Comment supprimer un rootkit? (windows vista)

Résolu
olstra -  
 Utilisateur anonyme -
Bonjour,

Depuis quelques temps bit defender m'affiche une fenêtre m'indiquant qu'il a bloqué un virus "Trojan generic.2020384", il se situe dans le fichier "C:\windows\system32\MSIVXwvmuxwpefsnrtiwiroxtnyvgifiylysm.dll".

Cette fenêtre s'affiche à chaque démarage de windows.

Après m'etre renseigner sur internet j'ai apris que j'était infecté par un rootkit.

J'ai tenter de le supprimer mais bit defender ne peut ni le supprimer ni le reparer ou meme le mettre en quarantaine parce que l'accès est refusé.

De plus lorsque que je cherche le fichier dans le dossier "system 32" je ne le trouve pas.

Pouvez vous m'aider a résoudre ce problème.

Merci Beaucoup.
A voir également:

27 réponses

Précédent
  • 1
  • 2
Réponse 21 / 27
olstra Messages postés 31 Statut Membre
 
alors j'ai réussi à faire fonctionné combofix, apparemment il a supprimé pas mal de chose dont les fameux trojan, je vous poste le rapport.






ComboFix 09-07-19.04 - xavier 20/07/2009 18:30.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3545.1541 [GMT 2:00]
Lancé depuis: c:\users\xavier\Documents\xavier.exe
AV: Antivirus BitDefender *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Pare-feu BitDefender *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender AntiSpam *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Kaspersky Internet Security *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un antivirus résident est actif

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3395499582-3656299844-1299793059-500
c:\$recycle.bin\S-1-5-21-632019316-89332599-2046891301-500
c:\windows\Installer\4c551.msi
c:\windows\Installer\4e149.msi
c:\windows\Installer\61bc956.msi
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXebmmduuvoneuvbcwldaifbyfcmsipgco.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-06-20 au 2009-07-20 ))))))))))))))))))))))))))))))))))))
.

2009-07-20 16:04 . 2009-07-20 16:07 -------- d-----w- c:\users\xavier\DoctorWeb
2009-07-19 18:25 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 18:25 . 2009-07-19 18:25 -------- d-----w- c:\programdata\Malwarebytes
2009-07-19 18:25 . 2009-07-19 18:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-19 18:25 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-19 17:53 . 2009-07-19 17:53 35 ----a-w- c:\users\xavier\AppData\Roaming\SetValue.bat
2009-07-19 16:57 . 2009-07-19 16:58 -------- d-----w- c:\program files\trend micro
2009-07-19 16:57 . 2009-07-19 16:58 -------- d-----w- C:\rsit
2009-07-19 11:39 . 2009-07-19 11:40 -------- d-----w- c:\program files\CCleaner
2009-07-17 16:56 . 2009-07-19 11:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-17 16:56 . 2009-07-19 11:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-17 15:55 . 2009-07-17 15:55 -------- d-----w- c:\windows\system32\EventProviders
2009-07-15 17:21 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 17:21 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 17:21 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 17:21 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-13 21:43 . 2009-07-13 21:43 -------- d-----w- c:\users\xavier\AppData\Roaming\Publish Providers
2009-07-13 21:43 . 2009-07-13 21:43 -------- d-----w- c:\users\xavier\AppData\Roaming\NetMedia Providers
2009-07-13 21:42 . 2009-07-13 21:42 -------- d-----w- c:\users\xavier\AppData\Roaming\Sony
2009-07-13 21:39 . 2009-07-13 21:39 -------- d-----w- c:\program files\Vstplugins
2009-07-13 21:38 . 2009-07-13 21:38 -------- d-----w- c:\program files\Sony
2009-07-13 21:19 . 2009-07-13 21:43 -------- d-----w- c:\users\xavier\AppData\Local\Sony
2009-07-13 21:16 . 2009-07-13 21:16 -------- d-----w- c:\program files\Sony Setup
2009-07-13 12:29 . 2009-07-13 12:41 -------- d-----w- c:\programdata\Roxio
2009-07-13 12:29 . 2009-07-13 12:29 -------- d-----w- c:\users\xavier\AppData\Roaming\Roxio
2009-07-11 22:15 . 2009-07-06 20:39 937984 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-07-11 22:15 . 2009-07-06 20:39 106496 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-07-11 22:15 . 2009-07-06 20:39 103424 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-11 22:15 . 2009-07-06 20:39 65536 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-07-11 22:15 . 2009-07-06 20:39 344064 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-07-11 22:15 . 2009-07-06 20:39 4722688 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-01 18:55 . 2009-03-24 12:43 43008 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-07-01 18:55 . 2009-03-24 12:43 43008 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-07-01 18:55 . 2009-03-24 12:43 338432 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-07-01 18:55 . 2009-03-24 12:43 235520 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-07-01 18:55 . 2009-03-24 12:42 235008 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-07-01 18:55 . 2009-03-24 12:42 345088 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-07-01 18:48 . 2009-06-29 13:28 106496 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Plugins\npcoolirisplugin.dll
2009-07-01 18:48 . 2009-06-29 13:28 65536 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com-trash\components\coolirisstub.dll
2009-07-01 18:48 . 2009-06-29 13:28 4734976 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com-trash\libs\cooliris19.dll
2009-06-29 16:25 . 2009-06-29 16:25 86576 ----a-w- c:\users\xavier\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-06-29 16:25 . 2009-06-29 16:25 392728 ----a-w- c:\users\xavier\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
2009-06-29 16:25 . 2009-06-29 16:25 135680 ----a-w- c:\users\xavier\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2009-06-29 16:25 . 2009-06-29 16:25 132672 ----a-w- c:\users\xavier\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 16:36 . 2009-03-18 23:46 -------- d-----w- c:\users\xavier\AppData\Roaming\DNA
2009-07-20 16:22 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-20 16:22 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-20 16:14 . 2009-06-15 11:06 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-20 16:14 . 2009-06-15 11:06 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-20 16:14 . 2009-06-15 11:06 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-20 16:14 . 2009-06-15 11:06 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-20 16:14 . 2009-03-20 23:04 81984 ----a-w- c:\windows\system32\bdod.bin
2009-07-20 15:40 . 2009-03-18 23:46 -------- d-----w- c:\program files\DNA
2009-07-20 15:15 . 2009-03-19 14:14 -------- d-----w- c:\programdata\Google Updater
2009-07-19 17:53 . 2009-07-19 17:53 691 ----a-w- c:\users\xavier\AppData\Roaming\GetValue.vbs
2009-07-19 15:20 . 2009-03-18 16:53 107504 ----a-w- c:\users\xavier\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-17 18:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-17 18:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-17 18:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-17 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-17 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-17 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-17 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-17 17:56 . 2006-11-02 12:37 30808 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-17 17:40 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-14 00:10 . 2009-03-18 23:47 -------- d-----w- c:\users\xavier\AppData\Roaming\BitTorrent
2009-07-10 15:49 . 2009-06-19 15:43 -------- d-----w- c:\users\xavier\AppData\Roaming\FileZilla
2009-07-02 18:55 . 2009-06-19 15:43 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-02 16:24 . 2009-06-19 17:04 -------- d-----w- c:\programdata\GamesBar
2009-07-02 16:24 . 2009-03-10 21:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-02 16:24 . 2009-03-10 21:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-21 16:55 . 2009-05-30 23:46 -------- d-----w- c:\program files\PokerStars
2009-06-19 22:24 . 2009-06-19 22:23 -------- d-----w- c:\program files\VirtualDJ
2009-06-19 16:45 . 2009-06-19 16:45 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-06-19 16:45 . 2009-06-19 16:45 -------- d-----w- c:\program files\orange
2009-06-16 11:29 . 2009-05-27 16:07 -------- d-----w- c:\program files\Sony Ericsson
2009-06-16 11:29 . 2009-05-27 16:07 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-06-15 16:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-06-15 12:22 . 2009-06-15 12:19 -------- d-----w- c:\programdata\BitDefender
2009-06-15 12:19 . 2009-03-20 22:52 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-15 12:08 . 2009-06-15 12:08 -------- d-----w- c:\users\xavier\AppData\Roaming\BitDefender
2009-06-15 12:08 . 2009-03-20 22:54 -------- d-----w- c:\program files\BitDefender
2009-06-15 11:02 . 2009-06-15 11:02 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-06-14 20:20 . 2009-03-10 21:41 -------- d-----w- c:\program files\Microsoft Works
2009-06-11 14:45 . 2009-06-11 14:45 -------- d-----w- c:\program files\iTunes
2009-06-11 14:45 . 2009-06-11 14:45 -------- d-----w- c:\program files\iPod
2009-06-11 14:45 . 2009-05-22 17:40 -------- d-----w- c:\program files\Common Files\Apple
2009-06-11 14:42 . 2009-06-11 14:41 -------- d-----w- c:\program files\QuickTime
2009-06-11 14:36 . 2009-06-11 14:36 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-09 15:55 . 2009-03-18 19:53 6080 ----a-w- c:\users\xavier\AppData\Local\d3d9caps.dat
2009-05-27 16:15 . 2009-05-27 16:15 -------- d-----w- c:\users\xavier\AppData\Roaming\Teleca
2009-05-27 16:08 . 2009-05-27 16:08 -------- d-----w- c:\users\xavier\AppData\Roaming\Sony Ericsson
2009-05-26 14:56 . 2009-03-19 14:14 -------- d-----w- c:\program files\Google
2009-05-24 12:10 . 2009-05-22 17:46 -------- d-----w- c:\users\xavier\AppData\Roaming\Apple Computer
2009-05-22 17:45 . 2009-05-22 17:45 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-22 17:45 . 2009-05-22 17:42 -------- d-----w- c:\programdata\Apple Computer
2009-05-22 17:42 . 2009-05-22 17:42 -------- d-----w- c:\program files\Apple Software Update
2009-05-22 17:40 . 2009-05-22 17:40 -------- d-----w- c:\programdata\Apple
2009-05-11 21:14 . 2009-03-18 20:05 1 ----a-w- c:\users\xavier\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-09 05:50 . 2009-06-12 11:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-12 11:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-30 12:19 . 2009-06-14 01:04 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:19 . 2009-06-14 01:04 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-23 12:43 . 2009-06-12 11:32 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-12 11:32 636928 ----a-w- c:\windows\system32\localspl.dll
2009-07-17 21:52 . 2009-06-30 16:12 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-03-05 16:08 . 2009-06-15 12:22 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-03-10 21:43 . 2009-03-10 21:43 75 --sh--r- c:\windows\CT4CET.bin
2009-03-10 23:44 . 2009-03-10 23:38 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BitTorrent DNA"="c:\users\xavier\Program Files\DNA\btdna.exe" [2009-03-19 321344]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-09 154136]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-03-19 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]

c:\users\xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - c:\users\xavier\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-6-29 135680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-10 21:53 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):6d,eb,81,06,07,07,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{40CBB5F0-7D0F-49BE-998B-7918D9011B96}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
"{43A00B0E-6511-40E2-BF1E-98BE5F9A2598}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
"TCP Query User{E0D5BA17-F070-4FB9-89B1-CFED451F4198}c:\\users\\xavier\\program files\\dna\\btdna.exe"= UDP:c:\users\xavier\program files\dna\btdna.exe:btdna.exe
"UDP Query User{57F3E03E-A7A4-4357-B1B9-AA9CC05C604B}c:\\users\\xavier\\program files\\dna\\btdna.exe"= TCP:c:\users\xavier\program files\dna\btdna.exe:btdna.exe
"TCP Query User{226B54BC-9A9A-43A2-9F8E-D15BD6527C98}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{BF5DF13A-2461-4002-952E-BB6C1F667BC7}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{73F9A485-875A-4E38-8DBD-EB40EB001AB1}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
"UDP Query User{677C0577-0FF9-4BDA-A0DB-662C575E5985}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
"{9F6DD3EE-1BAB-4A16-8701-860088039BD8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{3EE81C23-9969-4AF8-86A1-9DFCB6B2FA77}"= UDP:c:\program files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion
"{EC57927C-1D4B-4EA8-B0E9-30052AB98A8C}"= TCP:c:\program files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion
"{37CB8D74-87E6-49B3-8B57-8FF05705943E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7A574168-8191-4AEF-B2C0-4B0A23843515}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{60C82704-968E-412F-A857-A6E10EABD5A9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D734B391-7CEB-470E-ACD4-C581B8F638C1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{52B6F832-241D-4CC7-80E1-69042C577025}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
"UDP Query User{EA099C71-7CDF-4F42-A50D-246AF5B8878D}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA
"{8BA611DA-9FCF-4F30-B9D4-CAC360D2CCDF}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{8C79475C-C549-4E7F-AF26-6101BEC6D271}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{A5D4B5C7-57F5-4DEC-8E62-CAEE6BD4C93E}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
"UDP Query User{2EB75FB5-8E2A-4337-8E21-77D1C8C3BE1F}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/2008 17:29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/2008 17:28 20496]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe [11/03/2009 02:06 81920]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [06/10/2008 18:16 82696]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [24/09/2008 05:09 155648]
R3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [18/09/2008 12:09 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [12/02/2009 16:52 104328]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13/03/2008 18:02 26640]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\System32\drivers\OA009Ufd.sys [11/03/2009 02:06 144672]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\System32\drivers\OA009Vid.sys [11/03/2009 02:06 269216]
S2 gupdate1c9a89ea7130974;Service Google Update (gupdate1c9a89ea7130974);c:\program files\Google\Update\GoogleUpdate.exe [19/03/2009 16:26 133104]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 19:16 172032]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - DwShield00007854

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'

2009-07-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-19 17:53]

2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 14:25]

2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 14:25]
.
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2237901&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIAWB1&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\xavier\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\xavier\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 18:39
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\users\xavier\AppData\Local\Temp\catchme.dll

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2009-07-20 18:41
ComboFix-quarantined-files.txt 2009-07-20 16:41

Avant-CF: 86 162 477 056 octets libres
Après-CF: 86 149 775 360 octets libres

352 --- E O F --- 2009-07-20 15:17
0
olstra Messages postés 31 Statut Membre
 
Et maintenant comme par hasard malwaresbytes fonctionne, je vais donc lancer un analyse.
0
Réponse 22 / 27
Utilisateur anonyme
 

__________________________________________________________
=>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur,<=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=====|
---------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

♦ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
♦ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
File::
c:\users\xavier\AppData\Roaming\SetValue.bat
c:\users\xavier\AppData\Roaming\GetValue.vbs
------------------------------------------------------------------

♦ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
♦ Quitte le Bloc Notes

♦ Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) Comme ceci

♦ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
♦ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
♦ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

ensuite :

Télécharge TOOLBAR S&D ( de Eric_71/Team IDN ) sur ton bureau :


!! Déconnecte toi,desactive tes protections résidentes, et ferme toutes tes applications en cours le temps de la manip. !!

*clic droit en tant qu'administrateur sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...

--> Tapes ( option " recherche " ) puis tape sur [Entrée].

Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse

( le rapport est en outre sauvegardé ici -> C:\TB.txt )

Tutoriel

ensuite :


♦ Désactivez le contrôle des comptes utilisateurs avant utilisation de cet outil:

♦ Allez dans "Démarrer" puis Panneau de configuration.
♦ Double Cliquez sur l'icône Comptes d'utilisateurs et sur "Activer ou désactiver le contrôle des comptes d'utilisateurs".
♦ Décochez la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
♦ Validez par OK et redémarrez .

ensuite

♦ Télécharge Ad-remover ( de C_XX ) sur ton bureau :


♦ Déconnecte toi et ferme toutes applications en cours !

♦ clic droit sur "Ad-R.exe" en tant qu'administrateur pour lancer l'installation et laisse les paramètres d'installation par défaut .

♦ clic droit sur le raccourci Ad-remover en tant qu'administrateur qui est sur ton bureau pour lancer l'outil .

♦ Au menu principal choisis l'option "L" et tape sur [entrée] .

♦ Laisse travailler l'outil et ne touche à rien ...

♦ Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

♦ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 23 / 27
Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   572
 
Salut,

Désolé pour hier, mais une urgence a fait que j'ai du m'absenter...

G-H : 

Toujours avec toutes les protections désactivées, fais ceci :


D'aprés Combofix : Un antivirus résident est actif

AV: Antivirus BitDefender *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Pare-feu BitDefender *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender AntiSpam *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Kaspersky Internet Security *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un antivirus résident est actif


--> faire désinstaller un des 2 antivirus + firewall

Pour le CFscript, pas de soucis, mais le passage de MBAM pour le détournement de DNS :

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191

- Pour le reste, je te laisse continuer si tu veux bien...
0
olstra Messages postés 31 Statut Membre
 
Je poste le deuxième rapport de combofix




ComboFix 09-07-19.04 - xavier 20/07/2009 19:21.2.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3545.1234 [GMT 2:00]
Lancé depuis: c:\users\xavier\Desktop\xavier.exe
Commutateurs utilisés :: c:\users\xavier\Desktop\CFScript.txt
AV: Antivirus BitDefender *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Pare-feu BitDefender *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender AntiSpam *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Kaspersky Internet Security *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-06-20 au 2009-07-20 ))))))))))))))))))))))))))))))))))))
.

2009-07-20 16:54 . 2009-07-20 16:54 -------- d-----w- c:\users\xavier\AppData\Roaming\Malwarebytes
2009-07-20 16:04 . 2009-07-20 16:07 -------- d-----w- c:\users\xavier\DoctorWeb
2009-07-19 18:25 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 18:25 . 2009-07-19 18:25 -------- d-----w- c:\programdata\Malwarebytes
2009-07-19 18:25 . 2009-07-19 18:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-19 18:25 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-19 17:53 . 2009-07-19 17:53 35 ----a-w- c:\users\xavier\AppData\Roaming\SetValue.bat
2009-07-19 16:57 . 2009-07-19 16:58 -------- d-----w- c:\program files\trend micro
2009-07-19 16:57 . 2009-07-19 16:58 -------- d-----w- C:\rsit
2009-07-19 11:39 . 2009-07-19 11:40 -------- d-----w- c:\program files\CCleaner
2009-07-17 16:56 . 2009-07-19 11:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-17 16:56 . 2009-07-19 11:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-17 15:55 . 2009-07-17 15:55 -------- d-----w- c:\windows\system32\EventProviders
2009-07-15 17:21 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 17:21 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 17:21 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 17:21 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-13 21:43 . 2009-07-13 21:43 -------- d-----w- c:\users\xavier\AppData\Roaming\Publish Providers
2009-07-13 21:43 . 2009-07-13 21:43 -------- d-----w- c:\users\xavier\AppData\Roaming\NetMedia Providers
2009-07-13 21:42 . 2009-07-13 21:42 -------- d-----w- c:\users\xavier\AppData\Roaming\Sony
2009-07-13 21:39 . 2009-07-13 21:39 -------- d-----w- c:\program files\Vstplugins
2009-07-13 21:38 . 2009-07-13 21:38 -------- d-----w- c:\program files\Sony
2009-07-13 21:19 . 2009-07-13 21:43 -------- d-----w- c:\users\xavier\AppData\Local\Sony
2009-07-13 21:16 . 2009-07-13 21:16 -------- d-----w- c:\program files\Sony Setup
2009-07-13 12:29 . 2009-07-13 12:41 -------- d-----w- c:\programdata\Roxio
2009-07-13 12:29 . 2009-07-13 12:29 -------- d-----w- c:\users\xavier\AppData\Roaming\Roxio
2009-07-11 22:15 . 2009-07-06 20:39 937984 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-07-11 22:15 . 2009-07-06 20:39 106496 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-07-11 22:15 . 2009-07-06 20:39 103424 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-11 22:15 . 2009-07-06 20:39 65536 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-07-11 22:15 . 2009-07-06 20:39 344064 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-07-11 22:15 . 2009-07-06 20:39 4722688 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-01 18:55 . 2009-03-24 12:43 43008 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-07-01 18:55 . 2009-03-24 12:43 43008 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-07-01 18:55 . 2009-03-24 12:43 338432 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-07-01 18:55 . 2009-03-24 12:43 235520 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-07-01 18:55 . 2009-03-24 12:42 235008 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-07-01 18:55 . 2009-03-24 12:42 345088 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-07-01 18:48 . 2009-06-29 13:28 106496 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Plugins\npcoolirisplugin.dll
2009-07-01 18:48 . 2009-06-29 13:28 65536 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com-trash\components\coolirisstub.dll
2009-07-01 18:48 . 2009-06-29 13:28 4734976 ----a-w- c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com-trash\libs\cooliris19.dll
2009-06-29 16:25 . 2009-06-29 16:25 86576 ----a-w- c:\users\xavier\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-06-29 16:25 . 2009-06-29 16:25 392728 ----a-w- c:\users\xavier\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
2009-06-29 16:25 . 2009-06-29 16:25 135680 ----a-w- c:\users\xavier\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2009-06-29 16:25 . 2009-06-29 16:25 132672 ----a-w- c:\users\xavier\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 17:26 . 2009-03-18 23:46 -------- d-----w- c:\users\xavier\AppData\Roaming\DNA
2009-07-20 16:22 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-20 16:22 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-20 16:14 . 2009-06-15 11:06 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-20 16:14 . 2009-06-15 11:06 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-20 16:14 . 2009-06-15 11:06 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-20 16:14 . 2009-06-15 11:06 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-20 16:14 . 2009-03-20 23:04 81984 ----a-w- c:\windows\system32\bdod.bin
2009-07-20 15:40 . 2009-03-18 23:46 -------- d-----w- c:\program files\DNA
2009-07-20 15:15 . 2009-03-19 14:14 -------- d-----w- c:\programdata\Google Updater
2009-07-19 17:53 . 2009-07-19 17:53 691 ----a-w- c:\users\xavier\AppData\Roaming\GetValue.vbs
2009-07-19 15:20 . 2009-03-18 16:53 107504 ----a-w- c:\users\xavier\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-17 18:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-17 18:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-17 18:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-17 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-17 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-17 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-17 18:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-17 17:56 . 2006-11-02 12:37 30808 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-17 17:40 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-14 00:10 . 2009-03-18 23:47 -------- d-----w- c:\users\xavier\AppData\Roaming\BitTorrent
2009-07-10 15:49 . 2009-06-19 15:43 -------- d-----w- c:\users\xavier\AppData\Roaming\FileZilla
2009-07-02 18:55 . 2009-06-19 15:43 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-02 16:24 . 2009-06-19 17:04 -------- d-----w- c:\programdata\GamesBar
2009-07-02 16:24 . 2009-03-10 21:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-02 16:24 . 2009-03-10 21:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-21 16:55 . 2009-05-30 23:46 -------- d-----w- c:\program files\PokerStars
2009-06-19 22:24 . 2009-06-19 22:23 -------- d-----w- c:\program files\VirtualDJ
2009-06-19 16:45 . 2009-06-19 16:45 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-06-19 16:45 . 2009-06-19 16:45 -------- d-----w- c:\program files\orange
2009-06-16 11:29 . 2009-05-27 16:07 -------- d-----w- c:\program files\Sony Ericsson
2009-06-16 11:29 . 2009-05-27 16:07 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-06-15 16:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-06-15 12:22 . 2009-06-15 12:19 -------- d-----w- c:\programdata\BitDefender
2009-06-15 12:19 . 2009-03-20 22:52 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-15 12:08 . 2009-06-15 12:08 -------- d-----w- c:\users\xavier\AppData\Roaming\BitDefender
2009-06-15 12:08 . 2009-03-20 22:54 -------- d-----w- c:\program files\BitDefender
2009-06-15 11:02 . 2009-06-15 11:02 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-06-14 20:20 . 2009-03-10 21:41 -------- d-----w- c:\program files\Microsoft Works
2009-06-11 14:45 . 2009-06-11 14:45 -------- d-----w- c:\program files\iTunes
2009-06-11 14:45 . 2009-06-11 14:45 -------- d-----w- c:\program files\iPod
2009-06-11 14:45 . 2009-05-22 17:40 -------- d-----w- c:\program files\Common Files\Apple
2009-06-11 14:42 . 2009-06-11 14:41 -------- d-----w- c:\program files\QuickTime
2009-06-11 14:36 . 2009-06-11 14:36 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-09 15:55 . 2009-03-18 19:53 6080 ----a-w- c:\users\xavier\AppData\Local\d3d9caps.dat
2009-05-27 16:15 . 2009-05-27 16:15 -------- d-----w- c:\users\xavier\AppData\Roaming\Teleca
2009-05-27 16:08 . 2009-05-27 16:08 -------- d-----w- c:\users\xavier\AppData\Roaming\Sony Ericsson
2009-05-26 14:56 . 2009-03-19 14:14 -------- d-----w- c:\program files\Google
2009-05-24 12:10 . 2009-05-22 17:46 -------- d-----w- c:\users\xavier\AppData\Roaming\Apple Computer
2009-05-22 17:45 . 2009-05-22 17:45 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-22 17:45 . 2009-05-22 17:42 -------- d-----w- c:\programdata\Apple Computer
2009-05-22 17:42 . 2009-05-22 17:42 -------- d-----w- c:\program files\Apple Software Update
2009-05-22 17:40 . 2009-05-22 17:40 -------- d-----w- c:\programdata\Apple
2009-05-11 21:14 . 2009-03-18 20:05 1 ----a-w- c:\users\xavier\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-09 05:50 . 2009-06-12 11:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-12 11:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-30 12:19 . 2009-06-14 01:04 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:19 . 2009-06-14 01:04 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-23 12:43 . 2009-06-12 11:32 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-12 11:32 636928 ----a-w- c:\windows\system32\localspl.dll
2009-07-17 21:52 . 2009-06-30 16:12 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-03-05 16:08 . 2009-06-15 12:22 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-03-10 21:43 . 2009-03-10 21:43 75 --sh--r- c:\windows\CT4CET.bin
2009-03-10 23:44 . 2009-03-10 23:38 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BitTorrent DNA"="c:\users\xavier\Program Files\DNA\btdna.exe" [2009-03-19 321344]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-09 154136]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-03-19 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]

c:\users\xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - c:\users\xavier\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-6-29 135680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-10 21:53 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):6d,eb,81,06,07,07,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{40CBB5F0-7D0F-49BE-998B-7918D9011B96}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
"{43A00B0E-6511-40E2-BF1E-98BE5F9A2598}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
"TCP Query User{E0D5BA17-F070-4FB9-89B1-CFED451F4198}c:\\users\\xavier\\program files\\dna\\btdna.exe"= UDP:c:\users\xavier\program files\dna\btdna.exe:btdna.exe
"UDP Query User{57F3E03E-A7A4-4357-B1B9-AA9CC05C604B}c:\\users\\xavier\\program files\\dna\\btdna.exe"= TCP:c:\users\xavier\program files\dna\btdna.exe:btdna.exe
"TCP Query User{226B54BC-9A9A-43A2-9F8E-D15BD6527C98}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{BF5DF13A-2461-4002-952E-BB6C1F667BC7}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{73F9A485-875A-4E38-8DBD-EB40EB001AB1}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
"UDP Query User{677C0577-0FF9-4BDA-A0DB-662C575E5985}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
"{9F6DD3EE-1BAB-4A16-8701-860088039BD8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{3EE81C23-9969-4AF8-86A1-9DFCB6B2FA77}"= UDP:c:\program files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion
"{EC57927C-1D4B-4EA8-B0E9-30052AB98A8C}"= TCP:c:\program files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion
"{37CB8D74-87E6-49B3-8B57-8FF05705943E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7A574168-8191-4AEF-B2C0-4B0A23843515}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{60C82704-968E-412F-A857-A6E10EABD5A9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D734B391-7CEB-470E-ACD4-C581B8F638C1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{52B6F832-241D-4CC7-80E1-69042C577025}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
"UDP Query User{EA099C71-7CDF-4F42-A50D-246AF5B8878D}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA
"{8BA611DA-9FCF-4F30-B9D4-CAC360D2CCDF}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{8C79475C-C549-4E7F-AF26-6101BEC6D271}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{A5D4B5C7-57F5-4DEC-8E62-CAEE6BD4C93E}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
"UDP Query User{2EB75FB5-8E2A-4337-8E21-77D1C8C3BE1F}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/2008 17:29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/2008 17:28 20496]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe [11/03/2009 02:06 81920]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [06/10/2008 18:16 82696]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [24/09/2008 05:09 155648]
R3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [18/09/2008 12:09 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [12/02/2009 16:52 104328]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13/03/2008 18:02 26640]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [19/07/2009 20:25 38160]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\System32\drivers\OA009Ufd.sys [11/03/2009 02:06 144672]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\System32\drivers\OA009Vid.sys [11/03/2009 02:06 269216]
S2 gupdate1c9a89ea7130974;Service Google Update (gupdate1c9a89ea7130974);c:\program files\Google\Update\GoogleUpdate.exe [19/03/2009 16:26 133104]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 19:16 172032]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - DwShield00007854

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'

2009-07-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-19 17:53]

2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 14:25]

2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 14:25]
.
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2237901&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIAWB1&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\xavier\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\xavier\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 19:28
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(5184)
c:\program files\Dell\QuickSet\dadkeyb.dll
.
Heure de fin: 2009-07-20 19:32
ComboFix-quarantined-files.txt 2009-07-20 17:31

Avant-CF: 89 879 822 336 octets libres
Après-CF: 89 846 980 608 octets libres

337 --- E O F --- 2009-07-20 15:17
0
olstra Messages postés 31 Statut Membre > olstra Messages postés 31 Statut Membre
 
J'ai une petite question, a quoi serve les antivirus type kaspersky ou bitdefender lorsqu'on est infecté?:-) Quant on voit les résulat avec les logiciel comme combofix.
0
olstra Messages postés 31 Statut Membre > olstra Messages postés 31 Statut Membre
 
Je suis en train de faire une analyse avec malwarebytes, de que c fini je vous poste le rapport. Je voudrais savoir aussi comment désinstaller kaspersky alors que je le voit nulle part.
0
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502 > olstra Messages postés 31 Statut Membre
 
Moi j'ai kaspersky depuis que j'ai mon pc et aucun problème de virus ou autre, kaspersky est considérer comme l'un des meilleurs dans les payants. Moi j'ai kaspersky intenet security 2010.
0
olstra Messages postés 31 Statut Membre > pimprenelle27 Messages postés 22182 Statut Contributeur sécurité
 
alors en faite je l'ai désinstallé parce qu'il ne fonctionnait plus des que j'ai eu le trojan, je pouvais plus l'ouvrir plus l'installer seulement le désinstallé. J'ai donc pris bit defender, le problème c'est que maintenant je me retrouve avec deux antivirus actif, un que j'utilise volontairement(bit defender) et l'autre qui est apparemment actif alors que je l'ai désinstallé( Kaspersky).


En revanche merci pour tout, mon ordi a pris un bon coup de jeune, plus de fenêtre publicitaire, plus de plantage, il tourne comme une horloge. Ce site est vraiment génial et ceux qui s'occupe de nous encore plus. Que de fleur que de fleur lol.
0
Réponse 24 / 27
Utilisateur anonyme
 
C:\Users\xavier\AppData\Roaming\BitTorrent\Virtual Dj Pro V6.0.1 + Crack [blaze69].torrent
C:\Users\xavier\Documents\Films\Virtual Dj Pro V6.0.1 + Crack [blaze69]
C:\Users\xavier\Documents\Films\Atomix VirtualDJ Pro 5.2\crack
C:\Users\xavier\Documents\Films\Atomix VirtualDJ Pro 5.2\crack\serial.txt
C:\Users\xavier\Documents\Films\Sony ACID Pro 7.0a Build 536\Keygen.exe
C:\Users\xavier\Documents\Films\Virtual Dj Pro V6.0.1 + Crack [blaze69]\Crack
C:\Users\xavier\Documents\Films\Virtual Dj Pro V6.0.1 + Crack [blaze69]\Read Me First !!!!!.txt
C:\Users\xavier\Documents\Films\Virtual Dj Pro V6.0.1 + Crack [blaze69]\Virtual Dj Pro V6.0.1.exe
C:\Users\xavier\Documents\Films\Virtual Dj Pro V6.0.1 + Crack [blaze69]\Crack\virtualdj.exe

supprime-les car sources d'infections

ensuite :

la suite
0
olstra Messages postés 31 Statut Membre
 
.Voila le rapport


======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 22:43:41, 20/07/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Nom du PC: PC-DE-XAVIER | Utilisateur actuel: xavier
.
Administrateur: Administrateur *Desactive*
N'est pas administrateur: Invité *Desactive*
Administrateur: xavier
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
.
C:\Users\xavier\AppData\Roaming\Mozilla\Firefox\Profiles\t93h17v4.default\searchplugins\ask.xml

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.

* Mozilla FireFox Version 3.5.1 *

Nom du profil: t93h17v4.default (xavier)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "Google");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2237901&SearchSource=3&q={searchTerms}");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.1");
.
.

* Internet Explorer Version 8.0.6001.18783 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Start Page: hxxp://fr.msn.com/?ocid=iehp

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

.
============== Processus Caches/Bloque ==============
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 27
Utilisateur anonyme
 
il est pas complet
0
olstra Messages postés 31 Statut Membre
 
c tout ske j'ai eu
0
Réponse 26 / 27
Utilisateur anonyme
 
ok fais l'option nettoyage avec toolbar SD
0
olstra Messages postés 31 Statut Membre
 
J'ai fait le nettoyage avec toolbarsd, il n'a rien trouver il m'a seulement supprimer gamesbar. Peut-on dire que mon ordinateur est désinfecter?
0
Réponse 27 / 27
Utilisateur anonyme
 
oui c etait justement pour supprimer Games Bar que je t'ai fait nettoyer avec ce logiciel

refais OTL stp
0