17:09:49 | 17,677,729 | ---- | C] () -- C:\upload_moi_PC-de-Gavila.tar.gz
[2009/04/22 16:56:16 | 00,000,000 | ---D | C] -- C:\Windows\System32\runouce.exe
[2009/04/22 15:53:22 | 00,000,052 | ---- | C] () -- C:\Windows\Lic.xxx
[2009/04/22 15:52:32 | 00,626,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2009/04/22 15:52:31 | 00,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2009/04/22 15:52:30 | 00,028,672 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe
[2009/04/22 15:52:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2009/04/22 15:51:57 | 00,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2009/04/22 15:15:03 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/04/22 15:15:03 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/04/22 15:13:14 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/22 14:23:34 | 00,000,000 | ---D | C] -- C:\Program Files\Ad-remover
[2009/04/22 14:07:40 | 00,000,000 | ---D | C] -- C:\Program Files\Navilog1
[2009/04/22 14:03:37 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/22 13:53:17 | 00,000,000 | ---D | C] -- C:\autorun.inf
[2009/04/19 12:13:34 | 00,000,294 | ---- | C] () -- C:\Windows\tasks\WebReg PSC 1500 series.job
[2009/04/18 03:01:51 | 00,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/18 03:01:51 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2009/04/18 03:01:51 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/18 03:01:51 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2009/04/18 03:01:49 | 00,754,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2009/04/18 03:01:49 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2009/04/18 03:01:49 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009/04/18 03:01:49 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/04/18 03:01:49 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2009/04/18 03:01:49 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2009/04/18 03:01:49 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2009/04/18 03:01:49 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2009/04/18 03:01:48 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2009/04/18 03:01:48 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2009/04/18 03:01:48 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009/04/18 03:01:48 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009/04/18 03:01:48 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2009/04/18 03:01:48 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009/04/18 03:01:48 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009/04/18 03:01:48 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2009/04/18 03:01:48 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2009/04/18 03:01:47 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009/04/18 03:01:47 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009/04/18 03:01:47 | 01,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2009/04/18 03:01:47 | 00,439,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2009/04/18 03:01:47 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2009/04/18 03:01:46 | 01,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2009/04/18 03:01:46 | 00,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2009/04/18 03:01:46 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2009/04/18 03:01:46 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2009/04/17 21:07:43 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/04/17 21:07:41 | 00,891,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/04/17 21:07:41 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/04/17 21:07:41 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2009/04/17 21:07:40 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/04/17 21:07:40 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009/04/17 21:07:39 | 00,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/04/17 21:07:39 | 00,565,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2009/04/17 21:07:39 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/04/17 21:07:39 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/04/17 21:07:39 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/04/17 21:07:38 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/04/17 21:07:38 | 00,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/04/17 21:07:38 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009/04/17 21:07:38 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2009/04/17 21:07:38 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2009/04/17 21:07:38 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009/04/17 21:07:38 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009/04/17 21:07:38 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2009/04/17 13:34:09 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/04/17 13:25:49 | 00,000,000 | ---D | C] -- C:\PerfLogs
[2009/04/16 08:29:09 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/16 08:29:07 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/16 08:29:07 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/16 08:28:58 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/04/16 08:28:58 | 00,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/04/16 08:28:58 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/16 08:28:58 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/16 08:28:57 | 03,599,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/04/16 08:28:56 | 03,547,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/04/16 08:28:56 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/16 08:28:56 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/16 08:28:55 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/16 08:28:55 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/04/16 08:28:52 | 01,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/04/16 08:28:52 | 00,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/16 08:28:52 | 00,441,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/04/16 08:28:52 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/16 08:28:51 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/16 08:28:51 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/16 08:28:51 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/04/16 08:28:47 | 03,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/04/16 08:28:47 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/04/16 08:28:45 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/04/16 08:28:45 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/04/16 08:28:44 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/04/16 08:28:44 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/04/16 08:28:44 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/04/16 08:28:44 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/04/16 08:28:44 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/04/16 08:28:43 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/04/16 08:28:43 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/04/16 08:28:43 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/04/16 08:28:43 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/04/16 08:28:42 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/04/16 08:28:42 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/04/16 08:28:42 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/03/24 12:14:29 | 00,000,732 | ---- | C] () -- C:\Users\Public\Desktop\Motamo.lnk
[2009/03/24 12:14:29 | 00,000,000 | ---D | C] -- C:\Program Files\Motamo

[color=orange]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\Windows\System32\*.tmp files]
[2009/04/23 00:24:35 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009/04/22 23:55:33 | 01,470,810 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/04/22 23:55:33 | 00,669,328 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/04/22 23:55:33 | 00,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/04/22 23:55:33 | 00,123,350 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/04/22 23:55:33 | 00,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/04/22 23:50:08 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/04/22 23:50:07 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/04/22 23:50:06 | 00,371,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/04/22 23:49:58 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/04/22 23:49:52 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/04/22 23:49:44 | 93,794,3040 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/22 22:45:57 | 00,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/22 21:20:28 | 00,000,052 | ---- | M] () -- C:\Windows\Lic.xxx
[2009/04/22 20:40:37 | 00,000,000 | ---- | M] () -- C:\Windows\System32\w32apiw.dll
[2009/04/22 19:51:49 | 12,736,0296 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/04/22 19:33:29 | 00,000,026 | ---- | M] () -- C:\23990098.$$$
[2009/04/22 19:17:12 | 13,117,471 | ---- | M] () -- C:\Windows\REGBK00.ZIP
[2009/04/22 18:51:25 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/04/22 17:40:52 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/04/22 17:30:34 | 00,001,149 | ---- | M] () -- C:\Windows\System32\GenProc[].html
[2009/04/22 17:30:34 | 00,000,168 | ---- | M] () -- C:\Windows\System32\Uninstall.html
[2009/04/22 17:30:34 | 00,000,134 | ---- | M] () -- C:\Windows\System32\Argument.html
[2009/04/22 17:09:49 | 17,677,729 | ---- | M] () -- C:\upload_moi_PC-de-Gavila.tar.gz
[2009/04/22 15:52:31 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2009/04/22 15:52:30 | 00,548,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2009/04/22 15:52:29 | 00,028,672 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe
[2009/04/21 09:58:08 | 00,109,568 | ---- | M] () -- C:\Windows\VFIND.exe
[2009/04/19 12:13:35 | 00,000,294 | ---- | M] () -- C:\Windows\tasks\WebReg PSC 1500 series.job
[2009/04/17 13:37:37 | 00,000,280 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
[2009/04/17 13:37:37 | 00,000,174 | -HS- | M] () -- C:\Users\Public\Desktop\desktop.ini
[2009/04/17 13:37:37 | 00,000,174 | -HS- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2009/04/17 13:34:09 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/04/17 09:22:33 | 00,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2009/04/17 09:22:26 | 00,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2009/04/06 16:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/03/24 12:14:29 | 00,000,732 | ---- | M] () -- C:\Users\Public\Desktop\Motamo.lnk
< End of report >
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 80
loloetseb Messages postés 5684 Statut Membre 174
 
Rapport ot de 3 clefs de registre verrolés que j'ai viré

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key hklm\software\microsoft\internet explorer\extension compatibility\{43d9e6f0-1776-4897-ae14-ecedecbafec0}\\ deleted successfully.
Registry key hklm\software\microsoft\internet explorer\extension compatibility\{5a074b29-f830-49de-a31b-5bb9d7f6b407}\\ deleted successfully.
Registry key hklm\software\microsoft\internet explorer\extension compatibility\{5a074b21-f830-49de-a31b-5bb9d7f6b407}\\ deleted successfully.
Registry key hklm\software\microsoft\shared tools\msconfig\startupreg\skype\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Gavila\AppData\Local\Temp\~DF862C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04222009_234758

Files moved on Reboot...
C:\Users\Gavila\AppData\Local\Temp\~DF862C.tmp moved successfully.
0
Réponse 6 / 80
loloetseb Messages postés 5684 Statut Membre 174
 
Re scan escan en mode normal,retour des meme infection qu'en debut d'apres midi

Objet "Backdoor (IRCBot) Trojans Spyware/Adware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.
Objet "Spyware.ExpressKeylog Corrupted Adware/Spyware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.
Objet "DiskKnight Adware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.
Objet "AntiSpyware Pro XP Corrupted Adware/Spyware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.
Entrée "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" se réfère à l'objet invalide ".tmp". Mesure prise : Entrées supprimées.
0
Réponse 7 / 80
Utilisateur anonyme
 
desinstalle navilog et AD-R ensuite :


__________________________________________________________
=>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur,<=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=====|
---------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
File::
c:\windows\system32\eEmpty.exe
c:\windows\Lic.xxx
c:\windows\system32\runouce.exe
C:\autorun.inf
------------------------------------------------------------------

• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
• Quitte le Bloc Notes

• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt


0
Réponse 8 / 80
loloetseb Messages postés 5684 Statut Membre 174
 
Tiens le detail des infections qu'a detecté escan.Y'a des clefs du root mais qui revienne donc faut trouver plus haut

23 avr. 2009 01:19:46 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{9BD3A001-42A2-491E-AACA-9512F6CF4CDB})! Action taken: Entrées supprimées.
23 avr. 2009 01:19:46 - Objet "Parentis Spyware/Adware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.

23 avr. 2009 01:19:53 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67})! Action taken: Entrées supprimées.
23 avr. 2009 01:19:53 - Objet "Parentis Spyware/Adware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.

23 avr. 2009 01:19:54 - Offending Key found: HKCU\Software\Kazaa !!!
23 avr. 2009 01:19:54 - Deleting Registry Key: HKCU\Software\Kazaa
23 avr. 2009 01:19:54 - Objet "kazaa Spyware/Adware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.

23 avr. 2009 01:19:56 - Offending Registry Entry found: HKCU\SOFTWARE\Wget
23 avr. 2009 01:19:56 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\SOFTWARE\Wget)! Action taken: Entrées supprimées.
23 avr. 2009 01:19:56 - Objet "Backdoor (IRCBot) Trojans Spyware/Adware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.

23 avr. 2009 01:19:56 - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
23 avr. 2009 01:19:56 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: Entrées supprimées.
23 avr. 2009 01:19:56 - Objet "Backdoor (IRCBot) Trojans Spyware/Adware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.

23 avr. 2009 01:19:56 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
23 avr. 2009 01:19:56 - System found infected with Spyware.ExpressKeylog Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations)! Action taken: Entrées supprimées.
23 avr. 2009 01:19:56 - Objet "Spyware.ExpressKeylog Corrupted Adware/Spyware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.

23 avr. 2009 01:19:56 - Offending Registry Entry found: HKLM\SOFTWARE\Knight
23 avr. 2009 01:19:56 - System found infected with DiskKnight Adware (HKLM\SOFTWARE\Knight)! Action taken: Entrées supprimées.
23 avr. 2009 01:19:56 - Objet "DiskKnight Adware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.

23 avr. 2009 01:19:56 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
23 avr. 2009 01:19:56 - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: Entrées supprimées.
23 avr. 2009 01:19:56 - Objet "AntiSpyware Pro XP Corrupted Adware/Spyware" trouvé dans fichier système ! Mesure prise : Entrées supprimées.
0
Réponse 9 / 80
Utilisateur anonyme
 
ok j'attends le resultat du post 6
0
Réponse 10 / 80
loloetseb Messages postés 5684 Statut Membre 174
 
ComboFix 09-04-23.02 - Gavila 23/04/2009 1:48.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.894.395 [GMT 2:00]
Lancé depuis: c:\users\Gavila\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Gavila\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
FW: PC Tools Firewall Plus *enabled*
* Un nouveau point de restauration a été créé

FILE ::
C:\autorun.inf
c:\windows\Lic.xxx
c:\windows\system32\eEmpty.exe
c:\windows\system32\runouce.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Lic.xxx
c:\windows\system32\eEmpty.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-23 au 2009-04-23 ))))))))))))))))))))))))))))))))))))
.

2009-04-22 22:43 . 2009-04-22 22:43 -------- d-----w C:\ToolBar SD
2009-04-22 21:29 . 2009-04-22 21:29 -------- d-----w C:\_OTMoveIt
2009-04-22 20:48 . 2009-04-22 20:48 -------- d-----w C:\rsit
2009-04-22 20:45 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-22 20:45 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-22 17:51 . 2009-04-22 17:51 127360296 ----a-w c:\windows\MEMORY.DMP
2009-04-22 17:33 . 2009-04-22 23:20 26 ----a-w C:\23990098.$$$
2009-04-22 17:15 . 2009-04-22 17:17 13117471 ----a-w c:\windows\REGBK00.ZIP
2009-04-22 17:15 . 2009-04-22 17:15 -------- d---a-w c:\windows\zts2.exe
2009-04-22 17:15 . 2009-04-22 17:15 -------- d---a-w c:\windows\system32\vcmgcd32.dll
2009-04-22 17:15 . 2009-04-22 17:15 -------- d---a-w c:\windows\system32\systems.txt
2009-04-22 17:15 . 2009-04-22 17:15 -------- d---a-w c:\windows\system32\iifgfgf.dll
2009-04-22 17:15 . 2009-04-22 17:15 -------- d---a-w c:\windows\rundll16.exe
2009-04-22 17:15 . 2009-04-22 17:15 -------- d---a-w c:\windows\rundl132.dll
2009-04-22 17:15 . 2009-04-22 17:15 -------- d---a-w c:\windows\logo1_.exe
2009-04-22 15:30 . 2009-04-22 15:30 168 ----a-w c:\windows\system32\Uninstall.html
2009-04-22 15:30 . 2009-04-22 15:30 134 ----a-w c:\windows\system32\Argument.html
2009-04-22 15:30 . 2009-04-22 15:30 1149 ----a-w c:\windows\system32\GenProc[].html
2009-04-22 15:09 . 2009-04-22 15:09 17677729 ----a-w C:\upload_moi_PC-de-Gavila.tar.gz
2009-04-22 14:56 . 2009-04-22 14:56 -------- d---a-w c:\windows\system32\runouce.exe
2009-04-22 13:52 . 2009-04-22 13:52 626688 ----a-w c:\windows\system32\msvcr80.dll
2009-04-22 13:52 . 2009-04-22 13:52 548864 ----a-w c:\windows\system32\msvcp80.dll
2009-04-22 13:52 . 2005-09-22 21:22 522 ----a-w c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-04-22 13:51 . 2009-04-22 13:51 -------- d-----w c:\users\All Users\MicroWorld
2009-04-22 13:51 . 2009-04-22 13:51 -------- d-----w c:\progra~2\MicroWorld
2009-04-22 12:03 . 2009-04-22 12:06 -------- d-----w C:\Rooter$
2009-04-22 11:53 . 2009-04-22 13:05 -------- d---a-w C:\autorun.inf
2009-04-17 19:07 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll
2009-04-17 11:34 . 2009-04-17 11:34 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-17 11:25 . 2009-04-17 11:25 -------- d-----w C:\PerfLogs
2009-04-16 06:29 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 06:29 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 06:29 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 23:19 . 2009-04-22 20:45 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-22 22:43 . 2009-04-22 17:08 1475 ----a-w C:\TB.txt
2009-04-22 22:37 . 2006-11-02 15:48 669328 ----a-w c:\windows\System32\perfh00C.dat
2009-04-22 22:37 . 2006-11-02 15:48 123350 ----a-w c:\windows\System32\perfc00C.dat
2009-04-22 22:33 . 2009-01-29 21:04 -------- d---a-w c:\progra~2\TEMP
2009-04-22 22:24 . 2009-02-20 16:17 13030 ----a-w C:\PDOXUSRS.NET
2009-04-22 20:50 . 2009-03-07 14:23 -------- d-----w c:\program files\ZebHelpProcess
2009-04-22 18:29 . 2009-04-22 12:08 1726 ----a-w C:\fixnavi.txt
2009-04-22 17:04 . 2009-04-22 16:46 9186 ----a-w C:\lopR.txt
2009-04-22 17:03 . 2009-04-22 17:01 5177 ----a-w C:\UsbFix.txt
2009-04-22 16:17 . 2009-02-20 13:51 -------- d-----w c:\program files\Trend Micro
2009-04-22 15:12 . 2009-04-22 15:11 733 ----a-w C:\rapport_clean.txt
2009-04-22 15:12 . 2009-02-20 18:28 636 ----a-w C:\resultat_clean.txt
2009-04-22 15:07 . 2009-04-22 13:49 2264 ----a-w C:\rapport.txt
2009-04-22 13:52 . 2009-04-22 13:52 -------- d-----w c:\program files\Common Files\MicroWorld
2009-04-22 12:34 . 2009-04-22 12:29 3212 ----a-w C:\Ad-Report-Clean-22.04.2009.log
2009-04-22 12:28 . 2009-04-22 12:23 2493 ----a-w C:\Ad-Report-Scan-22.04.2009.log
2009-04-22 12:22 . 2009-04-22 12:21 458 ----a-w C:\JavaRa.log
2009-04-22 06:54 . 2008-01-30 23:22 -------- d-----w c:\program files\scrabbleproB1.0.7
2009-04-17 11:37 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-04-17 11:32 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat
2009-04-17 11:32 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-17 11:32 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-17 11:28 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar
2009-04-17 11:28 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Calendar
2009-04-17 11:28 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-17 11:28 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-17 11:28 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Journal
2009-04-17 11:28 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Collaboration
2009-04-17 11:28 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Defender
2009-04-17 11:25 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat
2009-04-17 07:22 . 2006-11-02 10:32 101888 ----a-w c:\windows\System32\ifxcardm.dll
2009-04-17 07:22 . 2006-11-02 10:32 82432 ----a-w c:\windows\System32\axaltocm.dll
2009-04-17 05:41 . 2008-05-01 12:29 -------- d-----w c:\progra~2\Microsoft Help
2009-03-29 13:00 . 2009-02-20 16:04 -------- d-----w c:\program files\SUPERAntiSpyware
2009-03-24 10:14 . 2009-03-24 10:14 -------- d-----w c:\program files\Motamo
2009-03-17 07:56 . 2009-03-07 18:31 -------- d-----w c:\program files\PC Tools Firewall Plus
2009-03-17 03:38 . 2009-04-16 06:28 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-16 06:28 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 06:28 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-13 07:24 . 2009-03-13 07:24 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-03-12 20:59 . 2009-01-24 01:39 -------- d-----w c:\progra~2\Zylom
2009-03-07 18:32 . 2009-01-29 21:07 -------- d-----w c:\program files\Common Files\PC Tools
2009-03-07 16:42 . 2009-02-20 16:45 3428 ----a-w C:\TCleaner.txt
2009-03-07 16:10 . 2008-01-20 20:43 -------- d-----w c:\program files\Windows Live
2009-03-07 15:52 . 2009-03-07 15:52 -------- d-----w c:\program files\RegCleaner
2009-03-07 15:45 . 2009-03-07 15:44 -------- d-----w c:\program files\Common Files\Adobe
2009-03-07 15:10 . 2009-03-07 15:10 -------- d-----w c:\program files\NKProds
2009-03-07 13:58 . 2008-01-25 23:53 -------- d-----w c:\program files\Java
2009-03-07 13:57 . 2009-02-20 13:47 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-06 23:40 . 2009-03-06 23:40 268 ---ha-w C:\sqmdata12.sqm
2009-03-06 23:40 . 2009-03-06 23:40 244 ---ha-w C:\sqmnoopt12.sqm
2009-03-06 09:29 . 2009-03-06 09:29 268 ---ha-w C:\sqmdata11.sqm
2009-03-06 09:29 . 2009-03-06 09:29 244 ---ha-w C:\sqmnoopt11.sqm
2009-03-06 00:44 . 2009-03-06 00:44 268 ---ha-w C:\sqmdata10.sqm
2009-03-06 00:44 . 2009-03-06 00:44 244 ---ha-w C:\sqmnoopt10.sqm
2009-03-05 07:16 . 2009-03-05 07:16 268 ---ha-w C:\sqmdata09.sqm
2009-03-05 07:16 . 2009-03-05 07:16 244 ---ha-w C:\sqmnoopt09.sqm
2009-03-04 22:39 . 2009-03-04 22:39 268 ---ha-w C:\sqmdata08.sqm
2009-03-04 22:39 . 2009-03-04 22:39 244 ---ha-w C:\sqmnoopt08.sqm
2009-03-04 05:30 . 2009-03-04 05:30 268 ---ha-w C:\sqmdata07.sqm
2009-03-04 05:30 . 2009-03-04 05:30 244 ---ha-w C:\sqmnoopt07.sqm
2009-03-03 04:46 . 2009-04-16 06:28 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 06:28 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 06:28 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-16 06:28 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 06:28 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 06:28 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 06:28 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 06:28 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 06:28 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-16 06:28 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 03:04 . 2009-04-16 06:28 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 06:28 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-16 06:28 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-27 14:54 . 2009-02-27 14:54 -------- d-----w c:\progra~2\HP Product Assistant
2009-02-24 22:09 . 2009-02-24 22:09 268 ---ha-w C:\sqmdata06.sqm
2009-02-24 22:09 . 2009-02-24 22:09 244 ---ha-w C:\sqmnoopt06.sqm
2009-02-23 22:28 . 2009-02-23 22:28 268 ---ha-w C:\sqmdata05.sqm
2009-02-23 22:28 . 2009-02-23 22:28 244 ---ha-w C:\sqmnoopt05.sqm
2009-02-22 13:36 . 2009-02-22 13:36 244 ---ha-w C:\sqmnoopt04.sqm
2009-02-22 13:36 . 2009-02-22 13:36 232 ---ha-w C:\sqmdata04.sqm
2009-02-22 13:35 . 2009-02-22 13:35 244 ---ha-w C:\sqmnoopt03.sqm
2009-02-22 13:35 . 2009-02-22 13:35 232 ---ha-w C:\sqmdata03.sqm
2009-02-20 18:21 . 2009-02-20 18:21 268 ---ha-w C:\sqmdata02.sqm
2009-02-20 18:21 . 2009-02-20 18:21 244 ---ha-w C:\sqmnoopt02.sqm
2009-02-20 15:50 . 2009-02-20 15:50 268 ---ha-w C:\sqmdata01.sqm
2009-02-20 15:50 . 2009-02-20 15:50 244 ---ha-w C:\sqmnoopt01.sqm
2009-02-20 15:29 . 2009-02-20 15:29 268 ---ha-w C:\sqmdata00.sqm
2009-02-20 15:29 . 2009-02-20 15:29 244 ---ha-w C:\sqmnoopt00.sqm
2009-02-13 08:49 . 2009-04-16 06:28 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-16 06:28 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 07:44 2033152 ----a-w c:\windows\System32\win32k.sys
2009-01-27 00:06 . 2009-01-23 09:37 164345 ----a-w c:\windows\hpoins19.dat
2008-02-24 09:35 . 2008-02-24 09:35 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-24 09:35 . 2008-02-24 09:35 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-24 09:35 . 2008-02-24 09:35 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-29 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{755DDF93-2A40-464C-8E19-14D57FDFE54C}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{9E139F13-729C-48A3-A542-F8D1B9041878}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{083C222B-2E43-435E-A4FA-69B43D170DBD}"= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{CCAC3715-6F13-4B05-AFE8-9CB066D07D09}"= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{7A11D0DC-4B4D-4D6B-9395-1FB0BB02F739}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{CAEDC0A9-FA60-4B8B-8EB7-4679892F69D7}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{3CF0A38F-BDCA-4850-B9CC-79DA144B0CA6}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{801EC1BA-4EA4-4830-8FE6-B53B0271F818}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{25C8D0F9-7579-488A-9363-C9EC507F3255}"= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{8C209F36-3196-43EF-AEA2-F7691A219A8D}"= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{A241450E-810E-4B10-8253-B1F7C675FB0E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{20C638C9-FD40-4D84-94E4-65ED66B03426}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{97AFC5DF-E008-4027-9C83-56B55E6160FC}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{413118EA-CABB-4F22-9776-5A85C036DD48}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{D4327A3E-F484-4F7D-822A-13E2504F147E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{623B3D23-0A70-4B73-95E0-490CC7B10EE3}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{2DF05712-50D8-4A89-B9DC-6180CBAA70A1}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{5EDD989F-D444-46A9-B3B2-4B8FFEF6E4B5}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{BF4BBAE4-2B77-4D5A-B24A-9A980BE8EB3A}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2008-12-11 159600]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-29 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2008-12-18 73840]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2009-01-21 95640]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Examen supplémentaire -------
.
uDefault_search_url = hxxp://www.google.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: mks.com.pl
Trusted Zone: tellmemorecampus.com\www
Trusted Zone: tellmemorecampus.com\www
FF - ProfilePath - c:\users\Gavila\AppData\Roaming\Mozilla\Firefox\Profiles\v7838o5s.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 01:51
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(480)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
.
Heure de fin: 2009-04-22 1:52
ComboFix-quarantined-files.txt 2009-04-22 23:52
ComboFix2.txt 2009-04-22 22:53
ComboFix3.txt 2009-04-22 15:42
ComboFix4.txt 2009-04-22 13:19

Avant-CF: 46 507 356 160 octets libres
Après-CF: 46 347 419 648 octets libres

259 --- E O F --- 2009-04-18 01:02
0
Réponse 11 / 80
loloetseb Messages postés 5684 Statut Membre 174
 
Ca mouline grave la,tu as du le toucher,bon ca parait pas terrible ca sur le rapport comboscript


2009-04-22 17:15 . 2009-04-22 17:15 -------- d---a-w c:\windows\zts2.exe
2009-04-22 17:15 . 2009-04-22 17:15 -------- d---a-w c:\windows\system32\systems.txt
2009-04-22 17:15 . 2009-04-22 17:15 -------- d---a-w c:\windows\system32\iifgfgf.dll
2009-04-22 17:15 . 2009-04-22 17:15 -------- d---a-w c:\windows\rundll16.exe
2009-04-22 17:15 . 2009-04-22 17:15 -------- d---a-w c:\windows\rundl132.dll
0
Réponse 12 / 80
Utilisateur anonyme
 
norton tres mal desinstallé

essaie de voir si DrWeb tourne ca sent le virut ton histoire
0
Réponse 13 / 80
loloetseb Messages postés 5684 Statut Membre 174
 
Oui dr web tourne.Pas eu de detection,a part de degommer les fix qu'on utilise

Je pense pas que ca soit du virut,il n'y a pas de crack ,keygens ou telechargement illicite sur le pc.

Les problemes ont demarré ,il y a quelques mois avec surement un clic sur un lien msn.Il y avait un 04 ??????? et deux prog chinois qui se lancait au demarrage,impossible a virer,donc je leur est viré msn et les lignes n'apparaissent plus.Je pense que depuis il doit y avoir pas mal de merdouille en plus

Le pc a tourné un an sans antivirus,donc faut pas s'etonner!!,mdr

Je fais sauter avec ot les lignes que je t"ai noté,ou tu en vois d'autres.J'arrive toujours pas a lancer Rsit,ca nous aiderait bien
0
Réponse 14 / 80
loloetseb Messages postés 5684 Statut Membre 174
 
Ce cas à l'air assez proche

https://forum.malekal.com/viewtopic.php?f=3&t=13929

Je sais pas ce qui s'est passé a 17h15,mais j'ai du exiter les merdouilles

2009-04-22 17:33 . 2009-04-22 23:20 26 ----a-w C:\23990098.$$$
2009-04-22 17:15 . 2009-04-22 17:17 13117471 ----a-w c:\windows\REGBK00.ZIP
2009-04-22 17:15 . 2009-04-22 17:15 -------- d---a-w c:\windows\zts2.exe
2009-04-22 17:15 . 2009-04-22 17:15 -------- d---a-w c:\windows\system32\vcmgcd32.dll
2009-04-22 17:15 . 2009-04-22 17:15 -------- d---a-w c:\windows\system32\systems.txt
2009-04-22 17:15 . 2009-04-22 17:15 -------- d---a-w c:\windows\system32\iifgfgf.dll
2009-04-22 17:15 . 2009-04-22 17:15 -------- d---a-w c:\windows\rundll16.exe
2009-04-22 17:15 . 2009-04-22 17:15 -------- d---a-w c:\windows\rundl132.dll
0
Réponse 15 / 80
Utilisateur anonyme
 
en mse non plus pour rsit ?

tiens pour ot :

:processes
explorer.exe

:files
C:\23990098.$$$
c:\windows\REGBK00.ZIP
c:\windows\zts2.exe
c:\windows\system32\vcmgcd32.dll
c:\windows\system32\systems.txt
c:\windows\system32\iifgfgf.dll
c:\windows\rundll16.exe
c:\windows\rundl132.dll
c:\windows\logo1_.exe
c:\windows\system32\Uninstall.html
c:\windows\system32\Argument.html
c:\windows\system32\GenProc[].html
C:\upload_moi_PC-de-Gavila.tar.gz
c:\windows\system32\runouce.exe

:reg
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000000
"InternetSettingsDisableNotify"=dword:00000000
"AutoUpdateDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
0
Réponse 16 / 80
loloetseb Messages postés 5684 Statut Membre 174
 
Non j'arrive pas non plus en mse pour le rsit,mais bon on va arriver a debloquer bientot la situation.Je pense qu'il y a aussi du navipromo mais meme navilog ne se lance pas,mdr.J'ai viré zylom deja .

Bon je lance OT
0
Réponse 17 / 80
Utilisateur anonyme
 
ok :)

a ton retour fais tourner ccleaner en cochant tout
0
Réponse 18 / 80
loloetseb Messages postés 5684 Statut Membre 174
 
Le rapport Ot.Tu vas rire meme le tool remover de norton a planté.J'ai lancé la procedure ot et pendant la procedure,j'ai eu un message comme quoi norton.exe etait utilisé par un programme et qu'il serait decompressé apres la procedure.A mon avis meme les traces du norton desinstallé sont patchés

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\23990098.$$$ moved successfully.
c:\windows\REGBK00.ZIP moved successfully.
c:\windows\zts2.exe moved successfully.
c:\windows\system32\vcmgcd32.dll moved successfully.
c:\windows\system32\systems.txt moved successfully.
c:\windows\system32\iifgfgf.dll moved successfully.
c:\windows\rundll16.exe moved successfully.
c:\windows\rundl132.dll moved successfully.
c:\windows\logo1_.exe moved successfully.
c:\windows\system32\Uninstall.html moved successfully.
c:\windows\system32\Argument.html moved successfully.
c:\windows\system32\GenProc[].html moved successfully.
C:\upload_moi_PC-de-Gavila.tar.gz moved successfully.
c:\windows\system32\runouce.exe moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"UacDisableNotify"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"InternetSettingsDisableNotify"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"AutoUpdateDisableNotify"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Gavila\AppData\Local\Temp\etilqs_zEwKynfibfwbXoMBcQS1 scheduled to be deleted on reboot.
File delete failed. C:\Users\Gavila\AppData\Local\Temp\INMEM000.REM scheduled to be deleted on reboot.
File delete failed. C:\Users\Gavila\AppData\Local\Temp\~DF7DC7.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04232009_022404

Files moved on Reboot...
File C:\Users\Gavila\AppData\Local\Temp\etilqs_zEwKynfibfwbXoMBcQS1 not found!
File C:\Users\Gavila\AppData\Local\Temp\INMEM000.REM not found!
File C:\Users\Gavila\AppData\Local\Temp\~DF7DC7.tmp not found!
0
Réponse 19 / 80
Utilisateur anonyme
 
fais tourner ncleaner
0
Réponse 20 / 80
loloetseb Messages postés 5684 Statut Membre 174
 
C'est bon pour ncleaner
0