Sujet Précédent Sujet Suivant

Mémoire insuffisante+virus/spyware?

Résolu/Fermé
bnji17 Messages postés 99 Date d'inscription samedi 23 août 2008 Statut Membre Dernière intervention 22 mai 2014 - 23 avril 2011 à 01:40
 Utilisateur anonyme - 23 avril 2011 à 02:28
Bonjour
J'ai un réel soucis avec mon ordinateur. Depuis quelques jours je constate qu'il va bien plus lentement, qu'il bug souvent et le même message d'erreur s'affiche : mémoire insuffisante veuillez fermer des programmes etc etc ( j'ai 2 giga de ram)
Après plusieurs recherche, j'ai constaté et fait plusieurs choses recommandé pour la mémoire etc mais je pense que je suis également infecté par virus et ou spyware
J'ai comme anti-virus avira antivir qui m'a ce soir détecter 10 trojans mais malgré cela je n'arrive toujours pas à revenir à la normalité
Je vous envoie donc le rapport hijack et j'espère que vous m'aiderez à résoudre ce problème qui est très embêtant :(
Rapport Hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:54, on 23/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Users\DANCEV~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Acer\Acer VCM\VC.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\dancevita\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2737658
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://es.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: QuickNet - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - C:\Program Files\RegTweaker\key.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [SetSpeaker] C:\Windows\SetSpkDefault.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RegistrarUsrDNIeCertStoreDLL] "C:\Program Files\DNIe\udcs.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Servicio Google Update (gupdate1ca28b7ef026c00) (gupdate1ca28b7ef026c00) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - - C:\Windows\system32\lxcgcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sqlite Server Service (SqliteServer) - Unknown owner - C:\Program Files\SIBEES Soft\SqliteServer\SqliteServer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

8 réponses

Réponse 1 / 8
Utilisateur anonyme
23 avril 2011 à 01:42
Bonsoir

Attaquons le problème au plus fort:

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ou ici : https://forospyware.com
>Renomme le pour l'enregistrer sur ton bureau en asdehi (tout simplement pour que l'infection ne le contre pas)
-> Double clique combofix.exe.(ou clic droit sous vista « exécuter en tant que... » )
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe ; (ou clic droit sous vista « exécuter en tant que... »)

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.


- Installe le console de récupération comme demandé ;utile en cas de plantage

- Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordinateur (plantage complet)


::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes


@+

0
Réponse 2 / 8
bnji17 Messages postés 99 Date d'inscription samedi 23 août 2008 Statut Membre Dernière intervention 22 mai 2014
23 avril 2011 à 01:48
je fais ça tout de suite, si ça ne te dérange pas d'attendre un petit peu parceque c'est assez urgent j'aimerais en finir vite
0
Utilisateur anonyme
23 avril 2011 à 01:49
Je suis ;-))
0
Réponse 3 / 8
bnji17 Messages postés 99 Date d'inscription samedi 23 août 2008 Statut Membre Dernière intervention 22 mai 2014
23 avril 2011 à 02:05
ComboFix 11-04-22.01 - dancevita 23/04/2011 1:50.1.2 - x86
Microsoft® Windows Vista(TM) Home Premium 6.0.6002.2.1252.34.3082.18.2046.1112 [GMT 2:00]
Running from: c:\users\dancevita\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\hide.exe
c:\windows\system32\system
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-22 to 2011-04-22 )))))))))))))))))))))))))))))))
.
.
2011-04-22 23:24 . 2011-04-22 23:24 -------- d-----w- c:\program files\CCleaner
2011-04-22 22:52 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-22 22:52 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-22 21:44 . 2011-04-22 21:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-22 21:25 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-04-22 15:15 . 2011-04-22 15:15 -------- d-----w- c:\users\dancevita\AppData\Roaming\Avira
2011-04-22 15:10 . 2011-03-04 14:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-22 15:10 . 2011-03-04 12:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-22 15:10 . 2011-04-22 15:10 -------- d-----w- c:\programdata\Avira
2011-04-22 15:10 . 2011-04-22 15:10 -------- d-----w- c:\program files\Avira
2011-04-22 14:36 . 2011-04-22 14:36 -------- d-----w- c:\programdata\Easy Driver Pro
2011-04-22 13:14 . 2011-04-22 13:14 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-04-22 11:42 . 2011-04-22 11:42 -------- d-----w- c:\program files\MSN Toolbar
2011-04-22 11:41 . 2011-04-22 11:43 -------- d-----w- c:\program files\Bing Bar Installer
2011-04-22 11:41 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-04-22 11:41 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-04-22 11:41 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-22 11:41 . 2011-04-22 11:41 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\26a0a0a51cc00e20e\InstallManager_WLE_WLE.exe
2011-04-22 11:40 . 2011-04-22 11:40 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\2316dda51cc00e20c\DSETUP.dll
2011-04-22 11:40 . 2011-04-22 11:40 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\2316dda51cc00e20c\DXSETUP.exe
2011-04-22 11:40 . 2011-04-22 11:40 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\2316dda51cc00e20c\dsetup32.dll
2011-04-22 11:40 . 2011-04-22 11:40 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\21a54c451cc00e20b\DSETUP.dll
2011-04-22 11:40 . 2011-04-22 11:40 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\21a54c451cc00e20b\DXSETUP.exe
2011-04-22 11:40 . 2011-04-22 11:40 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\21a54c451cc00e20b\dsetup32.dll
2011-04-22 11:40 . 2011-04-22 12:41 -------- d-----w- c:\users\dancevita\AppData\Local\Windows Live
2011-04-22 11:38 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-04-21 23:46 . 2011-04-21 23:46 -------- d-----w- c:\users\dancevita\AppData\Roaming\Uniblue
2011-04-21 23:46 . 2011-04-21 23:46 -------- d-----w- c:\users\dancevita\AppData\Local\PackageAware
2011-04-21 23:20 . 2011-04-21 23:22 -------- d---a-w- C:\Navilog1
2011-04-21 23:20 . 2011-04-21 23:20 -------- d-----w- c:\program files\Navilog1
2011-04-20 22:21 . 2011-04-20 22:21 -------- d-----w- c:\users\dancevita\AppData\Roaming\Malwarebytes
2011-04-20 22:21 . 2011-04-20 22:21 -------- d-----w- c:\programdata\Malwarebytes
2011-04-20 22:21 . 2011-04-22 22:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-20 16:35 . 2011-04-22 21:25 -------- d-----w- c:\program files\Panda Security
2011-04-20 16:30 . 2011-04-20 18:50 -------- d-----w- c:\users\dancevita\AppData\Roaming\QuickScan
2011-04-18 14:08 . 2009-10-19 19:49 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2011-04-18 14:08 . 2009-05-22 11:26 630784 ----a-w- c:\windows\system32\vsflex8u.ocx
2011-04-18 14:08 . 2009-05-22 11:26 419240 ----a-w- c:\windows\system32\Vsflex7L.ocx
2011-04-18 14:08 . 2009-05-22 11:26 244416 ----a-w- c:\windows\system32\Msflxgrd.ocx
2011-04-18 14:08 . 2011-04-18 14:08 -------- d--h--w- c:\users\dancevita\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
2011-04-18 14:06 . 2008-07-08 12:55 89600 ----a-w- c:\windows\system32\drivers\lgmdbus.sys
2011-04-18 14:06 . 2008-07-08 12:55 14976 ----a-w- c:\windows\system32\drivers\lgmdmdfl.sys
2011-04-18 14:06 . 2008-07-08 12:55 12160 ----a-w- c:\windows\system32\drivers\lgmdwhnt.sys
2011-04-18 14:06 . 2008-07-08 12:55 12160 ----a-w- c:\windows\system32\drivers\lgmdwh.sys
2011-04-18 14:06 . 2008-07-08 12:55 12160 ----a-w- c:\windows\system32\drivers\lgmdcmnt.sys
2011-04-18 14:06 . 2008-07-08 12:55 12160 ----a-w- c:\windows\system32\drivers\lgmdcm.sys
2011-04-18 14:06 . 2008-07-08 12:55 121344 ----a-w- c:\windows\system32\drivers\lgmdmdm.sys
2011-04-18 14:06 . 2008-07-08 12:55 114944 ----a-w- c:\windows\system32\drivers\lgmdmgmt.sys
2011-04-18 14:06 . 2008-07-08 12:55 111232 ----a-w- c:\windows\system32\drivers\lgmdobex.sys
2011-04-18 14:05 . 2005-04-03 21:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-04-18 14:05 . 2005-04-03 21:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-04-18 14:05 . 2005-04-03 21:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-04-18 14:05 . 2005-04-03 21:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-04-18 14:05 . 2005-04-03 20:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-04-18 14:05 . 2011-04-18 14:05 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-04-18 14:05 . 2011-04-18 14:05 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-04-18 14:03 . 2011-04-18 14:04 -------- d-----w- C:\GT400
2011-04-15 22:38 . 2011-04-15 22:38 -------- d-----w- c:\users\dancevita\AppData\Roaming\AVG10
2011-04-15 22:37 . 2011-04-15 22:37 -------- d--h--w- c:\programdata\Common Files
2011-04-15 14:06 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A72F1DF7-658A-49E0-A74A-92BBCDF6C4E3}\mpengine.dll
2011-04-15 10:32 . 2011-04-15 10:32 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-04-15 10:32 . 2011-04-15 10:32 -------- d-----w- c:\program files\AML Products
2011-04-15 10:29 . 2010-11-29 14:21 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2011-04-15 10:29 . 2010-11-29 14:21 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2011-04-15 10:29 . 2011-04-15 10:29 -------- d-----w- c:\program files\AVS4YOU
2011-04-15 10:29 . 2011-04-15 10:29 -------- d-----w- c:\program files\Common Files\AVSMedia
2011-04-15 10:10 . 2011-04-15 10:15 -------- d-----w- c:\users\dancevita\AppData\Roaming\BonkEnc
2011-04-15 09:48 . 2011-04-15 09:49 -------- d-----w- c:\users\dancevita\AppData\Roaming\freac
2011-04-14 13:42 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 13:42 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 13:42 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 13:42 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 13:42 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 13:42 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 13:42 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 13:42 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 13:42 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 13:41 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-14 13:41 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-14 10:25 . 2011-04-14 10:25 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-14 10:25 . 2011-04-15 22:14 -------- d-----w- c:\users\dancevita\AppData\Local\Conduit
2011-04-14 10:24 . 2011-04-14 11:21 -------- d-----w- c:\users\dancevita\AppData\Roaming\Free Audio Editor
2011-04-14 10:24 . 2005-05-18 09:52 1212416 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2011-04-14 10:24 . 2005-04-25 11:01 458752 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2011-04-14 10:24 . 2005-04-25 11:01 458752 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2011-04-14 10:24 . 2005-04-04 15:21 602112 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2011-04-14 10:24 . 2005-03-28 13:54 479232 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2011-04-14 10:24 . 2005-03-28 13:52 417792 ----a-w- c:\windows\system32\NCTTextToAudio2.dll
2011-04-14 10:24 . 2005-02-24 09:51 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2011-04-14 10:24 . 2005-05-17 10:37 1986560 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2011-04-14 10:24 . 2005-04-15 10:08 880640 ----a-w- c:\windows\system32\NCTAudioEditor2.dll
2011-04-14 10:24 . 2004-11-04 11:31 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll
2011-04-14 09:50 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll
2011-04-14 09:50 . 2011-04-15 10:32 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-04-14 09:49 . 2011-04-22 15:19 -------- d-----w- c:\program files\AviSynth 2.5
2011-04-14 09:48 . 2011-04-14 09:49 -------- d-----w- c:\users\dancevita\AppData\Roaming\GetRightToGo
2011-04-09 10:32 . 2011-04-09 10:32 -------- d-----w- C:\LGT300
2011-04-09 10:31 . 2006-05-04 06:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2011-04-09 10:31 . 2011-04-18 13:54 -------- d-----w- c:\programdata\LGMOBILEAX
2011-03-24 10:57 . 2011-03-24 10:57 33640 ----a-w- c:\programdata\SPL4C0E.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-06 11:41 . 2011-03-06 11:41 33640 ----a-w- c:\programdata\SPLA42C.tmp
2011-02-22 14:13 . 2011-03-23 09:17 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 09:17 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 09:17 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-02 19:40 . 2010-09-12 23:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:11 . 2009-10-05 17:01 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-16 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-04 4702208]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-07-31 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"SetSpeaker"="c:\windows\SetSpkDefault.exe" [2007-11-27 86016]
"Skytel"="Skytel.exe" [2007-09-04 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-26 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-26 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RegistrarUsrDNIeCertStoreDLL"="c:\program files\DNIe\udcs.exe" [2009-03-02 37888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"LXCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 73728]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 57344]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2007-12-15 1208320]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-14 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2011-01-13 07:20 395192 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-04-29 21:57 103344 ----a-w- c:\program files\Lexmark 2300 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
2007-04-29 21:57 205744 ----a-w- c:\program files\Lexmark 2300 Series\lxcgmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 16:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-16 19:00 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca28b7ef026c00;Servicio Google Update (gupdate1ca28b7ef026c00);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 133104]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2008-04-04 87424]
R3 lgmdbus;LG Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmdbus.sys [2008-07-08 89600]
R3 lgmdmdfl;LG Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmdmdfl.sys [2008-07-08 14976]
R3 lgmdmdm;LG Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmdmdm.sys [2008-07-08 121344]
R3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmdmgmt.sys [2008-07-08 114944]
R3 lgmdobex;LG Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmdobex.sys [2008-07-08 111232]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 AntiVirSchedulerService;Avira AntiVir Programador;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-13 19:41]
.
2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 14:49]
.
2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 14:49]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658
mStart Page = hxxp://es.es.acer.yahoo.com
FF - ProfilePath - c:\users\dancevita\AppData\Roaming\Mozilla\Firefox\Profiles\7ai72mav.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - FreeOnlineRadioPlayerRecorder Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2737658&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=14542&q=
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - %profile%\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
FF - Ext: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - %profile%\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
BHO-{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - c:\program files\RegTweaker\key.dll
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
HKCU-Run-Acer Tour Reminder - (no file)
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-23 01:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2640550130-2162392056-882104391-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*^%"%g*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2640550130-2162392056-882104391-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*^%"%g*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-04-23 02:03:17
ComboFix-quarantined-files.txt 2011-04-23 00:03
.
Pre-Run: 6.148.816.896 bytes libres
Post-Run: 6.679.445.504 bytes libres
.
- - End Of File - - 5BA6D2F20EC556E6ABD0E2F48A8FDD09
0
Réponse 4 / 8
bnji17 Messages postés 99 Date d'inscription samedi 23 août 2008 Statut Membre Dernière intervention 22 mai 2014
23 avril 2011 à 02:21
que dois je faire? :)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
Utilisateur anonyme
23 avril 2011 à 02:22
Re

Il me semblait avoir écrit que CombpFix renommé devait être sur le bureau ...

@+
0
Réponse 6 / 8
bnji17 Messages postés 99 Date d'inscription samedi 23 août 2008 Statut Membre Dernière intervention 22 mai 2014
23 avril 2011 à 02:24
mince j'ai pas fait ça...
De combo fix aucune infections n'a été trouvé
0
Réponse 7 / 8
Utilisateur anonyme
23 avril 2011 à 02:26
Re

Et quoi de neuf?
Toujours des problèmes?

@+
0
Réponse 8 / 8
bnji17 Messages postés 99 Date d'inscription samedi 23 août 2008 Statut Membre Dernière intervention 22 mai 2014
23 avril 2011 à 02:27
bon pour l'instant non tout à l'air d'aller, je le laisse comme ça?
0
Utilisateur anonyme
23 avril 2011 à 02:28
Je met le sujet en résolu


@+
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Mémoire insuffisante Office Pro Excel (peut importe l'année)
Ronuxx68 -
Kev97 -

25 réponses
Memoire video dedié 128 MB
Guervyl -
Guervyl -

4 réponses
combien d'espace memoire occupe un entier ...
diddy_19 -
kamla -

7 réponses
Trojan alerte
Titou43 -
gen-hackman -

23 réponses