Précédent
- 1
- 2
ComboFix 08-09-20.05 - Patrick 2008-09-23 3:10:19.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1027 [GMT -4:00]
Lancé depuis: C:\Users\Patrick\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Patrick\AppData\Roaming\.#
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-23 au 2008-09-23 ))))))))))))))))))))))))))))))))))))
.
2008-09-23 02:25 . 2008-09-23 02:25 <REP> d-------- C:\_OTMoveIt
2008-09-23 02:00 . 2008-09-23 02:00 <REP> d-------- C:\Program Files\Trend Micro
2008-09-23 01:39 . 2008-09-23 01:54 <REP> d-------- C:\Lop SD
2008-09-19 15:13 . 2008-09-19 15:13 <REP> d-------- C:\Windows\Sun
2008-09-18 20:22 . 2008-09-19 14:47 <REP> d-------- C:\Users\All Users\webex
2008-09-18 20:22 . 2008-09-19 14:47 <REP> d-------- C:\ProgramData\webex
2008-09-18 20:21 . 2008-09-18 20:22 <REP> d-------- C:\Users\All Users\Linksys
2008-09-18 20:21 . 2008-09-18 20:22 <REP> d-------- C:\ProgramData\Linksys
2008-09-18 20:20 . 2008-04-09 00:14 24,888 --a------ C:\Windows\System32\drivers\pnarp.sys
2008-09-18 20:19 . 2008-09-18 20:19 <REP> d-------- C:\Users\All Users\Pure Networks
2008-09-18 20:19 . 2008-09-18 20:19 <REP> d-------- C:\ProgramData\Pure Networks
2008-09-18 20:19 . 2008-09-18 20:19 <REP> d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-09-18 20:19 . 2008-04-09 00:14 26,424 --a------ C:\Windows\System32\drivers\purendis.sys
2008-09-18 20:18 . 2008-09-18 20:19 <REP> d-------- C:\Program Files\Linksys
2008-09-18 14:45 . 2008-09-23 01:48 65,536 --------- C:\Windows\System32\Ikeext.etl
2008-09-18 14:09 . 2008-09-18 14:09 <REP> d-------- C:\Users\Patrick\AppData\Roaming\PeerNetworking
2008-09-17 13:18 . 2008-07-19 01:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-17 13:18 . 2008-07-18 23:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-17 13:18 . 2008-07-19 01:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-17 13:18 . 2008-07-19 01:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-17 13:17 . 2008-07-19 01:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-17 13:17 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-17 13:17 . 2008-07-18 23:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-17 13:17 . 2008-07-19 01:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-17 13:17 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-17 00:59 . 2008-09-17 00:59 <REP> d-------- C:\Program Files\Apple Software Update
2008-09-17 00:58 . 2008-09-18 20:20 <REP> d----c--- C:\Windows\System32\DRVSTORE
2008-09-17 00:58 . 2008-09-17 00:58 <REP> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-17 00:58 . 2008-09-17 00:58 <REP> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-17 00:58 . 2008-09-17 00:58 <REP> d-------- C:\Program Files\iTunes
2008-09-17 00:58 . 2008-09-17 00:58 <REP> d-------- C:\Program Files\iPod
2008-09-17 00:58 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-09-17 00:58 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-09-17 00:56 . 2008-09-17 00:57 <REP> d-------- C:\Program Files\QuickTime
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1027 [GMT -4:00]
Lancé depuis: C:\Users\Patrick\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Patrick\AppData\Roaming\.#
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-23 au 2008-09-23 ))))))))))))))))))))))))))))))))))))
.
2008-09-23 02:25 . 2008-09-23 02:25 <REP> d-------- C:\_OTMoveIt
2008-09-23 02:00 . 2008-09-23 02:00 <REP> d-------- C:\Program Files\Trend Micro
2008-09-23 01:39 . 2008-09-23 01:54 <REP> d-------- C:\Lop SD
2008-09-19 15:13 . 2008-09-19 15:13 <REP> d-------- C:\Windows\Sun
2008-09-18 20:22 . 2008-09-19 14:47 <REP> d-------- C:\Users\All Users\webex
2008-09-18 20:22 . 2008-09-19 14:47 <REP> d-------- C:\ProgramData\webex
2008-09-18 20:21 . 2008-09-18 20:22 <REP> d-------- C:\Users\All Users\Linksys
2008-09-18 20:21 . 2008-09-18 20:22 <REP> d-------- C:\ProgramData\Linksys
2008-09-18 20:20 . 2008-04-09 00:14 24,888 --a------ C:\Windows\System32\drivers\pnarp.sys
2008-09-18 20:19 . 2008-09-18 20:19 <REP> d-------- C:\Users\All Users\Pure Networks
2008-09-18 20:19 . 2008-09-18 20:19 <REP> d-------- C:\ProgramData\Pure Networks
2008-09-18 20:19 . 2008-09-18 20:19 <REP> d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-09-18 20:19 . 2008-04-09 00:14 26,424 --a------ C:\Windows\System32\drivers\purendis.sys
2008-09-18 20:18 . 2008-09-18 20:19 <REP> d-------- C:\Program Files\Linksys
2008-09-18 14:45 . 2008-09-23 01:48 65,536 --------- C:\Windows\System32\Ikeext.etl
2008-09-18 14:09 . 2008-09-18 14:09 <REP> d-------- C:\Users\Patrick\AppData\Roaming\PeerNetworking
2008-09-17 13:18 . 2008-07-19 01:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-17 13:18 . 2008-07-18 23:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-17 13:18 . 2008-07-19 01:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-17 13:18 . 2008-07-19 01:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-17 13:17 . 2008-07-19 01:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-17 13:17 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-17 13:17 . 2008-07-18 23:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-17 13:17 . 2008-07-19 01:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-17 13:17 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-17 00:59 . 2008-09-17 00:59 <REP> d-------- C:\Program Files\Apple Software Update
2008-09-17 00:58 . 2008-09-18 20:20 <REP> d----c--- C:\Windows\System32\DRVSTORE
2008-09-17 00:58 . 2008-09-17 00:58 <REP> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-17 00:58 . 2008-09-17 00:58 <REP> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-17 00:58 . 2008-09-17 00:58 <REP> d-------- C:\Program Files\iTunes
2008-09-17 00:58 . 2008-09-17 00:58 <REP> d-------- C:\Program Files\iPod
2008-09-17 00:58 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-09-17 00:58 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-09-17 00:56 . 2008-09-17 00:57 <REP> d-------- C:\Program Files\QuickTime
oups il manquais une parti a mon rapport voila le rapport complet:
ComboFix 08-09-20.05 - Patrick 2008-09-23 3:10:19.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1027 [GMT -4:00]
Lancé depuis: C:\Users\Patrick\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Patrick\AppData\Roaming\.#
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-23 au 2008-09-23 ))))))))))))))))))))))))))))))))))))
.
2008-09-23 02:25 . 2008-09-23 02:25 <REP> d-------- C:\_OTMoveIt
2008-09-23 02:00 . 2008-09-23 02:00 <REP> d-------- C:\Program Files\Trend Micro
2008-09-23 01:39 . 2008-09-23 01:54 <REP> d-------- C:\Lop SD
2008-09-19 15:13 . 2008-09-19 15:13 <REP> d-------- C:\Windows\Sun
2008-09-18 20:22 . 2008-09-19 14:47 <REP> d-------- C:\Users\All Users\webex
2008-09-18 20:22 . 2008-09-19 14:47 <REP> d-------- C:\ProgramData\webex
2008-09-18 20:21 . 2008-09-18 20:22 <REP> d-------- C:\Users\All Users\Linksys
2008-09-18 20:21 . 2008-09-18 20:22 <REP> d-------- C:\ProgramData\Linksys
2008-09-18 20:20 . 2008-04-09 00:14 24,888 --a------ C:\Windows\System32\drivers\pnarp.sys
2008-09-18 20:19 . 2008-09-18 20:19 <REP> d-------- C:\Users\All Users\Pure Networks
2008-09-18 20:19 . 2008-09-18 20:19 <REP> d-------- C:\ProgramData\Pure Networks
2008-09-18 20:19 . 2008-09-18 20:19 <REP> d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-09-18 20:19 . 2008-04-09 00:14 26,424 --a------ C:\Windows\System32\drivers\purendis.sys
2008-09-18 20:18 . 2008-09-18 20:19 <REP> d-------- C:\Program Files\Linksys
2008-09-18 14:45 . 2008-09-23 01:48 65,536 --------- C:\Windows\System32\Ikeext.etl
2008-09-18 14:09 . 2008-09-18 14:09 <REP> d-------- C:\Users\Patrick\AppData\Roaming\PeerNetworking
2008-09-17 13:18 . 2008-07-19 01:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-17 13:18 . 2008-07-18 23:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-17 13:18 . 2008-07-19 01:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-17 13:18 . 2008-07-19 01:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-17 13:17 . 2008-07-19 01:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-17 13:17 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-17 13:17 . 2008-07-18 23:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-17 13:17 . 2008-07-19 01:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-17 13:17 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-17 00:59 . 2008-09-17 00:59 <REP> d-------- C:\Program Files\Apple Software Update
2008-09-17 00:58 . 2008-09-18 20:20 <REP> d----c--- C:\Windows\System32\DRVSTORE
2008-09-17 00:58 . 2008-09-17 00:58 <REP> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-17 00:58 . 2008-09-17 00:58 <REP> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-17 00:58 . 2008-09-17 00:58 <REP> d-------- C:\Program Files\iTunes
2008-09-17 00:58 . 2008-09-17 00:58 <REP> d-------- C:\Program Files\iPod
2008-09-17 00:58 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-09-17 00:58 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-09-17 00:56 . 2008-09-17 00:57 <REP> d-------- C:\Program Files\QuickTime
2008-09-17 00:52 . 2008-09-17 00:52 <REP> d-------- C:\Program Files\Safari
2008-09-17 00:52 . 2008-09-17 00:52 <REP> d-------- C:\Program Files\Bonjour
2008-09-09 19:20 . 2008-07-30 21:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 19:20 . 2008-08-01 21:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-09 19:20 . 2008-06-25 23:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-09 19:20 . 2008-06-25 23:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 19:20 . 2008-05-08 15:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-09 19:20 . 2008-05-19 22:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-09 19:20 . 2008-06-25 23:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-09 19:20 . 2008-08-01 23:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-09 19:20 . 2008-07-30 23:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-09 00:56 . 2008-09-09 00:56 <REP> d-------- C:\Users\Patrick\AppData\Roaming\Malwarebytes
2008-09-09 00:56 . 2008-09-09 00:56 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-09-09 00:56 . 2008-09-09 00:56 <REP> d-------- C:\ProgramData\Malwarebytes
2008-09-09 00:55 . 2008-09-09 00:55 <REP> d-------- C:\Users\Patrick\AppData\Roaming\Download Manager
2008-09-08 13:28 . 2008-09-08 13:28 0 --a------ C:\Windows\nsreg.dat
2008-09-08 12:24 . 2008-09-08 12:24 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-09-07 16:42 . 2008-09-07 16:42 <REP> d-------- C:\Users\Patrick\Option
2008-09-07 14:25 . 2008-09-07 23:59 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-07 14:25 . 2008-09-07 23:59 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-07 14:25 . 2008-09-07 22:21 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-07 13:15 . 2008-09-07 13:15 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-09-07 13:15 . 2008-09-07 13:15 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-09-07 13:11 . 2008-09-07 13:13 <REP> d-------- C:\Users\All Users\Poke admin tons bike
2008-09-07 13:11 . 2008-09-19 13:37 <REP> d-------- C:\Users\All Users\LongAmenSixth
2008-09-07 13:11 . 2008-09-07 13:13 <REP> d-------- C:\ProgramData\Poke admin tons bike
2008-09-07 13:11 . 2008-09-19 13:37 <REP> d-------- C:\ProgramData\LongAmenSixth
2008-09-07 13:10 . 2008-09-07 13:12 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-09-06 18:12 . 2008-09-06 18:12 <REP> d-------- C:\EGIS_Drive
2008-09-06 17:35 . 2008-09-22 20:16 <REP> d-------- C:\Users\Patrick\AppData\Roaming\LimeWire
2008-09-06 17:15 . 2008-09-13 12:57 <REP> d-a------ C:\Users\All Users\TEMP
2008-09-06 17:15 . 2008-09-13 12:57 <REP> d-a------ C:\ProgramData\TEMP
2008-09-06 17:03 . 2008-09-17 14:04 <REP> d-------- C:\Users\Patrick\AppData\Roaming\Apple Computer
2008-09-06 17:02 . 2008-09-17 00:58 <REP> d-------- C:\Users\All Users\Apple Computer
2008-09-06 17:02 . 2008-09-17 00:58 <REP> d-------- C:\ProgramData\Apple Computer
2008-09-06 17:01 . 2008-09-06 17:01 <REP> d-------- C:\Users\All Users\Apple
2008-09-06 17:01 . 2008-09-06 17:01 <REP> d-------- C:\ProgramData\Apple
2008-09-06 17:01 . 2008-09-17 00:56 <REP> d-------- C:\Program Files\Common Files\Apple
2008-09-06 16:50 . 2008-09-06 16:50 <REP> d-------- C:\Program Files\BitComet
2008-09-06 16:50 . 2008-09-14 18:04 <REP> d-------- C:\Downloads
2008-09-06 16:38 . 2008-09-18 20:21 <REP> d-------- C:\Program Files\Java
2008-09-06 16:37 . 2008-09-06 16:37 <REP> d-------- C:\Program Files\Common Files\Java
2008-09-06 16:35 . 2008-09-06 16:35 <REP> d-------- C:\Program Files\LimeWire
2008-09-06 16:19 . 2008-09-06 16:19 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-06 16:19 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-09-06 16:15 . 2008-09-06 16:34 <REP> d-------- C:\Program Files\Windows Live
2008-09-06 16:15 . 2008-09-06 16:17 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-06 16:14 . 2008-09-06 16:14 <REP> d-------- C:\Users\All Users\WLInstaller
2008-09-06 16:14 . 2008-09-06 16:14 <REP> d-------- C:\ProgramData\WLInstaller
2008-09-06 16:05 . 2008-09-06 16:06 <REP> d-------- C:\Users\Patrick\AppData\Roaming\eSobi
2008-09-06 16:03 . 2008-09-06 16:03 <REP> d-------- C:\Users\Patrick\AppData\Roaming\CyberLink
2008-09-06 15:51 . 2008-07-15 21:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-09-06 15:45 . 2008-09-06 15:45 <REP> d-------- C:\Program Files\MSXML 4.0
2008-09-06 15:42 . 2008-09-06 15:42 <REP> d-------- C:\Users\Patrick\AppData\Roaming\Yahoo!
2008-09-06 15:42 . 2008-09-06 15:42 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-09-06 15:42 . 2008-09-06 15:42 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-09-06 15:37 . 2008-09-06 15:37 <REP> d-------- C:\Windows\Acer_Wide
2008-09-06 15:37 . 2008-09-06 15:41 <REP> d-------- C:\Windows\Acer_Normal
2008-09-06 15:37 . 2008-09-06 15:37 <REP> d-------- C:\Program Files\Acer Incorporated
2008-09-06 15:37 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Wide).scr
2008-09-06 15:37 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Normal).scr
2008-09-06 15:37 . 2006-11-03 16:23 44 --a------ C:\Windows\Acer(Normal).ini
2008-09-06 15:37 . 2006-11-02 16:38 42 --a------ C:\Windows\Acer(Wide).ini
2008-09-06 15:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32_priv.dll
2008-09-06 15:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32.dll
2008-09-06 15:29 . 2007-05-15 16:46 98,360 --a------ C:\Windows\System32\hcwi2c32.dll
2008-09-06 15:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32_priv.dll
2008-09-06 15:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32.dll
2008-09-06 15:28 . 2008-09-23 01:48 0 --a------ C:\Windows\System32\LogConfigTemp.xml
2008-09-06 15:25 . 2008-09-06 15:25 <REP> d-------- C:\Program Files\DIFX
2008-09-06 15:25 . 2008-06-25 21:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-09-06 15:25 . 2008-06-25 21:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-09-06 15:25 . 2008-06-25 23:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-09-06 15:25 . 2008-04-23 00:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-09-06 15:25 . 2008-04-23 00:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-09-06 15:25 . 2008-04-23 00:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-09-06 15:25 . 2008-04-23 00:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-09-06 15:24 . 2008-09-06 15:24 <REP> d-------- C:\Program Files\YUAN
2008-09-06 15:24 . 2008-02-22 01:05 110,136 --a------ C:\Windows\System32\drivers\ataport.sys
2008-09-06 15:24 . 2008-02-22 01:04 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-09-06 15:24 . 2008-02-22 01:03 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-09-06 15:24 . 2008-02-22 01:03 16,440 --a------ C:\Windows\System32\drivers\pciide.sys
2008-09-06 15:23 . 2008-04-26 04:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-09-06 15:23 . 2008-04-26 04:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-09-06 15:23 . 2008-04-26 04:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-09-06 15:23 . 2008-04-26 04:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-09-06 15:23 . 2008-04-11 23:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-09-06 15:23 . 2008-06-18 23:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-09-06 15:23 . 2008-04-04 21:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-09-06 15:23 . 2008-04-04 23:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-09-06 15:22 . 2008-03-08 00:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 00:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-18 13:54 --------- d-----w C:\Program Files\McAfee
2008-09-13 21:11 --------- d-----w C:\Program Files\SiteAdvisor
2008-09-10 00:00 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-09 23:59 --------- d-----w C:\Program Files\Microsoft Works
2008-09-06 20:07 --------- d-----w C:\ProgramData\eSobi
2008-09-06 20:03 --------- d-----w C:\ProgramData\CyberLink
2008-09-06 19:54 --------- d-----w C:\Program Files\Windows Mail
2008-09-06 19:17 --------- d-----w C:\Program Files\Acer
2008-09-06 19:13 --------- d-sh--w C:\ProgramData\Modèles
2008-09-06 19:13 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-09-06 19:13 --------- d-sh--w C:\ProgramData\Favoris
2008-09-06 19:13 --------- d-sh--w C:\ProgramData\Bureau
2008-09-06 19:13 --------- d-sh--w C:\Program Files\Fichiers communs
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-20 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-20 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-20 1008184]
"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-10 40048]
"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 34040]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Acer Product Registration"="C:\Program Files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"Acer Assist Launcher"="C:\Program Files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"LELA"="C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 C:\Windows\SkyTel.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{39483AF4-6277-434A-8C81-EEA2C2461D24}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{1C6DC239-351A-46F8-84E8-1616F9D79B91}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{8719D5E1-793E-4F9D-88DD-78C00BCDF5D7}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{4D7E353C-F160-4D1E-B45D-FBAF340ED2ED}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{3F1AC602-C49C-4B07-AAC9-F573A6DE6DDB}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{366F7CF6-4D0E-4110-8DF8-4D6586841F01}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{BD637667-56BC-43ED-9884-B9B585628618}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{01FF3703-8975-429B-875A-AB12919BCBC8}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{473DFFBF-F989-48BF-8937-0650C5A6DB8B}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{E2448DCF-9832-4280-BA97-EF6465FCD0C1}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{4BCF4F26-3C87-4277-8A74-8C44A0937428}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F3999426-D4E3-4478-9A91-60B4A8E796FA}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2FB1E4DC-655B-4D66-BC5F-35F864C3CAF8}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{4801CD5B-F558-4808-9CD9-4DFB2F24AC55}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{616AABAB-E816-4AAD-8898-F38B1255D749}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{FD0915E6-9BAD-4C0E-98F8-71A181A5E87C}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{EAC16019-5FFD-4479-9BD1-FF44C6A1B94C}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{41BD57FF-08B7-4BBF-9C4D-841047B98225}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{7B5D3F7D-F2E5-4ED6-9B8E-4F0635717CBA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6581E08B-0A93-42F0-B5BF-15D3D08664D4}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{E5D45FFC-021E-407C-A8FE-B4F31C8FEB4F}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{7B67E92E-DF2A-41BE-AF97-C92190A1DA3A}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{AD162974-5759-4D60-BE1D-E28970AD2C33}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{7B5C6282-A721-4ACB-BF94-48588F9F0940}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{405647E8-C571-4FA8-BD0D-37CD26785ABA}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{1D234831-7739-46DF-8880-82C754CD63EF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{25A78448-34D7-4CE6-A950-6221509E256A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E44598EF-4D95-452A-BD6C-96371DC03773}"= UDP:C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{1EDE1921-AC17-4FAA-BD2B-482A3A71790C}"= TCP:C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{7B624EFB-B43D-41A8-863B-8D93AF76E35C}"= TCP:67:0.0.0.0:DHCP Discovery Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-29 7680]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 21752]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 24576]
R2 LinksysUpdater;Linksys Updater;C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-24 49152]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-27 298496]
S4 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-eRecoveryService - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\oisui8g8.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 03:12:54
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
Heure de fin: 2008-09-23 3:14:27
ComboFix-quarantined-files.txt 2008-09-23 07:14:22
Avant-CF: 84ÿ550ÿ189ÿ056 octets libres
Après-CF: 84,312,576,000 octets libres
299 --- E O F --- 2008-09-10 00:02:34
ComboFix 08-09-20.05 - Patrick 2008-09-23 3:10:19.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1027 [GMT -4:00]
Lancé depuis: C:\Users\Patrick\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Patrick\AppData\Roaming\.#
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-23 au 2008-09-23 ))))))))))))))))))))))))))))))))))))
.
2008-09-23 02:25 . 2008-09-23 02:25 <REP> d-------- C:\_OTMoveIt
2008-09-23 02:00 . 2008-09-23 02:00 <REP> d-------- C:\Program Files\Trend Micro
2008-09-23 01:39 . 2008-09-23 01:54 <REP> d-------- C:\Lop SD
2008-09-19 15:13 . 2008-09-19 15:13 <REP> d-------- C:\Windows\Sun
2008-09-18 20:22 . 2008-09-19 14:47 <REP> d-------- C:\Users\All Users\webex
2008-09-18 20:22 . 2008-09-19 14:47 <REP> d-------- C:\ProgramData\webex
2008-09-18 20:21 . 2008-09-18 20:22 <REP> d-------- C:\Users\All Users\Linksys
2008-09-18 20:21 . 2008-09-18 20:22 <REP> d-------- C:\ProgramData\Linksys
2008-09-18 20:20 . 2008-04-09 00:14 24,888 --a------ C:\Windows\System32\drivers\pnarp.sys
2008-09-18 20:19 . 2008-09-18 20:19 <REP> d-------- C:\Users\All Users\Pure Networks
2008-09-18 20:19 . 2008-09-18 20:19 <REP> d-------- C:\ProgramData\Pure Networks
2008-09-18 20:19 . 2008-09-18 20:19 <REP> d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-09-18 20:19 . 2008-04-09 00:14 26,424 --a------ C:\Windows\System32\drivers\purendis.sys
2008-09-18 20:18 . 2008-09-18 20:19 <REP> d-------- C:\Program Files\Linksys
2008-09-18 14:45 . 2008-09-23 01:48 65,536 --------- C:\Windows\System32\Ikeext.etl
2008-09-18 14:09 . 2008-09-18 14:09 <REP> d-------- C:\Users\Patrick\AppData\Roaming\PeerNetworking
2008-09-17 13:18 . 2008-07-19 01:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-17 13:18 . 2008-07-18 23:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-17 13:18 . 2008-07-19 01:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-17 13:18 . 2008-07-19 01:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-17 13:17 . 2008-07-19 01:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-17 13:17 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-17 13:17 . 2008-07-18 23:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-17 13:17 . 2008-07-19 01:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-17 13:17 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-17 00:59 . 2008-09-17 00:59 <REP> d-------- C:\Program Files\Apple Software Update
2008-09-17 00:58 . 2008-09-18 20:20 <REP> d----c--- C:\Windows\System32\DRVSTORE
2008-09-17 00:58 . 2008-09-17 00:58 <REP> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-17 00:58 . 2008-09-17 00:58 <REP> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-17 00:58 . 2008-09-17 00:58 <REP> d-------- C:\Program Files\iTunes
2008-09-17 00:58 . 2008-09-17 00:58 <REP> d-------- C:\Program Files\iPod
2008-09-17 00:58 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-09-17 00:58 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-09-17 00:56 . 2008-09-17 00:57 <REP> d-------- C:\Program Files\QuickTime
2008-09-17 00:52 . 2008-09-17 00:52 <REP> d-------- C:\Program Files\Safari
2008-09-17 00:52 . 2008-09-17 00:52 <REP> d-------- C:\Program Files\Bonjour
2008-09-09 19:20 . 2008-07-30 21:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 19:20 . 2008-08-01 21:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-09 19:20 . 2008-06-25 23:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-09 19:20 . 2008-06-25 23:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 19:20 . 2008-05-08 15:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-09 19:20 . 2008-05-19 22:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-09 19:20 . 2008-06-25 23:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-09 19:20 . 2008-08-01 23:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-09 19:20 . 2008-07-30 23:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-09 00:56 . 2008-09-09 00:56 <REP> d-------- C:\Users\Patrick\AppData\Roaming\Malwarebytes
2008-09-09 00:56 . 2008-09-09 00:56 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-09-09 00:56 . 2008-09-09 00:56 <REP> d-------- C:\ProgramData\Malwarebytes
2008-09-09 00:55 . 2008-09-09 00:55 <REP> d-------- C:\Users\Patrick\AppData\Roaming\Download Manager
2008-09-08 13:28 . 2008-09-08 13:28 0 --a------ C:\Windows\nsreg.dat
2008-09-08 12:24 . 2008-09-08 12:24 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-09-07 16:42 . 2008-09-07 16:42 <REP> d-------- C:\Users\Patrick\Option
2008-09-07 14:25 . 2008-09-07 23:59 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-07 14:25 . 2008-09-07 23:59 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-07 14:25 . 2008-09-07 22:21 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-07 13:15 . 2008-09-07 13:15 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-09-07 13:15 . 2008-09-07 13:15 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-09-07 13:11 . 2008-09-07 13:13 <REP> d-------- C:\Users\All Users\Poke admin tons bike
2008-09-07 13:11 . 2008-09-19 13:37 <REP> d-------- C:\Users\All Users\LongAmenSixth
2008-09-07 13:11 . 2008-09-07 13:13 <REP> d-------- C:\ProgramData\Poke admin tons bike
2008-09-07 13:11 . 2008-09-19 13:37 <REP> d-------- C:\ProgramData\LongAmenSixth
2008-09-07 13:10 . 2008-09-07 13:12 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-09-06 18:12 . 2008-09-06 18:12 <REP> d-------- C:\EGIS_Drive
2008-09-06 17:35 . 2008-09-22 20:16 <REP> d-------- C:\Users\Patrick\AppData\Roaming\LimeWire
2008-09-06 17:15 . 2008-09-13 12:57 <REP> d-a------ C:\Users\All Users\TEMP
2008-09-06 17:15 . 2008-09-13 12:57 <REP> d-a------ C:\ProgramData\TEMP
2008-09-06 17:03 . 2008-09-17 14:04 <REP> d-------- C:\Users\Patrick\AppData\Roaming\Apple Computer
2008-09-06 17:02 . 2008-09-17 00:58 <REP> d-------- C:\Users\All Users\Apple Computer
2008-09-06 17:02 . 2008-09-17 00:58 <REP> d-------- C:\ProgramData\Apple Computer
2008-09-06 17:01 . 2008-09-06 17:01 <REP> d-------- C:\Users\All Users\Apple
2008-09-06 17:01 . 2008-09-06 17:01 <REP> d-------- C:\ProgramData\Apple
2008-09-06 17:01 . 2008-09-17 00:56 <REP> d-------- C:\Program Files\Common Files\Apple
2008-09-06 16:50 . 2008-09-06 16:50 <REP> d-------- C:\Program Files\BitComet
2008-09-06 16:50 . 2008-09-14 18:04 <REP> d-------- C:\Downloads
2008-09-06 16:38 . 2008-09-18 20:21 <REP> d-------- C:\Program Files\Java
2008-09-06 16:37 . 2008-09-06 16:37 <REP> d-------- C:\Program Files\Common Files\Java
2008-09-06 16:35 . 2008-09-06 16:35 <REP> d-------- C:\Program Files\LimeWire
2008-09-06 16:19 . 2008-09-06 16:19 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-06 16:19 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-09-06 16:15 . 2008-09-06 16:34 <REP> d-------- C:\Program Files\Windows Live
2008-09-06 16:15 . 2008-09-06 16:17 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-06 16:14 . 2008-09-06 16:14 <REP> d-------- C:\Users\All Users\WLInstaller
2008-09-06 16:14 . 2008-09-06 16:14 <REP> d-------- C:\ProgramData\WLInstaller
2008-09-06 16:05 . 2008-09-06 16:06 <REP> d-------- C:\Users\Patrick\AppData\Roaming\eSobi
2008-09-06 16:03 . 2008-09-06 16:03 <REP> d-------- C:\Users\Patrick\AppData\Roaming\CyberLink
2008-09-06 15:51 . 2008-07-15 21:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-09-06 15:45 . 2008-09-06 15:45 <REP> d-------- C:\Program Files\MSXML 4.0
2008-09-06 15:42 . 2008-09-06 15:42 <REP> d-------- C:\Users\Patrick\AppData\Roaming\Yahoo!
2008-09-06 15:42 . 2008-09-06 15:42 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-09-06 15:42 . 2008-09-06 15:42 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-09-06 15:37 . 2008-09-06 15:37 <REP> d-------- C:\Windows\Acer_Wide
2008-09-06 15:37 . 2008-09-06 15:41 <REP> d-------- C:\Windows\Acer_Normal
2008-09-06 15:37 . 2008-09-06 15:37 <REP> d-------- C:\Program Files\Acer Incorporated
2008-09-06 15:37 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Wide).scr
2008-09-06 15:37 . 2006-10-19 10:00 187,392 --a------ C:\Windows\Acer(Normal).scr
2008-09-06 15:37 . 2006-11-03 16:23 44 --a------ C:\Windows\Acer(Normal).ini
2008-09-06 15:37 . 2006-11-02 16:38 42 --a------ C:\Windows\Acer(Wide).ini
2008-09-06 15:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32_priv.dll
2008-09-06 15:29 . 2007-06-26 20:06 262,200 --a------ C:\Windows\System32\hcwpnp32.dll
2008-09-06 15:29 . 2007-05-15 16:46 98,360 --a------ C:\Windows\System32\hcwi2c32.dll
2008-09-06 15:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32_priv.dll
2008-09-06 15:29 . 2006-10-10 18:47 36,921 --a------ C:\Windows\System32\hcwutl32.dll
2008-09-06 15:28 . 2008-09-23 01:48 0 --a------ C:\Windows\System32\LogConfigTemp.xml
2008-09-06 15:25 . 2008-09-06 15:25 <REP> d-------- C:\Program Files\DIFX
2008-09-06 15:25 . 2008-06-25 21:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-09-06 15:25 . 2008-06-25 21:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-09-06 15:25 . 2008-06-25 23:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-09-06 15:25 . 2008-04-23 00:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-09-06 15:25 . 2008-04-23 00:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-09-06 15:25 . 2008-04-23 00:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-09-06 15:25 . 2008-04-23 00:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-09-06 15:24 . 2008-09-06 15:24 <REP> d-------- C:\Program Files\YUAN
2008-09-06 15:24 . 2008-02-22 01:05 110,136 --a------ C:\Windows\System32\drivers\ataport.sys
2008-09-06 15:24 . 2008-02-22 01:04 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-09-06 15:24 . 2008-02-22 01:03 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-09-06 15:24 . 2008-02-22 01:03 16,440 --a------ C:\Windows\System32\drivers\pciide.sys
2008-09-06 15:23 . 2008-04-26 04:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-09-06 15:23 . 2008-04-26 04:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-09-06 15:23 . 2008-04-26 04:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-09-06 15:23 . 2008-04-26 04:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-09-06 15:23 . 2008-04-11 23:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-09-06 15:23 . 2008-06-18 23:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-09-06 15:23 . 2008-04-04 21:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-09-06 15:23 . 2008-04-04 23:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-09-06 15:22 . 2008-03-08 00:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 00:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-18 13:54 --------- d-----w C:\Program Files\McAfee
2008-09-13 21:11 --------- d-----w C:\Program Files\SiteAdvisor
2008-09-10 00:00 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-09 23:59 --------- d-----w C:\Program Files\Microsoft Works
2008-09-06 20:07 --------- d-----w C:\ProgramData\eSobi
2008-09-06 20:03 --------- d-----w C:\ProgramData\CyberLink
2008-09-06 19:54 --------- d-----w C:\Program Files\Windows Mail
2008-09-06 19:17 --------- d-----w C:\Program Files\Acer
2008-09-06 19:13 --------- d-sh--w C:\ProgramData\Modèles
2008-09-06 19:13 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-09-06 19:13 --------- d-sh--w C:\ProgramData\Favoris
2008-09-06 19:13 --------- d-sh--w C:\ProgramData\Bureau
2008-09-06 19:13 --------- d-sh--w C:\Program Files\Fichiers communs
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-20 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-20 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-20 1008184]
"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-10 40048]
"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 34040]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Acer Product Registration"="C:\Program Files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"Acer Assist Launcher"="C:\Program Files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"LELA"="C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 C:\Windows\SkyTel.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{39483AF4-6277-434A-8C81-EEA2C2461D24}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{1C6DC239-351A-46F8-84E8-1616F9D79B91}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{8719D5E1-793E-4F9D-88DD-78C00BCDF5D7}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{4D7E353C-F160-4D1E-B45D-FBAF340ED2ED}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{3F1AC602-C49C-4B07-AAC9-F573A6DE6DDB}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{366F7CF6-4D0E-4110-8DF8-4D6586841F01}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{BD637667-56BC-43ED-9884-B9B585628618}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{01FF3703-8975-429B-875A-AB12919BCBC8}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{473DFFBF-F989-48BF-8937-0650C5A6DB8B}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{E2448DCF-9832-4280-BA97-EF6465FCD0C1}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{4BCF4F26-3C87-4277-8A74-8C44A0937428}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F3999426-D4E3-4478-9A91-60B4A8E796FA}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2FB1E4DC-655B-4D66-BC5F-35F864C3CAF8}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{4801CD5B-F558-4808-9CD9-4DFB2F24AC55}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{616AABAB-E816-4AAD-8898-F38B1255D749}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{FD0915E6-9BAD-4C0E-98F8-71A181A5E87C}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{EAC16019-5FFD-4479-9BD1-FF44C6A1B94C}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{41BD57FF-08B7-4BBF-9C4D-841047B98225}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{7B5D3F7D-F2E5-4ED6-9B8E-4F0635717CBA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6581E08B-0A93-42F0-B5BF-15D3D08664D4}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{E5D45FFC-021E-407C-A8FE-B4F31C8FEB4F}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{7B67E92E-DF2A-41BE-AF97-C92190A1DA3A}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{AD162974-5759-4D60-BE1D-E28970AD2C33}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{7B5C6282-A721-4ACB-BF94-48588F9F0940}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{405647E8-C571-4FA8-BD0D-37CD26785ABA}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{1D234831-7739-46DF-8880-82C754CD63EF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{25A78448-34D7-4CE6-A950-6221509E256A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E44598EF-4D95-452A-BD6C-96371DC03773}"= UDP:C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{1EDE1921-AC17-4FAA-BD2B-482A3A71790C}"= TCP:C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{7B624EFB-B43D-41A8-863B-8D93AF76E35C}"= TCP:67:0.0.0.0:DHCP Discovery Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-29 7680]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 21752]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 24576]
R2 LinksysUpdater;Linksys Updater;C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-24 49152]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-27 298496]
S4 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-eRecoveryService - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\oisui8g8.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 03:12:54
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
Heure de fin: 2008-09-23 3:14:27
ComboFix-quarantined-files.txt 2008-09-23 07:14:22
Avant-CF: 84ÿ550ÿ189ÿ056 octets libres
Après-CF: 84,312,576,000 octets libres
299 --- E O F --- 2008-09-10 00:02:34
voila le rapport de ot move it
C:\Users\All Users\Poke admin tons bike moved successfully.
File/Folder C:\Users\All Users\Poke admin tons bike not found.
File/Folder C:\ProgramData\Poke admin tons bike not found.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09232008_032945
C:\Users\All Users\Poke admin tons bike moved successfully.
File/Folder C:\Users\All Users\Poke admin tons bike not found.
File/Folder C:\ProgramData\Poke admin tons bike not found.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09232008_032945
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
non sa me disais des truc comme erreur de suppresion a hijack alors je vienne de le desinstaller et je vais refaire le test pour voir
je ne peu pas quitter avec le rapport alors je te poste ceci p-e que tu comprendra kelke chose la dedans car moi je ny comprend rien
[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Users\Patrick\Downloads\ComboFix.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: ERREUR DE SUPPRESSION !!
C:\Users\Patrick\Downloads\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: ERREUR DE SUPPRESSION !!
C:\Combofix: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis: ERREUR DE SUPPRESSION !!
[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Users\Patrick\Downloads\ComboFix.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: ERREUR DE SUPPRESSION !!
C:\Users\Patrick\Downloads\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: ERREUR DE SUPPRESSION !!
C:\Combofix: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis: ERREUR DE SUPPRESSION !!
double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\Users\All Users\Poke admin tons bike
C:\Users\All Users\Poke admin tons bike
C:\ProgramData\Poke admin tons bike
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
* pour supprimer les outils/fix utilisés :
Télécharge ToolsCleaner sur ton bureau.
-->
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/
# Fais un clic droit sur toolcleaner
# Choisi executer en tant qu administrateur
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\Users\All Users\Poke admin tons bike
C:\Users\All Users\Poke admin tons bike
C:\ProgramData\Poke admin tons bike
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
* pour supprimer les outils/fix utilisés :
Télécharge ToolsCleaner sur ton bureau.
-->
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/
# Fais un clic droit sur toolcleaner
# Choisi executer en tant qu administrateur
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
Précédent
- 1
- 2
