benoit22

Membres

Afficher le profil Afficher son activité

Compteur de contenus
1
Inscription
le 6 juillet 2008
Dernière visite
le 6 juillet 2008

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par benoit22

analyse rapport combofix

benoit22 a posté un sujet dans Analyses et éradication malwares

est ce que quelqu'un peut il analyser ce rapport combofix afin de me donner des conseils. ComboFix 08-07-05.1 - Benoît 2008-07-06 14:00:07.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1906 [GMT 2:00] Endroit: C:\Users\Benoît\Downloads\ComboFix.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\DRV\Tuner\Yuan\Resources\_desktop.ini C:\Windows\PLFSet.dll C:\Windows\system32\ACER.exe C:\Windows\system32\x64 C:\Windows\system32\x64\csnp2uvc.dll C:\Windows\system32\x64\rsnpvc64.dll C:\Windows\system32\x64\sncduvc.sys C:\Windows\system32\x64\snp2uvc.sys C:\Windows\system32\x64\vsnpvc64.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))))))) . 2008-07-06 13:09 . 2008-07-06 13:11 <REP> d-------- C:\Windows\System32\drivers\Avg 2008-07-06 13:09 . 2008-07-06 13:09 <REP> d-------- C:\Program Files\AVG 2008-07-06 13:09 . 2008-07-06 13:09 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys 2008-07-06 13:09 . 2008-07-06 13:09 67,080 --a------ C:\Windows\System32\drivers\avgwfpx.sys 2008-07-06 13:09 . 2008-07-06 13:09 10,520 --a------ C:\Windows\System32\avgrsstx.dll 2008-07-06 13:02 . 2008-07-06 13:02 <REP> d-------- C:\Users\Benoît\AppData\Roaming\Desktopicon 2008-07-06 13:02 . 2008-07-06 13:03 <REP> d-------- C:\Program Files\Unlocker 2008-07-06 09:55 . 2008-07-06 10:28 <REP> d-------- C:\Lop SD 2008-07-06 09:43 . 2008-07-06 09:43 <REP> d-------- C:\Program Files\Lopxp 2008-07-06 09:21 . 2008-07-06 11:30 <REP> d--h----- C:\$AVG8.VAULT$ 2008-07-06 09:08 . 2008-07-06 13:09 <REP> d-------- C:\Users\All Users\avg8 2008-07-06 09:08 . 2008-07-06 13:09 <REP> d-------- C:\ProgramData\avg8 2008-07-01 17:13 . 2008-07-06 11:46 <REP> d-------- C:\Program Files\Common Files\Adobe 2008-06-29 17:14 . 2008-06-29 17:15 <REP> d-------- C:\Users\Benoît\AppData\Roaming\DVD Flick 2008-06-29 16:54 . 2008-06-29 16:54 <REP> d-------- C:\Users\All Users\DVD Shrink 2008-06-29 16:54 . 2008-06-29 16:54 <REP> d-------- C:\ProgramData\DVD Shrink 2008-06-29 16:54 . 2004-03-09 00:00 662,288 --a------ C:\Windows\System32\mscomct2.ocx 2008-06-29 16:54 . 2004-03-09 00:00 212,240 --a------ C:\Windows\System32\richtx32.ocx 2008-06-29 16:54 . 2000-05-19 17:56 81,920 --a------ C:\Windows\System32\mbmouse.ocx 2008-06-29 16:54 . 2000-11-05 15:27 36,864 --a------ C:\Windows\System32\trayicon.ocx 2008-06-29 11:04 . 2008-07-06 11:46 <REP> d-------- C:\Program Files\Lavasoft 2008-06-29 11:03 . 2008-06-29 11:03 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-21 12:01 . 2008-07-06 11:47 <REP> d-------- C:\Users\Benoît\AppData\Roaming\Adobe 2008-06-20 22:29 . 2008-06-20 22:35 <REP> d-------- C:\Program Files\PhotoFiltre 2008-06-17 06:30 . 2008-05-10 05:35 885,248 --a------ C:\Windows\System32\RacEngn.dll 2008-06-17 06:30 . 2008-05-10 00:22 9,127 --a------ C:\Windows\System32\RacUR.xml 2008-06-17 06:30 . 2008-05-10 00:22 153 --a------ C:\Windows\System32\RacUREx.xml 2008-06-16 18:32 . 2008-06-16 18:32 376 --a------ C:\Windows\ODBC.INI 2008-06-16 18:31 . 2008-06-16 18:31 <REP> d-------- C:\Users\Benoît\AppData\Roaming\Microsoft Web Folders 2008-06-14 19:05 . 2008-06-14 19:05 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-06-14 13:19 . 2008-06-14 13:19 28,190 --a------ C:\Users\Benoît\AppData\Roaming\nvModes.dat 2008-06-13 20:17 . 2008-07-05 20:57 <REP> d-------- C:\Users\Benoît\Incomplete 2008-06-13 20:17 . 2008-07-05 20:57 <REP> d-------- C:\Users\Benoît\Incomplete 2008-06-13 20:16 . 2008-06-30 19:46 <REP> d-------- C:\Users\Benoît\AppData\Roaming\LimeWire 2008-06-13 19:33 . 2007-08-08 09:29 2,772,992 --a------ C:\Windows\System32\NETw4r32.dll 2008-06-13 19:33 . 2007-08-08 02:26 2,226,688 --a------ C:\Windows\System32\drivers\NETw4v32.sys 2008-06-13 19:33 . 2007-08-08 09:28 684,032 --a------ C:\Windows\System32\NETw4c32.dll 2008-06-13 18:10 . 2008-06-13 18:10 <REP> d-------- C:\PerfLogs 2008-06-13 17:59 . 2008-06-13 17:43 152,576 --a------ C:\Windows\System32\SPWizUI.dll 2008-06-13 17:59 . 2008-06-13 17:43 47,560 --a------ C:\Windows\System32\SPReview.exe 2008-06-13 17:45 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll 2008-06-13 17:44 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe 2008-06-13 17:43 . 2008-06-13 17:59 196,608 --a------ C:\Windows\SPInstall.etl 2008-06-13 15:28 . 2008-06-13 15:28 <REP> d-------- C:\Users\Benoît\AppData\Roaming\DivX 2008-06-13 15:28 . 2008-07-06 11:47 <REP> d-------- C:\Program Files\DivX 2008-06-13 15:28 . 2008-06-13 15:28 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine 2008-06-13 15:17 . 2008-06-13 15:21 <REP> d-------- C:\Users\Benoît\AppData\Roaming\U3 2008-06-13 14:18 . 2008-06-13 14:18 <REP> d-------- C:\Program Files\Microsoft Silverlight 2008-06-13 12:05 . 2008-06-13 12:05 1,820 --a------ C:\Windows\System32\rasctrnm.h 2008-06-13 11:56 . 2008-06-13 11:56 988,216 --a------ C:\Windows\System32\winload.exe 2008-06-13 11:56 . 2008-06-13 11:56 927,288 --a------ C:\Windows\System32\winresume.exe 2008-06-13 11:56 . 2008-06-13 11:56 615,992 --a------ C:\Windows\System32\ci.dll 2008-06-13 11:56 . 2008-06-13 11:56 378,368 --a------ C:\Windows\System32\srcore.dll 2008-06-13 11:56 . 2008-06-13 11:56 318,464 --a------ C:\Windows\System32\rstrui.exe 2008-06-13 11:56 . 2008-06-13 11:56 46,592 --a------ C:\Windows\System32\setbcdlocale.dll 2008-06-13 11:56 . 2008-06-13 11:56 40,960 --a------ C:\Windows\System32\srclient.dll 2008-06-13 11:56 . 2008-06-13 11:56 19,000 --a------ C:\Windows\System32\kd1394.dll 2008-06-13 11:56 . 2008-06-13 11:56 14,848 --a------ C:\Windows\System32\srdelayed.exe 2008-06-13 11:56 . 2008-06-13 11:56 6,656 --a------ C:\Windows\System32\kbd106n.dll 2008-06-13 11:55 . 2008-06-13 11:55 2,032,128 --a------ C:\Windows\System32\win32k.sys 2008-06-13 11:52 . 2008-06-13 11:52 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys 2008-06-13 11:50 . 2008-07-06 11:47 <REP> d-------- C:\Users\All Users\Lavasoft 2008-06-13 11:50 . 2008-07-06 11:47 <REP> d-------- C:\ProgramData\Lavasoft 2008-06-13 11:50 . 2008-06-13 11:50 1,314,816 --a------ C:\Windows\System32\quartz.dll 2008-06-13 11:49 . 2008-06-13 11:49 428,544 --a------ C:\Windows\System32\EncDec.dll 2008-06-13 11:49 . 2008-06-13 11:49 293,376 --a------ C:\Windows\System32\psisdecd.dll 2008-06-13 11:49 . 2008-06-13 11:49 218,624 --a------ C:\Windows\System32\psisrndr.ax 2008-06-13 11:49 . 2008-06-13 11:49 80,896 --a------ C:\Windows\System32\MSNP.ax 2008-06-13 11:49 . 2008-06-13 11:49 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax 2008-06-13 11:49 . 2008-06-13 11:49 57,856 --a------ C:\Windows\System32\MSDvbNP.ax 2008-06-13 11:47 . 2008-06-13 11:47 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-06-13 11:47 . 2008-06-13 11:47 826,880 --a------ C:\Windows\System32\wininet.dll 2008-06-13 11:45 . 2008-06-20 22:29 434 --a------ C:\Windows\BRWMARK.INI 2008-06-13 11:45 . 2008-06-20 22:29 27 --a------ C:\Windows\BRPP2KA.INI 2008-06-13 11:44 . 2008-06-13 11:44 <REP> d-------- C:\Program Files\Java 2008-06-13 11:41 . 2008-07-06 11:47 <REP> d-------- C:\Program Files\Common Files\Java 2008-06-13 11:39 . 2008-07-06 11:47 <REP> d-------- C:\Program Files\LimeWire 2008-06-13 11:32 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-06-13 11:32 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-06-13 11:31 . 2008-06-13 11:31 <REP> d-------- C:\Program Files\MSXML 4.0 2008-06-13 11:31 . 2008-07-06 11:46 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-06-13 11:24 . 2008-06-13 11:24 <REP> d-------- C:\Windows\PCHEALTH 2008-06-13 11:23 . 2008-06-13 11:26 <REP> d-------- C:\Users\Benoît\AppData\Roaming\Lavasoft 2008-06-13 11:22 . 2008-06-13 11:22 21,467,136 --a------ C:\Windows\System32\imageres.dll 2008-06-13 11:18 . 2008-07-06 11:46 <REP> d-------- C:\Users\All Users\Stardock 2008-06-13 11:18 . 2008-07-06 11:46 <REP> d-------- C:\ProgramData\Stardock 2008-06-13 11:18 . 2008-07-06 11:46 <REP> d-------- C:\Program Files\Stardock 2008-06-13 11:18 . 2007-06-05 11:26 567,040 --a------ C:\Windows\System32\wbocx.ocx 2008-06-13 11:18 . 2007-06-05 11:26 56,496 --a------ C:\Windows\System32\wbhelp2.dll 2008-06-13 11:17 . 2008-07-06 11:46 <REP> d-------- C:\Program Files\Windows Live 2008-06-13 11:17 . 2008-07-06 11:46 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-06-13 11:16 . 2008-06-13 11:16 <REP> d-------- C:\Users\All Users\WLInstaller 2008-06-13 11:16 . 2008-06-13 11:16 <REP> d-------- C:\ProgramData\WLInstaller 2008-06-13 11:08 . 2008-06-18 18:23 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-06-13 11:08 . 2008-06-18 18:23 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-06-13 11:08 . 2008-07-06 11:46 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-13 11:07 . 2008-06-13 11:07 <REP> d-------- C:\Program Files\Alwil Software 2008-06-13 11:07 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-06-13 11:06 . 2008-06-13 11:06 <REP> d-------- C:\Program Files\CCleaner 2008-06-13 10:58 . 2008-07-06 11:46 <REP> d-------- C:\Program Files\Neuf 2008-06-13 10:05 . 2008-06-13 10:05 92 --a------ C:\Windows\GridV.UNI 2008-06-13 10:00 . 2007-05-08 15:26 368,640 --a------ C:\Windows\System32\CheckD2DSystem.exe 2008-06-13 10:00 . 2006-11-12 11:54 327,680 --a------ C:\Windows\System32\Remove_eRecovery.exe 2008-06-13 10:00 . 2006-11-10 17:27 16,384 --a------ C:\Windows\System32\LauncheRyAgentUser.exe 2008-06-13 10:00 . 2005-12-09 09:12 16,384 --a------ C:\Windows\System32\ClearEvent.exe 2008-06-13 10:00 . 2006-02-24 11:28 552 --a------ C:\Windows\System32\setup.iss 2008-06-13 09:59 . 2008-07-06 11:47 <REP> d-------- C:\Program Files\Apoint2K 2008-06-13 09:59 . 2008-06-13 09:59 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf 2008-06-13 09:57 . 2008-06-13 09:57 <REP> d-------- C:\Windows\System32\ENU 2008-06-13 09:57 . 2007-03-21 12:58 304,920 --a------ C:\Windows\System32\drivers\iaStor.sys 2008-06-13 09:56 . 2006-11-22 22:26 1,706,800 --a------ C:\Windows\System32\gdiplus.dll 2008-06-13 09:56 . 2005-08-16 08:49 40,960 --------- C:\junction.exe 2008-06-13 09:54 . 2008-06-13 12:13 <REP> dr------- C:\Users\Benoît\Searches 2008-06-13 09:54 . 2008-06-13 12:13 <REP> dr------- C:\Users\Benoît\Searches 2008-06-13 09:54 . 2008-06-13 09:54 <REP> d-------- C:\Users\Benoît\AppData\Roaming\Identities 2008-06-13 09:54 . 2008-06-13 09:54 <REP> d-------- C:\Users\All Users\NVIDIA 2008-06-13 09:54 . 2008-06-13 09:54 <REP> d-------- C:\ProgramData\NVIDIA 2008-06-13 09:54 . 2008-07-06 11:46 <REP> d-------- C:\Program Files\Launch Manager 2008-06-13 09:54 . 2008-07-06 11:46 <REP> d--hs---- C:\$RECYCLE.BIN 2008-06-13 09:54 . 2008-06-13 09:54 83 --a------ C:\Windows\LManager.UNI 2008-06-13 09:53 . 2008-06-13 11:25 <REP> dr------- C:\Users\Benoît\Contacts 2008-06-13 09:53 . 2008-06-13 11:25 <REP> dr------- C:\Users\Benoît\Contacts 2008-06-13 09:52 . 2008-06-13 09:52 <REP> d-------- C:\Windows\ACER 2008-06-13 09:52 . 2008-06-13 15:28 <REP> dr------- C:\Users\Benoît\Videos 2008-06-13 09:52 . 2008-06-13 15:28 <REP> dr------- C:\Users\Benoît\Videos . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-06 12:02 2,621,440 --sha-w C:\Users\Benoît\ntuser.dat 2008-07-06 12:02 2,621,440 --sha-w C:\Users\Benoît\ntuser.dat 2008-07-06 11:09 --------- d-s---w C:\Users\Benoît\AppData\Roaming\Microsoft 2008-07-06 11:02 --------- d-----w C:\Users\Benoît\AppData\Roaming\Desktopicon 2008-07-06 09:47 --------- d-----w C:\Users\Benoît\AppData\Roaming\Adobe 2008-07-06 09:47 --------- d-----w C:\Program Files\Windows Sidebar 2008-07-06 09:47 --------- d-----w C:\Program Files\Acer Arcade Deluxe 2008-06-30 17:46 --------- d-----w C:\Users\Benoît\AppData\Roaming\LimeWire 2008-06-29 15:15 --------- d-----w C:\Users\Benoît\AppData\Roaming\DVD Flick 2008-06-16 16:31 --------- d-----w C:\Users\Benoît\AppData\Roaming\Microsoft Web Folders 2008-06-14 11:19 28,190 ----a-w C:\Users\Benoît\AppData\Roaming\nvModes.dat 2008-06-13 16:17 174 --sha-w C:\Program Files\desktop.ini 2008-06-13 16:03 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-06-13 16:03 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-06-13 13:28 --------- d-----w C:\Users\Benoît\AppData\Roaming\DivX 2008-06-13 13:21 --------- d-----w C:\Users\Benoît\AppData\Roaming\U3 2008-06-13 09:26 --------- d-----w C:\Users\Benoît\AppData\Roaming\Lavasoft 2008-06-13 08:24 --------- d-----w C:\ProgramData\Symantec 2008-06-13 08:17 --------- d-----w C:\ProgramData\Microsoft Help 2008-06-13 07:54 --------- d-----w C:\Users\Benoît\AppData\Roaming\Identities 2008-06-13 07:52 1,550 ----a-w C:\Windows\CLEANUP.CMD 2008-06-13 07:52 --------- d-----w C:\Users\Benoît\AppData\Roaming\Macromedia 2008-06-13 07:52 --------- d-----w C:\Users\Benoît\AppData\Roaming\InstallShield 2008-06-13 07:49 --------- d-sh--w C:\ProgramData\Modèles 2008-06-13 07:49 --------- d-sh--w C:\ProgramData\Menu Démarrer 2008-06-13 07:49 --------- d-sh--w C:\ProgramData\Favoris 2008-06-13 07:49 --------- d-sh--w C:\ProgramData\Bureau 2008-06-13 07:49 --------- d-sh--w C:\Program Files\Fichiers communs 2008-06-13 07:43 --------- d-----w C:\Program Files\Intel 2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll 2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll 2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll 2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll 2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll 2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll 2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll 2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll 2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll 2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll 2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll 2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe 2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll 2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll 2008-05-22 22:19 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll 2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe 2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll 2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240] "Foxmail"="C:\Users\Benoît\Documents\A garder\Foxmail\Foxmail.exe" [2004-04-27 11:28 3279872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-06 13:09 1177368] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=eNetHook.dll,avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\Windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Benoît^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DreamMail.lnk] path=C:\Users\Benoît\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DreamMail.lnk backup=C:\Windows\pss\DreamMail.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] --a------ 2007-05-22 15:49 151552 C:\Acer\AcerTour\Reminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio] --------- 2007-06-11 14:54 1286144 C:\Acer\Empowering Technology\eAudio\eAudio.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] --a------ 2007-04-25 16:33 457216 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] --a------ 2007-03-21 13:00 174872 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] --a------ 2007-06-27 11:15 752136 C:\PROGRA~1\LAUNCH~1\LManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-07-25 17:39 8470528 C:\Windows\System32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-07-25 17:39 81920 C:\Windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] --a------ 2007-07-25 17:39 86016 C:\Windows\System32\nvsvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] --------- 2007-05-24 13:38 206952 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL] --a------ 2007-07-05 12:35 94208 C:\Windows\PLFSetL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] --a------ 2006-11-05 21:48 57344 C:\Acer\WR_PopUp\WarReg_PopUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2008-01-18 23:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] --a------ 2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] --a------ 2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{1ACDC690-E812-4BF4-8277-CADB310BB196}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{975C10A6-89E7-450F-8386-9F6BEC5992B5}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{4B2A96AC-90BB-469D-96F2-1E462E2F2103}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{CB0A5015-2744-4511-8C92-B47FF3948EAF}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{4D657FB7-90F1-4687-8767-1A5E9F82A3B4}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{BA4204CD-A774-4ACB-833E-DED5F58DB84E}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{8E59AA51-194A-4D26-96F6-D1ACAC49C966}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{E87801FE-95A0-43FE-96B5-E693A347B765}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{7D9B8AAB-7998-413E-8F1F-DA4537A1C762}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{05A4454F-3913-4365-8CB5-EC0AC2749337}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{38B414C1-DAEA-4669-B118-AB5D937C3A7C}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{FB75D67D-7DCF-4384-8232-93D287163A83}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{D67442CE-3195-4049-AF38-8F87E344976C}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{D8093FA6-EC25-41A6-AD3F-BF4A9C881DE0}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "{869E207B-2F29-4019-B686-8EA0407FA20B}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe "{23878910-276A-4CFC-B384-D2309FF5412F}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-06 13:09] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 16:51] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-06 13:09] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 13:09] R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-07-06 13:09] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57] R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2437ad2-3949-11dd-a82a-806e6f6e6963}] \shell\AutoRun\command - F:\LaunchU3.exe -a *Newly Created Service* - CATCHME . - - - - ORPHANS REMOVED - - - - HKLM-Run-Acer Tour - (no file) HKLM-Run-eRecoveryService - (no file) MSConfigStartUp-avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe MSConfigStartUp-HotKeysCmds - C:\Windows\system32\hkcmd.exe MSConfigStartUp-IgfxTray - C:\Windows\system32\igfxtray.exe MSConfigStartUp-Persistence - C:\Windows\system32\igfxpers.exe MSConfigStartUp-SetPanel - C:\Acer\APanel\APanel.cmd MSConfigStartUp-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-06 14:02:46 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-07-06 14:03:46 ComboFix-quarantined-files.txt 2008-07-06 12:03:42 Pre-Run: 58,034,925,568 octets libres Post-Run: 57,813,942,272 octets libres 323 --- E O F --- 2008-07-06 09:55:56
- le 6 juillet 2008
- 1 réponse

Connexion

benoit22

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par benoit22

analyse rapport combofix

Zebulon

Outils en ligne

Naviguer