Pub cid

bonjour mush_room

J'ai déjà adaware je vais essayer d'installer spybot

merci

j'ai téléchargé spybot fait une analyse et tjs des cid

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:21, on 09/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Error mail] "C:\ProgramData\Upload Bags Bags.ze1oy"
O4 - HKCU\..\Run: [LESS CITY AMEN SETUP] "C:\ProgramData\Trust Film Corn.5541rl"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

voici le rapport

SmitFraudFix v2.300

Scan done at 17:03:39,94, 09/03/2008
Run from C:\Windows\System32\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxcrcoms.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\LOUBRY HELENE


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\LOUBRY HELENE\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\LOUBRY~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{71B61238-7C0E-4045-A55F-CA481D7200AF}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{71B61238-7C0E-4045-A55F-CA481D7200AF}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{71B61238-7C0E-4045-A55F-CA481D7200AF}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Que dois-je faire ensuite?

D'accord je fais ça et t'envois le rapport

Salut

c'est toujours le même principe que pour virer lop manuellement, combo permet de visualiser les fichiers à virer et éventuellement la ou les taches planifiées associer à lop ! ;-)

en plus, combo renseigne sur la date de création des fichiers, donc un plus plus agréable pour virer lop !

@+

voici le rapport de combo

ComboFix 08-03-09.1 - LOUBRY HELENE 2008-03-09 18:43:27.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.246 [GMT 1:00]
Endroit: C:\Users\LOUBRY HELENE\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 17:40 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-09 11:59 --------- d-----w C:\Program Files\Trend Micro
2008-03-09 10:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-09 10:41 691,545 ----a-w C:\Windows\unins000.exe
2008-03-09 10:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-09 00:15 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-03-07 00:36 --------- d-----w C:\Users\LOUBRY HELENE\AppData\Roaming\FUJIFILM
2008-03-06 22:53 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-06 21:08 --------- d-----w C:\Users\LOUBRY HELENE\AppData\Roaming\SUPERAntiSpyware.com
2008-03-06 21:08 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-06 21:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 15:15 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-03-06 13:18 --------- d-----w C:\Program Files\Common Files\NewTech Infosystems
2008-03-05 21:29 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-03-05 15:33 --------- d-----w C:\ProgramData\Skype
2008-03-01 21:18 2,388 ----a-w C:\Users\LOUBRY HELENE\AppData\Roaming\wklnhst.dat
2008-02-29 20:01 --------- d---a-w C:\ProgramData\TEMP
2008-02-28 00:22 --------- d-----w C:\Program Files\Windows Live
2008-02-26 16:37 --------- d-----w C:\Users\LOUBRY HELENE\AppData\Roaming\Grisoft
2008-02-24 21:08 --------- d-----w C:\Program Files\Google
2008-02-23 01:29 --------- d-----w C:\Program Files\Picasa2
2008-02-22 21:23 --------- d-----w C:\Program Files\Logitech
2008-02-22 18:41 --------- d-----w C:\ProgramData\LogiShrd
2008-02-22 18:41 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-02-22 18:27 127,034 ------r C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2008-02-18 21:03 --------- d-----w C:\ProgramData\Grisoft
2008-02-17 17:23 --------- d-----w C:\Users\LOUBRY HELENE\AppData\Roaming\Samsung
2008-02-17 16:53 --------- d-----w C:\Program Files\Samsung
2008-02-15 09:12 --------- d-----w C:\Users\LOUBRY HELENE\AppData\Roaming\Talkback
2008-02-14 12:04 230,432 ----a-w C:\PA207.DAT
2008-02-14 08:23 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 08:23 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 08:16 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 08:16 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 08:16 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 08:16 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 08:16 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 08:16 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 08:16 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 08:16 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 08:16 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 08:16 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 08:16 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 08:16 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 08:15 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 08:15 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 08:15 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 08:15 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 08:15 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 08:15 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 08:10 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 08:10 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 08:10 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 08:10 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 10:37 --------- d-----w C:\ProgramData\Lavasoft
2008-02-13 10:36 --------- d-----w C:\Program Files\Lavasoft
2008-02-09 19:00 --------- d-----w C:\ProgramData\Messenger Plus!
2008-02-09 13:53 --------- d-----w C:\ProgramData\WLInstaller
2008-02-08 18:19 --------- d-----w C:\ProgramData\JollyBear
2008-02-07 00:24 --------- d-----w C:\Program Files\lx_cats
2008-02-06 22:26 --------- d-----w C:\ProgramData\CheckPoint
2008-02-06 20:44 --------- d-----w C:\Program Files\Alwil Software
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-28 19:54 --------- d-----w C:\Users\LOUBRY HELENE\AppData\Roaming\Emjysoft
2008-01-28 19:54 --------- d-----w C:\ProgramData\Emjysoft
2008-01-26 20:34 --------- d-----w C:\ProgramData\eMule
2008-01-26 20:34 --------- d-----w C:\Program Files\eMule
2008-01-23 15:27 --------- d-----w C:\ProgramData\proxy dash
2008-01-16 02:55 --------- d-----w C:\ProgramData\Tool Eggs Less City
2008-01-10 16:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-10 13:30 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-10 01:42 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-10 01:42 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 01:42 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-10 01:42 --------- d-----w C:\Program Files\Windows Sidebar
2007-12-25 21:46 192,512 ----a-w C:\Windows\off-road-uninst.exe
2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-12-13 14:19 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-13 14:18 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 14:18 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-10-06 10:53 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-03-08_20.12.22,79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-08 13:10:03 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-09 17:38:33 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-03-08 18:25:22 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-03-09 17:00:30 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-03-08 13:12:08 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-09 17:40:32 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-03-08 19:07:33 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-03-09 16:03:49 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-03-08 13:12:03 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-09 17:40:26 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-09 17:40:26 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-08 17:10:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-09 17:38:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-08 17:10:50 180,224 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-09 17:38:54 180,224 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-08 17:10:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-09 17:38:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-08 19:08:22 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-03-09 17:43:17 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-03-09 17:43:17 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
+ 2004-07-31 16:50:36 51,200 ----a-w C:\Windows\System32\dumphive.exe
+ 2003-06-05 19:13:00 53,248 ----a-w C:\Windows\System32\Process.exe
+ 2004-07-31 16:50:36 51,200 ----a-w C:\Windows\System32\SmitfraudFix\dumphive.exe
+ 2007-06-09 19:04:06 82,432 ----a-w C:\Windows\System32\SmitfraudFix\GenericRenosFix.exe
+ 2007-03-28 16:38:07 77,824 ----a-w C:\Windows\System32\SmitfraudFix\HostsChk.exe
+ 2008-03-05 21:29:16 82,432 ----a-w C:\Windows\System32\SmitfraudFix\IEDFix.exe
+ 2003-06-05 19:13:00 53,248 ----a-w C:\Windows\System32\SmitfraudFix\Process.exe
+ 2005-01-13 19:41:48 24,576 ----a-w C:\Windows\System32\SmitfraudFix\Reboot.exe
+ 2006-03-07 20:45:34 16,384 ----a-w C:\Windows\System32\SmitfraudFix\restart.exe
+ 2008-03-02 21:47:32 1,713,069 ----a-w C:\Windows\System32\SmitfraudFix\SmitfraudFix.cmd
+ 2006-09-19 20:13:00 20,480 ----a-w C:\Windows\System32\SmitfraudFix\SmiUpdate.exe
+ 2006-04-27 15:49:30 288,417 ----a-w C:\Windows\System32\SmitfraudFix\SrchSTS.exe
+ 2006-08-29 17:43:54 135,168 ----a-w C:\Windows\System32\SmitfraudFix\swreg.exe
+ 2006-01-09 08:36:06 40,960 ----a-w C:\Windows\System32\SmitfraudFix\swsc.exe
+ 2006-12-01 04:20:32 79,360 ----a-w C:\Windows\System32\SmitfraudFix\swxcacls.exe
+ 2008-03-02 21:38:24 77,312 ----a-w C:\Windows\System32\SmitfraudFix\UIFix.exe
+ 2006-09-14 22:34:48 167,936 ----a-w C:\Windows\System32\SmitfraudFix\unzip.exe
+ 2008-03-09 00:15:33 86,528 ----a-w C:\Windows\System32\SmitfraudFix\VACFix.exe
+ 2007-09-05 22:22:23 289,144 ----a-w C:\Windows\System32\SmitfraudFix\VCCLSID.exe
+ 2007-10-03 22:36:46 25,600 ----a-w C:\Windows\System32\SmitfraudFix\WS2Fix.exe
+ 2006-04-27 15:49:30 288,417 ----a-w C:\Windows\System32\SrchSTS.exe
+ 2007-09-05 22:22:23 289,144 ----a-w C:\Windows\System32\VCCLSID.exe
- 2008-03-08 13:13:09 16,568 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4211537824-2278198830-3660238798-1000_UserData.bin
+ 2008-03-09 17:40:52 16,568 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4211537824-2278198830-3660238798-1000_UserData.bin
- 2008-03-08 13:13:09 68,252 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-09 17:40:52 68,356 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-07 21:18:44 4,450 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-03-08 23:34:30 4,450 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-03-08 13:13:06 64,652 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-09 17:40:48 64,684 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-10-03 22:36:46 25,600 ----a-w C:\Windows\System32\WS2Fix.exe
- 2008-02-17 16:54:26 3,135,369 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-03-09 10:04:36 5,142,683 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 02:42 1232896]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-23 01:28 68856]
"Error mail"="C:\ProgramData\Upload Bags Bags.ze1oy" [2008-01-23 23:32 299024]
"LESS CITY AMEN SETUP"="C:\ProgramData\Trust Film Corn.5541rl" [2008-01-16 03:55 16]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 07:18 307200]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCRCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 18:27 106496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-06 20:28:40 528384]
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2007-12-02 00:09:46 303104]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-22 19:27:34 67128]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 20:33:11 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4211537824-2278198830-3660238798-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3949DEB9-8DD8-42E4-A506-7B9F4A231291}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A033DC2D-F311-40C6-91FC-22337523B865}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live|Desc=Acer Arcade Live
"{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess|Desc=SlideShow DVD workprocess
"{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess|Desc=DV Magician ARA workprocess
"{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess|Desc=DV Magician AVAX workprocess
"{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine|Desc=DVDivine
"{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia|Desc=HomeMedia
"{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect|Desc=HomeMedia Connect
"{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service|Desc=HomeMedia Connect Service
"{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician|Desc=VideoMagician
"{2FA1DB01-B074-442F-A0C1-6971D2A30F3C}"= UDP:C:\Windows\System32\lxcrcoms.exe:Lexmark Communications System
"{82290BFE-BC46-4E4C-AE29-9015988AC7D2}"= TCP:C:\Windows\System32\lxcrcoms.exe:Lexmark Communications System
"{CBD9AF9E-0EAB-4496-86A0-F08B8917DC9E}"= UDP:C:\Program Files\Lexmark 2400 Series\lxcrmon.exe:Device Monitor
"{80672876-64DC-4C0C-AECD-53E2977AFD10}"= TCP:C:\Program Files\Lexmark 2400 Series\lxcrmon.exe:Device Monitor
"{4B09B66F-B0AE-473E-9D3A-66ABF37373B9}"= UDP:C:\Program Files\Lexmark 2400 Series\LXCRaiox.exe:All In One Center
"{CA39C4B3-A5C7-4F2B-8349-03004DDBC390}"= TCP:C:\Program Files\Lexmark 2400 Series\LXCRaiox.exe:All In One Center
"TCP Query User{9EB22AD2-272A-4FF7-B32B-A33B49D5857E}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule|Desc=eMule
"UDP Query User{C9BCEEBA-B6DC-4F35-972E-FE24D8B801E4}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule|Desc=eMule
"{D87C5AB3-079D-49C7-812C-294681E3C8CE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{3F9935A0-AF2D-4A0F-8CD8-29F2ECF3D908}"= Disabled:UDP:C:\Users\LOUBRY HELENE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F1Q2LV6U\incredimail_install[1].exe:IncrediMail Installer
"{318AF8D4-1D1E-4329-B451-5CE3C9034204}"= Disabled:TCP:C:\Users\LOUBRY HELENE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F1Q2LV6U\incredimail_install[1].exe:IncrediMail Installer
"{5430187C-0C47-4334-876B-80DD6C87F250}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{DE987102-663F-4EAA-B321-844E97016B40}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{A720FC74-C15D-4E9D-9545-8BE9DCBE3517}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{9874289E-B898-4A68-B018-736A4C9A0CA2}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{296D6CC8-22BF-4EA4-8769-424A8AEB369C}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"{B1DB76BC-06A2-47E1-A0D7-D273F7C33297}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"{FD875B70-7D71-4482-B5AC-C34C134FB335}"= UDP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"{77F55C3C-3FE4-494B-853C-D834B303DEF4}"= TCP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"{1D652A7C-169D-4FAA-9318-4F9C5124447E}"= Disabled:UDP:C:\Users\LOUBRY HELENE\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe:IncrediMail Installer
"{A45E99C2-E8CF-4AE3-B68D-CEC34AD097DD}"= Disabled:TCP:C:\Users\LOUBRY HELENE\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe:IncrediMail Installer
"{BC873B5C-9597-41AA-A2F4-7513FAAEF098}"= Disabled:UDP:C:\Users\LOUBRY HELENE\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe:IncrediMail Installer
"{8BA3CCA9-E504-469D-B37C-F16539E677F3}"= Disabled:TCP:C:\Users\LOUBRY HELENE\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe:IncrediMail Installer
"{52796C98-4736-45CC-8D44-9C5ED4C1E1E0}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{106CFBFD-A238-4A87-9099-138AC490EC73}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{254C2271-ED55-4BB2-B71F-07B8168AD8F1}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{A8F474D0-6D25-414A-8B92-8F4A46AE688D}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{024FE936-30A0-432C-A37E-A324FE072416}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule|Desc=eMule
"UDP Query User{BE8D94DA-4E06-4453-8E51-21BADE10B647}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule|Desc=eMule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 04:22]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 17:54]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 15:04]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 03:12]
S3 PAC207;Webcam 1200;C:\Windows\system32\DRIVERS\PFC027.SYS [2007-06-29 16:32]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-09 17:12:02 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 18:46:27
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-09 18:48:04
ComboFix-quarantined-files.txt 2008-03-09 17:47:55
ComboFix2.txt 2008-03-08 19:12:59
.
2008-03-07 08:41:08 --- E O F ---

faut il faire autre chose?