A voir également:
- Antivirus 2008 y
- Comodo antivirus - Télécharger - Sécurité
- Panda antivirus gratuit - Télécharger - Antivirus & Antimalwares
- Norton antivirus gratuit - Télécharger - Antivirus & Antimalwares
- Avast antivirus gratuit - Télécharger - Antivirus & Antimalwares
- Bitdefender antivirus free - Télécharger - Antivirus & Antimalwares
5 réponses
corse la recherche antivirus configure le ds les parametres et met reparer ou supprimer les fichier mais avec confimation car il ne fo surtout pas supprimer les fichier systeme
si tu conné reellemen ton ordi sur le bout des doigt tu parcour ton ordi et tu supprime manuellmen les fichier ki ne doivent pas etre la!!!
si tu conné reellemen ton ordi sur le bout des doigt tu parcour ton ordi et tu supprime manuellmen les fichier ki ne doivent pas etre la!!!
ComboFix 08-06-16.5 - tchet 2008-06-19 0:34:56.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.997 [GMT 2:00]
Endroit: C:\Users\tchet\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-18 to 2008-06-18 ))))))))))))))))))))))))))))))))))))
.
2008-06-18 23:21 . 2008-06-18 23:21 <REP> d-------- C:\Program Files\Enigma Software Group
2008-06-18 22:02 . 2008-06-18 22:20 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-06-15 23:24 . 2008-06-17 16:44 <REP> d-------- C:\Users\tchet\AppData\Roaming\Antivirus2008y
2008-06-14 13:12 . 2008-04-23 06:27 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-06-14 13:12 . 2008-04-23 06:27 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 13:12 . 2008-04-23 06:27 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 13:12 . 2008-04-23 06:26 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 13:12 . 2008-04-23 06:26 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-14 13:12 . 2008-04-23 06:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-14 13:12 . 2008-04-23 06:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 10:15 . 2008-04-25 06:22 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl
2008-06-11 10:15 . 2008-04-26 10:02 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-06-11 10:15 . 2008-04-25 06:23 826,368 --a------ C:\Windows\System32\wininet.dll
2008-06-11 10:15 . 2008-05-10 03:21 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 10:15 . 2008-05-10 05:30 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-06-03 16:24 . 2003-03-12 13:50 140 --ah----- C:\WM800918.bin
2008-06-03 16:24 . 2003-01-21 01:20 140 --ah----- C:\Windows\AJ820503.bin
2008-06-03 16:21 . 2008-06-03 16:21 <REP> d-------- C:\Users\tchet\AppData\Roaming\Druide
2008-06-03 16:15 . 2008-06-03 16:22 141 --a------ C:\Windows\Antidote.ini
2008-06-03 16:14 . 2008-06-03 16:20 <REP> d-------- C:\Program Files\Druide
2008-05-31 11:55 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-31 11:55 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 19:36 27,335 ----a-w C:\Users\tchet\AppData\Roaming\nvModes.dat
2008-06-18 09:27 --------- d-----w C:\Users\tchet\AppData\Roaming\VersionTracker Pro
2008-06-16 12:27 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-15 22:18 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-12 11:53 --------- d-----w C:\Program Files\Windows Mail
2008-06-05 07:36 --------- d-----w C:\Users\tchet\AppData\Roaming\U3
2008-04-30 13:27 --------- d-----w C:\ProgramData\CyberLink
2008-04-30 13:16 --------- d-----w C:\Program Files\Everest Poker
2008-04-28 20:03 --------- d-----w C:\Users\tchet\AppData\Roaming\vlc
2008-04-28 20:02 --------- d-----w C:\Program Files\VideoLAN
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-10-19 13:28 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2008-06-18_23.54.05,29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-18 21:50:58 6,156,288 ----a-w C:\Windows\erdnt\Hiv-backup\schema.dat
+ 2008-06-18 22:34:50 6,156,288 ----a-w C:\Windows\erdnt\Hiv-backup\schema.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 02:33 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"Acer Tour Reminder"="" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-11-30 02:52 533944]
"Antivirus2008y"="C:\Program Files\Antivirus2008y\antvrs.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 04:38 40048]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 14:53 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 14:53 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 14:53 81920]
"SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-08-15 11:21 772616]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 13:38 206952]
"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 12:35 94208]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-11-06 10:27 200704]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe" [2008-01-23 15:48 344064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-11-30 02:52 533944]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-07-26 04:17:00 535336]
VersionTrackerPro.lnk - C:\Windows\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2008-01-28 11:32:58 53248]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 12:10:02 394856]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{59DE5281-D76E-4158-8705-CF329C4E4652}"= Profile=Private|C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{F7BE5145-CFB9-4EF6-B59F-1DE503F9CE8D}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{C86DBA55-A3E3-4F9D-96E7-A08610EB6934}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{C65B0CFD-D277-4C74-BB3B-50A605A73447}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{6A4D07C6-A732-400B-A8D0-00EA48F483BE}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{73644098-2451-47DA-8165-70E41B5E8D5C}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{BDBE6B14-ACA1-4CEC-ADDE-9F62643061C6}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{58D2156C-A4F3-41AC-8E79-3381384621DD}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{44BDA4C2-5645-4DE4-A4A0-2A9A7CBE4EBF}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{FEA7F429-D15B-41C0-AF8E-46F483564323}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0A298764-9C9C-4548-AD70-80EADCB27ACF}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2006-11-02 16:51]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
R2 SpyHunter3 Service;SpyHunter3 Service;"C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe" [2008-01-23 15:48]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 14:47]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86862557-7cb9-11dc-89da-001b385708e6}]
\shell\AutoRun\command - nideiect.com
\shell\explore\Command - nideiect.com
\shell\open\Command - nideiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8686255a-7cb9-11dc-89da-001b385708e6}]
\shell\AutoRun\command - J:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
*Newly Created Service* - MCHINJDRV
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-18 09:29:18 C:\Windows\Tasks\User_Feed_Synchronization-{A0F87F9F-83D2-456D-A26C-583E25DF0E37}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-06-18 22:11:01 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 00:36:31
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-19 0:37:26
ComboFix-quarantined-files.txt 2008-06-18 22:37:14
ComboFix2.txt 2008-06-18 22:07:32
ComboFix3.txt 2008-06-18 21:54:31
Pre-Run: 21,076,254,720 octets libres
Post-Run: 20,959,674,368 octets libres
161 --- E O F --- 2008-06-18 09:32:32
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.997 [GMT 2:00]
Endroit: C:\Users\tchet\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-18 to 2008-06-18 ))))))))))))))))))))))))))))))))))))
.
2008-06-18 23:21 . 2008-06-18 23:21 <REP> d-------- C:\Program Files\Enigma Software Group
2008-06-18 22:02 . 2008-06-18 22:20 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-06-15 23:24 . 2008-06-17 16:44 <REP> d-------- C:\Users\tchet\AppData\Roaming\Antivirus2008y
2008-06-14 13:12 . 2008-04-23 06:27 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-06-14 13:12 . 2008-04-23 06:27 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 13:12 . 2008-04-23 06:27 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 13:12 . 2008-04-23 06:26 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 13:12 . 2008-04-23 06:26 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-14 13:12 . 2008-04-23 06:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-14 13:12 . 2008-04-23 06:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 10:15 . 2008-04-25 06:22 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl
2008-06-11 10:15 . 2008-04-26 10:02 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-06-11 10:15 . 2008-04-25 06:23 826,368 --a------ C:\Windows\System32\wininet.dll
2008-06-11 10:15 . 2008-05-10 03:21 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 10:15 . 2008-05-10 05:30 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-06-03 16:24 . 2003-03-12 13:50 140 --ah----- C:\WM800918.bin
2008-06-03 16:24 . 2003-01-21 01:20 140 --ah----- C:\Windows\AJ820503.bin
2008-06-03 16:21 . 2008-06-03 16:21 <REP> d-------- C:\Users\tchet\AppData\Roaming\Druide
2008-06-03 16:15 . 2008-06-03 16:22 141 --a------ C:\Windows\Antidote.ini
2008-06-03 16:14 . 2008-06-03 16:20 <REP> d-------- C:\Program Files\Druide
2008-05-31 11:55 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-31 11:55 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 19:36 27,335 ----a-w C:\Users\tchet\AppData\Roaming\nvModes.dat
2008-06-18 09:27 --------- d-----w C:\Users\tchet\AppData\Roaming\VersionTracker Pro
2008-06-16 12:27 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-15 22:18 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-12 11:53 --------- d-----w C:\Program Files\Windows Mail
2008-06-05 07:36 --------- d-----w C:\Users\tchet\AppData\Roaming\U3
2008-04-30 13:27 --------- d-----w C:\ProgramData\CyberLink
2008-04-30 13:16 --------- d-----w C:\Program Files\Everest Poker
2008-04-28 20:03 --------- d-----w C:\Users\tchet\AppData\Roaming\vlc
2008-04-28 20:02 --------- d-----w C:\Program Files\VideoLAN
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-10-19 13:28 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2008-06-18_23.54.05,29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-18 21:50:58 6,156,288 ----a-w C:\Windows\erdnt\Hiv-backup\schema.dat
+ 2008-06-18 22:34:50 6,156,288 ----a-w C:\Windows\erdnt\Hiv-backup\schema.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 02:33 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"Acer Tour Reminder"="" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-11-30 02:52 533944]
"Antivirus2008y"="C:\Program Files\Antivirus2008y\antvrs.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 04:38 40048]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 14:53 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 14:53 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 14:53 81920]
"SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-08-15 11:21 772616]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 13:38 206952]
"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 12:35 94208]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-11-06 10:27 200704]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe" [2008-01-23 15:48 344064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-11-30 02:52 533944]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-07-26 04:17:00 535336]
VersionTrackerPro.lnk - C:\Windows\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2008-01-28 11:32:58 53248]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 12:10:02 394856]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{59DE5281-D76E-4158-8705-CF329C4E4652}"= Profile=Private|C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{F7BE5145-CFB9-4EF6-B59F-1DE503F9CE8D}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{C86DBA55-A3E3-4F9D-96E7-A08610EB6934}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{C65B0CFD-D277-4C74-BB3B-50A605A73447}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{6A4D07C6-A732-400B-A8D0-00EA48F483BE}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{73644098-2451-47DA-8165-70E41B5E8D5C}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{BDBE6B14-ACA1-4CEC-ADDE-9F62643061C6}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{58D2156C-A4F3-41AC-8E79-3381384621DD}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{44BDA4C2-5645-4DE4-A4A0-2A9A7CBE4EBF}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{FEA7F429-D15B-41C0-AF8E-46F483564323}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0A298764-9C9C-4548-AD70-80EADCB27ACF}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2006-11-02 16:51]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
R2 SpyHunter3 Service;SpyHunter3 Service;"C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe" [2008-01-23 15:48]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 14:47]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86862557-7cb9-11dc-89da-001b385708e6}]
\shell\AutoRun\command - nideiect.com
\shell\explore\Command - nideiect.com
\shell\open\Command - nideiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8686255a-7cb9-11dc-89da-001b385708e6}]
\shell\AutoRun\command - J:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
*Newly Created Service* - MCHINJDRV
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-18 09:29:18 C:\Windows\Tasks\User_Feed_Synchronization-{A0F87F9F-83D2-456D-A26C-583E25DF0E37}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-06-18 22:11:01 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 00:36:31
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-19 0:37:26
ComboFix-quarantined-files.txt 2008-06-18 22:37:14
ComboFix2.txt 2008-06-18 22:07:32
ComboFix3.txt 2008-06-18 21:54:31
Pre-Run: 21,076,254,720 octets libres
Post-Run: 20,959,674,368 octets libres
161 --- E O F --- 2008-06-18 09:32:32
sur ton scan jvoi po ou es le fichier infecté dis moi ou il es ds ce k va ala source du fichier et supprime le
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
