[résolu] pubs intempestives + vista antispyware 2010 (aïe!)

[moustikette1711]

Bonjour à tous !

Voila j'ai un soucis ...

Je posséde un pc portable fonctionnant sous vista edition familiale ...

J'avais déja les fenetres de pubs inempestives d'explorer, que je n'ai pas reussi a eliminer de moi même ..

Ce matin, vista antispiware 2010 à decidé de pointer son nez sur mon pc, j'aime pas trop ca a vrai dire ...

Je me suis donc balladée sur le forum, et j'ai téléchargé MBAM, mais une fois téléchargé, il ne veut pas s'installé ...Ca commence vraiment mal, car je voulais poster mon rapport...

Je crois que mon pc est plein de soucis en fait ...

En attendant un peu d'aide, je vous remercie

[moustikette1711]

Ca y est j'ai reussi, MBAM à deja fait un bon boulot je trouve, mon pc a repris en rapidité, et j'ai un message d'erreur qui est parti, que j'avais avant, mais je pense pas que cela soit suffisant ...Voici mon rapport de MBAM :

 

 

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3739

Windows 6.0.6000

Internet Explorer 7.0.6000.16982

 

14/02/2010 20:15:00

mbam-log-2010-02-14 (20-15-00).txt

 

Type de recherche: Examen complet (C:\|D:\|F:\|)

Eléments examinés: 270247

Temps écoulé: 1 hour(s), 17 minute(s), 56 second(s)

 

Processus mémoire infecté(s): 1

Module(s) mémoire infecté(s): 2

Clé(s) du Registre infectée(s): 27

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 3

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 18

 

Processus mémoire infecté(s):

C:\Users\Moustiiick\AppData\Local\av.exe (Rogue.MultipleAV) -> Unloaded process successfully.

 

Module(s) mémoire infecté(s):

C:\Windows\System32\CNHIPRO32.dll (Trojan.Agent) -> Delete on reboot.

C:\Windows\System32\804b842b-c3d5-7f87-4d88-537220f5eda4.dll (Trojan.BHO) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{243178bc-ff62-e53e-65f0-49002291f936} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{243178bc-ff62-e53e-65f0-49002291f936} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243178bc-ff62-e53e-65f0-49002291f936} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\chrtgystje (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{de8bcb48-5110-dc24-46d9-be1f47265949} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\secfile (Trojan.Fakealert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MessengerSkinner (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14942dba-1602-e5ce-0dd0-032cfe9ccad6} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{14942dba-1602-e5ce-0dd0-032cfe9ccad6} (Trojan.BHO) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfsuvbkjuxkaqlg (Trojan.Agent) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\cnhipro32.dll -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: system32\cnhipro32.dll -> Delete on reboot.

HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\Users\Aurore\AppData\Roaming\WinButler (Adware.WinButler) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Users\Aurore\Local Settings\Application Data\iymsgyo_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Users\Aurore\Local Settings\Application Data\iymsgyo_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Users\Aurore\Local Settings\Application Data\iymsgyo.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Users\Aurore\Local Settings\Application Data\okomkce_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Users\Aurore\Local Settings\Application Data\okomkce_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Users\Aurore\Local Settings\Application Data\okomkce.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Windows\System32\CNHIPRO32.dll (Trojan.Agent) -> Delete on reboot.

C:\Windows\System32\804b842b-c3d5-7f87-4d88-537220f5eda4.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\Internet Explorer\MSIMG32.dll.ren (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Users\Moustiiick\AppData\Local\Temp\2616.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Windows\System32\chrtgystje.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\System32\u_cniqpyqrpzlw.dll.exe (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Users\Aurore\AppData\Roaming\WinButler\config.cfg (Adware.WinButler) -> Quarantined and deleted successfully.

C:\Users\Moustiiick\AppData\Local\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

C:\Users\Moustiiick\Local Settings\Application Data\av.exe (ROGUE.Win7Antispyware2010) -> Quarantined and deleted successfully.

C:\Windows\System32\uixvfolhtbgoediw.dll (Trojan.Agent) -> Quarantined and deleted successfully.

[moustikette1711]

Logfile of random's system information tool 1.06 (written by random/random)

Run by Moustiiick at 2010-02-15 14:04:46

Microsoft® Windows Vista™ Édition Familiale Premium

System drive C: has 11 GB (15%) free of 72 GB

Total RAM: 2046 MB (50% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:05:03, on 15/02/2010

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16982)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\HiYo\Bin\HiYo.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\taskeng.exe

C:\Users\MOUSTI~1\AppData\Local\Temp\RtkBtMnt.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Moustiiick\Downloads\RSIT.exe

C:\Program Files\trend micro\Moustiiick.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.hiyo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: MSIEPlugin - {4B0FAF5A-67C4-4625-AE07-B0DBADA16EBF} - C:\ProgramData\uPlayMe\plugins\MSIE.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [drv acid] "C:\ProgramData\EncCopyCopy.rjng3"

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O13 - Gopher Prefix:

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\Windows\System32\CNHIPRO32.dll eNetHook.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio.exe (file missing)

 

--

End of file - 10414 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\Ad-Aware Update (Daily 1).job

C:\Windows\tasks\Ad-Aware Update (Daily 2).job

C:\Windows\tasks\Ad-Aware Update (Daily 3).job

C:\Windows\tasks\Ad-Aware Update (Daily 4).job

C:\Windows\tasks\Ad-Aware Update (Weekly).job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\User_Feed_Synchronization-{2184D04A-1F7B-405C-9814-C5297D952E5F}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B0FAF5A-67C4-4625-AE07-B0DBADA16EBF}]

MSIEPlugin Class - C:\ProgramData\uPlayMe\plugins\MSIE.dll [2008-06-28 147456]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}]

LinkToContent Class - C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-30 812528]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-28 35840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-01-02 151552]

{A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - SYSTRAN Web Translator 5.0 - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll [2005-03-10 262144]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-07-22 1006264]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]

"Acer Tour"= []

"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-12-20 90191]

"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-12-20 7766016]

"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-12-20 81920]

"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-01-02 464168]

"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-12-21 659456]

"eRecoveryService"= []

"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]

"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-01-14 151552]

"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]

"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]

"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]

"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-02-13 35328]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-28 148888]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]

"Hiyo"=C:\Program Files\HiYo\bin\HiYo.exe [2009-10-15 206192]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-17 39408]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]

"drv acid"=C:\ProgramData\EncCopyCopy.rjng3 [2009-08-13 86032]

"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-02-14 3037696]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\Windows\System32\CNHIPRO32.dll eNetHook.dll"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"LogonHoursAction"=2

"DontDisplayLogonHoursWarnings"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu"

"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption"

"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======List of files/folders created in the last 1 months======

 

2010-02-15 14:04:46 ----D---- C:\rsit

2010-02-15 14:04:46 ----D---- C:\Program Files\trend micro

2010-02-14 17:58:20 ----D---- C:\Users\Moustiiick\AppData\Roaming\Malwarebytes

2010-02-14 17:58:12 ----D---- C:\ProgramData\Malwarebytes

2010-02-14 17:58:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-02-14 15:30:26 ----D---- C:\Users\Moustiiick\AppData\Roaming\Spyware Terminator

2010-02-14 15:30:15 ----D---- C:\ProgramData\Spyware Terminator

2010-02-14 15:30:13 ----D---- C:\Program Files\Spyware Terminator

2010-02-10 14:15:12 ----A---- C:\Windows\system32\ntoskrnl.exe

2010-02-10 14:15:10 ----A---- C:\Windows\system32\ntkrnlpa.exe

2010-02-10 14:14:53 ----A---- C:\Windows\system32\tcpipcfg.dll

2010-02-10 14:14:53 ----A---- C:\Windows\system32\netiougc.exe

2010-02-10 14:14:47 ----A---- C:\Windows\system32\quartz.dll

2010-02-10 14:14:47 ----A---- C:\Windows\system32\msvidc32.dll

2010-02-10 14:14:46 ----A---- C:\Windows\system32\msyuv.dll

2010-02-10 14:14:46 ----A---- C:\Windows\system32\msrle32.dll

2010-02-10 14:14:46 ----A---- C:\Windows\system32\iyuv_32.dll

2010-02-10 14:14:45 ----A---- C:\Windows\system32\tsbyuv.dll

2010-02-10 14:14:45 ----A---- C:\Windows\system32\mciavi32.dll

2010-02-10 14:14:45 ----A---- C:\Windows\system32\avifil32.dll

2010-02-10 14:14:44 ----A---- C:\Windows\system32\msvfw32.dll

2010-02-10 14:14:44 ----A---- C:\Windows\system32\avicap32.dll

2010-02-04 22:22:36 ----D---- C:\Program Files\Common Files\DivX Shared

2010-02-02 21:24:12 ----A---- C:\Users\Moustiiick\AppData\Roaming\Rrl2REDMIGO0nUB.vbs

2010-02-02 17:24:02 ----A---- C:\Users\Moustiiick\AppData\Roaming\dhUTL6v.vbs

2010-02-01 21:33:20 ----A---- C:\Users\Moustiiick\AppData\Roaming\Dbo9oGw.vbs

2010-02-01 17:33:03 ----A---- C:\Users\Moustiiick\AppData\Roaming\1IRKa.vbs

2010-01-31 17:31:21 ----A---- C:\Users\Moustiiick\AppData\Roaming\ahixOfcGRV3x4.vbs

2010-01-31 13:27:50 ----A---- C:\Users\Moustiiick\AppData\Roaming\NkA3Nv0tFAiVQM2.vbs

2010-01-30 21:19:00 ----A---- C:\Users\Moustiiick\AppData\Roaming\nk2NItzgP9Nbk.vbs

2010-01-30 16:35:33 ----A---- C:\Users\Moustiiick\AppData\Roaming\Sok6kiG.vbs

2010-01-30 12:09:09 ----A---- C:\Users\Moustiiick\AppData\Roaming\5OUcLCz.vbs

2010-01-30 11:28:10 ----A---- C:\Users\Moustiiick\AppData\Roaming\33QQbtl.vbs

2010-01-29 16:27:21 ----A---- C:\Users\Moustiiick\AppData\Roaming\bJZ1SOq.vbs

2010-01-28 20:45:53 ----A---- C:\Users\Moustiiick\AppData\Roaming\qS9cy9zXED6uo2i.vbs

2010-01-27 17:53:15 ----A---- C:\Users\Moustiiick\AppData\Roaming\c0j7p.vbs

2010-01-26 21:15:17 ----A---- C:\Users\Moustiiick\AppData\Roaming\tXEze2e.vbs

2010-01-25 18:07:27 ----A---- C:\Users\Moustiiick\AppData\Roaming\BrnWv.vbs

2010-01-24 20:37:35 ----A---- C:\Users\Moustiiick\AppData\Roaming\mMyzlXh.vbs

2010-01-23 12:13:39 ----A---- C:\Users\Moustiiick\AppData\Roaming\iS2CBRD.vbs

2010-01-22 18:43:16 ----A---- C:\Windows\system32\mshtml.dll

2010-01-22 18:43:14 ----A---- C:\Windows\system32\wininet.dll

2010-01-22 18:43:12 ----A---- C:\Windows\system32\urlmon.dll

2010-01-22 18:43:11 ----A---- C:\Windows\system32\ieframe.dll

2010-01-22 18:43:09 ----A---- C:\Windows\system32\mstime.dll

2010-01-22 18:43:09 ----A---- C:\Windows\system32\ieapfltr.dll

2010-01-22 18:43:07 ----A---- C:\Windows\system32\iedkcs32.dll

2010-01-22 18:43:06 ----A---- C:\Windows\system32\occache.dll

2010-01-22 18:43:06 ----A---- C:\Windows\system32\iertutil.dll

2010-01-22 18:43:06 ----A---- C:\Windows\system32\dxtmsft.dll

2010-01-22 18:43:05 ----A---- C:\Windows\system32\mshtmled.dll

2010-01-22 18:43:05 ----A---- C:\Windows\system32\msfeeds.dll

2010-01-22 18:43:05 ----A---- C:\Windows\system32\ieaksie.dll

2010-01-22 18:43:04 ----A---- C:\Windows\system32\ieencode.dll

2010-01-22 18:43:04 ----A---- C:\Windows\system32\icardie.dll

2010-01-22 18:43:04 ----A---- C:\Windows\system32\dxtrans.dll

2010-01-22 18:43:03 ----A---- C:\Windows\system32\jsproxy.dll

2010-01-22 18:43:03 ----A---- C:\Windows\system32\advpack.dll

2010-01-22 18:43:03 ----A---- C:\Windows\system32\admparse.dll

2010-01-22 18:43:02 ----A---- C:\Windows\system32\ieui.dll

2010-01-22 18:43:02 ----A---- C:\Windows\system32\iesetup.dll

2010-01-22 18:43:02 ----A---- C:\Windows\system32\iernonce.dll

2010-01-22 18:43:01 ----A---- C:\Windows\system32\pngfilt.dll

2010-01-22 18:43:01 ----A---- C:\Windows\system32\ieUnatt.exe

2010-01-22 18:43:01 ----A---- C:\Windows\system32\ie4uinit.exe

2010-01-22 18:43:00 ----A---- C:\Windows\system32\ieakui.dll

2010-01-22 18:42:59 ----A---- C:\Windows\system32\mshtmler.dll

2010-01-22 18:29:58 ----A---- C:\Users\Moustiiick\AppData\Roaming\ar13bDlL5Oua4.vbs

2010-01-21 18:25:00 ----A---- C:\Users\Moustiiick\AppData\Roaming\z83j62THPwSta.vbs

2010-01-20 21:11:40 ----D---- C:\Program Files\Microsoft Silverlight

2010-01-20 18:06:17 ----A---- C:\Users\Moustiiick\AppData\Roaming\myqguJe.vbs

2010-01-19 19:32:59 ----A---- C:\Users\Moustiiick\AppData\Roaming\pdK3k0ZJUbXCHWx.vbs

2010-01-18 21:45:00 ----A---- C:\Users\Moustiiick\AppData\Roaming\3mXZl2l0PBLAU.vbs

 

======List of files/folders modified in the last 1 months======

 

2010-02-15 14:05:02 ----D---- C:\Windows\Temp

2010-02-15 14:04:46 ----RD---- C:\Program Files

2010-02-15 14:04:46 ----D---- C:\Windows\Prefetch

2010-02-14 21:18:57 ----SHD---- C:\System Volume Information

2010-02-14 21:00:09 ----D---- C:\Windows\tracing

2010-02-14 20:47:32 ----AD---- C:\Windows\System32

2010-02-14 20:47:31 ----D---- C:\Windows\inf

2010-02-14 20:47:31 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-02-14 20:20:25 ----AD---- C:\Windows

2010-02-14 20:20:17 ----D---- C:\Windows\ehome

2010-02-14 20:20:17 ----AD---- C:\Windows\system32\drivers

2010-02-14 20:15:00 ----D---- C:\Program Files\Internet Explorer

2010-02-14 17:58:12 ----HD---- C:\ProgramData

2010-02-14 16:32:11 ----D---- C:\Windows\Debug

2010-02-11 17:53:04 ----D---- C:\Windows\winsxs

2010-02-11 17:52:55 ----D---- C:\Windows\system32\catroot

2010-02-11 17:52:54 ----D---- C:\Windows\system32\catroot2

2010-02-11 17:49:26 ----D---- C:\Windows\system32\migration

2010-02-11 17:49:26 ----D---- C:\Program Files\Windows Mail

2010-02-04 22:29:34 ----D---- C:\Program Files\Google

2010-02-04 22:23:50 ----D---- C:\Program Files\DivX

2010-02-04 22:22:55 ----SHD---- C:\Windows\Installer

2010-02-04 22:22:36 ----D---- C:\Program Files\Common Files

2010-02-04 22:07:16 ----D---- C:\Users\Moustiiick\AppData\Roaming\DivX

2010-02-02 19:31:49 ----RSD---- C:\Windows\assembly

2010-02-02 19:31:48 ----D---- C:\Program Files\OpenOffice.org 2.2

2010-02-02 18:58:42 ----D---- C:\Users\Moustiiick\AppData\Roaming\OpenOffice.org2

2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe

2010-01-30 12:08:39 ----D---- C:\Windows\Tasks

2010-01-30 12:08:39 ----D---- C:\Windows\system32\Tasks

2010-01-26 22:02:31 ----D---- C:\ProgramData\Lavasoft

2010-01-26 22:02:30 ----DC---- C:\Windows\system32\DRVSTORE

2010-01-23 12:09:07 ----D---- C:\Windows\AppPatch

2010-01-20 22:22:38 ----D---- C:\Program Files\Mozilla Firefox

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-09-15 23152]

R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-09-15 114768]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-09-15 52368]

R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2010-02-14 142592]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]

R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]

R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]

R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 534016]

R3 Cam5607;Acer OrbiCam; C:\Windows\System32\Drivers\BisonC07.sys [2005-11-29 792368]

R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-15 14208]

R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]

R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-09 1647976]

R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\lvusbsta.sys [2004-10-11 22016]

R3 NVENETFD;Pilote du contrôleur de réseau NVIDIA nForce; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-12-20 4448160]

R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 11520]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]

R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-11-15 11264]

S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys []

S2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys []

S3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]

S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]

S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 534016]

S3 catchme;catchme; \??\C:\Users\Aurore\AppData\Local\Temp\catchme.sys []

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-03-15 14336]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]

S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys []

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys []

S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]

S3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2006-12-10 6144]

S3 PID_0928;Labtec WebCam(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2004-10-11 211712]

S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]

S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]

S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]

S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-07-30 719392]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]

R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-01-02 457512]

R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-12-22 24576]

R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-28 126976]

R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2006-12-28 49152]

R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-02 24576]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]

R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-02-14 488960]

R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 135168]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]

S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []

S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]

S2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe []

S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2009-02-03 398848]

S3 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2009-05-05 69120]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-14 182768]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-03-15 216232]

 

-----------------EOF-----------------

 

et le 2eme rapport :

 

 

 

 

info.txt logfile of random's system information tool 1.06 2010-02-15 14:05:06

 

======Uninstall list======

 

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}

-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall

7-Zip 4.62-->"C:\Program Files\7-Zip\Uninstall.exe"

Acer Arcade Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall

Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL

Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x40c -removeonly

Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly

Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x40c -removeonly

Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x40c -removeonly

Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x40c -removeonly

Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x40c -removeonly

Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI

Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly

Acer OrbiCam-->Rundll32.exe BisonR07.dll,WinMainRmv

Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly

Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Photoshop Elements 2.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"

Adobe Reader 8.1.4 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}

Adobe Shockwave Player 11.5-->C:\Windows\system32\Adobe\uninstaller.exe

ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F96368D6-ECE9-4502-B5C4-A4200637F2A3}\Setup.exe" -l0x40c

Ares 2.1.1-->"C:\Program Files\Ares\uninstall.exe"

a-squared Free 3.5-->"C:\Program Files\a-squared Free\unins000.exe"

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

Bomberclone-->"C:\Program Files\bomberclone\uninstall.exe"

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Contextual Tool Milehighads-->C:\Windows\system32\3337ef6d-1b2f-b94f-e6da-fbf63d88b328.exe

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS

DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Favorit-->c:\users\aurore\appdata\local\bcjemt.bat

Favorit-->c:\users\aurore\appdata\local\idxruok.bat

Favorit-->c:\users\aurore\appdata\local\kmaykuu.bat

Favorit-->c:\users\aurore\appdata\local\vltkbjyp.bat

FixMessenger-->C:\Program Files\FixMessenger\uninstall.exe

Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}

Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.0.249.89\Installer\setup.exe" --uninstall --system-level

Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}

Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

HiYo -->MsiExec.exe /X{1353AD69-6F86-484F-B56B-3508F60ACCC4} ARPVAL="UnInst" /qf /L*V "%temp%\HiYoUninstallLog.log"

HiYo-->MsiExec.exe /X{1353AD69-6F86-484F-B56B-3508F60ACCC4}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}

Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI

Les Sims 2-->C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe

livebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x40c

Ma-Config.com-->MsiExec.exe /X{560BD6E0-0BA6-43AF-B423-E1DF4D2EB3C3}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Mario Forever 3.5-->C:\Program Files\Mario Forever\uninst.exe

MaxTV-->"C:\Windows\MaxTV\uninstall_maxtv.exe" "/U:C:\Program Files\DMV\MaxTV4\Uninstall\MaxTV\uninstall_maxtv.xml"

MediaMonkey 3.0-->"C:\Program Files\MediaMonkey\unins000.exe"

Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}

Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}

Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe

Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly

NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7

NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Pacman 2005 1.1-->C:\Program Files\Pacman 2005\uninst.exe

PaperPort-->MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}

Photocite Collection 4-->"C:\Program Files\Photocite Collection 4\Photocite Collection 4\uninstall.exe"

PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"

PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall

QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly

RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}

SM-->C:\Program Files\SM\uninstaller.exe

Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}

Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

SYSTRAN Web Translator 5.0-->MsiExec.exe /I{E0B38894-0E4D-4AE1-B17E-CFBC3692E86A}

Tetris-->"C:\Program Files\Tetris\unins000.exe"

Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{F7B05784-334C-4F76-8BAB-30ABEB7FD534}\setup.exe -runfromtemp -l0x0409

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}

VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}

Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

 

======Security center information======

 

AV: Avira AntiVir PersonalEdition Classic (disabled)

AV: avast! antivirus 4.8.1356 [VPS 100215-0]

AS: Windows Defender

AS: Spyware Terminator (disabled)

AS: avast! antivirus 4.8.1356 [VPS 100215-0]

 

======System event log======

 

Computer Name: PC-de-Aurore

Event Code: 4001

Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

 

Record Number: 580682

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20100214191834.448400-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: PC-de-Aurore

Event Code: 6

Message: IRQARB : le BIOS ACP ne contient pas un IRQ pour le périphérique dans le connecteur PCI 2, fonction 0. Contactez le fabricant de votre ordinateur pour une assistance technique.

Record Number: 580683

Source Name: ACPI

Time Written: 20100214192008.921202-000

Event Type: Erreur

User:

 

Computer Name: PC-de-Aurore

Event Code: 6

Message: IRQARB : le BIOS ACP ne contient pas un IRQ pour le périphérique dans le connecteur PCI 3, fonction 0. Contactez le fabricant de votre ordinateur pour une assistance technique.

Record Number: 580684

Source Name: ACPI

Time Written: 20100214192008.921202-000

Event Type: Erreur

User:

 

Computer Name: PC-de-Aurore

Event Code: 6

Message: IRQARB : le BIOS ACP ne contient pas un IRQ pour le périphérique dans le connecteur PCI 4, fonction 0. Contactez le fabricant de votre ordinateur pour une assistance technique.

Record Number: 580685

Source Name: ACPI

Time Written: 20100214192008.921202-000

Event Type: Erreur

User:

 

Computer Name: PC-de-Aurore

Event Code: 4001

Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

 

Record Number: 580714

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20100214222910.874000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

=====Application event log=====

 

Computer Name: PC-de-Aurore

Event Code: 8194

Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

 

Opération :

Données du rédacteur en cours de collecte

 

Contexte :

ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}

Nom du rédacteur: System Writer

ID d’instance du rédacteur: {cc9b30bf-46bd-47ba-a338-87266f97ff66}

Record Number: 75645

Source Name: VSS

Time Written: 20100214154815.000000-000

Event Type: Erreur

User:

 

Computer Name: PC-de-Aurore

Event Code: 1000

Message: Application défaillante iexplore.exe, version 7.0.6000.16982, horodatage 0x4b2b56f5, module défaillant 804b842b-c3d5-7f87-4d88-537220f5eda4.dll, version 4.6.5.6, horodatage 0x4a8eb190, code d’exception 0xc0000005, décalage d’erreur 0x000ae8d5, ID du processus 0x16ac, heure de début de l’application 0x01caad8c1b5c87e4.

Record Number: 75649

Source Name: Application Error

Time Written: 20100214174651.000000-000

Event Type: Erreur

User:

 

Computer Name: PC-de-Aurore

Event Code: 1000

Message: Application défaillante regsvr32.exe, version 6.0.6000.16386, horodatage 0x4549b3c7, module défaillant ole32.dll, version 6.0.6000.16386, horodatage 0x4549bd92, code d’exception 0xc0000005, décalage d’erreur 0x0004101f, ID du processus 0x1634, heure de début de l’application 0x01caad8c1a64f8e4.

Record Number: 75651

Source Name: Application Error

Time Written: 20100214174658.000000-000

Event Type: Erreur

User:

 

Computer Name: PC-de-Aurore

Event Code: 1000

Message: Application défaillante regsvr32.exe, version 6.0.6000.16386, horodatage 0x4549b3c7, module défaillant ntdll.dll, version 6.0.6000.16386, horodatage 0x4549bdc9, code d’exception 0xc0000374, décalage d’erreur 0x000af1c9, ID du processus 0xa0, heure de début de l’application 0x01caad9f25314e54.

Record Number: 75653

Source Name: Application Error

Time Written: 20100214175749.000000-000

Event Type: Erreur

User:

 

Computer Name: PC-de-Aurore

Event Code: 5007

Message: Impossible d’analyser le fichier cible de la plateforme de signalement de problèmes Windows (fichier DLL contenant la liste des problèmes de l’ordinateur et nécessitant la collecte de données supplémentaires à des fins de diagnostic). Le code d’erreur était : 8014FFF9.

Record Number: 75683

Source Name: WerSvc

Time Written: 20100214192526.000000-000

Event Type: Erreur

User:

 

=====Security event log=====

 

Computer Name: PC-de-Aurore

Event Code: 4672

Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

 

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

ID d’ouverture de session : 0x3e7

 

Privilèges : SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 67773

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090724140334.326047-000

Event Type: Succès de l'audit

User:

 

Computer Name: PC-de-Aurore

Event Code: 5038

Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

 

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\eNetHook.dll

Record Number: 67774

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090724140334.794050-000

Event Type: Échec de l'audit

User:

 

Computer Name: PC-de-Aurore

Event Code: 5056

Message: Un autotest de chiffrement a été effectué.

 

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : PC-DE-AURORE$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

 

Module : ncrypt.dll

 

Code de retour : 0x0

Record Number: 67775

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090724140335.588455-000

Event Type: Succès de l'audit

User:

 

Computer Name: PC-de-Aurore

Event Code: 4648

Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

 

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : PC-DE-AURORE$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

 

Compte dont les informations d’identification ont été utilisées :

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

 

Serveur cible :

Nom du serveur cible : localhost

Informations supplémentaires : localhost

 

Informations sur le processus :

ID du processus : 0x264

Nom du processus : C:\Windows\System32\services.exe

 

Informations sur le réseau :

Adresse du réseau : -

Port : -

 

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.

Record Number: 67776

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090724140337.021455-000

Event Type: Succès de l'audit

User:

 

Computer Name: PC-de-Aurore

Event Code: 4624

Message: L’ouverture de session d’un compte s’est correctement déroulée.

 

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : PC-DE-AURORE$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

 

Type d’ouverture de session : 5

 

Nouvelle ouverture de session :

ID de sécurité : S-1-5-18

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

ID d’ouverture de session : 0x3e7

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

 

Informations sur le processus :

ID du processus : 0x264

Nom du processus : C:\Windows\System32\services.exe

 

Informations sur le réseau :

Nom de la station de travail :

Adresse du réseau source : -

Port source : -

 

Informations détaillées sur l’authentification :

Processus d’ouverture de session : Advapi

Package d’authentification : Negotiate

Services en transit : -

Nom du package (NTLM uniquement) : -

Longueur de la clé : 0

 

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

 

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

 

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

 

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

 

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

 

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.

- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .

- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.

- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.

- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.

Record Number: 67777

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090724140337.021455-000

Event Type: Succès de l'audit

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\C:\Program Files\DMV\MaxTV4\plugins;;C:\Program Files\Common Files\DivX Shared\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 72 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=4802

"NUMBER_OF_PROCESSORS"=2

"LANG"=fr

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

 

-----------------EOF-----------------

 

 

 

 

 

 

Je ne suis pas super callée niveau informatique, alors je vous remercie d'avance =) !En esperant que vous arriviez a me venir un ti peu en aide =)

[Thanos]

salut

 

MalwareBytes a fait du ménage, mais ce n'est pas fini! >>

 

Commence par désactiver l'antivirus Avast, car il risque d'interférer avec le programme.

Pour cela, clique sur le bouton "Pause" avant de commencer le scan >

 

• Fais un clic sur le bouton droit de ta souris ICI
  
• Choisis Enregistrer la cible (du lien) sous > une fenêtre s'ouvre >>
  
• Dans le champs à droite de "Nom du Fichier" en bas de page, modifie le nom présent (ComboFix.exe) et met ceci >> moustikette.exe
  
• Enregistre-le fichier sur le Bureau: pour cela clique sur le bouton Enregistrer.
  
• Assure toi que tous les programmes soient fermés avant de lancer le fix!
  
• Fais un clic droit sur le fichier moustikette.exe puis choisis Exécuter en tant qu'administrateur.
  
• Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
  

[moustikette1711]

voila le rapport de combofix :

 

 

 

 

ComboFix 10-02-12.01 - Moustiiick 15/02/2010 15:40:19.1.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2046.1043 [GMT 1:00]

Lancé depuis: c:\users\Moustiiick\Desktop\moustikette.exe

AV: avast! antivirus 4.8.1356 [VPS 100215-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

SP: avast! antivirus 4.8.1356 [VPS 100215-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-2492016988-1816517082-3097804572-500

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

c:\users\Moustiiick\AppData\Local\Microsoft\Windows\Temporary Internet Files\1ec863c9-39a5-728d-7306-5953f2f18936

c:\users\Moustiiick\AppData\Local\Microsoft\Windows\Temporary Internet Files\8YoP5nXA5.jpg

c:\users\Moustiiick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Bby83p.jpg

c:\users\Moustiiick\AppData\Local\Microsoft\Windows\Temporary Internet Files\pNbxm.jpg

c:\users\Moustiiick\AppData\Local\Microsoft\Windows\Temporary Internet Files\XJXyX.jpg

c:\users\Moustiiick\AppData\Roaming\02000000ec7ddb5a663C.manifest

c:\users\Moustiiick\AppData\Roaming\02000000ec7ddb5a663O.manifest

c:\users\Moustiiick\AppData\Roaming\02000000ec7ddb5a663P.manifest

c:\users\Moustiiick\AppData\Roaming\02000000ec7ddb5a663S.manifest

c:\windows\system32\3337ef6d-1b2f-b94f-e6da-fbf63d88b328.exe

c:\windows\system32\IP94d.vbs

 

----- BITS: Il y a peut-être des sites infectés -----

 

hxxp://au.download.windj+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cv

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_Boonty Games

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-01-15 au 2010-02-15 ))))))))))))))))))))))))))))))))))))

.

 

2010-02-15 14:48 . 2010-02-15 14:55 -------- d-----w- c:\users\Moustiiick\AppData\Local\temp

2010-02-15 14:48 . 2010-02-15 14:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-02-15 14:48 . 2010-02-15 14:48 -------- d-----w- c:\users\Aurore\AppData\Local\temp

2010-02-15 14:48 . 2010-02-15 14:48 -------- d-----w- c:\users\Aur0re\AppData\Local\temp

2010-02-15 13:04 . 2010-02-15 13:05 -------- d-----w- C:\rsit

2010-02-15 13:04 . 2010-02-15 13:05 -------- d-----w- c:\program files\trend micro

2010-02-14 16:58 . 2010-02-14 16:58 -------- d-----w- c:\users\Moustiiick\AppData\Roaming\Malwarebytes

2010-02-14 16:58 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-14 16:58 . 2010-02-14 16:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-14 16:58 . 2010-02-14 16:58 -------- d-----w- c:\programdata\Malwarebytes

2010-02-14 16:58 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-14 14:30 . 2010-02-14 14:30 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2010-02-14 14:30 . 2010-02-14 15:42 -------- d-----w- c:\users\Moustiiick\AppData\Roaming\Spyware Terminator

2010-02-14 14:30 . 2010-02-14 15:49 -------- d-----w- c:\programdata\Spyware Terminator

2010-02-14 14:30 . 2010-02-14 15:48 -------- d-----w- c:\program files\Spyware Terminator

2010-02-10 13:15 . 2009-12-11 12:15 306688 ----a-w- c:\windows\system32\drivers\srv.sys

2010-02-10 13:15 . 2009-12-11 12:15 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-02-10 13:15 . 2009-12-08 20:54 3467848 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-10 13:15 . 2009-12-08 20:54 3502168 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-04 21:22 . 2010-02-04 21:23 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-01-22 17:42 . 2009-12-18 08:45 48128 ----a-w- c:\windows\system32\mshtmler.dll

2010-01-20 20:11 . 2010-01-20 20:11 -------- d-----w- c:\program files\Microsoft Silverlight

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-15 13:08 . 2006-12-10 19:02 690832 ----a-w- c:\windows\system32\perfh00C.dat

2010-02-15 13:08 . 2006-12-10 19:02 117572 ----a-w- c:\windows\system32\perfc00C.dat

2010-02-15 13:02 . 2008-12-12 16:01 30956 ----a-w- c:\users\Moustiiick\AppData\Roaming\nvModes.dat

2010-02-14 14:30 . 2010-02-14 14:30 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe

2010-02-14 14:30 . 2010-02-14 14:30 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys

2010-02-11 16:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-02-04 21:29 . 2007-09-23 19:14 -------- d-----w- c:\program files\Google

2010-02-04 21:23 . 2007-11-24 01:27 -------- d-----w- c:\program files\DivX

2010-02-04 21:07 . 2009-01-20 12:21 -------- d-----w- c:\users\Moustiiick\AppData\Roaming\DivX

2010-02-02 20:24 . 2010-02-02 20:24 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\Rrl2REDMIGO0nUB.vbs

2010-02-02 18:31 . 2007-07-14 09:54 -------- d-----w- c:\program files\OpenOffice.org 2.2

2010-02-02 17:58 . 2008-12-13 10:19 -------- d-----w- c:\users\Moustiiick\AppData\Roaming\OpenOffice.org2

2010-02-02 16:24 . 2010-02-02 16:24 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\dhUTL6v.vbs

2010-02-01 20:33 . 2010-02-01 20:33 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\Dbo9oGw.vbs

2010-02-01 16:33 . 2010-02-01 16:33 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\1IRKa.vbs

2010-01-31 16:31 . 2010-01-31 16:31 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\ahixOfcGRV3x4.vbs

2010-01-31 12:27 . 2010-01-31 12:27 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\NkA3Nv0tFAiVQM2.vbs

2010-01-30 20:19 . 2010-01-30 20:19 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\nk2NItzgP9Nbk.vbs

2010-01-30 15:35 . 2010-01-30 15:35 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\Sok6kiG.vbs

2010-01-30 11:09 . 2010-01-30 11:09 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\5OUcLCz.vbs

2010-01-30 10:28 . 2010-01-30 10:28 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\33QQbtl.vbs

2010-01-30 10:26 . 2010-01-30 10:26 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbE9F2.tmp.exe

2010-01-29 15:27 . 2010-01-29 15:27 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\bJZ1SOq.vbs

2010-01-28 19:45 . 2010-01-28 19:45 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\qS9cy9zXED6uo2i.vbs

2010-01-27 16:53 . 2010-01-27 16:53 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\c0j7p.vbs

2010-01-26 21:02 . 2010-01-03 16:01 -------- d-----w- c:\programdata\Lavasoft

2010-01-26 20:15 . 2010-01-26 20:15 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\tXEze2e.vbs

2010-01-25 17:07 . 2010-01-25 17:07 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\BrnWv.vbs

2010-01-24 19:37 . 2010-01-24 19:37 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\mMyzlXh.vbs

2010-01-23 11:13 . 2010-01-23 11:13 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\iS2CBRD.vbs

2010-01-22 17:29 . 2010-01-22 17:29 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\ar13bDlL5Oua4.vbs

2010-01-21 17:25 . 2010-01-21 17:25 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\z83j62THPwSta.vbs

2010-01-20 17:06 . 2010-01-20 17:06 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\myqguJe.vbs

2010-01-19 18:32 . 2010-01-19 18:32 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\pdK3k0ZJUbXCHWx.vbs

2010-01-18 20:45 . 2010-01-18 20:45 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\3mXZl2l0PBLAU.vbs

2010-01-15 18:14 . 2010-01-15 18:14 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\cX6GS8HMhsejDM6.vbs

2010-01-14 11:23 . 2010-01-14 11:23 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\7xt5k.vbs

2010-01-14 10:12 . 2009-10-02 16:32 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-13 20:27 . 2010-01-13 20:27 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\nNBxWYBnEhOxUdg.vbs

2010-01-12 20:43 . 2010-01-12 20:43 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\0E3SvsI.vbs

2010-01-11 22:45 . 2010-01-11 22:45 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\d9FnpJb.vbs

2010-01-11 09:02 . 2010-01-11 09:02 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\yb5JHCAC9KWuowt.vbs

2010-01-10 11:33 . 2010-01-10 11:33 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\bHqKeTQishBmC.vbs

2010-01-09 16:52 . 2010-01-09 16:52 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\60aXkQskVB7Rn68.vbs

2010-01-06 14:26 . 2010-01-06 14:26 1372 ----a-w- c:\users\Moustiiick\AppData\Roaming\t5U2vMSLQaIr6.vbs

2010-01-03 16:01 . 2010-01-03 16:01 -------- d-----w- c:\program files\Lavasoft

2009-12-28 12:36 . 2010-02-10 13:14 11776 ----a-w- c:\windows\system32\tsbyuv.dll

2009-12-28 12:35 . 2010-02-10 13:14 1327616 ----a-w- c:\windows\system32\quartz.dll

2009-12-28 12:34 . 2010-02-10 13:14 22528 ----a-w- c:\windows\system32\msyuv.dll

2009-12-28 12:34 . 2010-02-10 13:14 31232 ----a-w- c:\windows\system32\msvidc32.dll

2009-12-28 12:34 . 2010-02-10 13:14 123904 ----a-w- c:\windows\system32\msvfw32.dll

2009-12-28 12:34 . 2010-02-10 13:14 13312 ----a-w- c:\windows\system32\msrle32.dll

2009-12-28 12:33 . 2010-02-10 13:14 82944 ----a-w- c:\windows\system32\mciavi32.dll

2009-12-28 12:32 . 2010-02-10 13:14 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2009-12-28 12:30 . 2010-02-10 13:14 88576 ----a-w- c:\windows\system32\avifil32.dll

2009-12-28 12:30 . 2010-02-10 13:14 65024 ----a-w- c:\windows\system32\avicap32.dll

2009-12-24 11:24 . 2009-12-24 11:24 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-12-18 20:34 . 2009-03-08 12:46 -------- d-----w- c:\program files\Opera

2009-12-18 12:52 . 2010-01-22 17:43 832512 ----a-w- c:\windows\system32\wininet.dll

2009-12-18 12:48 . 2010-01-22 17:43 56320 ----a-w- c:\windows\system32\iesetup.dll

2009-12-18 12:48 . 2010-01-22 17:43 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-12-18 12:48 . 2010-01-22 17:43 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll

2009-12-18 12:46 . 2010-01-22 17:43 72704 ----a-w- c:\windows\system32\admparse.dll

2009-12-18 10:18 . 2010-01-22 17:43 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2009-12-08 20:19 . 2010-02-10 13:14 167424 ----a-w- c:\windows\system32\tcpipcfg.dll

2009-12-08 17:58 . 2010-02-10 13:14 813568 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-12-08 17:57 . 2010-02-10 13:14 22016 ----a-w- c:\windows\system32\netiougc.exe

2009-12-04 16:27 . 2010-02-10 13:14 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2009-12-04 16:27 . 2010-02-10 13:14 101888 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2009-11-30 16:21 . 2009-11-30 16:21 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb41E1.tmp.exe

2009-11-27 10:29 . 2009-11-27 10:29 292864 ----a-w- c:\program files\mozilla firefox\components\cniqpyqrpzlw.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B0FAF5A-67C4-4625-AE07-B0DBADA16EBF}]

2008-06-28 20:16 147456 ----a-w- c:\programdata\uPlayMe\plugins\MSIE.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"drv acid"="c:\programdata\EncCopyCopy.rjng3" [X]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-17 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-02-14 3037696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-07-22 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-20 90191]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-20 7766016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-20 81920]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-01-02 464168]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-21 659456]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-14 151552]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-28 148888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2009-10-15 206192]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-7-23 110592]

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-10 528384]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\eNetHook.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10/10/2009 10:26 114768]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [14/02/2010 15:30 142592]

R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [29/07/2008 21:47 719392]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10/10/2009 10:26 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10/10/2009 10:26 53328]

S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 12:08 135664]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [15/03/2009 09:34 216232]

.

Contenu du dossier 'Tâches planifiées'

 

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 11:08]

 

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 11:08]

 

2010-02-15 c:\windows\Tasks\User_Feed_Synchronization-{2184D04A-1F7B-405C-9814-C5297D952E5F}.job

- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]

.

.

------- Examen supplémentaire -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uStart Page = hxxp://mystart.hiyo.com/

mStart Page = hxxp://home.sweetim.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

FF - ProfilePath - c:\users\Moustiiick\AppData\Roaming\Mozilla\Firefox\Profiles\mt7b71rr.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2148694&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=

FF - component: c:\program files\Mozilla Firefox\components\cniqpyqrpzlw.dll

FF - component: c:\users\Moustiiick\AppData\Roaming\Mozilla\Firefox\Profiles\mt7b71rr.default\extensions\{ab7e676a-f2a2-4747-a780-b0ac3cdc934c}\components\FFExternalAlert.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- PARAMETRES FIREFOX ----

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHELINS SUPPRIMES - - - -

 

BHO-{A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - c:\program files\Iminent\IMBooster\Iminent.LinkToContent.dll

BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

HKLM-Run-Acer Tour - (no file)

HKLM-Run-eRecoveryService - (no file)

AddRemove-3337ef6d-1b2f-b94f-e6da-fbf63d88b328 - c:\windows\system32\3337ef6d-1b2f-b94f-e6da-fbf63d88b328.exe

AddRemove-SM - c:\program files\SM\uninstaller.exe

AddRemove-{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1 - c:\program files\Tetris\unins000.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-15 15:54

Windows 6.0.6000 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'Explorer.exe'(4528)

c:\acer\Empowering Technology\EPOWER\SysHook.dll

c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\acer\Empowering Technology\eDataSecurity\eDSService.exe

c:\acer\Empowering Technology\eLock\Service\eLockServ.exe

c:\acer\Empowering Technology\eNet\eNet Service.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\acer\Mobility Center\MobilityService.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Spyware Terminator\sp_rsser.exe

c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe

c:\acer\Empowering Technology\eSettings\Service\capuserv.exe

c:\acer\Empowering Technology\ePower\ePowerSvc.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\conime.exe

c:\windows\RtHDVCpl.exe

c:\program files\Launch Manager\LManager.exe

c:\program files\Alwil Software\Avast4\ashDisp.exe

c:\acer\Empowering Technology\ENET\ENMTRAY.EXE

c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

c:\windows\ehome\ehmsas.exe

c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Heure de fin: 2010-02-15 16:02:21 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-02-15 15:02

 

Avant-CF: 9 855 553 536 octets libres

Après-CF: 12 026 523 648 octets libres

 

- - End Of File - - 6597D1264DA82733B9C274B4EC240BDD

 

 

 

 

Merci

[Thanos]

re!

 

Je te prépare un script à utiliser avec ComboFix pour finir le nettoyage...dans quelques instants

[Thanos]

Ok, on continue le nettoyage en utilisant un script adapté à la situation >>

 

Rend toi sur cette page afin de télécharger le fichier CFScript sur le Bureau => http://senduit.com/a9f966

Patiente une seconde: le téléchargement va se lancer automatiquement.

• Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe (moustikette.exe) comme sur la capture
  
  
• Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
  Ne touche à rien tant que le scan n'est pas terminé.
  
• Quand CF finit de s'exécuter, il affiche cette boîte de message:
  
  
• Cliquer sur OK va faire débuter l'envoi automatique du fichier archivé (zip).
  
  
• Une fois le scan achevé, le pc va certainement redémarrer: un rapport va s'afficher, poste son contenu.
  
• Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt
  

Note1: Le script proposé est adapté au cas de moustikette1711 : Vous ne devez en aucun cas l'utiliser sur votre pc!

 

Note2: un fichier qui se trouve sur le pc va être expédié au créateur de ComboFix pour analyse.

Dans le cas où le site de téléchargement se trouve hors ligne, tu verras le message ci-dessous =>

Il te suffira seulement de faire un double clic sur le fichier CF-Submit.htm qui se trouve dans le répertoire C:\ pour envoyer le fichier.

Le rapport de ComboFix ne s'affichera qu'après la fin de la fonction d'envoi.

 

@+ tard

[moustikette1711]

Voilà le rapport :

 

 

 

 

ComboFix 10-02-12.01 - Moustiiick 15/02/2010 19:13:49.2.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2046.930 [GMT 1:00]

Lancé depuis: c:\users\Moustiiick\Desktop\moustikette.exe

Commutateurs utilisés :: c:\users\Moustiiick\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1356 [VPS 100215-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

SP: avast! antivirus 4.8.1356 [VPS 100215-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

FILE ::

"c:\users\Moustiiick\AppData\Roaming\0E3SvsI.vbs"

"c:\users\Moustiiick\AppData\Roaming\1IRKa.vbs"

"c:\users\Moustiiick\AppData\Roaming\33QQbtl.vbs"

"c:\users\Moustiiick\AppData\Roaming\3mXZl2l0PBLAU.vbs"

"c:\users\Moustiiick\AppData\Roaming\5OUcLCz.vbs"

"c:\users\Moustiiick\AppData\Roaming\60aXkQskVB7Rn68.vbs"

"c:\users\Moustiiick\AppData\Roaming\7xt5k.vbs"

"c:\users\Moustiiick\AppData\Roaming\ahixOfcGRV3x4.vbs"

"c:\users\Moustiiick\AppData\Roaming\ar13bDlL5Oua4.vbs"

"c:\users\Moustiiick\AppData\Roaming\bHqKeTQishBmC.vbs"

"c:\users\Moustiiick\AppData\Roaming\bJZ1SOq.vbs"

"c:\users\Moustiiick\AppData\Roaming\BrnWv.vbs"

"c:\users\Moustiiick\AppData\Roaming\c0j7p.vbs"

"c:\users\Moustiiick\AppData\Roaming\cX6GS8HMhsejDM6.vbs"

"c:\users\Moustiiick\AppData\Roaming\d9FnpJb.vbs"

"c:\users\Moustiiick\AppData\Roaming\Dbo9oGw.vbs"

"c:\users\Moustiiick\AppData\Roaming\dhUTL6v.vbs"

"c:\users\Moustiiick\AppData\Roaming\iS2CBRD.vbs"

"c:\users\Moustiiick\AppData\Roaming\mMyzlXh.vbs"

"c:\users\Moustiiick\AppData\Roaming\myqguJe.vbs"

"c:\users\Moustiiick\AppData\Roaming\nk2NItzgP9Nbk.vbs"

"c:\users\Moustiiick\AppData\Roaming\NkA3Nv0tFAiVQM2.vbs"

"c:\users\Moustiiick\AppData\Roaming\nNBxWYBnEhOxUdg.vbs"

"c:\users\Moustiiick\AppData\Roaming\pdK3k0ZJUbXCHWx.vbs"

"c:\users\Moustiiick\AppData\Roaming\qS9cy9zXED6uo2i.vbs"

"c:\users\Moustiiick\AppData\Roaming\Rrl2REDMIGO0nUB.vbs"

"c:\users\Moustiiick\AppData\Roaming\Sok6kiG.vbs"

"c:\users\Moustiiick\AppData\Roaming\t5U2vMSLQaIr6.vbs"

"c:\users\Moustiiick\AppData\Roaming\tXEze2e.vbs"

"c:\users\Moustiiick\AppData\Roaming\yb5JHCAC9KWuowt.vbs"

"c:\users\Moustiiick\AppData\Roaming\z83j62THPwSta.vbs"

 

file zipped: c:\program files\mozilla firefox\components\cniqpyqrpzlw.dll

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\mozilla firefox\components\cniqpyqrpzlw.dll

c:\users\Moustiiick\AppData\Roaming\0E3SvsI.vbs

c:\users\Moustiiick\AppData\Roaming\1IRKa.vbs

c:\users\Moustiiick\AppData\Roaming\33QQbtl.vbs

c:\users\Moustiiick\AppData\Roaming\3mXZl2l0PBLAU.vbs

c:\users\Moustiiick\AppData\Roaming\5OUcLCz.vbs

c:\users\Moustiiick\AppData\Roaming\60aXkQskVB7Rn68.vbs

c:\users\Moustiiick\AppData\Roaming\7xt5k.vbs

c:\users\Moustiiick\AppData\Roaming\ahixOfcGRV3x4.vbs

c:\users\Moustiiick\AppData\Roaming\ar13bDlL5Oua4.vbs

c:\users\Moustiiick\AppData\Roaming\bHqKeTQishBmC.vbs

c:\users\Moustiiick\AppData\Roaming\bJZ1SOq.vbs

c:\users\Moustiiick\AppData\Roaming\BrnWv.vbs

c:\users\Moustiiick\AppData\Roaming\c0j7p.vbs

c:\users\Moustiiick\AppData\Roaming\cX6GS8HMhsejDM6.vbs

c:\users\Moustiiick\AppData\Roaming\d9FnpJb.vbs

c:\users\Moustiiick\AppData\Roaming\Dbo9oGw.vbs

c:\users\Moustiiick\AppData\Roaming\dhUTL6v.vbs

c:\users\Moustiiick\AppData\Roaming\iS2CBRD.vbs

c:\users\Moustiiick\AppData\Roaming\mMyzlXh.vbs

c:\users\Moustiiick\AppData\Roaming\myqguJe.vbs

c:\users\Moustiiick\AppData\Roaming\nk2NItzgP9Nbk.vbs

c:\users\Moustiiick\AppData\Roaming\NkA3Nv0tFAiVQM2.vbs

c:\users\Moustiiick\AppData\Roaming\nNBxWYBnEhOxUdg.vbs

c:\users\Moustiiick\AppData\Roaming\pdK3k0ZJUbXCHWx.vbs

c:\users\Moustiiick\AppData\Roaming\qS9cy9zXED6uo2i.vbs

c:\users\Moustiiick\AppData\Roaming\Rrl2REDMIGO0nUB.vbs

c:\users\Moustiiick\AppData\Roaming\Sok6kiG.vbs

c:\users\Moustiiick\AppData\Roaming\t5U2vMSLQaIr6.vbs

c:\users\Moustiiick\AppData\Roaming\tXEze2e.vbs

c:\users\Moustiiick\AppData\Roaming\yb5JHCAC9KWuowt.vbs

c:\users\Moustiiick\AppData\Roaming\z83j62THPwSta.vbs

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-01-15 au 2010-02-15 ))))))))))))))))))))))))))))))))))))

.

 

2010-02-15 18:20 . 2010-02-15 18:20 -------- d-----w- c:\users\Moustiiick\AppData\Local\temp

2010-02-15 18:20 . 2010-02-15 18:20 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-02-15 18:20 . 2010-02-15 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-02-15 18:20 . 2010-02-15 18:20 -------- d-----w- c:\users\Aurore\AppData\Local\temp

2010-02-15 18:20 . 2010-02-15 18:20 -------- d-----w- c:\users\Aur0re\AppData\Local\temp

2010-02-15 13:04 . 2010-02-15 13:05 -------- d-----w- C:\rsit

2010-02-15 13:04 . 2010-02-15 13:05 -------- d-----w- c:\program files\trend micro

2010-02-14 16:58 . 2010-02-14 16:58 -------- d-----w- c:\users\Moustiiick\AppData\Roaming\Malwarebytes

2010-02-14 16:58 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-14 16:58 . 2010-02-14 16:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-14 16:58 . 2010-02-14 16:58 -------- d-----w- c:\programdata\Malwarebytes

2010-02-14 16:58 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-14 14:30 . 2010-02-14 14:30 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe

2010-02-14 14:30 . 2010-02-14 14:30 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys

2010-02-14 14:30 . 2010-02-14 14:30 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2010-02-14 14:30 . 2010-02-14 15:42 -------- d-----w- c:\users\Moustiiick\AppData\Roaming\Spyware Terminator

2010-02-14 14:30 . 2010-02-14 15:49 -------- d-----w- c:\programdata\Spyware Terminator

2010-02-14 14:30 . 2010-02-14 15:48 -------- d-----w- c:\program files\Spyware Terminator

2010-02-10 13:15 . 2009-12-11 12:15 306688 ----a-w- c:\windows\system32\drivers\srv.sys

2010-02-10 13:15 . 2009-12-11 12:15 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-02-10 13:15 . 2009-12-08 20:54 3467848 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-10 13:15 . 2009-12-08 20:54 3502168 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-04 21:22 . 2010-02-04 21:23 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-01-30 10:26 . 2010-01-30 10:26 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbE9F2.tmp.exe

2010-01-22 17:42 . 2009-12-18 08:45 48128 ----a-w- c:\windows\system32\mshtmler.dll

2010-01-20 20:11 . 2010-01-20 20:11 -------- d-----w- c:\program files\Microsoft Silverlight

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-15 15:00 . 2006-12-10 19:02 690832 ----a-w- c:\windows\system32\perfh00C.dat

2010-02-15 15:00 . 2006-12-10 19:02 117572 ----a-w- c:\windows\system32\perfc00C.dat

2010-02-15 13:02 . 2008-12-12 16:01 30956 ----a-w- c:\users\Moustiiick\AppData\Roaming\nvModes.dat

2010-02-11 16:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-02-04 21:29 . 2007-09-23 19:14 -------- d-----w- c:\program files\Google

2010-02-04 21:23 . 2007-11-24 01:27 -------- d-----w- c:\program files\DivX

2010-02-04 21:07 . 2009-01-20 12:21 -------- d-----w- c:\users\Moustiiick\AppData\Roaming\DivX

2010-02-02 18:31 . 2007-07-14 09:54 -------- d-----w- c:\program files\OpenOffice.org 2.2

2010-02-02 17:58 . 2008-12-13 10:19 -------- d-----w- c:\users\Moustiiick\AppData\Roaming\OpenOffice.org2

2010-01-26 21:02 . 2010-01-03 16:01 -------- d-----w- c:\programdata\Lavasoft

2010-01-14 10:12 . 2009-10-02 16:32 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-03 16:01 . 2010-01-03 16:01 -------- d-----w- c:\program files\Lavasoft

2009-12-28 12:36 . 2010-02-10 13:14 11776 ----a-w- c:\windows\system32\tsbyuv.dll

2009-12-28 12:35 . 2010-02-10 13:14 1327616 ----a-w- c:\windows\system32\quartz.dll

2009-12-28 12:34 . 2010-02-10 13:14 22528 ----a-w- c:\windows\system32\msyuv.dll

2009-12-28 12:34 . 2010-02-10 13:14 31232 ----a-w- c:\windows\system32\msvidc32.dll

2009-12-28 12:34 . 2010-02-10 13:14 123904 ----a-w- c:\windows\system32\msvfw32.dll

2009-12-28 12:34 . 2010-02-10 13:14 13312 ----a-w- c:\windows\system32\msrle32.dll

2009-12-28 12:33 . 2010-02-10 13:14 82944 ----a-w- c:\windows\system32\mciavi32.dll

2009-12-28 12:32 . 2010-02-10 13:14 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2009-12-28 12:30 . 2010-02-10 13:14 88576 ----a-w- c:\windows\system32\avifil32.dll

2009-12-28 12:30 . 2010-02-10 13:14 65024 ----a-w- c:\windows\system32\avicap32.dll

2009-12-24 11:24 . 2009-12-24 11:24 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-12-18 20:34 . 2009-03-08 12:46 -------- d-----w- c:\program files\Opera

2009-12-18 12:52 . 2010-01-22 17:43 832512 ----a-w- c:\windows\system32\wininet.dll

2009-12-18 12:48 . 2010-01-22 17:43 56320 ----a-w- c:\windows\system32\iesetup.dll

2009-12-18 12:48 . 2010-01-22 17:43 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-12-18 12:48 . 2010-01-22 17:43 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll

2009-12-18 12:46 . 2010-01-22 17:43 72704 ----a-w- c:\windows\system32\admparse.dll

2009-12-18 10:18 . 2010-01-22 17:43 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2009-12-08 20:19 . 2010-02-10 13:14 167424 ----a-w- c:\windows\system32\tcpipcfg.dll

2009-12-08 17:58 . 2010-02-10 13:14 813568 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-12-08 17:57 . 2010-02-10 13:14 22016 ----a-w- c:\windows\system32\netiougc.exe

2009-12-04 16:27 . 2010-02-10 13:14 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2009-12-04 16:27 . 2010-02-10 13:14 101888 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2009-11-30 16:21 . 2009-11-30 16:21 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb41E1.tmp.exe

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B0FAF5A-67C4-4625-AE07-B0DBADA16EBF}]

2008-06-28 20:16 147456 ----a-w- c:\programdata\uPlayMe\plugins\MSIE.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-17 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-02-14 3037696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-07-22 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-20 90191]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-20 7766016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-20 81920]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-01-02 464168]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-21 659456]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-14 151552]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-28 148888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2009-10-15 206192]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-7-23 110592]

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-10 528384]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\eNetHook.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10/10/2009 10:26 114768]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [14/02/2010 15:30 142592]

R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [29/07/2008 21:47 719392]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10/10/2009 10:26 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10/10/2009 10:26 53328]

S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 12:08 135664]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [15/03/2009 09:34 216232]

.

Contenu du dossier 'Tâches planifiées'

 

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 11:08]

 

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 11:08]

 

2010-02-15 c:\windows\Tasks\User_Feed_Synchronization-{2184D04A-1F7B-405C-9814-C5297D952E5F}.job

- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]

.

.

------- Examen supplémentaire -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uStart Page = hxxp://mystart.hiyo.com/

mStart Page = hxxp://home.sweetim.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

FF - ProfilePath - c:\users\Moustiiick\AppData\Roaming\Mozilla\Firefox\Profiles\mt7b71rr.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2148694&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=

FF - component: c:\users\Moustiiick\AppData\Roaming\Mozilla\Firefox\Profiles\mt7b71rr.default\extensions\{ab7e676a-f2a2-4747-a780-b0ac3cdc934c}\components\FFExternalAlert.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- PARAMETRES FIREFOX ----

FF - user.js: yahoo.homepage.dontask - true

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-15 19:20

Windows 6.0.6000 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Heure de fin: 2010-02-15 19:23:15

ComboFix-quarantined-files.txt 2010-02-15 18:23

ComboFix2.txt 2010-02-15 15:02

 

Avant-CF: 11 995 369 472 octets libres

Après-CF: 11 956 011 008 octets libres

 

- - End Of File - - 3587E4A04CB6FD46ED0057BC19C1C3E1

L'envoi a r‚ussi

 

 

 

 

 

 

 

Merci beaucoup

Modifié le 15 février 2010 par moustikette1711

[Thanos]

Re!

 

Ok le rapport ne montre plus d'infection

Refais un dernier scan avec MalwareBytes pour confirmer le résultat stp (de la même manière que précédemment).

Poste le rapport généré

[moustikette1711]

C'est parti =), je poste ça dès que c'est fini =)