Pub Cid sous vista
Résolu/Fermé
mogtp
Messages postés
32
Date d'inscription
mercredi 5 mars 2008
Statut
Membre
Dernière intervention
7 février 2013
-
6 mars 2008 à 13:47
mogtp Messages postés 32 Date d'inscription mercredi 5 mars 2008 Statut Membre Dernière intervention 7 février 2013 - 7 mars 2008 à 21:55
mogtp Messages postés 32 Date d'inscription mercredi 5 mars 2008 Statut Membre Dernière intervention 7 février 2013 - 7 mars 2008 à 21:55
A voir également:
- Pub Cid sous vista
- Youtube sans pub - Accueil - Streaming
- Netflix avec pub avis - Accueil - Streaming
- Windows vista - Télécharger - Divers Utilitaires
- Bloqueur de pub youtube - Accueil - Streaming
- Stop pub gratuit - Télécharger - Divers Utilitaires
22 réponses
armandaudric
Messages postés
1369
Date d'inscription
samedi 16 février 2008
Statut
Membre
Dernière intervention
24 juillet 2009
261
6 mars 2008 à 18:07
6 mars 2008 à 18:07
pour enlever les pub cid il faut des installer le logiciel il démarre en mode sens échec tu eteint ton ordi tu le rallume en tapant sur f 5 tu sélectionne le mode puis ta page d accueil va souvrir en grand et la tu fait ajout supprimer la tu verra dans le programme le cid tu le desinstalle et tu redémarre voila normalement plus de pub cid a ++
mogtp
Messages postés
32
Date d'inscription
mercredi 5 mars 2008
Statut
Membre
Dernière intervention
7 février 2013
6
6 mars 2008 à 18:29
6 mars 2008 à 18:29
dsl mais je n'ai pas totalement compri
armandaudric
Messages postés
1369
Date d'inscription
samedi 16 février 2008
Statut
Membre
Dernière intervention
24 juillet 2009
261
6 mars 2008 à 18:51
6 mars 2008 à 18:51
tu na pas compris quoi je répète pour supprimer le cid de msn il faut faire un demarage sans échec pour le trouver il ya que de cette façon que tu pourra le desinstaller car regarde si tu ouvre ton panneau de config tu ne verra pas le cid par contre en mode sens échec la tu le verra et tu pourra le desinstaller a suivre si tu na pas encore compris repond moi
mogtp
Messages postés
32
Date d'inscription
mercredi 5 mars 2008
Statut
Membre
Dernière intervention
7 février 2013
6
6 mars 2008 à 18:53
6 mars 2008 à 18:53
ok je me mè o boulot
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
mogtp
Messages postés
32
Date d'inscription
mercredi 5 mars 2008
Statut
Membre
Dernière intervention
7 février 2013
6
6 mars 2008 à 19:42
6 mars 2008 à 19:42
re
je n'avais pas réussi avc ce que tu m'as di, donc ce que j'ai fais,je me suis apercut que je n'aivais pas de pages cid qui apparaissaient lorsque je n'étais pas sur msn donc j'ai supprimé widows live homepage et galerie windows live et j'ai réparé msn et voilà ca fait une demi heure que je n'ai aucune page cid
merci pour ton aide
++
je n'avais pas réussi avc ce que tu m'as di, donc ce que j'ai fais,je me suis apercut que je n'aivais pas de pages cid qui apparaissaient lorsque je n'étais pas sur msn donc j'ai supprimé widows live homepage et galerie windows live et j'ai réparé msn et voilà ca fait une demi heure que je n'ai aucune page cid
merci pour ton aide
++
armandaudric
Messages postés
1369
Date d'inscription
samedi 16 février 2008
Statut
Membre
Dernière intervention
24 juillet 2009
261
6 mars 2008 à 20:00
6 mars 2008 à 20:00
ok a +++
mogtp
Messages postés
32
Date d'inscription
mercredi 5 mars 2008
Statut
Membre
Dernière intervention
7 février 2013
6
6 mars 2008 à 22:04
6 mars 2008 à 22:04
euh,j'ai parlé trop vite
mince!!
mince!!
raphadu92
Messages postés
16
Date d'inscription
samedi 24 novembre 2007
Statut
Membre
Dernière intervention
30 décembre 2010
7 mars 2008 à 12:00
7 mars 2008 à 12:00
bonjour tlm,j'ai le même problème que mogtp et j'ai essayer ta solution armandaudric et ça marche pas en tout cas quand je suis en mode sans echec et que je vais dans suppression de programme j'ai exactement les mêmes programme que dans le mode normale.
armandaudric
Messages postés
1369
Date d'inscription
samedi 16 février 2008
Statut
Membre
Dernière intervention
24 juillet 2009
261
7 mars 2008 à 12:15
7 mars 2008 à 12:15
bon normallement tu devrais voir le cid qui ces installer en même temps que ton msn la je ne voie plus rien ou alors télécharge ccleaner et regarde si tu le trouve et fait une analyse avec ce logiciel
raphadu92
Messages postés
16
Date d'inscription
samedi 24 novembre 2007
Statut
Membre
Dernière intervention
30 décembre 2010
7 mars 2008 à 12:52
7 mars 2008 à 12:52
ok je vais voire ça !
mogtp
Messages postés
32
Date d'inscription
mercredi 5 mars 2008
Statut
Membre
Dernière intervention
7 février 2013
6
7 mars 2008 à 15:09
7 mars 2008 à 15:09
j'ai fais une analyse avc ccleaner et il netrouve pas le cid,bon cela dit j'ai beaucoup moin de pub cid que avant
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
7 mars 2008 à 15:11
7 mars 2008 à 15:11
Salut
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
mogtp
Messages postés
32
Date d'inscription
mercredi 5 mars 2008
Statut
Membre
Dernière intervention
7 février 2013
6
7 mars 2008 à 15:41
7 mars 2008 à 15:41
voici le rapport et merci pour ton aide
ComboFix 08-03-06.4 - Elie 2008-03-07 15:27:15.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.854 [GMT 1:00]
Endroit: C:\Users\Elie\Desktop\Downloads\ComboFix.exe
* Création d'un nouveau point de restauration
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-07 to 2008-03-07 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 14:06 --------- d-----w C:\ProgramData\Symantec
2008-03-07 13:49 --------- d-----w C:\ProgramData\Messenger Plus!
2008-03-07 13:47 --------- d-----w C:\Users\Elie\AppData\Roaming\OpenOffice.org2
2008-03-07 13:47 --------- d-----w C:\Program Files\Steam
2008-03-07 13:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-06 21:42 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-06 21:35 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-06 21:34 --------- d-----w C:\ProgramData\Lavasoft
2008-03-06 21:34 --------- d-----w C:\Program Files\Lavasoft
2008-03-06 21:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 21:24 --------- d-----w C:\Program Files\A.S.C
2008-03-06 21:23 --------- d-----w C:\Program Files\Navilog1
2008-03-06 20:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-06 18:00 --------- d-----w C:\Program Files\Windows Live
2008-03-06 15:18 --------- d-----w C:\Program Files\Panda Security
2008-03-06 14:56 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-06 14:09 --------- d-----w C:\Program Files\Trend Micro
2008-03-05 21:45 --------- d-----w C:\Program Files\Launch Manager
2008-03-05 16:36 --------- d-----w C:\Users\Elie\AppData\Roaming\LimeWire
2008-03-05 13:20 --------- d-----w C:\Users\Elie\AppData\Roaming\Grisoft
2008-03-05 13:20 --------- d-----w C:\ProgramData\Grisoft
2008-03-04 21:51 --------- d-----w C:\Program Files\CCleaner
2008-03-03 12:44 --------- d-----w C:\Users\Elie\AppData\Roaming\Uniblue
2008-03-02 19:33 --------- d-----w C:\Users\Elie\AppData\Roaming\teamspeak2
2008-03-02 18:58 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-02 18:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-02 18:51 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-03-02 18:51 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-03-02 18:51 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-03-02 18:51 --------- d-----w C:\Program Files\Symantec
2008-03-02 15:45 --------- d-----w C:\ProgramData\Fiveroadfor
2008-03-02 14:40 --------- d-----w C:\Users\Elie\AppData\Roaming\Symantec
2008-03-02 14:20 --------- d-----w C:\Program Files\AxBx
2008-03-02 13:58 --------- d---a-w C:\ProgramData\TEMP
2008-03-01 12:47 --------- d-----w C:\Program Files\New Folder
2008-02-24 16:07 --------- d-----w C:\Program Files\Common Files\Steam
2008-02-22 20:06 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-02-22 17:13 --------- d-----w C:\ProgramData\Admin Inter 1 Mags
2008-02-14 02:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 02:07 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 02:07 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 02:07 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:07 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 02:07 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 02:07 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 02:07 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 02:06 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 02:06 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:06 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:06 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 02:06 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:06 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:06 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 02:06 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:06 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:06 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:06 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 02:03 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 02:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-26 20:37 --------- d-----w C:\Program Files\Windows Media Components
2008-01-26 20:34 --------- d-----w C:\Program Files\NRJ
2008-01-24 20:55 --------- d-----w C:\Program Files\Java
2008-01-22 20:05 --------- d-----w C:\ProgramData\Avg7
2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-01-10 17:29 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-09 21:30 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 21:30 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 21:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 21:29 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-12-12 19:01 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 19:00 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 19:00 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-08-30 15:36 174 --sha-w C:\Program Files\desktop.ini
2007-07-19 08:36 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 20:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-02 16:04 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 20:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" []
"?????????"="??????????????e" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-20 11:43 171448]
"Steam"="c:\progra~1\steam\steam.exe" [2007-12-03 18:25 1266936]
"MEMO JUGS"="C:\ProgramData\Idol trust trust.tc8u35" [2008-02-22 18:12 196624]
"1 mags 16 more"="C:\ProgramData\ping multi build.014gm" [2008-02-22 18:13 135184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-15 20:49 1006264]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 17:12 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 07:13 4018176 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 04:00 815104]
"Acer Tour"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"SetPanel"="" []
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-11-15 07:02 614400]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]
"eRecoveryService"="" []
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 20:43 331776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
C:\Users\Elie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-05 22:36:42 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8EBFFF4D-3E7E-4664-B625-AF732DCAFA64}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{8A8B13C7-3F61-4116-A5E1-BF55907A7D2D}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{4BC46A30-432C-4C21-9B33-42C696CDE3B7}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{7B6D432C-7363-460E-9DE4-91466E13C241}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{FB4957AF-CB28-4ECC-8EB5-13381C40DDB3}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{90D95120-DF4F-47F5-800A-DEB613D486B6}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{67BC16B6-1784-433A-A10B-1A8886E8864C}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{6C2E3E05-8B7C-4353-8B69-CDEAA954F0B2}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{965DFA45-6548-480B-AF1B-B9A2B3C528D7}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{69354A29-D81C-4904-87D3-21C111CAF376}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{1D4882CA-4946-487C-8210-4B1F7A6799CB}"= UDP:C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{2E33DBB7-134F-4C18-BC01-58D816552441}"= TCP:C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{1CB2AE5D-0E69-46F9-877A-ED3EBE1F9DB7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{A0CAB59F-2CEA-487A-8B14-FC64BCFE974B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{4F25AA50-F7BF-40F5-95A6-1D51E47EA67B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{C796098D-3CFA-4253-B3B7-C0C32F248AD1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{967EFD1F-238F-4C09-A205-84FFE95DC15A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{6566EB37-B023-45F7-95AB-E867070D91D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{78A20CA3-E277-4477-89D6-685EC98727AC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{DFEE9742-25B5-419C-BF0E-6D4334E6E2BA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{E71AE3E0-42DC-48BE-A815-6B9C9DCFF944}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{A65F8E18-C9F1-444E-954A-14752957B1DE}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{2C2E3022-6B16-4D33-8008-F2968387D564}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{0489961A-9ADF-4BAA-83C5-F22D045A8341}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{42C48FBA-35D2-4073-9B2D-AA4D8ABF2280}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{A00ACA3B-CC1B-493F-8FCE-7120269221FD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{EDA089FE-A121-40FB-B8D9-1D9FCD92D960}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{07D2A656-0B9B-415C-9A01-A5245340E331}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
"C:\Program Files\WINSOS\winsos.exe"= C:\Program Files\WINSOS\winsos.exe:*:Enabled:Winsos
"C:\Program Files\WINSOS\anti-spy.exe"= C:\Program Files\WINSOS\anti-spy.exe:*:Enabled:anti-spy Winsos
"C:\Program Files\WINSOS\help.exe"= C:\Program Files\WINSOS\help.exe:*:Enabled:Winsos Help
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 16:11]
R0 SI3112r;ATI-4379 Serial ATA Controller;C:\Windows\system32\DRIVERS\SI3112r.sys [2007-08-29 03:04]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080305.003\IDSvix86.sys [2008-02-13 17:18]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-11-20 21:43]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2006-12-01 10:34]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 10:39]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-25 03:46]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-22 20:49]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 13:50]
S2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2006-11-13 00:13]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-10 07:38]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-03 19:00:00 C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Elie.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-03-06 13:16:20 C:\Windows\Tasks\User_Feed_Synchronization-{68AFC8CD-F351-4E55-820C-BBEE4D6061DB}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 15:29:06
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-07 15:30:05
.
2008-03-06 14:56:10 --- E O F ---
ComboFix 08-03-06.4 - Elie 2008-03-07 15:27:15.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.854 [GMT 1:00]
Endroit: C:\Users\Elie\Desktop\Downloads\ComboFix.exe
* Création d'un nouveau point de restauration
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-07 to 2008-03-07 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 14:06 --------- d-----w C:\ProgramData\Symantec
2008-03-07 13:49 --------- d-----w C:\ProgramData\Messenger Plus!
2008-03-07 13:47 --------- d-----w C:\Users\Elie\AppData\Roaming\OpenOffice.org2
2008-03-07 13:47 --------- d-----w C:\Program Files\Steam
2008-03-07 13:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-06 21:42 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-06 21:35 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-06 21:34 --------- d-----w C:\ProgramData\Lavasoft
2008-03-06 21:34 --------- d-----w C:\Program Files\Lavasoft
2008-03-06 21:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 21:24 --------- d-----w C:\Program Files\A.S.C
2008-03-06 21:23 --------- d-----w C:\Program Files\Navilog1
2008-03-06 20:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-06 18:00 --------- d-----w C:\Program Files\Windows Live
2008-03-06 15:18 --------- d-----w C:\Program Files\Panda Security
2008-03-06 14:56 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-06 14:09 --------- d-----w C:\Program Files\Trend Micro
2008-03-05 21:45 --------- d-----w C:\Program Files\Launch Manager
2008-03-05 16:36 --------- d-----w C:\Users\Elie\AppData\Roaming\LimeWire
2008-03-05 13:20 --------- d-----w C:\Users\Elie\AppData\Roaming\Grisoft
2008-03-05 13:20 --------- d-----w C:\ProgramData\Grisoft
2008-03-04 21:51 --------- d-----w C:\Program Files\CCleaner
2008-03-03 12:44 --------- d-----w C:\Users\Elie\AppData\Roaming\Uniblue
2008-03-02 19:33 --------- d-----w C:\Users\Elie\AppData\Roaming\teamspeak2
2008-03-02 18:58 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-02 18:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-02 18:51 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-03-02 18:51 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-03-02 18:51 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-03-02 18:51 --------- d-----w C:\Program Files\Symantec
2008-03-02 15:45 --------- d-----w C:\ProgramData\Fiveroadfor
2008-03-02 14:40 --------- d-----w C:\Users\Elie\AppData\Roaming\Symantec
2008-03-02 14:20 --------- d-----w C:\Program Files\AxBx
2008-03-02 13:58 --------- d---a-w C:\ProgramData\TEMP
2008-03-01 12:47 --------- d-----w C:\Program Files\New Folder
2008-02-24 16:07 --------- d-----w C:\Program Files\Common Files\Steam
2008-02-22 20:06 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-02-22 17:13 --------- d-----w C:\ProgramData\Admin Inter 1 Mags
2008-02-14 02:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 02:07 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 02:07 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 02:07 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:07 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 02:07 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 02:07 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 02:07 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 02:06 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 02:06 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:06 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:06 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 02:06 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:06 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:06 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 02:06 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:06 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:06 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:06 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 02:03 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 02:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-26 20:37 --------- d-----w C:\Program Files\Windows Media Components
2008-01-26 20:34 --------- d-----w C:\Program Files\NRJ
2008-01-24 20:55 --------- d-----w C:\Program Files\Java
2008-01-22 20:05 --------- d-----w C:\ProgramData\Avg7
2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-01-10 17:29 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-09 21:30 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 21:30 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 21:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 21:29 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-12-12 19:01 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 19:00 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 19:00 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-08-30 15:36 174 --sha-w C:\Program Files\desktop.ini
2007-07-19 08:36 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 20:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-02 16:04 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 20:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" []
"?????????"="??????????????e" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-20 11:43 171448]
"Steam"="c:\progra~1\steam\steam.exe" [2007-12-03 18:25 1266936]
"MEMO JUGS"="C:\ProgramData\Idol trust trust.tc8u35" [2008-02-22 18:12 196624]
"1 mags 16 more"="C:\ProgramData\ping multi build.014gm" [2008-02-22 18:13 135184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-15 20:49 1006264]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 17:12 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 07:13 4018176 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 04:00 815104]
"Acer Tour"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"SetPanel"="" []
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-11-15 07:02 614400]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]
"eRecoveryService"="" []
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 20:43 331776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
C:\Users\Elie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-05 22:36:42 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8EBFFF4D-3E7E-4664-B625-AF732DCAFA64}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{8A8B13C7-3F61-4116-A5E1-BF55907A7D2D}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{4BC46A30-432C-4C21-9B33-42C696CDE3B7}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{7B6D432C-7363-460E-9DE4-91466E13C241}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{FB4957AF-CB28-4ECC-8EB5-13381C40DDB3}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{90D95120-DF4F-47F5-800A-DEB613D486B6}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{67BC16B6-1784-433A-A10B-1A8886E8864C}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{6C2E3E05-8B7C-4353-8B69-CDEAA954F0B2}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{965DFA45-6548-480B-AF1B-B9A2B3C528D7}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{69354A29-D81C-4904-87D3-21C111CAF376}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{1D4882CA-4946-487C-8210-4B1F7A6799CB}"= UDP:C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{2E33DBB7-134F-4C18-BC01-58D816552441}"= TCP:C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{1CB2AE5D-0E69-46F9-877A-ED3EBE1F9DB7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{A0CAB59F-2CEA-487A-8B14-FC64BCFE974B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{4F25AA50-F7BF-40F5-95A6-1D51E47EA67B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{C796098D-3CFA-4253-B3B7-C0C32F248AD1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{967EFD1F-238F-4C09-A205-84FFE95DC15A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{6566EB37-B023-45F7-95AB-E867070D91D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{78A20CA3-E277-4477-89D6-685EC98727AC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{DFEE9742-25B5-419C-BF0E-6D4334E6E2BA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{E71AE3E0-42DC-48BE-A815-6B9C9DCFF944}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{A65F8E18-C9F1-444E-954A-14752957B1DE}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{2C2E3022-6B16-4D33-8008-F2968387D564}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{0489961A-9ADF-4BAA-83C5-F22D045A8341}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{42C48FBA-35D2-4073-9B2D-AA4D8ABF2280}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{A00ACA3B-CC1B-493F-8FCE-7120269221FD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{EDA089FE-A121-40FB-B8D9-1D9FCD92D960}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{07D2A656-0B9B-415C-9A01-A5245340E331}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
"C:\Program Files\WINSOS\winsos.exe"= C:\Program Files\WINSOS\winsos.exe:*:Enabled:Winsos
"C:\Program Files\WINSOS\anti-spy.exe"= C:\Program Files\WINSOS\anti-spy.exe:*:Enabled:anti-spy Winsos
"C:\Program Files\WINSOS\help.exe"= C:\Program Files\WINSOS\help.exe:*:Enabled:Winsos Help
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 16:11]
R0 SI3112r;ATI-4379 Serial ATA Controller;C:\Windows\system32\DRIVERS\SI3112r.sys [2007-08-29 03:04]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080305.003\IDSvix86.sys [2008-02-13 17:18]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-11-20 21:43]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2006-12-01 10:34]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 10:39]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-25 03:46]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-22 20:49]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 13:50]
S2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2006-11-13 00:13]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-10 07:38]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-03 19:00:00 C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Elie.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-03-06 13:16:20 C:\Windows\Tasks\User_Feed_Synchronization-{68AFC8CD-F351-4E55-820C-BBEE4D6061DB}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 15:29:06
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-07 15:30:05
.
2008-03-06 14:56:10 --- E O F ---
mogtp
Messages postés
32
Date d'inscription
mercredi 5 mars 2008
Statut
Membre
Dernière intervention
7 février 2013
6
7 mars 2008 à 15:42
7 mars 2008 à 15:42
je doi i alé je revien ds une heure et demi
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
7 mars 2008 à 16:36
7 mars 2008 à 16:36
ok,
Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras :
file::
C:\ProgramData\Fiveroadfor
C:\ProgramData\Admin Inter 1 Mags
C:\ProgramData\Idol trust trust.tc8u35
C:\ProgramData\ping multi build.014gm
registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MEMO JUGS"="-
"1 mags 16 more"="-
ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation :
http://img.bleepingcomputer.com/combofix/usage/rc.gif
Dans la fenêtre qui suit, choisie l'option 1 puis valide
Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal !
A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt )
++
Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras :
file::
C:\ProgramData\Fiveroadfor
C:\ProgramData\Admin Inter 1 Mags
C:\ProgramData\Idol trust trust.tc8u35
C:\ProgramData\ping multi build.014gm
registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MEMO JUGS"="-
"1 mags 16 more"="-
ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation :
http://img.bleepingcomputer.com/combofix/usage/rc.gif
Dans la fenêtre qui suit, choisie l'option 1 puis valide
Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal !
A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt )
++
mogtp
Messages postés
32
Date d'inscription
mercredi 5 mars 2008
Statut
Membre
Dernière intervention
7 février 2013
6
7 mars 2008 à 17:53
7 mars 2008 à 17:53
re voici le rapport
ComboFix 08-03-06.4 - Elie 2008-03-07 17:40:47.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.966 [GMT 1:00]
Endroit: C:\Users\Elie\Desktop\ComboFix.exe
Command switches used :: C:\Users\Elie\Desktop\CFScript.txt.txt
* Création d'un nouveau point de restauration
FILE ::
C:\ProgramData\Admin Inter 1 Mags
C:\ProgramData\Fiveroadfor
C:\ProgramData\Idol trust trust.tc8u35
C:\ProgramData\ping multi build.014gm
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Idol trust trust.tc8u35
C:\ProgramData\ping multi build.014gm
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-07 to 2008-03-07 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 14:06 --------- d-----w C:\ProgramData\Symantec
2008-03-07 13:49 --------- d-----w C:\ProgramData\Messenger Plus!
2008-03-07 13:47 --------- d-----w C:\Users\Elie\AppData\Roaming\OpenOffice.org2
2008-03-07 13:47 --------- d-----w C:\Program Files\Steam
2008-03-07 13:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-06 21:42 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-06 21:35 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-06 21:34 --------- d-----w C:\ProgramData\Lavasoft
2008-03-06 21:34 --------- d-----w C:\Program Files\Lavasoft
2008-03-06 21:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 21:24 --------- d-----w C:\Program Files\A.S.C
2008-03-06 21:23 --------- d-----w C:\Program Files\Navilog1
2008-03-06 20:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-06 18:00 --------- d-----w C:\Program Files\Windows Live
2008-03-06 15:18 --------- d-----w C:\Program Files\Panda Security
2008-03-06 14:56 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-06 14:09 --------- d-----w C:\Program Files\Trend Micro
2008-03-05 21:45 --------- d-----w C:\Program Files\Launch Manager
2008-03-05 16:36 --------- d-----w C:\Users\Elie\AppData\Roaming\LimeWire
2008-03-05 13:20 --------- d-----w C:\Users\Elie\AppData\Roaming\Grisoft
2008-03-05 13:20 --------- d-----w C:\ProgramData\Grisoft
2008-03-04 21:51 --------- d-----w C:\Program Files\CCleaner
2008-03-03 12:44 --------- d-----w C:\Users\Elie\AppData\Roaming\Uniblue
2008-03-02 19:33 --------- d-----w C:\Users\Elie\AppData\Roaming\teamspeak2
2008-03-02 18:58 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-02 18:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-02 18:51 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-03-02 18:51 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-03-02 18:51 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-03-02 18:51 --------- d-----w C:\Program Files\Symantec
2008-03-02 15:45 --------- d-----w C:\ProgramData\Fiveroadfor
2008-03-02 14:40 --------- d-----w C:\Users\Elie\AppData\Roaming\Symantec
2008-03-02 14:20 --------- d-----w C:\Program Files\AxBx
2008-03-02 13:58 --------- d---a-w C:\ProgramData\TEMP
2008-03-01 12:47 --------- d-----w C:\Program Files\New Folder
2008-02-24 16:07 --------- d-----w C:\Program Files\Common Files\Steam
2008-02-22 20:06 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-02-22 17:13 --------- d-----w C:\ProgramData\Admin Inter 1 Mags
2008-02-14 02:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 02:07 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 02:07 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 02:07 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:07 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 02:07 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 02:07 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 02:07 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 02:06 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 02:06 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:06 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:06 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 02:06 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:06 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:06 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 02:06 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:06 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:06 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:06 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 02:03 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 02:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-26 20:37 --------- d-----w C:\Program Files\Windows Media Components
2008-01-26 20:34 --------- d-----w C:\Program Files\NRJ
2008-01-24 20:55 --------- d-----w C:\Program Files\Java
2008-01-22 20:05 --------- d-----w C:\ProgramData\Avg7
2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-01-10 17:29 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-09 21:30 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 21:30 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 21:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 21:29 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-12-12 19:01 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 19:00 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 19:00 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-08-30 15:36 174 --sha-w C:\Program Files\desktop.ini
2007-07-19 08:36 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-07_15.29.37,92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-07 14:04:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-07 16:03:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-07 14:04:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-07 16:03:58 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-07 14:04:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-07 16:03:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 20:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-02 16:04 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 20:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" []
"?????????"="??????????????e" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-20 11:43 171448]
"Steam"="c:\progra~1\steam\steam.exe" [2007-12-03 18:25 1266936]
"MEMO JUGS"="C:\ProgramData\Idol trust trust.tc8u35" [ ]
"1 mags 16 more"="C:\ProgramData\ping multi build.014gm" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-15 20:49 1006264]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 17:12 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 07:13 4018176 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 04:00 815104]
"Acer Tour"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"SetPanel"="" []
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-11-15 07:02 614400]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]
"eRecoveryService"="" []
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 20:43 331776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
C:\Users\Elie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-05 22:36:42 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8EBFFF4D-3E7E-4664-B625-AF732DCAFA64}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{8A8B13C7-3F61-4116-A5E1-BF55907A7D2D}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{4BC46A30-432C-4C21-9B33-42C696CDE3B7}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{7B6D432C-7363-460E-9DE4-91466E13C241}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{FB4957AF-CB28-4ECC-8EB5-13381C40DDB3}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{90D95120-DF4F-47F5-800A-DEB613D486B6}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{67BC16B6-1784-433A-A10B-1A8886E8864C}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{6C2E3E05-8B7C-4353-8B69-CDEAA954F0B2}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{965DFA45-6548-480B-AF1B-B9A2B3C528D7}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{69354A29-D81C-4904-87D3-21C111CAF376}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{1D4882CA-4946-487C-8210-4B1F7A6799CB}"= UDP:C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{2E33DBB7-134F-4C18-BC01-58D816552441}"= TCP:C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{1CB2AE5D-0E69-46F9-877A-ED3EBE1F9DB7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{A0CAB59F-2CEA-487A-8B14-FC64BCFE974B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{4F25AA50-F7BF-40F5-95A6-1D51E47EA67B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{C796098D-3CFA-4253-B3B7-C0C32F248AD1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{967EFD1F-238F-4C09-A205-84FFE95DC15A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{6566EB37-B023-45F7-95AB-E867070D91D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{78A20CA3-E277-4477-89D6-685EC98727AC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{DFEE9742-25B5-419C-BF0E-6D4334E6E2BA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{E71AE3E0-42DC-48BE-A815-6B9C9DCFF944}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{A65F8E18-C9F1-444E-954A-14752957B1DE}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{2C2E3022-6B16-4D33-8008-F2968387D564}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{0489961A-9ADF-4BAA-83C5-F22D045A8341}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{42C48FBA-35D2-4073-9B2D-AA4D8ABF2280}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{A00ACA3B-CC1B-493F-8FCE-7120269221FD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{EDA089FE-A121-40FB-B8D9-1D9FCD92D960}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{07D2A656-0B9B-415C-9A01-A5245340E331}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
"C:\Program Files\WINSOS\winsos.exe"= C:\Program Files\WINSOS\winsos.exe:*:Enabled:Winsos
"C:\Program Files\WINSOS\anti-spy.exe"= C:\Program Files\WINSOS\anti-spy.exe:*:Enabled:anti-spy Winsos
"C:\Program Files\WINSOS\help.exe"= C:\Program Files\WINSOS\help.exe:*:Enabled:Winsos Help
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 16:11]
R0 SI3112r;ATI-4379 Serial ATA Controller;C:\Windows\system32\DRIVERS\SI3112r.sys [2007-08-29 03:04]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080305.003\IDSvix86.sys [2008-02-13 17:18]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-11-20 21:43]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2006-12-01 10:34]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 10:39]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-25 03:46]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-22 20:49]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 13:50]
S2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2006-11-13 00:13]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-10 07:38]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-03 19:00:00 C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Elie.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-03-07 14:39:26 C:\Windows\Tasks\User_Feed_Synchronization-{68AFC8CD-F351-4E55-820C-BBEE4D6061DB}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 17:42:09
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-07 17:43:02
ComboFix-quarantined-files.txt 2008-03-07 16:42:59
ComboFix2.txt 2008-03-07 14:30:06
.
2008-03-06 14:56:10 --- E O F ---
ComboFix 08-03-06.4 - Elie 2008-03-07 17:40:47.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.966 [GMT 1:00]
Endroit: C:\Users\Elie\Desktop\ComboFix.exe
Command switches used :: C:\Users\Elie\Desktop\CFScript.txt.txt
* Création d'un nouveau point de restauration
FILE ::
C:\ProgramData\Admin Inter 1 Mags
C:\ProgramData\Fiveroadfor
C:\ProgramData\Idol trust trust.tc8u35
C:\ProgramData\ping multi build.014gm
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Idol trust trust.tc8u35
C:\ProgramData\ping multi build.014gm
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-07 to 2008-03-07 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 14:06 --------- d-----w C:\ProgramData\Symantec
2008-03-07 13:49 --------- d-----w C:\ProgramData\Messenger Plus!
2008-03-07 13:47 --------- d-----w C:\Users\Elie\AppData\Roaming\OpenOffice.org2
2008-03-07 13:47 --------- d-----w C:\Program Files\Steam
2008-03-07 13:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-06 21:42 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-06 21:35 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-06 21:34 --------- d-----w C:\ProgramData\Lavasoft
2008-03-06 21:34 --------- d-----w C:\Program Files\Lavasoft
2008-03-06 21:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 21:24 --------- d-----w C:\Program Files\A.S.C
2008-03-06 21:23 --------- d-----w C:\Program Files\Navilog1
2008-03-06 20:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-06 18:00 --------- d-----w C:\Program Files\Windows Live
2008-03-06 15:18 --------- d-----w C:\Program Files\Panda Security
2008-03-06 14:56 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-06 14:09 --------- d-----w C:\Program Files\Trend Micro
2008-03-05 21:45 --------- d-----w C:\Program Files\Launch Manager
2008-03-05 16:36 --------- d-----w C:\Users\Elie\AppData\Roaming\LimeWire
2008-03-05 13:20 --------- d-----w C:\Users\Elie\AppData\Roaming\Grisoft
2008-03-05 13:20 --------- d-----w C:\ProgramData\Grisoft
2008-03-04 21:51 --------- d-----w C:\Program Files\CCleaner
2008-03-03 12:44 --------- d-----w C:\Users\Elie\AppData\Roaming\Uniblue
2008-03-02 19:33 --------- d-----w C:\Users\Elie\AppData\Roaming\teamspeak2
2008-03-02 18:58 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-02 18:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-02 18:51 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-03-02 18:51 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-03-02 18:51 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-03-02 18:51 --------- d-----w C:\Program Files\Symantec
2008-03-02 15:45 --------- d-----w C:\ProgramData\Fiveroadfor
2008-03-02 14:40 --------- d-----w C:\Users\Elie\AppData\Roaming\Symantec
2008-03-02 14:20 --------- d-----w C:\Program Files\AxBx
2008-03-02 13:58 --------- d---a-w C:\ProgramData\TEMP
2008-03-01 12:47 --------- d-----w C:\Program Files\New Folder
2008-02-24 16:07 --------- d-----w C:\Program Files\Common Files\Steam
2008-02-22 20:06 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-02-22 17:13 --------- d-----w C:\ProgramData\Admin Inter 1 Mags
2008-02-14 02:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 02:07 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 02:07 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 02:07 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:07 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 02:07 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 02:07 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 02:07 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 02:06 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 02:06 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:06 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:06 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 02:06 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:06 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:06 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 02:06 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:06 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:06 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:06 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 02:03 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 02:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-26 20:37 --------- d-----w C:\Program Files\Windows Media Components
2008-01-26 20:34 --------- d-----w C:\Program Files\NRJ
2008-01-24 20:55 --------- d-----w C:\Program Files\Java
2008-01-22 20:05 --------- d-----w C:\ProgramData\Avg7
2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-01-10 17:29 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-09 21:30 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 21:30 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 21:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 21:29 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-12-12 19:01 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 19:00 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 19:00 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-08-30 15:36 174 --sha-w C:\Program Files\desktop.ini
2007-07-19 08:36 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-07_15.29.37,92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-07 14:04:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-07 16:03:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-07 14:04:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-07 16:03:58 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-07 14:04:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-07 16:03:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 20:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-02 16:04 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 20:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" []
"?????????"="??????????????e" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-20 11:43 171448]
"Steam"="c:\progra~1\steam\steam.exe" [2007-12-03 18:25 1266936]
"MEMO JUGS"="C:\ProgramData\Idol trust trust.tc8u35" [ ]
"1 mags 16 more"="C:\ProgramData\ping multi build.014gm" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-15 20:49 1006264]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 17:12 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 07:13 4018176 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 04:00 815104]
"Acer Tour"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"SetPanel"="" []
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-11-15 07:02 614400]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]
"eRecoveryService"="" []
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 20:43 331776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
C:\Users\Elie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-05 22:36:42 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8EBFFF4D-3E7E-4664-B625-AF732DCAFA64}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{8A8B13C7-3F61-4116-A5E1-BF55907A7D2D}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{4BC46A30-432C-4C21-9B33-42C696CDE3B7}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{7B6D432C-7363-460E-9DE4-91466E13C241}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{FB4957AF-CB28-4ECC-8EB5-13381C40DDB3}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{90D95120-DF4F-47F5-800A-DEB613D486B6}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{67BC16B6-1784-433A-A10B-1A8886E8864C}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{6C2E3E05-8B7C-4353-8B69-CDEAA954F0B2}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{965DFA45-6548-480B-AF1B-B9A2B3C528D7}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{69354A29-D81C-4904-87D3-21C111CAF376}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{1D4882CA-4946-487C-8210-4B1F7A6799CB}"= UDP:C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{2E33DBB7-134F-4C18-BC01-58D816552441}"= TCP:C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:La Bataille pour la Terre du Milieu(tm)
"{1CB2AE5D-0E69-46F9-877A-ED3EBE1F9DB7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{A0CAB59F-2CEA-487A-8B14-FC64BCFE974B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{4F25AA50-F7BF-40F5-95A6-1D51E47EA67B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{C796098D-3CFA-4253-B3B7-C0C32F248AD1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{967EFD1F-238F-4C09-A205-84FFE95DC15A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{6566EB37-B023-45F7-95AB-E867070D91D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{78A20CA3-E277-4477-89D6-685EC98727AC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{DFEE9742-25B5-419C-BF0E-6D4334E6E2BA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{E71AE3E0-42DC-48BE-A815-6B9C9DCFF944}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{A65F8E18-C9F1-444E-954A-14752957B1DE}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{2C2E3022-6B16-4D33-8008-F2968387D564}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{0489961A-9ADF-4BAA-83C5-F22D045A8341}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{42C48FBA-35D2-4073-9B2D-AA4D8ABF2280}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{A00ACA3B-CC1B-493F-8FCE-7120269221FD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{EDA089FE-A121-40FB-B8D9-1D9FCD92D960}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{07D2A656-0B9B-415C-9A01-A5245340E331}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
"C:\Program Files\WINSOS\winsos.exe"= C:\Program Files\WINSOS\winsos.exe:*:Enabled:Winsos
"C:\Program Files\WINSOS\anti-spy.exe"= C:\Program Files\WINSOS\anti-spy.exe:*:Enabled:anti-spy Winsos
"C:\Program Files\WINSOS\help.exe"= C:\Program Files\WINSOS\help.exe:*:Enabled:Winsos Help
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 16:11]
R0 SI3112r;ATI-4379 Serial ATA Controller;C:\Windows\system32\DRIVERS\SI3112r.sys [2007-08-29 03:04]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080305.003\IDSvix86.sys [2008-02-13 17:18]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-11-20 21:43]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2006-12-01 10:34]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 10:39]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-25 03:46]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-22 20:49]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 13:50]
S2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2006-11-13 00:13]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-10 07:38]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-03 19:00:00 C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Elie.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-03-07 14:39:26 C:\Windows\Tasks\User_Feed_Synchronization-{68AFC8CD-F351-4E55-820C-BBEE4D6061DB}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 17:42:09
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-07 17:43:02
ComboFix-quarantined-files.txt 2008-03-07 16:42:59
ComboFix2.txt 2008-03-07 14:30:06
.
2008-03-06 14:56:10 --- E O F ---
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
7 mars 2008 à 18:27
7 mars 2008 à 18:27
ok, où en sont tes soucis ??
@+
@+
mogtp
Messages postés
32
Date d'inscription
mercredi 5 mars 2008
Statut
Membre
Dernière intervention
7 février 2013
6
7 mars 2008 à 18:31
7 mars 2008 à 18:31
ba pour le moment je n'ai aucune page cid qui s'affiche, je te tien au courant
++
++
mogtp
Messages postés
32
Date d'inscription
mercredi 5 mars 2008
Statut
Membre
Dernière intervention
7 février 2013
6
7 mars 2008 à 21:08
7 mars 2008 à 21:08
je te remercie green day
grace a toi je n'ai plus de fenêtre Cid
meeerrrccciiiii
grace a toi je n'ai plus de fenêtre Cid
meeerrrccciiiii
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
7 mars 2008 à 21:43
7 mars 2008 à 21:43
;-))
fais quand même ce qui est indiqué ici, car il reste des "restes de bébéttes" encore :
http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr
++
fais quand même ce qui est indiqué ici, car il reste des "restes de bébéttes" encore :
http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr
++
mogtp
Messages postés
32
Date d'inscription
mercredi 5 mars 2008
Statut
Membre
Dernière intervention
7 février 2013
6
7 mars 2008 à 21:47
7 mars 2008 à 21:47
faut il que je fasse tout car j'ai déjà fai ccleaner et ad-aware
