Comment supprimer un rootkit? (windows vista) - Page 2

Résolu
Précédent
  • 1
  • 2
  1. olstra Messages postés 30 Date d'inscription   Statut Membre Dernière intervention  
     
    alors j'ai réussi à faire fonctionné combofix, apparemment il a supprimé pas mal de chose dont les fameux trojan, je vous poste le rapport.

    ComboFix 09-07-19.04 - xavier 20/07/2009 18:30.1.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3545.1541 [GMT 2:00]
    Lancé depuis: c:\users\xavier\Documents\xavier.exe
    AV: Antivirus BitDefender *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Pare-feu BitDefender *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
    SP: BitDefender AntiSpam *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
    SP: Kaspersky Internet Security *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Un antivirus résident est actif

    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-3395499582-3656299844-1299793059-500
    c:\$recycle.bin\S-1-5-21-632019316-89332599-2046891301-500
    c:\windows\Installer\4c551.msi
    c:\windows\Installer\4e149.msi
    c:\windows\Installer\61bc956.msi
    c:\windows\system32\404Fix.exe
    c:\windows\system32\Agent.OMZ.Fix.exe
    c:\windows\system32\dumphive.exe
    c:\windows\system32\IEDFix.C.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\MSIVXcount
    c:\windows\system32\MSIVXebmmduuvoneuvbcwldaifbyfcmsipgco.dll
    c:\windows\system32\o4Patch.exe
    c:\windows\system32\Process.exe
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-06-20 au 2009-07-20 ))))))))))))))))))))))))))))))))))))
    .

    2009-07-20 16:04 . 2009-07-20 16:07 -------- d-----w- c:\users\xavier\DoctorWeb
    2009-07-19 18:25 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-07-19 18:25 . 2009-07-19 18:25 -------- d-----w- c:\programdata\Malwarebytes
    2009-07-19 18:25 . 2009-07-19 18:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-07-19 18:25 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-07-19 17:53 . 2009-07-19 17:53 35 ----a-w- c:\users\xavier\AppData\Roaming\SetValue.bat
    2009-07-19 16:57 . 2009-07-19 16:58 -------- d-----w- c:\program files\trend micro
    2009-07-19 16:57 . 2009-07-19 16:58 -------- d-----w- C:\rsit
    2009-07-19 11:39 . 2009-07-19 11:40 -------- d-----w- c:\program files\CCleaner
    2009-07-17 16:56 . 2009-07-19 11:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-07-17 16:56 . 2009-07-19 11:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2009-07-17 15:55 . 2009-07-17 15:55 -------- d-----w- c:\windows\system32\EventProviders
    2009-07-15 17:21 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
    2009-07-15 17:21 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-07-15 17:21 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-07-15 17:21 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
    2009-07-13 21:43 . 2009-07-13 21:43 -------- d-----w- c:\users\xavier\AppData\Roaming\Publish Providers
    2009-07-13 21:43 . 2009-07-13 21:43 -------- d-----w- c:\users\xavier\AppData\Roaming\NetMedia Providers
    2009-07-13 21:42 . 2009-07-13 21:42 -------- d-----w- c:\users\xavier\AppData\Roaming\Sony
    2009-07-13 21:39 . 2009-07-13 21:39 -------- d-----w- c:\program files\Vstplugins
    2009-07-13 21:38 . 2009-07-13 21:38 -------- d-----w- c:\program files\Sony
    2009-07-13 21:19 . 2009-07-13 21:43 -------- d-----w- c:\users\xavier\AppData\Local\Sony
    2009-07-13 21:16 . 2009-07-13 21:16 -------- d-----w- c:\program files\Sony Setup
    2009-07-13 12:29 . 2009-07-13 12:41 -------- d-----w- c:\programdata\Roxio
    2009-07-13 12:29 . 2009-07-13 12:29 -------- d-----w- c:\users\xavier\AppData\Roaming\Roxio
    2009-07-11 22:15 . 2009-07-06 20:39 937984 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
    2009-07-11 22:15 . 2009-07-06 20:39 106496 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    2009-07-11 22:15 . 2009-07-06 20:39 103424 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
    2009-07-11 22:15 . 2009-07-06 20:39 65536 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    2009-07-11 22:15 . 2009-07-06 20:39 344064 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
    2009-07-11 22:15 . 2009-07-06 20:39 4722688 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
    2009-07-01 18:55 . 2009-03-24 12:43 43008 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
    2009-07-01 18:55 . 2009-03-24 12:43 43008 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2009-07-01 18:55 . 2009-03-24 12:43 338432 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2009-07-01 18:55 . 2009-03-24 12:43 235520 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
    2009-07-01 18:55 . 2009-03-24 12:42 235008 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
    2009-07-01 18:55 . 2009-03-24 12:42 345088 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2009-07-01 18:48 . 2009-06-29 13:28 106496 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Plugins\npcoolirisplugin.dll
    2009-07-01 18:48 . 2009-06-29 13:28 65536 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com-trash\components\coolirisstub.dll
    2009-07-01 18:48 . 2009-06-29 13:28 4734976 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com-trash\libs\cooliris19.dll
    2009-06-29 16:25 . 2009-06-29 16:25 86576 ----a-w- c:\users\xavier\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
    2009-06-29 16:25 . 2009-06-29 16:25 392728 ----a-w- c:\users\xavier\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
    2009-06-29 16:25 . 2009-06-29 16:25 135680 ----a-w- c:\users\xavier\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    2009-06-29 16:25 . 2009-06-29 16:25 132672 ----a-w- c:\users\xavier\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-20 16:36 . 2009-03-18 23:46 -------- d-----w- c:\users\xavier\AppData\Roaming\DNA
    2009-07-20 16:22 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat
    2009-07-20 16:22 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat
    2009-07-20 16:14 . 2009-06-15 11:06 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
    2009-07-20 16:14 . 2009-06-15 11:06 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    2009-07-20 16:14 . 2009-06-15 11:06 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2009-07-20 16:14 . 2009-06-15 11:06 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-07-20 16:14 . 2009-03-20 23:04 81984 ----a-w- c:\windows\system32\bdod.bin
    2009-07-20 15:40 . 2009-03-18 23:46 -------- d-----w- c:\program files\DNA
    2009-07-20 15:15 . 2009-03-19 14:14 -------- d-----w- c:\programdata\Google Updater
    2009-07-19 17:53 . 2009-07-19 17:53 691 ----a-w- c:\users\xavier\AppData\Roaming\GetValue.vbs
    2009-07-19 15:20 . 2009-03-18 16:53 107504 ----a-w- c:\users\xavier\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-07-17 18:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
    2009-07-17 18:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-07-17 18:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
    2009-07-17 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
    2009-07-17 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
    2009-07-17 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
    2009-07-17 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
    2009-07-17 17:56 . 2006-11-02 12:37 30808 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
    2009-07-17 17:40 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-07-14 00:10 . 2009-03-18 23:47 -------- d-----w- c:\users\xavier\AppData\Roaming\BitTorrent
    2009-07-10 15:49 . 2009-06-19 15:43 -------- d-----w- c:\users\xavier\AppData\Roaming\FileZilla
    2009-07-02 18:55 . 2009-06-19 15:43 -------- d-----w- c:\program files\FileZilla FTP Client
    2009-07-02 16:24 . 2009-06-19 17:04 -------- d-----w- c:\programdata\GamesBar
    2009-07-02 16:24 . 2009-03-10 21:33 -------- d-----w- c:\program files\Common Files\InstallShield
    2009-07-02 16:24 . 2009-03-10 21:33 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-06-21 16:55 . 2009-05-30 23:46 -------- d-----w- c:\program files\PokerStars
    2009-06-19 22:24 . 2009-06-19 22:23 -------- d-----w- c:\program files\VirtualDJ
    2009-06-19 16:45 . 2009-06-19 16:45 -------- d-----w- c:\program files\Common Files\Oberon Media
    2009-06-19 16:45 . 2009-06-19 16:45 -------- d-----w- c:\program files\orange
    2009-06-16 11:29 . 2009-05-27 16:07 -------- d-----w- c:\program files\Sony Ericsson
    2009-06-16 11:29 . 2009-05-27 16:07 -------- d-----w- c:\program files\Common Files\Teleca Shared
    2009-06-15 16:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
    2009-06-15 12:22 . 2009-06-15 12:19 -------- d-----w- c:\programdata\BitDefender
    2009-06-15 12:19 . 2009-03-20 22:52 -------- d-----w- c:\program files\Common Files\BitDefender
    2009-06-15 12:08 . 2009-06-15 12:08 -------- d-----w- c:\users\xavier\AppData\Roaming\BitDefender
    2009-06-15 12:08 . 2009-03-20 22:54 -------- d-----w- c:\program files\BitDefender
    2009-06-15 11:02 . 2009-06-15 11:02 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2009-06-14 20:20 . 2009-03-10 21:41 -------- d-----w- c:\program files\Microsoft Works
    2009-06-11 14:45 . 2009-06-11 14:45 -------- d-----w- c:\program files\iTunes
    2009-06-11 14:45 . 2009-06-11 14:45 -------- d-----w- c:\program files\iPod
    2009-06-11 14:45 . 2009-05-22 17:40 -------- d-----w- c:\program files\Common Files\Apple
    2009-06-11 14:42 . 2009-06-11 14:41 -------- d-----w- c:\program files\QuickTime
    2009-06-11 14:36 . 2009-06-11 14:36 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
    2009-06-09 15:55 . 2009-03-18 19:53 6080 ----a-w- c:\users\xavier\AppData\Local\d3d9caps.dat
    2009-05-27 16:15 . 2009-05-27 16:15 -------- d-----w- c:\users\xavier\AppData\Roaming\Teleca
    2009-05-27 16:08 . 2009-05-27 16:08 -------- d-----w- c:\users\xavier\AppData\Roaming\Sony Ericsson
    2009-05-26 14:56 . 2009-03-19 14:14 -------- d-----w- c:\program files\Google
    2009-05-24 12:10 . 2009-05-22 17:46 -------- d-----w- c:\users\xavier\AppData\Roaming\Apple Computer
    2009-05-22 17:45 . 2009-05-22 17:45 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-05-22 17:45 . 2009-05-22 17:42 -------- d-----w- c:\programdata\Apple Computer
    2009-05-22 17:42 . 2009-05-22 17:42 -------- d-----w- c:\program files\Apple Software Update
    2009-05-22 17:40 . 2009-05-22 17:40 -------- d-----w- c:\programdata\Apple
    2009-05-11 21:14 . 2009-03-18 20:05 1 ----a-w- c:\users\xavier\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2009-05-09 05:50 . 2009-06-12 11:32 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-05-09 05:34 . 2009-06-12 11:32 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-04-30 12:19 . 2009-06-14 01:04 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2009-04-30 12:19 . 2009-06-14 01:04 428544 ----a-w- c:\windows\system32\EncDec.dll
    2009-04-23 12:43 . 2009-06-12 11:32 784896 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-04-23 12:42 . 2009-06-12 11:32 636928 ----a-w- c:\windows\system32\localspl.dll
    2009-07-17 21:52 . 2009-06-30 16:12 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
    2009-03-05 16:08 . 2009-06-15 12:22 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
    2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2009-03-10 21:43 . 2009-03-10 21:43 75 --sh--r- c:\windows\CT4CET.bin
    2009-03-10 23:44 . 2009-03-10 23:38 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "BitTorrent DNA"="c:\users\xavier\Program Files\DNA\btdna.exe" [2009-03-19 321344]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-09 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-09 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-09 154136]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
    "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
    "Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-03-19 778240]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]

    c:\users\xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Notification de cadeaux MSN.lnk - c:\users\xavier\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-6-29 135680]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-03-10 21:53 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"="0x00000000"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "VistaSp2"=hex(b):6d,eb,81,06,07,07,ca,01

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{40CBB5F0-7D0F-49BE-998B-7918D9011B96}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
    "{43A00B0E-6511-40E2-BF1E-98BE5F9A2598}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
    "TCP Query User{E0D5BA17-F070-4FB9-89B1-CFED451F4198}c:\\users\\xavier\\program files\\dna\\btdna.exe"= UDP:c:\users\xavier\program files\dna\btdna.exe:btdna.exe
    "UDP Query User{57F3E03E-A7A4-4357-B1B9-AA9CC05C604B}c:\\users\\xavier\\program files\\dna\\btdna.exe"= TCP:c:\users\xavier\program files\dna\btdna.exe:btdna.exe
    "TCP Query User{226B54BC-9A9A-43A2-9F8E-D15BD6527C98}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
    "UDP Query User{BF5DF13A-2461-4002-952E-BB6C1F667BC7}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
    "TCP Query User{73F9A485-875A-4E38-8DBD-EB40EB001AB1}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
    "UDP Query User{677C0577-0FF9-4BDA-A0DB-662C575E5985}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
    "{9F6DD3EE-1BAB-4A16-8701-860088039BD8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "{3EE81C23-9969-4AF8-86A1-9DFCB6B2FA77}"= UDP:c:\program files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion
    "{EC57927C-1D4B-4EA8-B0E9-30052AB98A8C}"= TCP:c:\program files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion
    "{37CB8D74-87E6-49B3-8B57-8FF05705943E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{7A574168-8191-4AEF-B2C0-4B0A23843515}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{60C82704-968E-412F-A857-A6E10EABD5A9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{D734B391-7CEB-470E-ACD4-C581B8F638C1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "TCP Query User{52B6F832-241D-4CC7-80E1-69042C577025}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
    "UDP Query User{EA099C71-7CDF-4F42-A50D-246AF5B8878D}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA
    "{8BA611DA-9FCF-4F30-B9D4-CAC360D2CCDF}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
    "{8C79475C-C549-4E7F-AF26-6101BEC6D271}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
    "TCP Query User{A5D4B5C7-57F5-4DEC-8E62-CAEE6BD4C93E}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
    "UDP Query User{2EB75FB5-8E2A-4337-8E21-77D1C8C3BE1F}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/2008 17:29 32784]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/2008 17:28 20496]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe [11/03/2009 02:06 81920]
    R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [06/10/2008 18:16 82696]
    R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [24/09/2008 05:09 155648]
    R3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [18/09/2008 12:09 111112]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [12/02/2009 16:52 104328]
    R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13/03/2008 18:02 26640]
    R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\System32\drivers\OA009Ufd.sys [11/03/2009 02:06 144672]
    R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\System32\drivers\OA009Vid.sys [11/03/2009 02:06 269216]
    S2 gupdate1c9a89ea7130974;Service Google Update (gupdate1c9a89ea7130974);c:\program files\Google\Update\GoogleUpdate.exe [19/03/2009 16:26 133104]
    S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
    S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 19:16 172032]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - DwShield00007854

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan
    .
    Contenu du dossier 'Tâches planifiées'

    2009-07-20 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-19 17:53]

    2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 14:25]

    2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 14:25]
    .
    .
    ------- Examen supplémentaire -------
    .
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2237901&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIAWB1&q=
    FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
    FF - component: c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\users\xavier\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
    FF - plugin: c:\users\xavier\Program Files\DNA\plugins\npbtdna.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
    c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
    c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
    c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
    c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
    c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
    c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
    c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-20 18:39
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    c:\users\xavier\AppData\Local\Temp\catchme.dll

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Heure de fin: 2009-07-20 18:41
    ComboFix-quarantined-files.txt 2009-07-20 16:41

    Avant-CF: 86 162 477 056 octets libres
    Après-CF: 86 149 775 360 octets libres

    352 --- E O F --- 2009-07-20 15:17
    0
    1. olstra Messages postés 30 Date d'inscription   Statut Membre Dernière intervention  
       
      Et maintenant comme par hasard malwaresbytes fonctionne, je vais donc lancer un analyse.
      0
  2. gen-hackman
     

    __________________________________________________________
    =>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur,<=
    =>il est fort déconseillé de le transposer sur un autre ordinateur !<=====|
    ---------------------------------------------------------------


    Toujours avec toutes les protections désactivées, fais ceci :

    ♦ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    ♦ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

    ----------------------------------------------------------
    File::
    c:\users\xavier\AppData\Roaming\SetValue.bat
    c:\users\xavier\AppData\Roaming\GetValue.vbs
    ------------------------------------------------------------------

    ♦ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
    ♦ Quitte le Bloc Notes

    ♦ Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) Comme ceci

    ♦ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    ♦ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    ♦ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

    ensuite :

    Télécharge TOOLBAR S&D ( de Eric_71/Team IDN ) sur ton bureau :

    !! Déconnecte toi,desactive tes protections résidentes, et ferme toutes tes applications en cours le temps de la manip. !!

    *clic droit en tant qu'administrateur sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...

    --> Tapes ( option " recherche " ) puis tape sur [Entrée].

    Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse

    ( le rapport est en outre sauvegardé ici -> C:\TB.txt )

    Tutoriel

    ensuite :

    ♦ Désactivez le contrôle des comptes utilisateurs avant utilisation de cet outil:

    ♦ Allez dans "Démarrer" puis Panneau de configuration.
    ♦ Double Cliquez sur l'icône Comptes d'utilisateurs et sur "Activer ou désactiver le contrôle des comptes d'utilisateurs".
    ♦ Décochez la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
    ♦ Validez par OK et redémarrez .

    ensuite

    ♦ Télécharge Ad-remover ( de C_XX ) sur ton bureau :

    ♦ Déconnecte toi et ferme toutes applications en cours !

    ♦ clic droit sur "Ad-R.exe" en tant qu'administrateur pour lancer l'installation et laisse les paramètres d'installation par défaut .

    ♦ clic droit sur le raccourci Ad-remover en tant qu'administrateur qui est sur ton bureau pour lancer l'outil .

    ♦ Au menu principal choisis l'option "L" et tape sur [entrée] .

    ♦ Laisse travailler l'outil et ne touche à rien ...

    ♦ Poste le rapport qui apparait à la fin , sur le forum ...

    ( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    ♦ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
  3. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Salut,

    Désolé pour hier, mais une urgence a fait que j'ai du m'absenter...

    G-H :

    Toujours avec toutes les protections désactivées, fais ceci : 


    D'aprés Combofix : Un antivirus résident est actif

    AV: Antivirus BitDefender *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Pare-feu BitDefender *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
    SP: BitDefender AntiSpam *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
    SP: Kaspersky Internet Security *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Un antivirus résident est actif


    --> faire désinstaller un des 2 antivirus + firewall

    Pour le CFscript, pas de soucis, mais le passage de MBAM pour le détournement de DNS :

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191
    O17 - HKLM\System\CS9\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191


    - Pour le reste, je te laisse continuer si tu veux bien...
    0
    1. olstra Messages postés 30 Date d'inscription   Statut Membre Dernière intervention  
       
      Je poste le deuxième rapport de combofix




      ComboFix 09-07-19.04 - xavier 20/07/2009 19:21.2.2 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3545.1234 [GMT 2:00]
      Lancé depuis: c:\users\xavier\Desktop\xavier.exe
      Commutateurs utilisés :: c:\users\xavier\Desktop\CFScript.txt
      AV: Antivirus BitDefender *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
      AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
      FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
      FW: Pare-feu BitDefender *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
      SP: BitDefender AntiSpam *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
      SP: Kaspersky Internet Security *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
      SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
      * Un nouveau point de restauration a été créé
      .

      ((((((((((((((((((((((((((((( Fichiers créés du 2009-06-20 au 2009-07-20 ))))))))))))))))))))))))))))))))))))
      .

      2009-07-20 16:54 . 2009-07-20 16:54 -------- d-----w- c:\users\xavier\AppData\Roaming\Malwarebytes
      2009-07-20 16:04 . 2009-07-20 16:07 -------- d-----w- c:\users\xavier\DoctorWeb
      2009-07-19 18:25 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2009-07-19 18:25 . 2009-07-19 18:25 -------- d-----w- c:\programdata\Malwarebytes
      2009-07-19 18:25 . 2009-07-19 18:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2009-07-19 18:25 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
      2009-07-19 17:53 . 2009-07-19 17:53 35 ----a-w- c:\users\xavier\AppData\Roaming\SetValue.bat
      2009-07-19 16:57 . 2009-07-19 16:58 -------- d-----w- c:\program files\trend micro
      2009-07-19 16:57 . 2009-07-19 16:58 -------- d-----w- C:\rsit
      2009-07-19 11:39 . 2009-07-19 11:40 -------- d-----w- c:\program files\CCleaner
      2009-07-17 16:56 . 2009-07-19 11:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
      2009-07-17 16:56 . 2009-07-19 11:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
      2009-07-17 15:55 . 2009-07-17 15:55 -------- d-----w- c:\windows\system32\EventProviders
      2009-07-15 17:21 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
      2009-07-15 17:21 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
      2009-07-15 17:21 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
      2009-07-15 17:21 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
      2009-07-13 21:43 . 2009-07-13 21:43 -------- d-----w- c:\users\xavier\AppData\Roaming\Publish Providers
      2009-07-13 21:43 . 2009-07-13 21:43 -------- d-----w- c:\users\xavier\AppData\Roaming\NetMedia Providers
      2009-07-13 21:42 . 2009-07-13 21:42 -------- d-----w- c:\users\xavier\AppData\Roaming\Sony
      2009-07-13 21:39 . 2009-07-13 21:39 -------- d-----w- c:\program files\Vstplugins
      2009-07-13 21:38 . 2009-07-13 21:38 -------- d-----w- c:\program files\Sony
      2009-07-13 21:19 . 2009-07-13 21:43 -------- d-----w- c:\users\xavier\AppData\Local\Sony
      2009-07-13 21:16 . 2009-07-13 21:16 -------- d-----w- c:\program files\Sony Setup
      2009-07-13 12:29 . 2009-07-13 12:41 -------- d-----w- c:\programdata\Roxio
      2009-07-13 12:29 . 2009-07-13 12:29 -------- d-----w- c:\users\xavier\AppData\Roaming\Roxio
      2009-07-11 22:15 . 2009-07-06 20:39 937984 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
      2009-07-11 22:15 . 2009-07-06 20:39 106496 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
      2009-07-11 22:15 . 2009-07-06 20:39 103424 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
      2009-07-11 22:15 . 2009-07-06 20:39 65536 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
      2009-07-11 22:15 . 2009-07-06 20:39 344064 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
      2009-07-11 22:15 . 2009-07-06 20:39 4722688 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
      2009-07-01 18:55 . 2009-03-24 12:43 43008 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
      2009-07-01 18:55 . 2009-03-24 12:43 43008 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
      2009-07-01 18:55 . 2009-03-24 12:43 338432 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
      2009-07-01 18:55 . 2009-03-24 12:43 235520 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
      2009-07-01 18:55 . 2009-03-24 12:42 235008 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
      2009-07-01 18:55 . 2009-03-24 12:42 345088 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
      2009-07-01 18:48 . 2009-06-29 13:28 106496 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Plugins\npcoolirisplugin.dll
      2009-07-01 18:48 . 2009-06-29 13:28 65536 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com-trash\components\coolirisstub.dll
      2009-07-01 18:48 . 2009-06-29 13:28 4734976 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com-trash\libs\cooliris19.dll
      2009-06-29 16:25 . 2009-06-29 16:25 86576 ----a-w- c:\users\xavier\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
      2009-06-29 16:25 . 2009-06-29 16:25 392728 ----a-w- c:\users\xavier\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
      2009-06-29 16:25 . 2009-06-29 16:25 135680 ----a-w- c:\users\xavier\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
      2009-06-29 16:25 . 2009-06-29 16:25 132672 ----a-w- c:\users\xavier\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-07-20 17:26 . 2009-03-18 23:46 -------- d-----w- c:\users\xavier\AppData\Roaming\DNA
      2009-07-20 16:22 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat
      2009-07-20 16:22 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat
      2009-07-20 16:14 . 2009-06-15 11:06 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
      2009-07-20 16:14 . 2009-06-15 11:06 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
      2009-07-20 16:14 . 2009-06-15 11:06 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
      2009-07-20 16:14 . 2009-06-15 11:06 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
      2009-07-20 16:14 . 2009-03-20 23:04 81984 ----a-w- c:\windows\system32\bdod.bin
      2009-07-20 15:40 . 2009-03-18 23:46 -------- d-----w- c:\program files\DNA
      2009-07-20 15:15 . 2009-03-19 14:14 -------- d-----w- c:\programdata\Google Updater
      2009-07-19 17:53 . 2009-07-19 17:53 691 ----a-w- c:\users\xavier\AppData\Roaming\GetValue.vbs
      2009-07-19 15:20 . 2009-03-18 16:53 107504 ----a-w- c:\users\xavier\AppData\Local\GDIPFONTCACHEV1.DAT
      2009-07-17 18:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
      2009-07-17 18:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
      2009-07-17 18:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
      2009-07-17 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
      2009-07-17 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
      2009-07-17 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
      2009-07-17 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
      2009-07-17 17:56 . 2006-11-02 12:37 30808 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
      2009-07-17 17:40 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
      2009-07-14 00:10 . 2009-03-18 23:47 -------- d-----w- c:\users\xavier\AppData\Roaming\BitTorrent
      2009-07-10 15:49 . 2009-06-19 15:43 -------- d-----w- c:\users\xavier\AppData\Roaming\FileZilla
      2009-07-02 18:55 . 2009-06-19 15:43 -------- d-----w- c:\program files\FileZilla FTP Client
      2009-07-02 16:24 . 2009-06-19 17:04 -------- d-----w- c:\programdata\GamesBar
      2009-07-02 16:24 . 2009-03-10 21:33 -------- d-----w- c:\program files\Common Files\InstallShield
      2009-07-02 16:24 . 2009-03-10 21:33 -------- d--h--w- c:\program files\InstallShield Installation Information
      2009-06-21 16:55 . 2009-05-30 23:46 -------- d-----w- c:\program files\PokerStars
      2009-06-19 22:24 . 2009-06-19 22:23 -------- d-----w- c:\program files\VirtualDJ
      2009-06-19 16:45 . 2009-06-19 16:45 -------- d-----w- c:\program files\Common Files\Oberon Media
      2009-06-19 16:45 . 2009-06-19 16:45 -------- d-----w- c:\program files\orange
      2009-06-16 11:29 . 2009-05-27 16:07 -------- d-----w- c:\program files\Sony Ericsson
      2009-06-16 11:29 . 2009-05-27 16:07 -------- d-----w- c:\program files\Common Files\Teleca Shared
      2009-06-15 16:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
      2009-06-15 12:22 . 2009-06-15 12:19 -------- d-----w- c:\programdata\BitDefender
      2009-06-15 12:19 . 2009-03-20 22:52 -------- d-----w- c:\program files\Common Files\BitDefender
      2009-06-15 12:08 . 2009-06-15 12:08 -------- d-----w- c:\users\xavier\AppData\Roaming\BitDefender
      2009-06-15 12:08 . 2009-03-20 22:54 -------- d-----w- c:\program files\BitDefender
      2009-06-15 11:02 . 2009-06-15 11:02 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
      2009-06-14 20:20 . 2009-03-10 21:41 -------- d-----w- c:\program files\Microsoft Works
      2009-06-11 14:45 . 2009-06-11 14:45 -------- d-----w- c:\program files\iTunes
      2009-06-11 14:45 . 2009-06-11 14:45 -------- d-----w- c:\program files\iPod
      2009-06-11 14:45 . 2009-05-22 17:40 -------- d-----w- c:\program files\Common Files\Apple
      2009-06-11 14:42 . 2009-06-11 14:41 -------- d-----w- c:\program files\QuickTime
      2009-06-11 14:36 . 2009-06-11 14:36 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
      2009-06-09 15:55 . 2009-03-18 19:53 6080 ----a-w- c:\users\xavier\AppData\Local\d3d9caps.dat
      2009-05-27 16:15 . 2009-05-27 16:15 -------- d-----w- c:\users\xavier\AppData\Roaming\Teleca
      2009-05-27 16:08 . 2009-05-27 16:08 -------- d-----w- c:\users\xavier\AppData\Roaming\Sony Ericsson
      2009-05-26 14:56 . 2009-03-19 14:14 -------- d-----w- c:\program files\Google
      2009-05-24 12:10 . 2009-05-22 17:46 -------- d-----w- c:\users\xavier\AppData\Roaming\Apple Computer
      2009-05-22 17:45 . 2009-05-22 17:45 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
      2009-05-22 17:45 . 2009-05-22 17:42 -------- d-----w- c:\programdata\Apple Computer
      2009-05-22 17:42 . 2009-05-22 17:42 -------- d-----w- c:\program files\Apple Software Update
      2009-05-22 17:40 . 2009-05-22 17:40 -------- d-----w- c:\programdata\Apple
      2009-05-11 21:14 . 2009-03-18 20:05 1 ----a-w- c:\users\xavier\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
      2009-05-09 05:50 . 2009-06-12 11:32 915456 ----a-w- c:\windows\system32\wininet.dll
      2009-05-09 05:34 . 2009-06-12 11:32 71680 ----a-w- c:\windows\system32\iesetup.dll
      2009-04-30 12:19 . 2009-06-14 01:04 293376 ----a-w- c:\windows\system32\psisdecd.dll
      2009-04-30 12:19 . 2009-06-14 01:04 428544 ----a-w- c:\windows\system32\EncDec.dll
      2009-04-23 12:43 . 2009-06-12 11:32 784896 ----a-w- c:\windows\system32\rpcrt4.dll
      2009-04-23 12:42 . 2009-06-12 11:32 636928 ----a-w- c:\windows\system32\localspl.dll
      2009-07-17 21:52 . 2009-06-30 16:12 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
      2009-03-05 16:08 . 2009-06-15 12:22 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
      2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
      2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
      2009-03-10 21:43 . 2009-03-10 21:43 75 --sh--r- c:\windows\CT4CET.bin
      2009-03-10 23:44 . 2009-03-10 23:38 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
      "BitTorrent DNA"="c:\users\xavier\Program Files\DNA\btdna.exe" [2009-03-19 321344]
      "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
      "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
      "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-09 150040]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-09 178712]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-09 154136]
      "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
      "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
      "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
      "Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
      "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
      "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
      "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-03-19 778240]
      "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
      "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]

      c:\users\xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      Notification de cadeaux MSN.lnk - c:\users\xavier\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-6-29 135680]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
      2009-03-10 21:53 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
      @="Service"

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "UpdatesDisableNotify"="0x00000000"

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
      "AntiVirusOverride"=dword:00000001
      "VistaSp2"=hex(b):6d,eb,81,06,07,07,ca,01

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{40CBB5F0-7D0F-49BE-998B-7918D9011B96}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
      "{43A00B0E-6511-40E2-BF1E-98BE5F9A2598}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
      "TCP Query User{E0D5BA17-F070-4FB9-89B1-CFED451F4198}c:\\users\\xavier\\program files\\dna\\btdna.exe"= UDP:c:\users\xavier\program files\dna\btdna.exe:btdna.exe
      "UDP Query User{57F3E03E-A7A4-4357-B1B9-AA9CC05C604B}c:\\users\\xavier\\program files\\dna\\btdna.exe"= TCP:c:\users\xavier\program files\dna\btdna.exe:btdna.exe
      "TCP Query User{226B54BC-9A9A-43A2-9F8E-D15BD6527C98}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
      "UDP Query User{BF5DF13A-2461-4002-952E-BB6C1F667BC7}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
      "TCP Query User{73F9A485-875A-4E38-8DBD-EB40EB001AB1}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
      "UDP Query User{677C0577-0FF9-4BDA-A0DB-662C575E5985}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
      "{9F6DD3EE-1BAB-4A16-8701-860088039BD8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
      "{3EE81C23-9969-4AF8-86A1-9DFCB6B2FA77}"= UDP:c:\program files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion
      "{EC57927C-1D4B-4EA8-B0E9-30052AB98A8C}"= TCP:c:\program files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion
      "{37CB8D74-87E6-49B3-8B57-8FF05705943E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
      "{7A574168-8191-4AEF-B2C0-4B0A23843515}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
      "{60C82704-968E-412F-A857-A6E10EABD5A9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
      "{D734B391-7CEB-470E-ACD4-C581B8F638C1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
      "TCP Query User{52B6F832-241D-4CC7-80E1-69042C577025}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
      "UDP Query User{EA099C71-7CDF-4F42-A50D-246AF5B8878D}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA
      "{8BA611DA-9FCF-4F30-B9D4-CAC360D2CCDF}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
      "{8C79475C-C549-4E7F-AF26-6101BEC6D271}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
      "TCP Query User{A5D4B5C7-57F5-4DEC-8E62-CAEE6BD4C93E}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
      "UDP Query User{2EB75FB5-8E2A-4337-8E21-77D1C8C3BE1F}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
      "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

      R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/2008 17:29 32784]
      R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/2008 17:28 20496]
      R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe [11/03/2009 02:06 81920]
      R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [06/10/2008 18:16 82696]
      R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [24/09/2008 05:09 155648]
      R3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [18/09/2008 12:09 111112]
      R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [12/02/2009 16:52 104328]
      R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13/03/2008 18:02 26640]
      R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [19/07/2009 20:25 38160]
      R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\System32\drivers\OA009Ufd.sys [11/03/2009 02:06 144672]
      R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\System32\drivers\OA009Vid.sys [11/03/2009 02:06 269216]
      S2 gupdate1c9a89ea7130974;Service Google Update (gupdate1c9a89ea7130974);c:\program files\Google\Update\GoogleUpdate.exe [19/03/2009 16:26 133104]
      S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
      S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 19:16 172032]

      --- Autres Services/Pilotes en mémoire ---

      *NewlyCreated* - MBAMSWISSARMY
      *Deregistered* - DwShield00007854

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      bdx REG_MULTI_SZ scan
      .
      Contenu du dossier 'Tâches planifiées'

      2009-07-20 c:\windows\Tasks\Google Software Updater.job
      - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-19 17:53]

      2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 14:25]

      2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 14:25]
      .
      .
      ------- Examen supplémentaire -------
      .
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      FF - ProfilePath - c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2237901&SearchSource=3&q={searchTerms}
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
      FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIAWB1&q=
      FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
      FF - component: c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
      FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
      FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
      FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
      FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
      FF - plugin: c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
      FF - plugin: c:\users\xavier\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
      FF - plugin: c:\users\xavier\Program Files\DNA\plugins\npbtdna.dll
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

      ---- PARAMETRES FIREFOX ----
      FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
      c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
      c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
      c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
      c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
      c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
      c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
      c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
      c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
      c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
      c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-07-20 19:28
      Windows 6.0.6001 Service Pack 1 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'Explorer.exe'(5184)
      c:\program files\Dell\QuickSet\dadkeyb.dll
      .
      Heure de fin: 2009-07-20 19:32
      ComboFix-quarantined-files.txt 2009-07-20 17:31

      Avant-CF: 89 879 822 336 octets libres
      Après-CF: 89 846 980 608 octets libres

      337 --- E O F --- 2009-07-20 15:17
      0
    2. olstra Messages postés 30 Date d'inscription   Statut Membre Dernière intervention   > olstra Messages postés 30 Date d'inscription   Statut Membre Dernière intervention  
       
      J'ai une petite question, a quoi serve les antivirus type kaspersky ou bitdefender lorsqu'on est infecté?:-) Quant on voit les résulat avec les logiciel comme combofix.
      0
    3. olstra Messages postés 30 Date d'inscription   Statut Membre Dernière intervention   > olstra Messages postés 30 Date d'inscription   Statut Membre Dernière intervention  
       
      Je suis en train de faire une analyse avec malwarebytes, de que c fini je vous poste le rapport. Je voudrais savoir aussi comment désinstaller kaspersky alors que je le voit nulle part.
      0
    4. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503 > olstra Messages postés 30 Date d'inscription   Statut Membre Dernière intervention  
       
      Moi j'ai kaspersky depuis que j'ai mon pc et aucun problème de virus ou autre, kaspersky est considérer comme l'un des meilleurs dans les payants. Moi j'ai kaspersky intenet security 2010.
      0
    5. olstra Messages postés 30 Date d'inscription   Statut Membre Dernière intervention   > pimprenelle27 Messages postés 22182 Statut Contributeur sécurité
       
      alors en faite je l'ai désinstallé parce qu'il ne fonctionnait plus des que j'ai eu le trojan, je pouvais plus l'ouvrir plus l'installer seulement le désinstallé. J'ai donc pris bit defender, le problème c'est que maintenant je me retrouve avec deux antivirus actif, un que j'utilise volontairement(bit defender) et l'autre qui est apparemment actif alors que je l'ai désinstallé( Kaspersky).


      En revanche merci pour tout, mon ordi a pris un bon coup de jeune, plus de fenêtre publicitaire, plus de plantage, il tourne comme une horloge. Ce site est vraiment génial et ceux qui s'occupe de nous encore plus. Que de fleur que de fleur lol.
      0
  4. gen-hackman
     
    C:\Users\xavier\AppData\Roaming\BitTorrent\Virtual Dj Pro V6.0.1 + Crack [blaze69].torrent
    C:\Users\xavier\Documents\Films\Virtual Dj Pro V6.0.1 + Crack [blaze69]
    C:\Users\xavier\Documents\Films\Atomix VirtualDJ Pro 5.2\crack
    C:\Users\xavier\Documents\Films\Atomix VirtualDJ Pro 5.2\crack\serial.txt
    C:\Users\xavier\Documents\Films\Sony ACID Pro 7.0a Build 536\Keygen.exe
    C:\Users\xavier\Documents\Films\Virtual Dj Pro V6.0.1 + Crack [blaze69]\Crack
    C:\Users\xavier\Documents\Films\Virtual Dj Pro V6.0.1 + Crack [blaze69]\Read Me First !!!!!.txt
    C:\Users\xavier\Documents\Films\Virtual Dj Pro V6.0.1 + Crack [blaze69]\Virtual Dj Pro V6.0.1.exe
    C:\Users\xavier\Documents\Films\Virtual Dj Pro V6.0.1 + Crack [blaze69]\Crack\virtualdj.exe


    supprime-les car sources d'infections

    ensuite :


    la suite
    0
    1. olstra Messages postés 30 Date d'inscription   Statut Membre Dernière intervention  
       
      .Voila le rapport


      ======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
      .
      Mit à jour par C_XX le 24/06/2009 à 7:10 PM
      Contact: AdRemover.contact@gmail.com
      Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
      .
      Lancé à: 22:43:41, 20/07/2009 | Mode Normal | Option: CLEAN
      Exécuté de: C:\Program Files\Ad-remover\
      Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
      Nom du PC: PC-DE-XAVIER | Utilisateur actuel: xavier
      .
      Administrateur: Administrateur *Desactive*
      N'est pas administrateur: Invité *Desactive*
      Administrateur: xavier
      .
      ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
      .
      .
      .
      C:\Users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\searchplugins\ask.xml

      (!) -- Fichiers temporaires supprimés.

      .
      ============== Scan additionnel ==============
      .

      * Mozilla FireFox Version 3.5.1 *

      Nom du profil: t93h17v4.default (xavier)
      .
      (Prefs.js) user_pref("browser.search.defaultenginename", "Google");
      (Prefs.js) user_pref("browser.search.selectedEngine", "Google");
      (Prefs.js) user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2237901&SearchSource=3&q={searchTerms}");
      (Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/");
      (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.1");
      .
      .

      * Internet Explorer Version 8.0.6001.18783 *

      [HKEY_CURRENT_USER\..\Internet Explorer\Main]

      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Start Page: hxxp://fr.msn.com/?ocid=iehp

      [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Search bar: hxxp://search.msn.com/spbasic.htm
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start Page: hxxp://fr.msn.com/

      [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

      Tabs: res://ieframe.dll/tabswelcome.htm

      .
      ============== Processus Caches/Bloque ==============
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. gen-hackman
     
    il est pas complet
    0
    1. olstra Messages postés 30 Date d'inscription   Statut Membre Dernière intervention  
       
      c tout ske j'ai eu
      0
  7. gen-hackman
     
    ok fais l'option nettoyage avec toolbar SD
    0
    1. olstra Messages postés 30 Date d'inscription   Statut Membre Dernière intervention  
       
      J'ai fait le nettoyage avec toolbarsd, il n'a rien trouver il m'a seulement supprimer gamesbar. Peut-on dire que mon ordinateur est désinfecter?
      0
  8. gen-hackman
     
    oui c etait justement pour supprimer Games Bar que je t'ai fait nettoyer avec ce logiciel

    refais OTL stp
    0
Précédent
  • 1
  • 2