Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Annalyse combofix aidez moi svp

strictmaximum
 Partager

Messages recommandés

strictmaximum Junior Member

strictmaximum

Posté(e)
Posté(e)

Bonjour tous,

 

Au départ en fait j'ai un probleme avec l'explorateur windows qui s'arrête dès que je fais un clic droit... J'ai éffectué des restaurations du systeme, j'ai essayé les combines de chez microsoft, j'ai parcouru des dizaines de forum sans trouver l'ombre d'une solution efficace, j'ai fait plusieurs scans avec spyware terminator, spybot, malwarebytes et Avast.

Avast m'a trouvé un fichier cab corrompu...Mais ne propose rien...

Aujourd'hui je me tourne vers vous en espérant que vous aurez une soluce... je vous poste le "log" de "combofix" que je viens d'effectuer.

Si ce n'est pas un probleme de malware avez-vous une idée de comment faire pour évier ce message? "l'explorateur windows a cessé de fonctionner"

merci d'avance

 

Informatiquement vôtre,

 

Strictmaximum

 

 

Le log ComboFix:

 

ComboFix 08-08-30.03 - Wam 2008-08-31 12:25:28.4 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1926 [GMT 2:00]

Endroit: C:\Users\Wam\Desktop\Poste de contrôle\Maintenance\ComboFix.exe

* Création d'un nouveau point de restauration

.

 

((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))))))))

.

 

2008-08-31 11:24 . 2008-08-31 11:38 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-08-31 11:24 . 2008-08-31 11:38 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy

2008-08-31 11:24 . 2008-08-31 11:41 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-08-31 10:24 . 2008-05-10 05:35 885,248 --a------ C:\Windows\System32\RacEngn.dll

2008-08-31 10:24 . 2008-05-10 00:22 9,127 --a------ C:\Windows\System32\RacUR.xml

2008-08-31 10:24 . 2008-05-10 00:22 153 --a------ C:\Windows\System32\RacUREx.xml

2008-08-31 10:20 . 2008-08-31 11:36 <REP> d-------- C:\Users\Wam\AppData\Roaming\Vista Start Menu

2008-08-31 10:20 . 2008-08-31 10:21 <REP> d-------- C:\Program Files\Vista Start Menu

2008-08-31 10:13 . 2008-08-31 10:17 <REP> d-------- C:\Windows\UltraDefrag

2008-08-30 20:05 . 2008-08-30 20:05 <REP> d-------- C:\Users\Wam\AppData\Roaming\FreeCommander

2008-08-30 20:05 . 2008-08-30 20:05 <REP> d-------- C:\Program Files\FreeCommander

2008-08-30 13:43 . 2008-08-30 13:44 <REP> d-------- C:\Users\Wam\AppData\Roaming\eSobi

2008-08-30 00:44 . 2008-08-30 00:44 <REP> d-------- C:\Users\Wam\AppData\Roaming\PeerNetworking

2008-08-29 23:16 . 2008-08-29 23:16 <REP> d-------- C:\Users\Wam\AppData\Roaming\Template

2008-08-29 23:16 . 2008-08-30 12:24 438 --a------ C:\Users\Wam\AppData\Roaming\wklnhst.dat

2008-08-29 20:07 . 2008-08-29 20:07 <REP> d-------- C:\Users\Wam\AppData\Roaming\Auslogics

2008-08-29 20:05 . 2008-08-29 20:05 <REP> d-------- C:\Program Files\Auslogics

2008-08-29 16:13 . 2008-08-29 16:13 <REP> d-------- C:\Program Files\Microsoft Silverlight

2008-08-29 15:14 . 2008-08-29 15:14 <REP> d-------- C:\Users\Wam\Option

2008-08-29 13:30 . 2008-08-29 13:31 <REP> d-------- C:\Users\All Users\Lavasoft

2008-08-29 13:30 . 2008-08-29 13:31 <REP> d-------- C:\ProgramData\Lavasoft

2008-08-28 23:07 . 2008-08-28 23:07 <REP> d-------- C:\Users\Wam\AppData\Roaming\Grisoft

2008-08-28 23:01 . 2008-08-28 23:30 <REP> d-a------ C:\Users\All Users\TEMP

2008-08-28 23:01 . 2008-08-28 23:30 <REP> d-a------ C:\ProgramData\TEMP

2008-08-28 22:58 . 2008-08-28 22:58 <REP> d-------- C:\Program Files\Sophos

2008-08-28 22:41 . 2008-08-28 22:49 <REP> d----c--- C:\Windows\System32\DRVSTORE

2008-08-28 21:44 . 2008-08-30 19:56 <REP> d-------- C:\Program Files\Windows Live Safety Center

2008-08-28 17:38 . 2008-08-28 17:38 <REP> d-------- C:\Program Files\GameTop.com

2008-08-28 17:37 . 2008-08-28 17:37 <REP> d-------- C:\Program Files\FreeGamePick.com

2008-08-28 12:58 . 2008-08-28 12:58 <REP> d-------- C:\Program Files\Monte Cristo

2008-08-28 11:14 . 2008-08-28 11:14 <REP> d-------- C:\Program Files\Nouvelle Cible

2008-08-28 11:14 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Cheatbook 12.2004

2008-08-28 11:12 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Audacity

2008-08-28 11:11 . 2008-08-28 11:11 <REP> d-------- C:\Program Files\IVCsoft

2008-08-28 09:49 . 2008-08-28 09:49 56 --ah----- C:\Windows\System32\ezsidmv.dat

2008-08-28 08:49 . 2008-08-28 08:52 <REP> d-------- C:\Users\Wam\AppData\Roaming\Command & Conquer 3  La Fureur de Kane

2008-08-28 08:49 . 2008-08-28 08:49 107,888 --a------ C:\Windows\System32\CmdLineExt.dll

2008-08-28 08:33 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll

2008-08-28 08:33 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll

2008-08-28 08:33 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll

2008-08-28 08:33 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll

2008-08-28 08:33 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll

2008-08-28 08:02 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll

2008-08-28 07:47 . 2008-08-28 08:20 <REP> d-------- C:\Program Files\Electronic Arts

2008-08-28 01:28 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\AIDA32 - Personal System Information

2008-08-28 00:51 . 2008-08-29 01:08 <REP> d-------- C:\Program Files\Picasa2

2008-08-28 00:51 . 2006-10-05 04:42 2,560 --a------ C:\Windows\System32\drivers\cdralw2k.sys

2008-08-28 00:51 . 2006-10-05 04:42 2,432 --a------ C:\Windows\System32\drivers\cdr4_xp.sys

2008-08-28 00:42 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Defraggler

2008-08-27 23:18 . 2008-08-27 23:18 <REP> d-------- C:\Users\All Users\WinZip

2008-08-27 23:18 . 2008-08-27 23:18 <REP> d-------- C:\ProgramData\WinZip

2008-08-27 23:16 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\WinZip 8.1 Fr

2008-08-27 23:01 . 2008-08-29 01:04 <REP> d-------- C:\Users\All Users\FLEXnet

2008-08-27 23:01 . 2008-08-29 01:04 <REP> d-------- C:\ProgramData\FLEXnet

2008-08-27 22:56 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\NFO viewer

2008-08-27 22:56 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Bonjour

2008-08-27 22:52 . 2008-08-27 22:52 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-08-27 21:53 . 2008-08-29 01:04 <REP> d-------- C:\Users\All Users\Apple Computer

2008-08-27 21:53 . 2008-08-29 01:04 <REP> d-------- C:\ProgramData\Apple Computer

2008-08-27 21:53 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\QuickTime

2008-08-27 21:52 . 2008-08-27 21:52 <REP> d-------- C:\Users\Wam\AppData\Roaming\vlc

2008-08-27 21:52 . 2008-08-29 01:04 <REP> d-------- C:\Users\All Users\Apple

2008-08-27 21:52 . 2008-08-29 01:04 <REP> d-------- C:\ProgramData\Apple

2008-08-27 21:52 . 2008-08-27 21:52 <REP> d-------- C:\Program Files\VideoLAN

2008-08-27 21:52 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Apple Software Update

2008-08-27 21:39 . 2008-08-29 01:04 <REP> d-------- C:\Users\Wam\AppData\Roaming\IrfanView

2008-08-27 21:39 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\IrfanView

2008-08-27 21:39 . 2008-08-28 00:51 <REP> d-------- C:\Program Files\Google

2008-08-27 17:13 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\PhotoDeluxe EE 1.1

2008-08-27 17:11 . 1997-04-18 11:49 298,496 --a------ C:\Windows\unin040c.exe

2008-08-27 16:51 . 2008-08-29 01:18 900 --ahs---- C:\Windows\System32\KGyGaAvL.sys

2008-08-27 16:27 . 2008-08-27 16:27 <REP> d-------- C:\Users\Wam\AppData\Roaming\Corel

2008-08-27 16:24 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Corel® Painter IX TBYB FR

2008-08-27 15:39 . 2008-08-31 11:37 <REP> d-------- C:\Users\Wam\AppData\Roaming\OpenOffice.org2

2008-08-27 15:37 . 2008-08-27 15:37 <REP> d-------- C:\Program Files\OpenOffice.org 2.4

2008-08-27 15:21 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\CCleaner

2008-08-27 15:18 . 2008-08-27 15:20 <REP> d-------- C:\Users\Wam\AppData\Roaming\Spyware Terminator

2008-08-27 15:18 . 2008-08-29 01:04 <REP> d-------- C:\Users\All Users\Spyware Terminator

2008-08-27 15:18 . 2008-08-29 01:04 <REP> d-------- C:\ProgramData\Spyware Terminator

2008-08-27 15:18 . 2008-08-29 01:04 <REP> d-------- C:\Program Files\Spyware Terminator

2008-08-27 15:18 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Crawler

2008-08-27 15:18 . 2008-08-27 15:18 141,312 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys

2008-08-27 15:15 . 2008-08-27 15:15 <REP> d-------- C:\Users\Wam\AppData\Roaming\Malwarebytes

2008-08-27 15:15 . 2008-08-27 15:15 <REP> d-------- C:\Users\All Users\Malwarebytes

2008-08-27 15:15 . 2008-08-27 15:15 <REP> d-------- C:\ProgramData\Malwarebytes

2008-08-27 15:15 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-08-27 15:15 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-08-27 15:15 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys

2008-08-27 14:57 . 2008-08-28 09:49 <REP> d-------- C:\Users\Wam\AppData\Roaming\skypePM

2008-08-27 14:55 . 2008-08-29 01:04 <REP> d-------- C:\Users\Wam\AppData\Roaming\Skype

2008-08-27 14:55 . 2008-08-30 21:02 <REP> d-------- C:\Users\Valérie\Documents de valérie

2008-08-27 14:55 . 2008-08-30 21:02 <REP> d-------- C:\Users\Valérie\Documents de valérie

2008-08-27 14:55 . 2008-08-27 14:55 <REP> d-------- C:\Users\All Users\Skype

2008-08-27 14:55 . 2008-08-27 14:55 <REP> d-------- C:\ProgramData\Skype

2008-08-27 14:55 . 2008-08-27 14:55 <REP> d-------- C:\Program Files\Skype

2008-08-27 14:55 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\Common Files\Skype

2008-08-27 14:50 . 2008-08-27 14:50 0 --a------ C:\Windows\nsreg.dat

2008-08-27 14:19 . 2008-08-29 01:08 <REP> d-------- C:\Program Files\MSN Messenger

2008-08-27 13:37 . 2008-08-27 13:37 <REP> d-------- C:\Users\All Users\ma-config.com

2008-08-27 13:37 . 2008-08-27 13:37 <REP> d-------- C:\ProgramData\ma-config.com

2008-08-27 13:37 . 2008-08-29 01:03 <REP> d-------- C:\Program Files\ma-config.com

2008-08-27 13:10 . 2008-08-27 13:10 <REP> d-------- C:\Users\Wam\AppData\Roaming\SiteAdvisor

2008-08-27 12:39 . 2008-08-27 12:46 <REP> d-------- C:\Users\Valérie\AppData\Roaming\Adobe

2008-08-27 12:26 . 2008-08-27 12:26 <REP> d-------- C:\Users\Wam\AppData\Roaming\Yahoo!

2008-08-27 12:16 . 2008-08-27 12:20 <REP> d-------- C:\Program Files\Windows Live

2008-08-27 12:16 . 2008-08-27 13:17 <REP> d----c--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-08-27 12:15 . 2008-08-27 12:15 <REP> d-------- C:\Users\All Users\WLInstaller

2008-08-27 12:15 . 2008-08-27 12:15 <REP> d-------- C:\ProgramData\WLInstaller

2008-08-27 11:55 . 2008-08-27 11:55 <REP> d-------- C:\Program Files\Hercules

2008-08-27 11:54 . 2008-08-27 14:02 <REP> d-------- C:\Windows\OvtCam

2008-08-27 11:54 . 2005-03-15 17:04 161,792 --a------ C:\Windows\System32\drivers\ov530vid.sys

2008-08-27 11:54 . 2004-08-05 17:34 61,440 --a------ C:\Windows\ov530dib.dll

2008-08-27 11:54 . 2005-09-30 09:42 40,960 --a------ C:\Windows\System32\ov530ext.dll

2008-08-27 11:54 . 2004-11-09 00:37 25,177 --a------ C:\Windows\System32\drivers\ov530cmd.sys

2008-08-27 11:54 . 2005-09-30 09:56 18,972 --a------ C:\Windows\System32\ov530ext.ax

2008-08-27 11:54 . 2004-07-20 01:50 16,440 --a------ C:\Windows\System32\ov530usd.dll

2008-08-27 11:46 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll

2008-08-27 11:42 . 2008-08-27 11:42 <REP> d-------- C:\Program Files\MSXML 4.0

2008-08-27 11:41 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll

2008-08-27 11:39 . 2008-04-26 10:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe

2008-08-27 11:26 . 2008-08-27 11:26 <REP> d-------- C:\Users\Valérie\AppData\Roaming\Macromedia

2008-08-27 11:26 . 2008-08-27 11:26 <REP> d-------- C:\Users\Valérie\AppData\Roaming\ATI

2008-08-27 11:25 . 2008-08-29 01:04 <REP> dr------- C:\Users\Valérie\Videos

2008-08-27 11:25 . 2008-08-29 01:04 <REP> dr------- C:\Users\Valérie\Videos

2008-08-27 11:25 . 2008-08-29 01:04 <REP> dr------- C:\Users\Valérie\Searches

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-31 10:25 1,048,576 --sha-w C:\Users\Valérie\ntuser.dat

2008-08-31 10:25 1,048,576 --sha-w C:\Users\Valérie\ntuser.dat

2008-08-31 07:13 --------- d-----w C:\ProgramData\Microsoft Help

2008-08-31 07:12 --------- d-----w C:\Program Files\Microsoft Works

2008-08-30 11:46 --------- d-----w C:\ProgramData\eSobi

2008-08-28 22:08 --------- d-----w C:\Program Files\Yahoo!

2008-08-27 20:57 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPRR____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLV____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLST___.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLEV___.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLED___.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPLC____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPC_____.FOT

2008-08-27 15:13 1,409 ----a-w C:\Windows\Fonts\MPAJ____.FOT

2008-08-27 12:06 --------- d-s---w C:\Users\Valérie\AppData\Roaming\Microsoft

2008-08-27 12:02 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-27 11:22 --------- d-----w C:\Program Files\McAfee

2008-08-27 11:10 --------- d-----w C:\ProgramData\SiteAdvisor

2008-08-27 10:46 --------- d-----w C:\Users\Valérie\AppData\Roaming\Adobe

2008-08-27 09:48 --------- d-----w C:\Program Files\Windows Mail

2008-08-27 09:26 --------- d-----w C:\Users\Valérie\AppData\Roaming\Macromedia

2008-08-27 09:26 --------- d-----w C:\Users\Valérie\AppData\Roaming\ATI

2008-08-27 09:25 --------- d-----w C:\Users\Valérie\AppData\Roaming\Identities

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Modèles

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Menu Démarrer

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Favoris

2008-08-27 07:53 --------- d-sh--w C:\ProgramData\Bureau

2008-08-27 07:53 --------- d-sh--w C:\Program Files\Fichiers communs

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL

2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-06-05 02:42 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll

2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll

2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll

2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll

2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll

2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll

2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll

2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll

2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll

2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll

2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll

2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll

2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll

2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin

2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin

2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll

2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll

2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll

2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll

2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll

2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe

2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe

2008-05-06 02:10 749,568 ----a-w C:\Windows\AcerStore.exe

2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini

2007-04-23 12:21 269,824 ----a-w C:\Windows\inf\WG111v3\Vista64\wg111v3.sys

2007-04-23 12:19 227,328 ----a-w C:\Windows\inf\WG111v3\WG111v3.sys

2007-04-23 12:19 227,328 ----a-w C:\Windows\inf\WG111v3\Vista\wg111v3.sys

2006-12-15 09:30 98,304 ----a-w C:\Windows\inf\WG111v3\UScanM.exe

2006-12-15 09:30 315,392 ----a-w C:\Windows\inf\WG111v3\InstallDriver.exe

2006-12-15 09:30 28,672 ----a-w C:\Windows\inf\WG111v3\SetDrv.exe

2006-12-15 09:30 212,992 ----a-w C:\Windows\inf\WG111v3\CopyWHQLDriver.exe

2006-12-15 09:30 20,480 ----a-w C:\Windows\inf\WG111v3\RTWUPath.exe

2006-12-15 09:30 19,968 ----a-w C:\Windows\inf\WG111v3\RTWREFU.EXE

.

 

((((((((((((((((((((((((((((( snapshot@2008-08-30_ 0.00.29.11 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-05 02:57:20 23,558 ----a-r C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\ARPPRODUCTICON.exe

+ 2008-08-30 11:46:56 247,638 ----a-r C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\ARPPRODUCTICON.exe

- 2008-06-05 02:57:20 290,816 ----a-r C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\esobi_app_15D967B5A4BE42AE9E8464CD062B25AA.exe

+ 2008-08-30 11:46:56 290,816 ----a-r C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\esobi_app_15D967B5A4BE42AE9E8464CD062B25AA.exe

- 2008-06-05 02:57:20 290,816 ----a-r C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\esobi_app_desktop_15D967B5A4BE42AE9E8464CD062B25AA.exe

+ 2008-08-30 11:46:56 290,816 ----a-r C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\esobi_app_desktop_15D967B5A4BE42AE9E8464CD062B25AA.exe

- 2008-08-29 21:28:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-08-31 09:37:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-08-29 21:28:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-08-31 09:37:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-08-29 21:30:03 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-08-31 09:38:55 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-08-31 09:38:55 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-08-29 21:30:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-08-31 09:38:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-08-31 09:38:50 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-08-29 21:28:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-08-31 09:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-08-29 21:28:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-08-31 09:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-08-29 21:28:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-08-31 09:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-08-29 21:58:09 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-08-31 10:25:24 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-08-31 10:25:24 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1

- 2008-08-27 20:59:33 1,661,272 ----a-w C:\Windows\System32\FNTCACHE.DAT

+ 2008-08-31 07:14:39 1,658,936 ----a-w C:\Windows\System32\FNTCACHE.DAT

- 2008-08-29 21:35:02 101,052 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-08-31 09:42:02 101,052 ----a-w C:\Windows\System32\perfc009.dat

- 2008-08-29 21:35:02 123,350 ----a-w C:\Windows\System32\perfc00C.dat

+ 2008-08-31 09:42:02 123,350 ----a-w C:\Windows\System32\perfc00C.dat

- 2008-08-29 21:35:02 586,980 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-08-31 09:42:02 586,980 ----a-w C:\Windows\System32\perfh009.dat

- 2008-08-29 21:35:02 669,328 ----a-w C:\Windows\System32\perfh00C.dat

+ 2008-08-31 09:42:02 669,328 ----a-w C:\Windows\System32\perfh00C.dat

- 2008-08-29 21:27:57 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat

+ 2008-08-31 08:32:01 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat

- 2008-08-29 21:30:48 5,380 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2571914964-1430876280-426546182-1000_UserData.bin

+ 2008-08-31 09:39:05 6,104 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2571914964-1430876280-426546182-1000_UserData.bin

- 2008-08-29 21:30:48 73,984 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-08-31 09:39:05 74,118 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-08-29 21:30:47 51,058 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-08-31 09:39:04 52,236 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2008-08-29 14:12:19 86,315 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-08-31 08:23:51 175,166 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-05-10 03:30:49 858,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..ilityanalysisengine_31bf3856ad364e35_6.0.6000.16687_none_863728a999516b76\RacEngn.dll

+ 2008-05-10 03:13:37 858,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..ilityanalysisengine_31bf3856ad364e35_6.0.6000.20832_none_86f1d584b24afdff\RacEngn.dll

+ 2008-05-10 03:35:20 885,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..ilityanalysisengine_31bf3856ad364e35_6.0.6001.18069_none_883507bb9665f733\RacEngn.dll

+ 2008-05-10 03:21:35 885,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..ilityanalysisengine_31bf3856ad364e35_6.0.6001.22176_none_88b0d3bcaf8e66e9\RacEngn.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:23 1233920]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 04:25 125952]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 03:18 443968]

"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2008-07-09 13:43 2136064]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 13:31 319488]

"EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 13:31 319488]

"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 23:38 526896]

"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 19:49 204908]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]

"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 19:57 34040]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-27 21:39 29744]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 07:21 5369856 C:\Windows\RtHDVCpl.exe]

 

C:\Users\Wam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [2007-09-14 10:24:06 1695744]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-11 11:10:00 394856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{39483AF4-6277-434A-8C81-EEA2C2461D24}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live

"{8719D5E1-793E-4F9D-88DD-78C00BCDF5D7}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician

"{4D7E353C-F160-4D1E-B45D-FBAF340ED2ED}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD

"{3F1AC602-C49C-4B07-AAC9-F573A6DE6DDB}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician

"{366F7CF6-4D0E-4110-8DF8-4D6586841F01}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine

"{BD637667-56BC-43ED-9884-B9B585628618}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia

"{01FF3703-8975-429B-875A-AB12919BCBC8}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect

"{473DFFBF-F989-48BF-8937-0650C5A6DB8B}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service

"{E2448DCF-9832-4280-BA97-EF6465FCD0C1}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator

"{2FB1E4DC-655B-4D66-BC5F-35F864C3CAF8}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{4801CD5B-F558-4808-9CD9-4DFB2F24AC55}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{616AABAB-E816-4AAD-8898-F38B1255D749}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{FD0915E6-9BAD-4C0E-98F8-71A181A5E87C}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{EAC16019-5FFD-4479-9BD1-FF44C6A1B94C}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{41BD57FF-08B7-4BBF-9C4D-841047B98225}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{71601132-DFFE-4DCE-95B3-5900799EEB1D}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{203193B0-DC74-4F91-B57A-E4676324A6C0}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

"TCP Query User{1700F0E7-0C4A-48EF-B683-39EA20456A31}C:\\users\\wam\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\wam\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"UDP Query User{88B1733F-727D-4D99-A5CE-67D908A41F11}C:\\users\\wam\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\wam\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"{EBDF6D30-E9D1-47A5-8CD1-1CDF9514292E}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp

"{A9E1E3A8-D134-4FF3-8D7B-2198638C0508}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp

"{137680FD-D621-4F63-B3FD-DAC52CFC22E8}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice

"{6657B234-CB7A-4E77-90CA-BE121A3BE73D}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice

 

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:23]

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 19:49]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 19:57]

R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 13:30]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 03:02]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 19:53]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 16:58]

R3 ovt530;Webcam Classic;C:\Windows\system32\Drivers\ov530vid.sys [2005-03-15 17:04]

R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v3.sys [2007-04-23 14:19]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 04:51]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-27 21:39]

S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 20:57]

S4 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 08:45]

S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:23]

S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:23]

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\Wam\AppData\Roaming\Mozilla\Firefox\Profiles\nb924ai7.default\

FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-31 12:27:00

Windows 6.0.6001 Service Pack 1 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-08-31 12:28:11

ComboFix-quarantined-files.txt 2008-08-31 10:28:08

ComboFix2.txt 2008-08-29 22:13:20

ComboFix3.txt 2008-08-29 22:01:16

 

Pre-Run: 132,663,820,288 octets libres

Post-Run: 132,639,662,080 octets libres

 

373 --- E O F --- 2008-08-31 08:24:27

Invité
Ce sujet ne peut plus recevoir de nouvelles réponses.
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...