Sujet Précédent Sujet Suivant

Rapport hijackthis

Fermé
gllm34 Messages postés 416 Date d'inscription jeudi 9 octobre 2008 Statut Membre Dernière intervention 12 février 2010 - 24 juin 2009 à 16:23
gllm34 Messages postés 416 Date d'inscription jeudi 9 octobre 2008 Statut Membre Dernière intervention 12 février 2010 - 17 juil. 2009 à 18:11
Bonjour,

Je suis à la recherche d'une bonne âme qui pourrait me dire si cet ordi est infesté par un virus ou autre.

Merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19:55, on 24/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Users\Benjamin\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IELowutil.exe
S:\Docs Joëlle\Téléchargement\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\Benjamin\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DEFY TYPE] "C:\ProgramData\freetranstrans.g0ro0gy"
O4 - HKCU\..\Run: [LESS CITY AMEN SETUP] "C:\ProgramData\SOFTWARE STOP CAKE.74ni4dy"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Joëlle\AppData\LocalLow\Dealio\kb125\res\DealioSearch.html
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Crux P2P\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kavwebscan_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F62E8F2F-3055-4126-BC59-25848416FAA0}: NameServer = 80.10.246.130 81.253.149.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

33 réponses

Précédent
  • 1
  • 2
Réponse 21 / 33
gllm34 Messages postés 416 Date d'inscription jeudi 9 octobre 2008 Statut Membre Dernière intervention 12 février 2010 21
24 juin 2009 à 20:50
Salut, ca y est voilà le rapport de combofix

Petit souci j'ai eu, désactivé avast j'avais fait. Mais message d'erreur Combofix m'a écris comme quoi j'avais avast actif, j'ai continué quand même car j'étais sur de mon coup mais il m'a eu au redémarrage il s'est réactivé je n'y avais pas pensé. Je l'ai désactivé à nouveau j'espère que ça n'a pas géné combofix.

le rapport

ComboFix 09-06-23.01 - Joëlle 24/06/2009 20:17.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2047.1258 [GMT 2:00]
Lancé depuis: s:\docs joëlle\Bureau\avril.exe
AV: avast! antivirus 4.8.1229 [VPS 081124-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081124-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-788108967-3940742589-920756846-500
c:\windows\system32\ATIODCLI.exe
c:\windows\system32\ATIODE.exe
c:\$recycle.bin\S-1-5-21-788108967-3940742589-920756846-500\desktop.ini
c:\users\Benjamin\AppData\Local\aifsamrx.dat
c:\users\Benjamin\AppData\Local\aifsamrx_nav.dat
c:\users\Benjamin\AppData\Local\aifsamrx_navps.dat
c:\windows\system32\autorun.ini

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2009-05-24 au 2009-06-24 ))))))))))))))))))))))))))))))))))))
.

2009-06-24 18:25 . 2009-06-24 18:25 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2009-06-24 18:25 . 2009-06-24 18:25 -------- d-----w- c:\users\Guillaume\AppData\Local\temp
2009-06-24 18:25 . 2009-06-24 18:25 -------- d-----w- c:\users\Benjamin\AppData\Local\temp
2009-06-24 17:34 . 2009-06-24 17:35 -------- d-----w- C:\rsit
2009-06-24 14:57 . 2009-06-24 17:30 -------- d-----w- C:\Lop SD
2009-06-10 08:28 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-09 11:17 . 2009-06-09 11:17 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb6F5.tmp.exe
2009-06-08 10:18 . 2009-06-08 10:18 -------- d-----w- c:\program files\Recuva
2009-05-27 08:57 . 2009-05-27 08:57 -------- d-----w- c:\users\Benjamin\AppData\Local\Mozilla

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 15:21 . 2006-11-02 15:45 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-24 15:21 . 2006-11-02 15:45 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-24 12:45 . 2008-05-06 19:59 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Skype
2009-06-24 12:05 . 2009-01-09 10:42 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Free Download Manager
2009-06-24 12:05 . 2008-05-06 20:02 -------- d-----w- c:\users\Benjamin\AppData\Roaming\skypePM
2009-06-11 11:22 . 2007-07-10 12:09 -------- d-----w- c:\program files\Microsoft Works
2009-06-04 19:00 . 2007-07-10 11:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-19 13:08 . 2009-05-19 13:08 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-05-19 13:08 . 2009-05-19 13:08 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-05-14 09:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-09 05:50 . 2009-06-10 08:29 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 08:29 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-23 12:42 . 2009-06-10 08:29 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 08:29 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-19 22:57 . 2009-01-19 02:20 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-04-19 22:57 . 2009-01-19 02:20 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-04-03 00:00 . 2009-04-02 23:59 22328 ----a-w- c:\users\Benjamin\AppData\Roaming\PnkBstrK.sys
2009-04-03 00:00 . 2009-04-02 23:59 22328 ----a-w- c:\users\Benjamin\AppData\Roaming\PnkBstrK.sys
2009-04-03 00:00 . 2008-02-24 23:36 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-03 00:00 . 2008-02-24 23:36 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-04-03 00:00 . 2009-03-25 15:52 2246144 ----a-w- c:\windows\system32\pbsvc.exe
2009-04-03 00:00 . 2008-02-24 23:36 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LESS CITY AMEN SETUP"="c:\programdata\SOFTWARE STOP CAKE.74ni4dy" [X]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-17 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-05-31 326440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PCMService"="c:\acer\Empowering Technology\eMode\PCM\PCMService.exe" [2007-01-12 151552]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2007-12-06 1069920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-20 4493312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SoftwareHelper"="c:\users\Benjamin\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-28 110592]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-10 535336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A9BB1744-ADE0-4DB1-9DE6-68AC382FC033}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{92B8D59A-32A0-490C-9B13-BD644FC6BEB3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EBF00423-765B-4BCB-9694-FD0A5747AB01}"= UDP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{E7521040-F2A1-46DE-82BC-41CE0035A1D0}"= TCP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{FEA6D843-5B65-4E6A-8340-C19061F88BEC}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1117BCBC-DA31-44FC-9F62-E251BCDA26FB}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{583C0994-C105-4F20-82D8-044A8CE0DDB6}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{1AB4849A-7842-4EF6-B610-E95808453274}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{B6841A6F-4A1F-492E-873B-00D050429D78}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{A75A8936-70E0-47C3-9A17-32F0673D14F0}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{D13EED16-3BC6-4706-9606-F604FF7B1251}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{19E9630E-5818-4B87-9EB2-89CB6E40C9A5}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"TCP Query User{2DCD685F-286E-48AF-AFB3-2078A109DA51}c:\\program files\\microsoft office\\office10\\frontpg.exe"= UDP:c:\program files\microsoft office\office10\frontpg.exe:Microsoft FrontPage
"UDP Query User{2BA55028-CE81-40BA-BD36-2721B3EC6515}c:\\program files\\microsoft office\\office10\\frontpg.exe"= TCP:c:\program files\microsoft office\office10\frontpg.exe:Microsoft FrontPage
"{02FF2A6C-28CE-4472-AFF8-5C6BFACF845A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{5208DC6E-E079-4E6B-A0D2-49F278C8BBC5}c:\\program files\\microsoft office\\office10\\frontpg.exe"= UDP:c:\program files\microsoft office\office10\frontpg.exe:Microsoft FrontPage
"UDP Query User{A126F3A5-0A02-457F-9B8D-6385328B235B}c:\\program files\\microsoft office\\office10\\frontpg.exe"= TCP:c:\program files\microsoft office\office10\frontpg.exe:Microsoft FrontPage
"{BD8C02AA-8AC5-4BA1-BB96-7F108CA13350}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{03030BB1-DE2E-4756-A17C-372E43A92DEF}c:\\users\\benjamin\\downloads\\metin2.bin"= UDP:c:\users\benjamin\downloads\metin2.bin:metin2
"UDP Query User{ECEEBC53-5ECF-4B73-AD18-CCCF71B65E4C}c:\\users\\benjamin\\downloads\\metin2.bin"= TCP:c:\users\benjamin\downloads\metin2.bin:metin2
"TCP Query User{64975B56-C199-470B-B774-601BD3E5F8F8}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{8227218B-DFCB-424E-84BB-DE52AC5F6809}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{040A75C7-018E-41E2-9CA5-9832D7E04DB9}c:\\program files\\sierra\\fearcombat\\fpupdate.exe"= UDP:c:\program files\sierra\fearcombat\fpupdate.exe:fpupdate
"UDP Query User{3B95ADF2-B82D-498A-9311-6434CE8D55E3}c:\\program files\\sierra\\fearcombat\\fpupdate.exe"= TCP:c:\program files\sierra\fearcombat\fpupdate.exe:fpupdate
"TCP Query User{A7E2A9EF-FEBA-4371-B54F-CD7689309B91}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= UDP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"UDP Query User{DF67EFF0-27A9-41BC-B549-BE3469D73B8D}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= TCP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"TCP Query User{ADD5B796-BA49-4E5B-BD32-80DD137792BE}c:\\ut2003\\system\\ut2003.exe"= UDP:c:\ut2003\system\ut2003.exe:UT2003
"UDP Query User{0A099039-F3D1-46A7-892D-2AA14C0DD8A2}c:\\ut2003\\system\\ut2003.exe"= TCP:c:\ut2003\system\ut2003.exe:UT2003
"TCP Query User{E49C2C47-C6E8-4DD9-B347-71AAB294C660}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{A06EC744-8627-4E6B-8690-279DCBE40796}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{F95A7399-B9F6-47D9-9C3C-9CDBC64CECB8}"= UDP:c:\program files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
"{FA73A14D-7D1E-4DC5-9013-7FF9C6DF4436}"= TCP:c:\program files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
"{AB8C0401-E459-4E53-AB51-6AFAC61DED7F}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DB9B16CC-69CD-485D-91AA-6C8A8F0D5655}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{58DD5619-155A-4769-B9B2-B4376FE79ED5}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{F0749A17-CE3A-41E9-ACF1-958750D1BB5B}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"TCP Query User{34E592FC-1C4A-4B46-9FF5-0FE1B52D56EE}c:\\program files\\wormux\\wormux.exe"= UDP:c:\program files\wormux\wormux.exe:Wormux is a convivial mass murder game.
"UDP Query User{D1D1689A-DF27-4929-A71D-745E188E1EF8}c:\\program files\\wormux\\wormux.exe"= TCP:c:\program files\wormux\wormux.exe:Wormux is a convivial mass murder game.
"TCP Query User{CB06FC56-1878-4880-B770-BC3EEDEDF2A1}c:\\program files\\live-player\\live-player.exe"= UDP:c:\program files\live-player\live-player.exe:Live-Player
"UDP Query User{FC7C400E-CD8F-404E-A276-07EFD0703DF3}c:\\program files\\live-player\\live-player.exe"= TCP:c:\program files\live-player\live-player.exe:Live-Player
"{92B1BAAD-9025-4F7D-AD12-67DF78CAFC4F}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{8DD44C06-465E-4A0F-9F3F-CBF5AA473160}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{679ABFA3-8BD4-4D70-862F-37B2E9B2F2A3}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{B8CEC155-90CA-4B85-A07F-84B831154709}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{0ED8BA53-75B0-40AA-ACF1-05259239D2BC}"= UDP:12755:BitComet 12755 TCP
"{3B7AABDD-4ABF-4431-AAFF-E8E5E1A2C71B}"= TCP:12755:BitComet 12755 UDP
"TCP Query User{F65560EC-9D82-4A6D-BCF2-6CFD14D933DA}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"UDP Query User{DCFE51C3-44E7-4BE4-9A27-3160C1888072}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"{026797B0-C061-4385-ACCA-F817D2C80ABF}"= UDP:c:\program files\AeriaGames\ProjectTorque\ProjectTorque.bin:Project Torqu
"{5F92DFDB-95B3-414B-9F70-F3B674EBFCF0}"= TCP:c:\program files\AeriaGames\ProjectTorque\ProjectTorque.bin:Project Torqu

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [07/01/2009 19:31 28544]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [03/04/2008 17:16 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [03/04/2008 17:16 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [23/02/2008 12:03 51792]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [03/08/2007 15:09 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [30/03/2008 21:26 47640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [22/09/2008 21:47 1153368]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\System32\drivers\e4usbaw.sys [23/02/2008 12:23 104344]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [10/07/2007 22:29 46592]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\System32\drivers\e4ldr.sys [23/02/2008 12:23 69656]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [23/02/2008 12:21 28224]
S3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [10/07/2007 22:29 454520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contenu du dossier 'Tâches planifiées'

2008-05-17 c:\windows\Tasks\SyncBack mes docs Joëlle.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-05-17 13:16]

2009-06-24 c:\windows\Tasks\User_Feed_Synchronization-{909E66DD-55D9-4815-985B-640AA5492C71}.job
- c:\windows\system32\msfeedssync.exe [2009-05-08 11:31]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-EoEngine - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
IE: Compare Prices with &Dealio - c:\users\Joëlle\AppData\LocalLow\Dealio\kb125\res\DealioSearch.html
IE: Download with &Shareaza - c:\program files\Crux P2P\Plugins\RazaWebHook.dll/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 20:36
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\users\JOLLE~1\AppData\Local\Temp\CabC3DA.tmp 28644 bytes
c:\users\JOLLE~1\AppData\Local\Temp\TarC3DB.tmp 65536 bytes
c:\windows\TEMP\TMP0000003AE5A953051E0FCA59 524288 bytes

Scan terminé avec succès
Fichiers cachés: 3

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3884)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\acer\Empowering Technology\eRecovery\eRAgent.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Internet Explorer\ielowutil.exe
.
**************************************************************************
.
Heure de fin: 2009-06-24 20:41 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-24 18:41

Avant-CF: 18 301 673 472 octets libres
Après-CF: 18 655 293 440 octets libres

250 --- E O F --- 2009-06-19 08:39
0
Réponse 22 / 33
Utilisateur anonyme
24 juin 2009 à 20:52
Bien,


1/ Telechargement :

# Télécharge Malwarebytes' Anti-Malware

NOTE : S'il te manque COMCTL32.OCX alors télécharge le --> comctl32.ocx


2/ Installation et mise a jour :

# Installe MBAM en double-cliquant sur Mbam-setup.exe ,il se mettra a jour automatiquement.

# Une fois a jour, le programme va se lancer. Clique sur l'onglet Paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".


3/ Recherche :

# Clique a présent sur l'onglet Recherche et coche la case : "exécuter un examen complet".

# Clique ensuite sur "rechercher".

Laisse-le scanner ton PC ...


4/ Suppression :

# Si des éléments on été trouvés ~> Clique sur "Supprimer la selection".

# Si le programme te demande de redemarrer ~> Clique sur "yes".

# A la fin, un rapport va s'ouvrir dans le Bloc-notes ~> Sauvegarde le de manière a le retrouver pour le poster sur le forum.

# Copie (Ctrl + C) et colle (Ctrl + V) le rapport dans ton prochain message stp.


PS : Les rapports sont aussi classés par date et heure du scan dans l'onglet Rapport/Log


Données : Un tutoriel de chez Malekal est disponible ~>

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

0
Réponse 23 / 33
gllm34 Messages postés 416 Date d'inscription jeudi 9 octobre 2008 Statut Membre Dernière intervention 12 février 2010 21
24 juin 2009 à 21:08
Juste une question est-ce que je devrai faire autre chose après ça ou c'est fini ?
0
Réponse 24 / 33
Utilisateur anonyme
24 juin 2009 à 21:32
Bah ca on peut pas trop le prevoir, ca ddepend deja de malwarebytes, ne t'inquietes je te ferais supprimer tous les outils utilisés pendant la desinfection apres.

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 33
gllm34 Messages postés 416 Date d'inscription jeudi 9 octobre 2008 Statut Membre Dernière intervention 12 février 2010 21
24 juin 2009 à 22:58
Bon j'ai eu un souci bluescreen + redémarrage pendant le scan d'antimalware, du coup par manque de temps, j'ai choisi l'examen rapide et voilà le résultat

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2329
Windows 6.0.6001 Service Pack 1

24/06/2009 22:53:02
mbam-log-2009-06-24 (22-53-02).txt

Type de recherche: Examen rapide
Eléments examinés: 104550
Temps écoulé: 4 minute(s), 24 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
C:\Users\Benjamin\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Adware.EoRezo) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\softwarehelper (Adware.EoRezo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Benjamin\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
0
Réponse 26 / 33
BeFaX Messages postés 14245 Date d'inscription mercredi 24 décembre 2008 Statut Contributeur Dernière intervention 6 août 2013 3 818
24 juin 2009 à 23:00
Refais en un complet si tu peux.
0
Réponse 27 / 33
Utilisateur anonyme
24 juin 2009 à 23:08
Tu prends la suite BefaX je vais au Dodo :)


0
Réponse 28 / 33
gllm34 Messages postés 416 Date d'inscription jeudi 9 octobre 2008 Statut Membre Dernière intervention 12 février 2010 21
24 juin 2009 à 23:10
OK je vais en relancer un mais c'est l'ordi de ma mère donc je vais devoir le laisser tourner et je lui dirai d'enregistrer le fichier log que je vous ferai passer des que je reviens chez elle.
Merci bcp à tous les 2 en tous cas.
0
Réponse 29 / 33
gllm34 Messages postés 416 Date d'inscription jeudi 9 octobre 2008 Statut Membre Dernière intervention 12 février 2010 21
25 juin 2009 à 14:53
Bonjour,

Hier soir j'ai lancé un nouveau test d'antimalware, et l'ordi a planté de nouveau. Je dois essayer de résoudre ce problème de plantage avant de continuer la désinfection du PC. Que pensez-vous de ces bluescreen qui apparaissent un peu n'importe quand, est-ce du à un problème de pilote?

Merci
0
Réponse 30 / 33
Utilisateur anonyme
25 juin 2009 à 15:04
Refais un combofix stp.


0
Réponse 31 / 33
gllm34 Messages postés 416 Date d'inscription jeudi 9 octobre 2008 Statut Membre Dernière intervention 12 février 2010 21
26 juin 2009 à 09:27
salut Inferno, je fais ça des que possible
0
Réponse 32 / 33
gllm34 Messages postés 416 Date d'inscription jeudi 9 octobre 2008 Statut Membre Dernière intervention 12 février 2010 21
17 juil. 2009 à 18:10
Voilà je viens de reprendre le travail sur cet ordi.

Voilà le rapport combofix que j'ai fait avec avast désactivé

ComboFix 09-07-14.08 - Joëlle 17/07/2009 17:51.2.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2047.1248 [GMT 2:00]
Running from: s:\docs joëlle\Bureau\avril.exe
AV: avast! antivirus 4.8.1229 [VPS 081124-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081124-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Search Settings
c:\program files\Search Settings\kb125\res\ErrorPageTemplate.css
c:\program files\Search Settings\kb125\res\help.gif
c:\program files\Search Settings\kb125\res\pixel.gif
c:\program files\Search Settings\kb125\res\tab_icon.png
c:\program files\Search Settings\kb125\res\tabdata.js
c:\program files\Search Settings\kb125\res\tablib.js
c:\program files\Search Settings\kb125\res\tabwelcome_en.html
c:\program files\Search Settings\kb125\res\toolbar_background.gif
c:\program files\Search Settings\kb125\res\vista_directions.png
c:\program files\Search Settings\kb125\res\xp_directions.png
c:\program files\Search Settings\kb125\res\yahoo_search.gif
c:\program files\Search Settings\kb125\SearchSettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\windows\Installer\30015.msi
c:\windows\Installer\3eb17a.msi

.
((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))
.

2009-07-17 15:59 . 2009-07-17 15:59 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2009-07-17 15:59 . 2009-07-17 15:59 -------- d-----w- c:\users\Guillaume\AppData\Local\temp
2009-07-17 15:59 . 2009-07-17 15:59 -------- d-----w- c:\users\Benjamin\AppData\Local\temp
2009-07-15 16:03 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 16:03 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 16:03 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 16:03 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-26 15:15 . 2009-06-26 15:15 15256 ----a-w- c:\users\Benjamin\AppData\Roaming\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
2009-06-24 19:03 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-24 19:03 . 2009-06-24 19:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-24 19:03 . 2009-06-24 19:03 -------- d-----w- c:\programdata\Malwarebytes
2009-06-24 19:03 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-24 17:34 . 2009-06-24 17:35 -------- d-----w- C:\rsit
2009-06-24 14:57 . 2009-06-24 17:30 -------- d-----w- C:\Lop SD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 12:04 . 2008-05-06 19:59 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Skype
2009-07-17 12:03 . 2009-01-09 10:42 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Free Download Manager
2009-07-17 11:49 . 2008-05-06 20:02 -------- d-----w- c:\users\Benjamin\AppData\Roaming\skypePM
2009-07-16 01:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-11 10:01 . 2006-11-02 15:45 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-11 10:01 . 2006-11-02 15:45 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-11 11:22 . 2007-07-10 12:09 -------- d-----w- c:\program files\Microsoft Works
2009-06-09 11:17 . 2009-06-09 11:17 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb6F5.tmp.exe
2009-06-08 10:18 . 2009-06-08 10:18 -------- d-----w- c:\program files\Recuva
2009-06-04 19:00 . 2007-07-10 11:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-19 13:08 . 2009-05-19 13:08 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-05-19 13:08 . 2009-05-19 13:08 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-05-09 05:50 . 2009-06-10 08:29 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 08:29 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-23 12:43 . 2009-06-10 08:28 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 08:29 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 08:29 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-19 22:57 . 2009-01-19 02:20 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-04-19 22:57 . 2009-01-19 02:20 110592 ----a-w- c:\windows\system32\OpenAL32.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-24_18.36.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-15 16:03 . 2009-06-15 14:58 23552 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\lpk.dll
+ 2009-07-15 16:03 . 2009-06-15 14:58 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\fontsub.dll
+ 2009-07-15 16:03 . 2009-06-15 14:58 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\dciman32.dll
+ 2009-07-15 16:03 . 2009-06-15 12:45 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\atmlib.dll
+ 2009-07-15 16:03 . 2009-06-15 14:52 23552 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\lpk.dll
+ 2009-07-15 16:03 . 2009-06-15 14:52 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\fontsub.dll
+ 2009-07-15 16:03 . 2009-06-15 14:51 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\dciman32.dll
+ 2009-07-15 16:03 . 2009-04-11 06:28 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\atmlib.dll
+ 2009-07-15 16:03 . 2009-06-15 15:22 23552 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\lpk.dll
+ 2009-07-15 16:03 . 2009-06-15 15:20 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\fontsub.dll
+ 2009-07-15 16:03 . 2009-06-15 15:19 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\dciman32.dll
+ 2009-07-15 16:03 . 2009-06-15 15:19 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\atmlib.dll
+ 2008-11-09 14:41 . 2008-01-18 22:34 23552 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\lpk.dll
+ 2009-07-15 16:03 . 2009-06-15 15:20 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\fontsub.dll
+ 2009-07-15 16:03 . 2009-06-15 15:20 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\dciman32.dll
+ 2006-11-02 08:38 . 2006-11-02 09:46 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\atmlib.dll
+ 2009-07-15 16:03 . 2009-06-15 15:04 24064 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\lpk.dll
+ 2009-07-15 16:03 . 2009-06-15 15:03 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\fontsub.dll
+ 2009-07-15 16:03 . 2009-06-15 15:02 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\dciman32.dll
+ 2009-07-15 16:03 . 2009-06-15 15:02 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\atmlib.dll
+ 2009-07-15 16:03 . 2009-06-15 15:23 24064 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\lpk.dll
+ 2009-07-15 16:03 . 2009-06-15 15:22 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\fontsub.dll
+ 2009-07-15 16:03 . 2009-06-15 15:21 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\dciman32.dll
+ 2009-07-15 16:03 . 2009-06-15 15:20 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\atmlib.dll
+ 2007-07-10 12:06 . 2009-07-17 15:50 74942 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-02-23 08:32 . 2009-07-17 11:50 13432 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-788108967-3940742589-920756846-1001_UserData.bin
+ 2008-02-20 20:20 . 2009-07-17 15:50 11010 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-788108967-3940742589-920756846-1000_UserData.bin
+ 2007-12-13 16:58 . 2009-07-17 12:20 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-13 16:58 . 2009-06-24 18:14 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-13 16:58 . 2009-06-24 18:14 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-13 16:58 . 2009-07-17 12:20 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-13 16:58 . 2009-07-17 12:20 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-12-13 16:58 . 2009-06-24 18:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-14 09:13 . 2009-05-10 17:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-14 09:13 . 2009-07-16 17:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-14 09:13 . 2009-05-10 17:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-14 09:13 . 2009-07-16 17:50 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-14 09:13 . 2009-07-16 17:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-14 09:13 . 2009-05-10 17:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-26 13:13 . 2009-04-26 13:13 24064 c:\windows\Installer\92022.msi
+ 2005-11-15 15:56 . 2005-11-15 15:56 72192 c:\windows\Installer\3052bd3.msp
+ 2008-04-07 15:30 . 2009-07-11 09:50 4226 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-788108967-3940742589-920756846-1003_UserData.bin
- 2008-04-07 15:30 . 2009-06-19 16:40 4226 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-788108967-3940742589-920756846-1003_UserData.bin
+ 2009-07-17 15:48 . 2009-07-17 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-24 18:31 . 2009-06-24 18:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-17 15:48 . 2009-07-17 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-24 18:31 . 2009-06-24 18:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-06-25 10:12 . 2009-05-30 13:15 102912 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22883_none_840ec88560132cdf\iecompat.dll
+ 2009-06-25 10:12 . 2009-06-02 03:27 102912 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18793_none_837a5bce46fda906\iecompat.dll
+ 2009-07-15 16:03 . 2009-06-15 12:45 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\atmfd.dll
+ 2009-07-15 16:03 . 2009-06-15 12:42 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\atmfd.dll
+ 2009-07-15 16:03 . 2009-06-15 12:56 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\atmfd.dll
+ 2009-07-15 16:03 . 2009-06-15 12:52 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\atmfd.dll
+ 2009-07-15 16:03 . 2009-06-15 12:53 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\atmfd.dll
+ 2009-07-15 16:03 . 2009-06-15 13:03 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\atmfd.dll
+ 2009-07-15 16:03 . 2009-06-15 15:00 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.22152_none_b7fc28a4355e72c9\t2embed.dll
+ 2009-07-15 16:03 . 2009-06-15 14:53 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.18051_none_b7718b8f1c41b9a8\t2embed.dll
+ 2009-07-15 16:03 . 2009-06-15 15:26 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.22450_none_b613b6283839eaf7\t2embed.dll
+ 2009-07-15 16:03 . 2009-06-15 15:24 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.18272_none_b57678331f2ab896\t2embed.dll
+ 2009-07-15 16:03 . 2009-06-15 15:09 156160 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.21067_none_b4297fd83b155d73\t2embed.dll
+ 2009-07-15 16:03 . 2009-06-15 15:29 156160 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.16870_none_b38e38f92205f4f7\t2embed.dll
+ 2006-11-02 13:02 . 2009-07-17 15:50 131578 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 10:33 . 2009-06-24 15:21 586980 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-11 10:01 586980 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-24 15:21 101052 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-07-11 10:01 101052 c:\windows\System32\perfc009.dat
+ 2009-02-10 17:44 . 2009-02-10 17:44 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-31 03:22 . 2008-07-31 03:22 442880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\vs_setup.msi
+ 2008-04-10 14:16 . 2008-04-10 14:16 804864 c:\windows\Installer\f590fd.msi
+ 2008-03-25 19:51 . 2008-03-25 19:51 289792 c:\windows\Installer\e41f50.msi
+ 2009-01-19 02:20 . 2009-01-19 02:20 331264 c:\windows\Installer\923205.msi
+ 2009-04-20 13:15 . 2009-04-20 13:15 207872 c:\windows\Installer\89194.msp
+ 2008-02-24 10:16 . 2008-02-24 10:16 431104 c:\windows\Installer\8212c.msi
+ 2008-08-20 10:13 . 2008-08-20 10:13 369152 c:\windows\Installer\77378.msi
+ 2008-08-20 10:12 . 2008-08-20 10:12 289792 c:\windows\Installer\77373.msi
+ 2009-02-10 07:07 . 2009-02-10 07:07 528896 c:\windows\Installer\6afdf4.msp
+ 2008-11-09 17:07 . 2008-11-09 17:07 529408 c:\windows\Installer\6abb58.msi
+ 2008-12-24 11:34 . 2008-12-24 11:34 196096 c:\windows\Installer\64ba4.msi
+ 2008-06-06 09:40 . 2008-06-06 09:40 390656 c:\windows\Installer\5f9266.msi
+ 2008-02-25 10:48 . 2008-02-25 10:48 431104 c:\windows\Installer\5e008.msi
+ 2009-02-10 17:57 . 2009-02-10 17:57 438784 c:\windows\Installer\495f07.msi
+ 2008-11-13 11:34 . 2008-11-13 11:34 432640 c:\windows\Installer\45daf.msi
+ 2009-01-11 16:59 . 2009-01-11 16:59 620544 c:\windows\Installer\3eb158.msi
+ 2009-02-10 17:45 . 2009-02-10 17:45 648192 c:\windows\Installer\3d80b9.msi
+ 2007-07-10 12:11 . 2007-07-10 12:11 582656 c:\windows\Installer\3114a.msi
+ 2008-07-23 00:26 . 2008-07-23 00:26 110592 c:\windows\Installer\3052c26.msp
+ 2004-08-25 09:59 . 2004-08-25 09:59 361472 c:\windows\Installer\3052bbe.msp
+ 2006-02-23 09:47 . 2006-02-23 09:47 755712 c:\windows\Installer\3052b58.msp
+ 2008-05-07 15:39 . 2008-05-07 15:39 669184 c:\windows\Installer\3052afc.msp
+ 2004-03-11 09:46 . 2004-03-11 09:46 801792 c:\windows\Installer\3052ae5.msp
+ 2009-01-20 20:49 . 2009-01-20 20:49 211968 c:\windows\Installer\29bdb.msi
+ 2009-01-20 20:49 . 2009-01-20 20:49 229888 c:\windows\Installer\29bd5.msi
+ 2009-01-20 20:49 . 2009-01-20 20:49 200704 c:\windows\Installer\29bcf.msi
+ 2009-01-20 20:49 . 2009-01-20 20:49 279552 c:\windows\Installer\29bc9.msi
+ 2009-01-20 20:49 . 2009-01-20 20:49 249344 c:\windows\Installer\29bc3.msi
+ 2009-01-20 20:49 . 2009-01-20 20:49 252416 c:\windows\Installer\29bbd.msi
+ 2009-01-20 20:49 . 2009-01-20 20:49 275968 c:\windows\Installer\29bb7.msi
+ 2009-01-20 20:48 . 2009-01-20 20:48 276992 c:\windows\Installer\29bb1.msi
+ 2009-01-20 20:48 . 2009-01-20 20:48 200192 c:\windows\Installer\29bab.msi
+ 2009-01-20 20:48 . 2009-01-20 20:48 198656 c:\windows\Installer\29ba5.msi
+ 2009-01-20 20:48 . 2009-01-20 20:48 305152 c:\windows\Installer\29b9f.msi
+ 2009-01-20 20:48 . 2009-01-20 20:48 284672 c:\windows\Installer\29b99.msi
+ 2009-01-20 20:48 . 2009-01-20 20:48 321536 c:\windows\Installer\29b93.msi
+ 2009-01-20 20:48 . 2009-01-20 20:48 452096 c:\windows\Installer\29b86.msi
+ 2009-01-20 20:39 . 2009-01-20 20:39 213504 c:\windows\Installer\29b29.msi
+ 2008-02-23 17:18 . 2008-02-23 17:18 467968 c:\windows\Installer\2997d1.msi
+ 2007-07-10 12:28 . 2007-07-10 12:28 974848 c:\windows\Installer\27b1c.msi
+ 2008-03-30 19:44 . 2008-03-30 19:44 318464 c:\windows\Installer\247cef.msi
+ 2007-07-10 12:32 . 2007-07-10 12:32 997376 c:\windows\Installer\22678.msi
+ 2008-03-04 16:03 . 2008-03-04 16:03 289792 c:\windows\Installer\17629d.msi
+ 2008-02-24 10:27 . 2008-02-24 10:27 470528 c:\windows\Installer\128605.msi
+ 2008-12-04 16:34 . 2008-12-04 16:34 561664 c:\windows\Installer\11cd287.msi
+ 2008-12-13 08:58 . 2008-12-13 08:58 754688 c:\windows\Installer\118eb2.msp
+ 2009-04-02 23:59 . 2009-04-02 23:59 214016 c:\windows\Installer\1178e9a.msi
+ 2009-07-15 16:03 . 2009-06-17 08:02 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22160_none_f4b74f0181eee730\OESpamFilter.dat
+ 2009-07-15 16:03 . 2009-06-17 07:35 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18056_none_f43e83de68c3c37f\OESpamFilter.dat
+ 2009-07-15 16:03 . 2009-06-17 07:30 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22459_none_f2e4af9f84b85a2a\OESpamFilter.dat
+ 2009-07-15 16:03 . 2009-06-17 07:35 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18278_none_f24470cc6babdbc4\OESpamFilter.dat
+ 2009-07-15 16:03 . 2009-06-17 07:35 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21074_none_f0e3a5eb87a6b883\OESpamFilter.dat
+ 2009-07-15 16:03 . 2009-06-17 07:36 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16876_none_f05c31926e871825\OESpamFilter.dat
+ 2006-11-02 10:22 . 2009-07-16 11:16 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-06-24 12:47 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2007-07-10 12:32 . 2007-01-17 03:24 2830336 c:\windows\System32\LS_HSI.msi
+ 2006-11-02 12:44 . 2009-07-16 11:06 1644528 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:44 . 2009-06-24 18:06 1644528 c:\windows\System32\FNTCACHE.DAT
+ 2009-06-04 19:01 . 2009-06-04 19:01 4244480 c:\windows\Installer\c8f3ae.msi
+ 2008-08-20 14:30 . 2008-08-20 14:30 1420800 c:\windows\Installer\aec85d.msi
+ 2008-10-24 17:47 . 2008-10-24 17:47 1396224 c:\windows\Installer\9577d4.msi
+ 2009-04-22 13:16 . 2009-04-22 13:16 4870144 c:\windows\Installer\89180.msp
+ 2009-04-29 13:03 . 2009-04-29 13:03 8404992 c:\windows\Installer\8916a.msp
+ 2008-11-26 10:01 . 2008-11-26 10:01 3667968 c:\windows\Installer\8021f4.msp
+ 2009-04-30 21:02 . 2009-04-30 21:02 9628672 c:\windows\Installer\7b668.msp
+ 2009-01-02 18:45 . 2009-01-02 18:45 2442240 c:\windows\Installer\58b6fe.msi
+ 2009-01-02 18:44 . 2009-01-02 18:44 1780224 c:\windows\Installer\58b6f7.msi
+ 2009-01-02 18:44 . 2009-01-02 18:44 1718272 c:\windows\Installer\58b6f1.msi
+ 2009-01-02 18:43 . 2009-01-02 18:43 1725952 c:\windows\Installer\58b6eb.msi
+ 2009-01-02 18:43 . 2009-01-02 18:43 1954304 c:\windows\Installer\58b6e5.msi
+ 2009-01-02 18:43 . 2009-01-02 18:43 1826816 c:\windows\Installer\58b6df.msi
+ 2009-01-02 18:43 . 2009-01-02 18:43 1726976 c:\windows\Installer\58b6c8.msi
+ 2009-01-02 18:42 . 2009-01-02 18:42 1879040 c:\windows\Installer\58b6c2.msi
+ 2009-01-02 18:42 . 2009-01-02 18:42 1730048 c:\windows\Installer\58b6bc.msi
+ 2009-01-02 18:42 . 2009-01-02 18:42 1761792 c:\windows\Installer\58b6b6.msi
+ 2009-01-02 18:42 . 2009-01-02 18:42 1735680 c:\windows\Installer\58b6b0.msi
+ 2009-01-02 18:41 . 2009-01-02 18:41 1744384 c:\windows\Installer\58b6aa.msi
+ 2009-01-02 18:41 . 2009-01-02 18:41 1842688 c:\windows\Installer\58b6a4.msi
+ 2009-01-02 18:40 . 2009-01-02 18:40 2159104 c:\windows\Installer\58b69d.msi
+ 2009-01-02 18:39 . 2009-01-02 18:39 1715712 c:\windows\Installer\58b697.msi
+ 2009-01-02 18:39 . 2009-01-02 18:39 1716224 c:\windows\Installer\58b690.msi
+ 2009-01-02 18:39 . 2009-01-02 18:39 1716736 c:\windows\Installer\58b689.msi
+ 2009-01-02 18:39 . 2009-01-02 18:39 1716224 c:\windows\Installer\58b682.msi
+ 2009-01-02 18:39 . 2009-01-02 18:39 1728000 c:\windows\Installer\58b67b.msi
+ 2009-01-02 18:38 . 2009-01-02 18:38 1718272 c:\windows\Installer\58b675.msi
+ 2009-01-02 18:38 . 2009-01-02 18:38 1761792 c:\windows\Installer\58b66e.msi
+ 2009-01-02 18:38 . 2009-01-02 18:38 1753088 c:\windows\Installer\58b668.msi
+ 2009-01-02 18:38 . 2009-01-02 18:38 1720832 c:\windows\Installer\58b662.msi
+ 2009-01-02 18:37 . 2009-01-02 18:37 2595840 c:\windows\Installer\58b65c.msi
+ 2009-01-02 18:34 . 2009-01-02 18:34 1826304 c:\windows\Installer\58b656.msi
+ 2009-01-02 18:34 . 2009-01-02 18:34 1716736 c:\windows\Installer\58b650.msi
+ 2009-01-02 18:33 . 2009-01-02 18:33 1767424 c:\windows\Installer\58b64a.msi
+ 2008-02-28 11:39 . 2008-02-28 11:39 3452416 c:\windows\Installer\50e1a.msi
+ 2008-08-18 10:38 . 2008-08-18 10:38 3559936 c:\windows\Installer\4d675.msp
+ 2008-03-03 21:10 . 2008-03-03 21:10 1273344 c:\windows\Installer\38c177.msi
+ 2009-03-30 16:53 . 2009-03-30 16:53 2714624 c:\windows\Installer\35d87.msi
+ 2007-07-10 12:16 . 2007-07-10 12:16 2859008 c:\windows\Installer\33b31.msi
+ 2009-01-31 12:10 . 2009-01-31 12:10 1021952 c:\windows\Installer\337adf.msi
+ 2007-07-10 12:11 . 2007-07-10 12:11 4540928 c:\windows\Installer\31144.msi
+ 2008-10-28 14:59 . 2008-10-28 14:59 8413184 c:\windows\Installer\3052bfc.msp
+ 2008-09-04 14:52 . 2008-09-04 14:52 4337664 c:\windows\Installer\3052be7.msp
+ 2008-05-06 09:30 . 2008-05-06 09:30 9577984 c:\windows\Installer\3052baa.msp
+ 2008-01-11 13:13 . 2008-01-11 13:13 5862912 c:\windows\Installer\3052b95.msp
+ 2008-01-14 13:26 . 2008-01-14 13:26 4478464 c:\windows\Installer\3052b6e.msp
+ 2006-02-27 15:31 . 2006-02-27 15:31 1269248 c:\windows\Installer\3052b59.msp
+ 2006-02-23 09:46 . 2006-02-23 09:46 2990080 c:\windows\Installer\3052b57.msp
+ 2006-03-28 14:37 . 2006-03-28 14:37 6956032 c:\windows\Installer\3052b41.msp
+ 2006-08-29 16:50 . 2006-08-29 16:50 3210240 c:\windows\Installer\3052b26.msp
+ 2004-09-13 03:34 . 2004-09-13 03:34 1432576 c:\windows\Installer\3052ad1.msp
+ 2008-06-11 19:13 . 2008-06-11 19:13 7988224 c:\windows\Installer\3052a7d.msp
+ 2008-03-31 15:35 . 2008-03-31 15:35 8309760 c:\windows\Installer\3052a67.msp
+ 2006-02-22 08:46 . 2006-02-22 08:46 2334720 c:\windows\Installer\3052a53.msp
+ 2009-01-20 20:49 . 2009-01-20 20:49 1069056 c:\windows\Installer\29be2.msi
+ 2009-01-20 20:48 . 2009-01-20 20:48 1233408 c:\windows\Installer\29b8d.msi
+ 2007-07-10 12:32 . 2007-07-10 12:32 7726592 c:\windows\Installer\22672.msi
+ 2008-05-10 09:28 . 2008-05-10 09:28 1242624 c:\windows\Installer\19ea25.msi
+ 2008-03-30 19:26 . 2008-03-30 19:26 1689600 c:\windows\Installer\13823c.msi
+ 2009-05-01 10:19 . 2009-07-16 01:03 73681687 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
+ 2006-11-02 10:24 . 2009-07-07 15:10 24539592 c:\windows\System32\mrt.exe
+ 2009-05-05 16:06 . 2009-05-05 16:06 17515008 c:\windows\Installer\891aa.msp
+ 2009-03-09 13:55 . 2009-03-09 13:55 17526272 c:\windows\Installer\6afe0a.msp
+ 2008-01-24 14:56 . 2008-01-24 14:56 13570560 c:\windows\Installer\3052c12.msp
+ 2008-10-28 18:17 . 2008-10-28 18:17 17520128 c:\windows\Installer\3052b11.msp
+ 2005-09-25 10:46 . 2005-09-25 10:46 16084480 c:\windows\Installer\1223c91.msp
+ 2004-02-21 20:41 . 2004-02-21 20:41 60819164 c:\windows\Installer\118f2d.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LESS CITY AMEN SETUP"="c:\programdata\SOFTWARE STOP CAKE.74ni4dy" [X]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-17 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-05-31 326440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PCMService"="c:\acer\Empowering Technology\eMode\PCM\PCMService.exe" [2007-01-12 151552]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-20 4493312]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-28 110592]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-10 535336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A9BB1744-ADE0-4DB1-9DE6-68AC382FC033}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{92B8D59A-32A0-490C-9B13-BD644FC6BEB3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EBF00423-765B-4BCB-9694-FD0A5747AB01}"= UDP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{E7521040-F2A1-46DE-82BC-41CE0035A1D0}"= TCP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{FEA6D843-5B65-4E6A-8340-C19061F88BEC}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1117BCBC-DA31-44FC-9F62-E251BCDA26FB}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{583C0994-C105-4F20-82D8-044A8CE0DDB6}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{1AB4849A-7842-4EF6-B610-E95808453274}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{B6841A6F-4A1F-492E-873B-00D050429D78}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{A75A8936-70E0-47C3-9A17-32F0673D14F0}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{D13EED16-3BC6-4706-9606-F604FF7B1251}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{19E9630E-5818-4B87-9EB2-89CB6E40C9A5}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"TCP Query User{2DCD685F-286E-48AF-AFB3-2078A109DA51}c:\\program files\\microsoft office\\office10\\frontpg.exe"= UDP:c:\program files\microsoft office\office10\frontpg.exe:Microsoft FrontPage
"UDP Query User{2BA55028-CE81-40BA-BD36-2721B3EC6515}c:\\program files\\microsoft office\\office10\\frontpg.exe"= TCP:c:\program files\microsoft office\office10\frontpg.exe:Microsoft FrontPage
"{02FF2A6C-28CE-4472-AFF8-5C6BFACF845A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{5208DC6E-E079-4E6B-A0D2-49F278C8BBC5}c:\\program files\\microsoft office\\office10\\frontpg.exe"= UDP:c:\program files\microsoft office\office10\frontpg.exe:Microsoft FrontPage
"UDP Query User{A126F3A5-0A02-457F-9B8D-6385328B235B}c:\\program files\\microsoft office\\office10\\frontpg.exe"= TCP:c:\program files\microsoft office\office10\frontpg.exe:Microsoft FrontPage
"{BD8C02AA-8AC5-4BA1-BB96-7F108CA13350}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{03030BB1-DE2E-4756-A17C-372E43A92DEF}c:\\users\\benjamin\\downloads\\metin2.bin"= UDP:c:\users\benjamin\downloads\metin2.bin:metin2
"UDP Query User{ECEEBC53-5ECF-4B73-AD18-CCCF71B65E4C}c:\\users\\benjamin\\downloads\\metin2.bin"= TCP:c:\users\benjamin\downloads\metin2.bin:metin2
"TCP Query User{64975B56-C199-470B-B774-601BD3E5F8F8}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{8227218B-DFCB-424E-84BB-DE52AC5F6809}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{040A75C7-018E-41E2-9CA5-9832D7E04DB9}c:\\program files\\sierra\\fearcombat\\fpupdate.exe"= UDP:c:\program files\sierra\fearcombat\fpupdate.exe:fpupdate
"UDP Query User{3B95ADF2-B82D-498A-9311-6434CE8D55E3}c:\\program files\\sierra\\fearcombat\\fpupdate.exe"= TCP:c:\program files\sierra\fearcombat\fpupdate.exe:fpupdate
"TCP Query User{A7E2A9EF-FEBA-4371-B54F-CD7689309B91}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= UDP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"UDP Query User{DF67EFF0-27A9-41BC-B549-BE3469D73B8D}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= TCP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"TCP Query User{ADD5B796-BA49-4E5B-BD32-80DD137792BE}c:\\ut2003\\system\\ut2003.exe"= UDP:c:\ut2003\system\ut2003.exe:UT2003
"UDP Query User{0A099039-F3D1-46A7-892D-2AA14C0DD8A2}c:\\ut2003\\system\\ut2003.exe"= TCP:c:\ut2003\system\ut2003.exe:UT2003
"TCP Query User{E49C2C47-C6E8-4DD9-B347-71AAB294C660}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{A06EC744-8627-4E6B-8690-279DCBE40796}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{F95A7399-B9F6-47D9-9C3C-9CDBC64CECB8}"= UDP:c:\program files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
"{FA73A14D-7D1E-4DC5-9013-7FF9C6DF4436}"= TCP:c:\program files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2
"{AB8C0401-E459-4E53-AB51-6AFAC61DED7F}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DB9B16CC-69CD-485D-91AA-6C8A8F0D5655}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{58DD5619-155A-4769-B9B2-B4376FE79ED5}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{F0749A17-CE3A-41E9-ACF1-958750D1BB5B}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"TCP Query User{34E592FC-1C4A-4B46-9FF5-0FE1B52D56EE}c:\\program files\\wormux\\wormux.exe"= UDP:c:\program files\wormux\wormux.exe:Wormux is a convivial mass murder game.
"UDP Query User{D1D1689A-DF27-4929-A71D-745E188E1EF8}c:\\program files\\wormux\\wormux.exe"= TCP:c:\program files\wormux\wormux.exe:Wormux is a convivial mass murder game.
"TCP Query User{CB06FC56-1878-4880-B770-BC3EEDEDF2A1}c:\\program files\\live-player\\live-player.exe"= UDP:c:\program files\live-player\live-player.exe:Live-Player
"UDP Query User{FC7C400E-CD8F-404E-A276-07EFD0703DF3}c:\\program files\\live-player\\live-player.exe"= TCP:c:\program files\live-player\live-player.exe:Live-Player
"{92B1BAAD-9025-4F7D-AD12-67DF78CAFC4F}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{8DD44C06-465E-4A0F-9F3F-CBF5AA473160}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{679ABFA3-8BD4-4D70-862F-37B2E9B2F2A3}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{B8CEC155-90CA-4B85-A07F-84B831154709}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{0ED8BA53-75B0-40AA-ACF1-05259239D2BC}"= UDP:12755:BitComet 12755 TCP
"{3B7AABDD-4ABF-4431-AAFF-E8E5E1A2C71B}"= TCP:12755:BitComet 12755 UDP
"TCP Query User{F65560EC-9D82-4A6D-BCF2-6CFD14D933DA}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"UDP Query User{DCFE51C3-44E7-4BE4-9A27-3160C1888072}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"{026797B0-C061-4385-ACCA-F817D2C80ABF}"= UDP:c:\program files\AeriaGames\ProjectTorque\ProjectTorque.bin:Project Torqu
"{5F92DFDB-95B3-414B-9F70-F3B674EBFCF0}"= TCP:c:\program files\AeriaGames\ProjectTorque\ProjectTorque.bin:Project Torqu

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [07/01/2009 19:31 28544]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [03/04/2008 17:16 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [03/04/2008 17:16 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [23/02/2008 12:03 51792]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [03/08/2007 15:09 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [30/03/2008 21:26 47640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [22/09/2008 21:47 1153368]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\System32\drivers\e4usbaw.sys [23/02/2008 12:23 104344]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [10/07/2007 22:29 46592]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\System32\drivers\e4ldr.sys [23/02/2008 12:23 69656]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [24/06/2009 21:03 38160]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [23/02/2008 12:21 28224]
S3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [10/07/2007 22:29 454520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2008-05-17 c:\windows\Tasks\SyncBack mes docs Joëlle.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-05-17 13:16]

2009-07-17 c:\windows\Tasks\User_Feed_Synchronization-{909E66DD-55D9-4815-985B-640AA5492C71}.job
- c:\windows\system32\msfeedssync.exe [2009-05-08 11:31]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
IE: Compare Prices with &Dealio - c:\users\Joëlle\AppData\LocalLow\Dealio\kb125\res\DealioSearch.html
IE: Download with &Shareaza - c:\program files\Crux P2P\Plugins\RazaWebHook.dll/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-17 17:59
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-17 18:03
ComboFix-quarantined-files.txt 2009-07-17 16:03
ComboFix2.txt 2009-06-24 18:41

Pre-Run: 6 654 582 784 octets libres
Post-Run: 6 512 099 328 octets libres

409 --- E O F --- 2009-07-16 01:04
0
Réponse 33 / 33
gllm34 Messages postés 416 Date d'inscription jeudi 9 octobre 2008 Statut Membre Dernière intervention 12 février 2010 21
17 juil. 2009 à 18:11
Je tente un scan complet avec malwarebyte
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
1fichier.com et bloqueur de pub
anthea1309 -
Patoche12 -

60 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Tableau croisé dynamique
Joh67 -
Joh67 -

2 réponses