Sujet Précédent Sujet Suivant

Pc infécte rapport hiajck this

Fermé
idriss - 15 août 2009 à 21:34
 idriss - 6 sept. 2009 à 17:39
Bonjour,
Voilà depuis quelques temps mon pc n'arrete pas de bugger et je ne sais pas quoi faire aidez moi svp je vous poste le rapport hijack this dés maintenant.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:14, on 15/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Users\Lefeve Catherine\Downloads\Lefeve Catherine.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=vp32&d=1006&m=aspire_x3200
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WarReg_PopUp] "C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eScan Install-checker] C:\Windows\system32\eInstall.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eScan Management-Console (eScan-eServ) - MWTI2 - C:\PROGRA~1\eScan\TRAYESER.EXE
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: Service Google Update (gupdate1c9a0149615d04d) (gupdate1c9a0149615d04d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
A voir également:

57 réponses

Précédent
Réponse 21 / 57
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
17 août 2009 à 17:19
vas dans Qoobox\quarantine et compresse juste le fichier 1ec4a9.msi
0
Réponse 22 / 57
idriss
17 août 2009 à 19:46
c est normal que sa soit si long ?
0
Réponse 23 / 57
idriss
17 août 2009 à 19:50
car je suis entrain de compresser 1ec4a9.msi.vir
0
Réponse 24 / 57
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
17 août 2009 à 21:03
bon laisse tomber et relance combofix

précise ou en sont les problèmes
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 57
idriss
17 août 2009 à 22:25
pff je retrouve m^me pas combofix quand je retélecharge il me met:

"You cannot rename ComboFix as ComboFix(3).

Please use another name,preferbaly made up of alphanumeric characters.

Merci pour ta patience. =(
0
Réponse 26 / 57
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
18 août 2009 à 07:16
cela signifie qu'il est déjà à l'endroit où tu l'as téléchargé précédemment. Pas la peine de le retélécharger
0
Réponse 27 / 57
idriss
18 août 2009 à 16:07
bonjour quand combofix me donne le raport je fais copier coller et j essaye de demarrer un page internet mais sa me marque access non autorisé et la page ne s ouvre pas j ai essayé avec des autres fichiers sa me fais la même chose que faire ? merci
0
Réponse 28 / 57
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
18 août 2009 à 18:45
que d'ennuis décidément, essaie de poster en mode sans échec avec prise en charge réseau

Sinon tu n'en as pas marre ? je te pose la question car on est sur le sujet depuis un bon moment déjà. Le formatage pourrait résoudre plus vite le problème.

Ceci étant dit si tu préfères continuer je serais toujours là ;)
0
Réponse 29 / 57
idriss
18 août 2009 à 19:15
j aimerais continuer si sa ne te derrange pas et voici le raport combofix en mode sans echec


ComboFix 09-08-10.06 - Lefeve Catherine 18/08/2009 18:51.5.2 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2814.2327 [GMT 2:00]
Running from: c:\users\Lefeve Catherine\Downloads\ComboFix.exe
AV: eScan Virus Control (VC) for Windows *On-access scanning disabled* (Updated) {E25EE26A-7512-411E-BAF6-D9AFA504A475}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: eScan Virus Control (VC) for Windows *disabled* (Outdated) {E25EE26A-7512-411E-BAF6-D9AFA504A475}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
/wow section not completed

((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-18 13:57 . 2009-08-18 13:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-18 13:57 . 2009-08-18 13:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-18 13:39 . 2009-08-18 13:57 -------- d-s---w- C:\jaCombo
2009-08-17 14:49 . 2009-08-17 20:49 -------- d-----w- c:\program files\7-Zip
2009-08-17 14:11 . 2009-08-17 14:15 -------- d-----w- c:\program files\Common Files\Steam
2009-08-17 14:11 . 2009-08-18 16:45 -------- d-----w- c:\program files\Steam
2009-08-15 20:56 . 2009-08-15 20:56 -------- d-----w- c:\program files\Panda Security
2009-08-15 19:58 . 2009-08-15 19:58 -------- d-----w- C:\Genproc
2009-08-15 19:16 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-15 19:16 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-15 19:16 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-15 19:15 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-15 19:15 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-15 19:15 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-15 19:15 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-15 19:15 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-15 19:15 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-15 19:15 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-15 19:15 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-15 19:15 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-15 19:14 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-15 19:14 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-15 19:14 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-15 19:14 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-15 18:55 . 2009-08-15 18:55 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-08-14 18:29 . 2009-08-14 19:32 -------- d-----w- c:\programdata\NOS
2009-08-14 18:29 . 2009-08-14 19:32 -------- d-----w- c:\program files\NOS
2009-07-29 18:51 . 2009-07-29 18:54 -------- d-----w- c:\programdata\Yahoo! Companion
2009-07-29 10:53 . 2009-07-21 21:52 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-29 10:52 . 2009-07-21 21:47 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-29 10:52 . 2009-07-21 20:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-29 10:52 . 2009-07-21 21:47 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-25 13:43 . 2009-07-25 13:44 -------- d-----w- c:\users\Lefeve Catherine\AppData\Roaming\FUEL Demo
2009-07-25 13:43 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-07-24 22:17 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-07-24 22:17 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-07-24 22:17 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-07-24 22:17 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-07-24 22:17 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-07-24 22:17 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-07-24 22:17 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-07-24 22:17 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-07-24 22:17 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-07-24 22:17 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-18 17:07 . 2009-06-23 14:08 82139936 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-18 17:02 . 2008-01-21 08:40 49234 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-18 17:02 . 2008-01-21 08:40 11514 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-18 16:56 . 2009-06-23 13:45 -------- d-----w- c:\program files\eScan
2009-08-18 16:18 . 2009-06-23 14:08 1102988 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-18 14:29 . 2009-06-03 16:02 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-18 14:22 . 2009-06-03 16:02 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-18 14:19 . 2009-06-03 16:02 139152 ----a-w- c:\users\Lefeve Catherine\AppData\Roaming\PnkBstrK.sys
2009-08-18 14:19 . 2009-06-03 16:02 139152 ----a-w- c:\users\Lefeve Catherine\AppData\Roaming\PnkBstrK.sys
2009-08-18 14:18 . 2009-06-03 16:02 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-18 14:18 . 2009-07-17 17:38 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-18 14:00 . 2009-03-01 12:59 9052 ----a-w- c:\users\Lefeve Catherine\AppData\Local\d3d9caps.dat
2009-08-18 13:10 . 2009-01-25 20:56 -------- d-----w- c:\programdata\Google Updater
2009-08-15 19:54 . 2009-05-05 18:12 -------- d-----w- c:\program files\trend micro
2009-08-15 19:45 . 2009-05-25 23:18 -------- d-----w- c:\programdata\WLInstaller
2009-08-15 19:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-15 18:55 . 2008-12-26 20:23 -------- d-----w- c:\program files\Windows Live
2009-08-15 18:51 . 2009-01-24 13:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-06 22:46 . 2009-07-13 12:03 -------- d-----w- c:\program files\Java
2009-07-29 18:51 . 2009-05-08 00:39 -------- d-----w- c:\program files\Yahoo!
2009-07-25 03:23 . 2009-01-30 23:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 10:24 . 2009-04-02 16:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-20 10:24 . 2009-04-09 10:22 3775176 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-19 15:11 . 2009-07-19 14:39 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2009-07-19 11:19 . 2009-07-14 17:54 -------- d-----w- c:\users\Lefeve Catherine\AppData\Roaming\SystemRequirementsLab
2009-07-17 17:29 . 2009-07-17 17:29 -------- d-----w- c:\program files\EA Games
2009-07-14 17:54 . 2009-05-30 12:19 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-14 17:54 . 2009-07-14 17:54 207872 ----a-w- c:\users\Lefeve Catherine\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-07-14 17:54 . 2009-07-14 17:54 207872 ----a-w- c:\users\Lefeve Catherine\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-07-14 17:54 . 2009-07-14 17:54 207872 ----a-w- c:\users\Lefeve Catherine\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-07-14 17:54 . 2009-07-14 17:54 207872 ----a-w- c:\users\Lefeve Catherine\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-07-13 11:36 . 2009-04-02 16:31 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-04-02 16:31 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 00:23 . 2009-07-13 00:20 16938150 ----a-w- c:\windows\REGBK01.ZIP
2009-07-07 20:36 . 2009-06-27 10:47 -------- d-----w- c:\program files\DivX
2009-07-01 11:27 . 2008-12-26 18:18 -------- d-----w- c:\program files\Google
2009-07-01 11:26 . 2009-06-27 10:48 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-07-01 11:19 . 2009-07-01 11:17 16866703 ----a-w- c:\windows\REGBK00.ZIP
2009-06-30 22:42 . 2009-06-08 18:57 -------- d-----w- c:\users\Lefeve Catherine\AppData\Roaming\Todae
2009-06-30 22:34 . 2009-05-12 22:10 -------- d-----w- c:\users\Lefeve Catherine\AppData\Roaming\vlc
2009-06-30 22:34 . 2009-06-27 10:53 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-30 22:34 . 2009-06-03 15:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-30 22:34 . 2009-06-25 16:59 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-06-30 22:34 . 2009-06-23 13:45 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-06-30 22:34 . 2009-01-26 22:08 -------- d-----w- c:\program files\CCleaner
2009-06-30 22:34 . 2009-06-25 16:59 -------- d-----w- c:\program files\ArcSoft
2009-06-30 12:33 . 2009-06-30 12:33 -------- d-----w- c:\users\Lefeve Catherine\AppData\Roaming\InstallShield
2009-06-30 12:30 . 2009-06-30 12:30 -------- d-----w- c:\program files\ArcSoft(55)
2009-06-28 20:54 . 2009-06-28 20:54 -------- d-----w- c:\users\Lefeve Catherine\AppData\Roaming\Media Player Classic
2009-06-27 16:48 . 2009-06-27 11:06 -------- d-----w- c:\users\Lefeve Catherine\AppData\Roaming\DivX
2009-06-26 19:07 . 2009-06-25 17:05 -------- d-----w- c:\programdata\ArcSoft
2009-06-25 18:20 . 2009-06-25 18:15 -------- d-----w- c:\users\Lefeve Catherine\AppData\Roaming\ArcSoft
2009-06-25 14:36 . 2009-07-17 17:28 1291640 ----a-w- c:\users\Lefeve Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\d66ixnv4.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-06-25 14:36 . 2009-07-17 17:28 729088 ----a-w- c:\users\Lefeve Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\d66ixnv4.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-23 20:24 . 2009-06-23 20:24 45 ---h--w- c:\windows\dace4368.dat
2009-06-23 14:02 . 2009-06-23 14:02 28260 ----a-w- c:\windows\WSSPORD.DAT
2009-06-23 13:59 . 2009-06-23 13:59 6288 ----a-w- c:\windows\system32\eInstall.dat
2009-06-23 13:45 . 2009-06-23 13:45 29754 ----a-w- c:\windows\winsbak.reg
2009-06-23 13:45 . 2009-06-23 13:45 256026 ----a-w- c:\windows\winsbak2.reg
2009-06-23 13:45 . 2009-06-23 13:45 -------- d-----w- c:\programdata\OEM Links
2009-06-15 14:53 . 2009-07-15 10:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-15 10:53 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-15 10:53 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-15 10:52 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-15 10:53 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 18:15 . 2009-06-10 18:15 15256 ----a-w- c:\users\Lefeve Catherine\AppData\Roaming\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
2009-06-06 03:57 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-06 03:49 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-03 16:21 . 2009-02-25 01:10 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-29 15:30 . 2009-05-29 15:30 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-29 15:30 . 2009-05-29 15:30 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-27 13:36 . 2009-01-08 19:38 278 ----a-w- c:\users\Lefeve Catherine\AppData\Roaming\wklnhst.dat
2009-05-21 19:45 . 2009-02-27 14:40 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-05-21 18:49 . 2009-05-21 18:49 0 ----a-w- c:\windows\nsreg.dat
2009-05-21 09:43 . 2009-05-21 09:43 122880 ----a-w- c:\windows\system32\UAService7.exe
2009-05-20 23:34 . 2009-05-20 23:34 4096 ----a-w- c:\windows\d3dx.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-08-18_13.52.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-26 18:19 . 2009-08-18 13:13 21546 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-361662847-2979653976-3885516880-1000_UserData.bin
+ 2008-12-26 18:19 . 2009-08-18 16:46 21546 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-361662847-2979653976-3885516880-1000_UserData.bin
- 2009-08-06 23:39 . 2009-08-06 23:39 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-08-18 14:18 . 2009-08-18 14:18 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-08-18 14:18 . 2009-08-18 14:18 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-08-06 23:39 . 2009-08-06 23:39 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-08-18 13:08 . 2009-08-18 13:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-18 16:56 . 2009-08-18 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-18 16:56 . 2009-08-18 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-08-18 13:08 . 2009-08-18 13:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-01-21 01:58 . 2009-08-18 12:33 108312 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-21 01:58 . 2009-08-18 16:46 108312 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-08-18 13:12 117032 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-18 16:46 117032 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-08-06 23:39 . 2009-08-06 23:39 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-08-18 14:18 . 2009-08-18 14:18 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-08-18 14:18 . 2009-08-18 14:18 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-08-06 23:39 . 2009-08-06 23:39 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-08-06 23:39 . 2009-08-06 23:39 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-08-18 14:18 . 2009-08-18 14:18 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-08-18 14:18 . 2009-08-18 14:18 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-08-06 23:39 . 2009-08-06 23:39 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-08-18 14:18 . 2009-08-18 14:18 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-08-06 23:39 . 2009-08-06 23:39 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-08-18 14:18 . 2009-08-18 14:18 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-08-06 23:39 . 2009-08-06 23:39 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-08-06 23:39 . 2009-08-06 23:39 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-18 14:18 . 2009-08-18 14:18 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-18 14:18 . 2009-08-18 14:18 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-08-06 23:39 . 2009-08-06 23:39 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-18 14:18 . 2009-08-18 14:18 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-08-06 23:39 . 2009-08-06 23:39 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-18 14:18 . 2009-08-18 14:18 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-08-06 23:39 . 2009-08-06 23:39 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-18 14:18 . 2009-08-18 14:18 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-08-06 23:39 . 2009-08-06 23:39 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-08-06 23:39 . 2009-08-06 23:39 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-18 14:18 . 2009-08-18 14:18 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-18 14:18 . 2009-08-18 14:18 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-08-06 23:39 . 2009-08-06 23:39 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-18 14:18 . 2009-08-18 14:18 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-08-06 23:39 . 2009-08-06 23:39 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2006-11-02 10:33 . 2009-08-18 17:02 7006658 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-08-18 17:02 6221024 c:\windows\System32\perfc009.dat
- 2009-08-06 23:39 . 2009-08-06 23:39 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-18 14:18 . 2009-08-18 14:18 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-18 14:18 . 2009-08-18 14:18 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-08-06 23:39 . 2009-08-06 23:39 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-25 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-07-27 1644784]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Steam"="c:\program files\steam\steam.exe" [2009-08-17 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-17 68592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"eScan Install-checker"="c:\windows\system32\eInstall.exe" [2005-01-24 508928]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2007-4-29 434176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):98,a6,1b,18,5c,e6,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D0C4BE1C-C5B4-4EDF-8FAE-55F438D2DD45}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{D90364C1-473F-4313-B223-9241901080C1}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{AA766C76-F16E-4FE2-A422-7D2BC7C139D9}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{42C706D2-3910-46FE-98CE-7F03D2047D4F}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{5649A2D4-F7CA-4F7C-97E2-374C5D2FDF1C}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{DEDBB5C9-7C94-4700-B32A-CE4BFF5B1973}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{FB16079E-B65F-45E2-8AEC-A6FAD42159A2}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{88149B78-7766-4162-8F83-D8B6FC8BC0C6}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{7ACC89C8-89F3-4312-9C9F-199767E21D32}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C579C023-D32A-41D7-8B1A-6026E5BF1B7B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B1E1D851-ED4E-43FF-BD3F-080B20BDC023}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{140386EE-96E0-4FEF-A02F-6FAC37BDD3A7}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{EF4F573B-DB47-4635-B3BF-FEB2070B6865}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{38BFF5AF-2C45-4A78-A138-33101997BA94}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{6AEEC8E4-82E8-4C7B-A265-0761020E8073}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{DD76C2F8-89EE-4986-880C-2661D4ACB58C}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{6A18787C-34F5-43E8-BD37-A88FF14BAB64}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"TCP Query User{31C61B21-AE01-4E77-85E9-96789B8B5A4D}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{50D0F718-542A-460D-8184-1C4206EE79F3}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"{51BAE3D8-02DB-48AB-977D-87107DDEC428}"= UDP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{FFF78D28-7B36-4908-B770-EEAF68A0A748}"= TCP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{5FFD5943-2747-46A8-B556-EC457898BCE8}"= UDP:c:\users\Lefeve Catherine\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{B2D256CF-569C-4406-9E62-4508F8A21F30}"= TCP:c:\users\Lefeve Catherine\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{1463CA75-8796-40A6-84D8-09210B23F0C4}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{9CF97287-D046-4DCE-9DDC-DE10B1766E6B}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{FDC70AA3-02AB-48A1-9FEB-355F1CF0B077}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{5B594A7E-415D-460B-AF44-ECD848BF847C}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{3CEF4C33-C280-405D-BE24-F694C40C2BE1}"= UDP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core
"{C3444528-921E-4961-9600-E53559818200}"= TCP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core
"{4FEEED50-0F2A-4049-ADFC-B5E4A131093A}"= UDP:c:\program files\Steam\steamapps\common\men of war - demo\mow_demo.exe:Men of War - Demo
"{84025048-6366-46CC-9B11-42098B15CF62}"= TCP:c:\program files\Steam\steamapps\common\men of war - demo\mow_demo.exe:Men of War - Demo
"{7F0E62F7-A480-45E5-9990-9D858ECFA929}"= UDP:c:\program files\Steam\steamapps\common\making history the calm and the storm demo\bin\makehist.exe:Making History: The Calm and The Storm Demo
"{519B675A-3936-479B-B9D8-B5B387E9A07C}"= TCP:c:\program files\Steam\steamapps\common\making history the calm and the storm demo\bin\makehist.exe:Making History: The Calm and The Storm Demo
"{63C4BFA0-FCC2-4F20-A3E5-119C7BBBCDEA}"= UDP:c:\program files\Steam\steamapps\idrissio08\stcc demo\STCC_Demo_Steam.exe:STCC - The Game - Demo
"{E15B84F9-1FA5-49AC-991F-A202858F50C2}"= TCP:c:\program files\Steam\steamapps\idrissio08\stcc demo\STCC_Demo_Steam.exe:STCC - The Game - Demo
"{5858EE39-14B6-4DB1-98C2-99514727AB39}"= UDP:c:\program files\Steam\steamapps\idrissio08\stcc demo\Config.exe:STCC - The Game - Demo
"{E8E96C7D-52BB-47B1-95B6-E293C63C71F7}"= TCP:c:\program files\Steam\steamapps\idrissio08\stcc demo\Config.exe:STCC - The Game - Demo
"{FD0B7739-6A50-432B-B6DC-DCBE8B63E699}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B1976682-1B7A-494E-9395-87FEDF95AD31}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{38D9B09E-DEA4-41BD-97BF-86252E9FA398}"= UDP:c:\program files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
"{3B2B079D-AB92-479A-9C52-DBB5638C6474}"= TCP:c:\program files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game
"{D6CBFD44-A447-4C1A-B9AD-778CBC89475A}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C1CF67FD-7437-4AAE-B954-4A091FBC5EE5}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7473F943-D047-4DD5-B2B7-2D17CB7A0AE4}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D055F971-BEED-4CA7-A628-02D596443D79}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{5201AEDA-487F-4547-A313-211B387AA20D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{43F0EAB9-0F97-496A-8A76-928D0F1C9106}"= UDP:c:\program files\Steam\steamapps\common\light of altair demo\Altair.exe:Light of Altair Demo
"{4283A27A-53E8-4F06-A399-D51CFEA15BC5}"= TCP:c:\program files\Steam\steamapps\common\light of altair demo\Altair.exe:Light of Altair Demo
"TCP Query User{39508617-4927-4BC8-B5A2-BB569520F9F0}c:\\download\\steamapps\\idrissio08\\insurgency\\hl2.exe"= UDP:c:\download\steamapps\idrissio08\insurgency\hl2.exe:hl2
"UDP Query User{432995EB-7832-49EA-A175-C92C6A399C18}c:\\download\\steamapps\\idrissio08\\insurgency\\hl2.exe"= TCP:c:\download\steamapps\idrissio08\insurgency\hl2.exe:hl2
"TCP Query User{4A2E787F-0BCE-4D50-8EC0-E558C73948A8}c:\\download\\steamapps\\idrissio08\\zombie panic! source\\hl2.exe"= UDP:c:\download\steamapps\idrissio08\zombie panic! source\hl2.exe:hl2
"UDP Query User{D15350E8-6EB6-4CAE-8BF5-41EEDE351008}c:\\download\\steamapps\\idrissio08\\zombie panic! source\\hl2.exe"= TCP:c:\download\steamapps\idrissio08\zombie panic! source\hl2.exe:hl2
"TCP Query User{1E857CD9-7ECF-4CC1-9FA9-0613E949BD8A}c:\\download\\steamapps\\idrissio08\\condition zero\\hl.exe"= UDP:c:\download\steamapps\idrissio08\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{F8257C6D-2768-400D-8731-D07F7194782C}c:\\download\\steamapps\\idrissio08\\condition zero\\hl.exe"= TCP:c:\download\steamapps\idrissio08\condition zero\hl.exe:Half-Life Launcher
"{BBCDAEE1-7A94-43AF-965E-9903A3F1DFC9}"= UDP:c:\download\steamapps\common\america's army 3 dedicated server\Binaries\myrunserver.bat:America's Army 3 Dedicated Server
"{BD2C1225-ADD1-4701-8203-BDA00BBFCAA0}"= TCP:c:\download\steamapps\common\america's army 3 dedicated server\Binaries\myrunserver.bat:America's Army 3 Dedicated Server
"{58E0A80F-139F-4CF6-9017-0563F7143F9C}"= UDP:c:\download\steamapps\common\america's army 3\Binaries\AA3Game.exe:America's Army 3
"{DE34FC89-EF0D-48D6-AFE8-5BF10FE6DF71}"= TCP:c:\download\steamapps\common\america's army 3\Binaries\AA3Game.exe:America's Army 3
"{2833E19E-20DB-4316-8163-4DAECE30173E}"= UDP:c:\download\steamapps\common\left 4 dead\srcds.exe:Left 4 Dead Dedicated Server
"{A033B6BD-94F0-4746-B25B-29DCA1E6237F}"= TCP:c:\download\steamapps\common\left 4 dead\srcds.exe:Left 4 Dead Dedicated Server
"{F2C6D2CC-4A6A-41CE-AA4E-6F5B8793B6AF}"= UDP:c:\download\steamapps\common\left 4 dead\bin\SDKLauncher.exe:Left 4 Dead Authoring Tools
"{E641229A-CE19-4DFA-B454-7AFC081309F2}"= TCP:c:\download\steamapps\common\left 4 dead\bin\SDKLauncher.exe:Left 4 Dead Authoring Tools
"{DEB1B0E3-1374-4E2A-BDFE-90A4761D0BF6}"= UDP:c:\download\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{63FBC690-6C4E-4575-B5A4-B73F1BBD7EA5}"= TCP:c:\download\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"TCP Query User{60D71378-9EA7-403A-9048-198D2E25E8FF}c:\\program files\\steam\\steamapps\\idrissio08\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\idrissio08\day of defeat source\hl2.exe:hl2
"UDP Query User{B3DA1894-B496-4BD9-BC34-F94B7A8D358A}c:\\program files\\steam\\steamapps\\idrissio08\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\idrissio08\day of defeat source\hl2.exe:hl2
"{8B3BC2CE-FCBC-4334-9EDF-6292AC3905A3}"= UDP:c:\program files\Steam\steamapps\common\arma 2 demo\ArmA2Demo.exe:ARMA 2 Demo
"{C755C92C-32F2-468A-B5DC-D69381F12E7E}"= TCP:c:\program files\Steam\steamapps\common\arma 2 demo\ArmA2Demo.exe:ARMA 2 Demo
"{EAF07CD0-48DD-49D2-896E-EBD521B43A2A}"= UDP:c:\program files\Steam\steamapps\common\killingfloor\System\KFEd.exe:Killing Floor SDK
"{0FC12A9F-12D8-46B6-BDA7-B7B819D81D23}"= TCP:c:\program files\Steam\steamapps\common\killingfloor\System\KFEd.exe:Killing Floor SDK
"{D3ACBCB1-D964-473C-A597-049288A5B217}"= UDP:c:\program files\Steam\steamapps\common\america's army 3 dedicated server\Binaries\myrunserver.bat:America's Army 3 Dedicated Server
"{C8FE5422-ABF0-421B-8B11-87C00E5D6E31}"= TCP:c:\program files\Steam\steamapps\common\america's army 3 dedicated server\Binaries\myrunserver.bat:America's Army 3 Dedicated Server
"{E716F320-BE28-40B7-9B60-DB2B22BC7AC0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{96BE6C53-1E7D-448B-9E3D-C5E99F8A1970}"= UDP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor
"{5EF3AC62-0937-49C4-AFC7-1A94392F2E2F}"= TCP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor
"{EF5A7DFA-0F87-49D0-A2C6-64D6F1DBD3CC}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{6DBF7A87-A27E-404E-8546-33C466331BBB}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{7054FCB3-F976-4F42-8DD5-B1F0A8068F0F}"= UDP:c:\program files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:America's Army 3
"{32B3E508-F4CD-4490-A211-DA09546ACA75}"= TCP:c:\program files\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:America's Army 3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Nexon\\Combat Arms EU\\CombatArms.exe"= c:\nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms EU\\Engine.exe"= c:\nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"= c:\progra~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent
"c:\\PROGRA~1\\eScan\\DOWNLOAD.EXE"= c:\progra~1\eScan\DOWNLOAD.EXE:*:Enabled:eScan Update Downloader
"c:\\PROGRA~1\\COMMON~1\\MICROW~1\\eScanRAD\\ESCANRAD.EXE"= c:\progra~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool
"c:\\PROGRA~1\\eScan\\TRAYICOS.EXE"= c:\progra~1\eScan\TRAYICOS.EXE:*:Enabled:eScan Server Updater
"c:\\PROGRA~1\\eScan\\ESERV.EXE"= c:\progra~1\eScan\ESERV.EXE:*:Enabled:eScan Management Console

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [16/05/2009 18:05 28544]
R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [09/08/2008 15:42 29808]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [20/02/2008 12:11 33800]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [09/05/2008 04:03 269448]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 13:11 16384]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [20/02/2008 12:08 472320]
R2 eScan-eServ;eScan Management-Console;c:\progra~1\eScan\TRAYESER.EXE [23/06/2009 15:45 49664]
R2 eScan-trayicos;eScan Server-Updater;c:\progra~1\eScan\TRAYSSER.EXE [23/06/2009 15:45 50688]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [09/05/2008 03:53 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 21:36 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 21:36 131072]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [08/05/2008 21:18 43552]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\System32\drivers\RTL8187B.sys [19/07/2007 01:40 281088]
S2 gupdate1c9a0149615d04d;Service Google Update (gupdate1c9a0149615d04d);c:\program files\Google\Update\GoogleUpdate.exe [08/03/2009 19:37 133104]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\System32\drivers\athru6.sys [06/06/2009 18:21 871936]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\System32\drivers\libusb0.sys [19/07/2009 16:39 33792]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [26/12/2008 20:52 28224]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\System32\drivers\LV532AV.SYS [31/01/2005 11:13 163328]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 c:\windows\Tasks\eScan Update-Server.job
- c:\progra~1\eScan\ESERV.EXE [2009-06-23 08:38]

2009-06-23 c:\windows\Tasks\eScan Updater.job
- c:\progra~1\eScan\TRAYICOS.EXE [2009-06-23 14:27]

2009-08-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-25 23:58]

2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 17:37]

2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 17:37]

2009-06-23 c:\windows\Tasks\MailScan Dispatcher.job
- c:\progra~1\eScan\launch.exe [2009-06-23 14:02]
.
.
------- Supplementary Scan -------
.
mSearch bar = hxxp://www.google.com/ie
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\mwtsp.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
FF - ProfilePath - c:\users\Lefeve Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\d66ixnv4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/webhp?hl=fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIAWB1&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Lefeve Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\d66ixnv4.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-18 19:05
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-361662847-2979653976-3885516880-1000\Software\SecuRom\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"????????????????????????"=hex:25,3e,da,3e,9b,55,63,79,aa,2c,11,16,1e,2e,33,76,
25,ab,d8,25,24,30,06,06,70,f0,60,e9,24,25,70,70,00,00,00,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-361662847-2979653976-3885516880-1000\Software\SecuRom\License information*]
"datasecu"=hex:3a,63,f1,ef,ae,5e,e7,62,bc,07,22,cb,2e,ce,3a,01,9e,59,58,30,0a,
b5,51,04,fa,4e,94,c0,8d,f9,2f,e3,0d,d5,da,d0,9f,f4,a4,f7,ad,93,22,aa,8b,cb,\
"rkeysecu"=hex:c6,71,1f,76,fb,c4,8f,28,23,cd,2c,6b,4f,ae,9e,17

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1852)
c:\windows\system32\NVSVC.DLL
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\MicroWorld\Agent\MWASER.EXE
c:\program files\Common Files\MicroWorld\Agent\MWAGENT.EXE
c:\progra~1\eScan\Vista\avpmapp.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\windows\System32\UAService7.exe
c:\program files\bin32\nSvcAppFlt.exe
c:\program files\bin32\nSvcIp.exe
c:\windows\System32\conime.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-08-18 19:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-18 17:12
ComboFix2.txt 2009-08-18 13:57
ComboFix3.txt 2009-08-18 12:57
ComboFix4.txt 2009-08-16 22:54

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 70 015 500 288 octets libres

445 --- E O F --- 2009-08-15 19:20
0
Réponse 30 / 57
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
18 août 2009 à 21:11
Est-ce que tu as toujours des soucis ?
0
Réponse 31 / 57
idriss
18 août 2009 à 22:37
ya des amerliations mais sa bug encore impeu et lost est toujour là
0
Réponse 32 / 57
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
19 août 2009 à 07:06
bon attends lo.st on va s'en débarrasser directement http://www.alt-shift-return.org/Info/eost_lost_eorezo.html
tu verras c'est rapide et facile
0
Réponse 33 / 57
idriss
19 août 2009 à 14:51
c est bon et apré je fais quoi .
0
Réponse 34 / 57
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
20 août 2009 à 07:05
Si tu as encore des bugs, il faudrait que tu regardes dans l'observateur d'évènements si tu trouves des causes récurrentes de plantage, tiens moi au courant
0
Réponse 35 / 57
idriss
20 août 2009 à 13:56
bonojour , l observateur d evenement il se trouve ou
0
Réponse 36 / 57
idriss
21 août 2009 à 19:59
c est bon j ai trouvé alors il y a 2 fois microsoft windows security auditing
0
Réponse 37 / 57
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
21 août 2009 à 20:19
regarde plutot dans la section "applications", par contre ne te contenete pas des titres des évènements, double clique dessus et dis ce qu'il en est si tu estimes que ça peut correspondre à tes problèmes de bugs
0
Réponse 38 / 57
idriss
22 août 2009 à 20:31
Salut je te poste ce que je pense car il ya marqué erreur mais je suis pas un pro donc pas sûr.


Nom du journal :Application
Source : Microsoft-Windows-WMI
Date : 11/07/2009 14:55:38
ID de l'événement :10
Catégorie de la tâche :Aucun
Niveau : Erreur
Mots clés : Classique
Utilisateur : N/A
Ordinateur : PC-de-Catherine
Description :
Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
XML de l’événement :
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-07-11T12:55:38.000Z" />
<EventRecordID>68517</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>PC-de-Catherine</Computer>
<Security />
</System>
<EventData>
<Data>//./root/CIMV2</Data>
<Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99</Data>
<Data>0x80041003</Data>
</EventData>
</Event>
0
Réponse 39 / 57
idriss
22 août 2009 à 20:32
Nom du journal :Application
Source : Microsoft-Windows-Search
Date : 11/07/2009 15:02:47
ID de l'événement :3013
Catégorie de la tâche :Rassembleur
Niveau : Erreur
Mots clés : Classique
Utilisateur : N/A
Ordinateur : PC-de-Catherine
Description :
Impossible de mettre à jour l'entrée <C:\USERS\LEFEVE CATHERINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\D66IXNV4.DEFAULT\CACHE\ZZZZZZZZZZZ> dans la configuration de hachage.

Contexte : Application , Catalogue SystemIndex

Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)

XML de l’événement :
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Search" Guid="{CA4E628D-8567-4896-AB6B-835B221F373F}" EventSourceName="Windows Search Service" />
<EventID Qualifiers="49152">3013</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>3</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-07-11T13:02:47.000Z" />
<EventRecordID>68539</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>PC-de-Catherine</Computer>
<Security />
</System>
<EventData>
<Data Name="ExtraInfo">

Contexte : Application , Catalogue SystemIndex

Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)
</Data>
<Data Name="Entry">C:\USERS\LEFEVE CATHERINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\D66IXNV4.DEFAULT\CACHE\ZZZZZZZZZZZ</Data>
</EventData>
</Event>
0
Réponse 40 / 57
idriss
22 août 2009 à 20:34
Voilà je crois que c'est à peu près tout car le reste est en rapport avec firefox mais j'ais résolu le soucis
0
eZula Messages postés 3391 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 392
22 août 2009 à 21:10
comment ?
0