PC infecté (ralentissement + son absent)

Question

Bonjour,
Je pense avoir été infecté récemment par un trojan ou un truc approchant, peu-être une infection bagle, j'aurait besoin d'un peu d'aide pour remettre de l'ordre.Ci-joint le rapport Hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:47, on 19/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Fichiers DWL Firefox\HiJackThis.exe
C:\Program Files\Mozilla Thunderbird	hunderbird.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ati.com/online/cccwelcome/drivers.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

Narco!4 · Answer

Bonjour,

télécharge GenProc http://www.genproc.com/GenProc.exe

double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre

romainC78 · Answer

Set objFSO = CreateObject("Scripting.FileSystemObject" )
Set objFile = objFSO.CreateTextFile("C:\GenProc\outil\Listeproces.txt" )
strComputer1 = "."
Set objWMIService = GetObject("winmgmts:\" & strComputer1 & "oot\cimv2" )
Set colItems = objWMIService.ExecQuery("Select * from Win32_Process",,48)
For Each objItem in colItems
objFile.WriteLine (objItem.Caption)
next
Set objFSO = Nothing
Set objFile = Nothing
Set objWMIService = Nothing
Set colItems = Nothing

Narco!4 · Answer

Démarrer > Poste de travail > Disque local > GenProc > Arguments ; GenProc[1].txt 
poste le rapport

romainC78 · Answer

Rapport GenProc 2.605 [2] - 19/07/2009 à 19:47:51 
@ Windows XP Service Pack 3 - Mode normal
@ Mozilla Firefox (3.1b3) [Navigateur par défaut]

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante : 


Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :  
- C:\Program Files\EsetOnlineScanner\log.txt

 


~~~~ INFORMATION COMPLEMENTAIRE ~~~~
 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:41, on 19/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\Explorer.EXE
C:\GenProc\outil\Romain Chaldebas_GenProc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ati.com/online/cccwelcome/drivers.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

Narco!4 · Answer

[*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

romainC78 · Answer

ComboFix 09-07-19.01 - Romain Chaldebas 19/07/2009 20:20.1.1 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.1023.476 [GMT 2:00]
Running from: c:\fichiers dwl firefox\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
 * Created a new restore point
 * Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\318b3e.msi
c:\windows\Installer\318b43.msi
c:\windows\Installer\318b48.msi
c:\windows\Installer\318b4d.msi
c:\windows\Installer\318b56.msi
c:\windows\Installer\318b5b.msi
c:\windows\Installer\318b60.msi
c:\windows\Installer\318b65.msi
c:\windows\Installer\318b6e.msi
c:\windows\Installer\318b73.msi
c:\windows\Installer\318b7f.msi
c:\windows\Installer\318b84.msi
c:\windows\Installer\318b89.msi
c:\windows\Installer\318b92.msi
c:\windows\Installer\318b97.msi
c:\windows\Installer\318b9c.msi
c:\windows\Installer\318ba6.msi
c:\windows\Installer\318bac.msi
c:\windows\Installer\318bb1.msi
c:\windows\Installer\318bb8.msi
c:\windows\Installer\318bc0.msi
c:\windows\Installer\318bc7.msi
c:\windows\Installer\318bcc.msi
c:\windows\Installer\318bd4.msi
c:\windows\Installer\318bd9.msi
c:\windows\Installer\318be0.msi
c:\windows\Installer\35605.msi
c:\windows\Installer\3560b.msi
c:\windows\Installer\35611.msi
c:\windows\Installer\49bd4.msi
c:\windows\system32\mfc45.dll
c:\windows\system32\msssc.dll

.
(((((((((((((((((((((((((   Files Created from 2009-06-19 to 2009-07-19  )))))))))))))))))))))))))))))))
.

2009-07-19 17:43 . 2009-07-19 17:43	--------	d-----w-	C:\GenProc
2009-07-17 17:52 . 2009-07-17 19:02	--------	d-----w-	c:\program files\Mozilla Firefox 3.1 Beta 3
2009-07-17 17:04 . 2009-07-17 17:04	--------	d-sh--w-	C:\found.000
2009-07-15 09:55 . 2009-07-18 21:13	--------	d-----w-	c:\documents and settings\Romain Chaldebas\Application Data\vlc
2009-07-12 21:22 . 2009-07-13 22:04	213104	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-11 12:28 . 2009-07-12 11:08	--------	d-----w-	c:\documents and settings\Romain Chaldebas\Application Data\Nikon
2009-07-11 12:27 . 2008-01-10 08:51	110592	----a-r-	c:\windows\system32\RCSigProc.dll
2009-07-11 12:27 . 2008-06-12 08:29	6475096	----a-w-	c:\windows\system32\NEFcodec.dll
2009-07-11 12:27 . 2008-01-10 08:16	200704	----a-r-	c:\windows\system32\Strato7.dll
2009-07-11 12:23 . 2009-07-11 12:23	49152	----a-r-	c:\documents and settings\Romain Chaldebas\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2009-07-11 12:22 . 2009-07-11 12:22	57344	----a-r-	c:\documents and settings\Romain Chaldebas\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2009-07-11 12:18 . 2009-07-11 12:18	--------	d-----w-	c:\program files\Fichiers communs\muvee Technologies
2009-07-11 12:18 . 2009-07-17 21:24	--------	d-----w-	c:\program files\Fichiers communs\Nikon
2009-07-11 12:18 . 2009-07-11 12:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\Nikon
2009-07-11 12:18 . 2009-07-11 12:28	--------	d-----w-	c:\program files\Nikon
2009-07-11 12:16 . 2009-07-11 12:27	--------	d-----w-	c:\documents and settings\All Users\Application Data\Ultima_T15
2009-07-11 12:16 . 2009-07-11 12:27	--------	d-----w-	c:\documents and settings\All Users\Application Data\EnterNHelp
2009-07-10 15:45 . 2009-07-11 08:20	--------	d-----w-	c:\documents and settings\Romain Chaldebas\Local Settings\Application Data\NFS Underground 2
2009-07-10 15:45 . 2009-07-10 15:45	--------	d-----w-	c:\program files\Fichiers communs\DirectX
2009-07-10 15:14 . 2009-07-10 15:14	--------	d-----w-	c:\program files\EA GAMES
2009-07-03 19:14 . 2009-07-03 19:14	--------	d-----w-	c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-03 17:17 . 2009-07-15 09:44	664	----a-w-	c:\windows\system32\d3d9caps.dat
2009-07-03 16:33 . 2009-07-03 16:33	--------	d-----w-	c:\program files\FormatFactory
2009-06-22 15:23 . 2009-06-22 15:33	--------	d-----w-	c:\documents and settings\Romain Chaldebas\Application Data\Internet Download Accelerator
2009-06-22 15:23 . 2007-10-15 10:06	1412608	----a-w-	c:\documents and settings\Romain Chaldebas\Application Data\Internet Download Accelerator	emp\skin.dll
2009-06-22 15:22 . 2009-06-22 16:02	--------	d-----w-	c:\program files\IDA

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 17:37 . 2009-04-26 09:40	--------	d-s---w-	c:\program files\Mozilla Thunderbird
2009-07-19 17:36 . 2009-03-23 16:14	--------	d-s---w-	c:\documents and settings\Romain Chaldebas\Application Data\Azureus
2009-07-18 21:08 . 2009-04-27 20:19	--------	d-s---w-	c:\program files\a-squared Free
2009-07-17 21:18 . 2009-07-11 12:20	0	---h--w-	c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-07-17 21:05 . 2009-03-17 17:40	--------	d-----w-	c:\documents and settings\Romain Chaldebas\Application Data\dvdcss
2009-07-17 20:02 . 2009-03-05 23:35	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-17 17:45 . 2002-09-07 00:00	513046	----a-w-	c:\windows\system32\perfh00C.dat
2009-07-17 17:45 . 2002-09-07 00:00	86074	----a-w-	c:\windows\system32\perfc00C.dat
2009-07-16 20:21 . 2009-07-11 12:16	20	---h--w-	c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-07-15 16:45 . 2009-04-28 12:49	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-15 11:25 . 2009-06-06 21:43	81984	----a-w-	c:\windows\system32\bdod.bin
2009-07-13 21:21 . 2009-04-24 16:07	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-07-13 21:21 . 2009-04-24 16:07	--------	d-s---w-	c:\program files\SpywareBlaster
2009-07-11 12:27 . 2009-07-11 12:27	0	----a-w-	c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-07-11 12:27 . 2009-03-05 22:35	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-07-11 12:16 . 2009-03-10 20:25	106496	----a-w-	c:\windows\system32\ATL71.DLL
2009-07-03 17:52 . 2009-03-21 18:07	--------	d-s---w-	c:\program files\Messenger Plus! Live
2009-06-28 08:59 . 2009-06-03 15:36	--------	d-----w-	c:\program files\TuneUp Utilities 2009
2009-06-21 08:48 . 2009-03-23 17:42	--------	d-s---w-	c:\program files\Adobe Media Player
2009-06-16 14:40 . 2008-04-13 17:33	119808	----a-w-	c:\windows\system32	2embed.dll
2009-06-16 14:40 . 2008-04-13 17:33	81920	----a-w-	c:\windows\system32\fontsub.dll
2009-06-16 07:24 . 2009-03-10 14:48	--------	d-s---w-	c:\program files\Nero
2009-06-16 07:24 . 2009-03-10 14:02	--------	d-----w-	c:\documents and settings\All Users\Application Data\Nero
2009-06-14 19:24 . 2009-04-26 13:10	--------	d-s---w-	c:\program files\Trend Micro
2009-06-14 17:07 . 2009-06-14 17:07	16	----a-w-	C:\asdict.dat
2009-06-13 10:12 . 2009-06-13 10:01	--------	d-----w-	c:\program files\Windows Desktop Search
2009-06-13 10:04 . 2009-06-13 10:04	--------	d-----w-	c:\documents and settings\Romain Chaldebas\Application Data\Windows Search
2009-06-13 09:59 . 2009-06-13 09:59	--------	d-----w-	c:\program files\Windows Media Connect 2
2009-06-11 15:05 . 2009-03-28 10:12	--------	d-s---w-	c:\documents and settings\Romain Chaldebas\Application Data\InstallShield
2009-06-08 08:40 . 2009-05-08 17:31	--------	d-----w-	c:\documents and settings\All Users\Application Data\iolo
2009-06-07 15:23 . 2009-06-07 15:08	--------	d-----w-	c:\documents and settings\Romain Chaldebas\Application Data\GetRight
2009-06-07 14:48 . 2009-06-07 14:48	--------	d-----w-	c:\documents and settings\Administrateur\Application Data\BitDefender
2009-06-07 14:36 . 2009-06-06 19:46	--------	d-s---w-	c:\program files\Microsoft IntelliType Pro
2009-06-07 14:33 . 2009-05-21 18:02	--------	d-s---w-	c:\program files\Max Payne
2009-06-07 12:31 . 2009-06-07 12:31	139	----a-w-	c:\documents and settings\Romain Chaldebas\Local Settings\Application Data\fusioncache.dat
2009-06-06 21:48 . 2009-03-05 22:53	84144	----a-w-	c:\documents and settings\Romain Chaldebas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 19:28 . 2009-06-06 18:44	--------	d-----w-	c:\documents and settings\All Users\Application Data\BitDefender
2009-06-06 19:10 . 2008-08-14 16:54	104328	----a-w-	c:\windows\system32\drivers\bdfndisf.sys
2009-06-06 19:10 . 2008-08-12 16:40	242184	----a-w-	c:\windows\system32\drivers\bdfsfltr.sys
2009-06-06 19:10 . 2008-08-12 16:40	111112	----a-w-	c:\windows\system32\drivers\bdfm.sys
2009-06-06 19:10 . 2008-07-02 11:07	82696	----a-w-	c:\windows\system32\drivers\BDVEDISK.sys
2009-06-06 19:10 . 2008-04-23 16:34	192512	----a-w-	c:\windows\system32	xmlutil.dll
2009-06-06 18:55 . 2009-06-03 16:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\Norton
2009-06-06 18:47 . 2009-06-06 18:47	--------	d-----w-	c:\documents and settings\Romain Chaldebas\Application Data\BitDefender
2009-06-06 18:46 . 2009-06-06 18:44	--------	d-----w-	c:\program files\BitDefender
2009-06-06 18:46 . 2009-06-06 18:35	--------	d-----w-	c:\program files\Fichiers communs\BitDefender
2009-06-06 17:29 . 2009-06-06 17:29	--------	d-----w-	c:\program files\Microsoft IntelliPoint
2009-06-06 17:06 . 2009-06-06 17:06	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-06-06 17:06 . 2009-06-06 17:06	0	---ha-w-	c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-05 10:16 . 2009-05-08 17:47	518	----a-w-	c:\documents and settings\Romain Chaldebas\Application Data\iolo\Registry\Lastestore.bat
2009-06-04 15:47 . 2009-06-04 15:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\Symantec
2009-06-03 19:10 . 2008-04-13 17:33	1297408	----a-w-	c:\windows\system32\quartz.dll
2009-06-03 16:49 . 2009-04-26 13:30	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira
2009-06-03 16:39 . 2009-06-03 16:39	--------	d-----w-	c:\program files\NortonInstaller
2009-06-03 16:39 . 2009-06-03 16:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-03 15:36 . 2009-06-03 15:36	--------	d-sh--w-	c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-03 09:01 . 2009-03-17 16:42	--------	d-s---w-	c:\program files\QuickTime
2009-06-03 09:00 . 2009-03-17 16:42	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-02 12:45 . 2009-03-05 23:36	--------	d-s---w-	c:\documents and settings\Romain Chaldebas\Application Data\DAEMON Tools Lite
2009-06-02 12:43 . 2009-03-06 17:25	--------	d-s---w-	c:\program files\DAEMON Tools Lite
2009-06-02 12:37 . 2009-03-05 23:36	721904	----a-w-	c:\windows\system32\drivers\sptd.sys
2009-05-31 15:29 . 2009-03-06 19:51	--------	d-s---w-	c:\program files\Microsoft LifeCam
2009-05-31 10:19 . 2009-05-08 17:45	1553	----a-w-	c:\documents and settings\Romain Chaldebas\Application Data\ioloestore.bat
2009-05-30 09:37 . 2009-05-30 09:37	--------	d-----w-	c:\program files\AMD
2009-05-30 09:35 . 2009-03-05 22:51	--------	d-----w-	c:\program files\ma-config.com
2009-05-30 09:35 . 2009-03-05 22:51	--------	d-----w-	c:\documents and settings\All Users\Application Data\ma-config.com
2009-05-27 20:24 . 2009-03-28 17:04	--------	d-s---w-	c:\program files\jv16 PowerTools 2009
2009-05-27 20:01 . 2009-03-07 20:47	228	----a-w-	c:\windows\system32\edacded0_x.dat
2009-05-26 19:43 . 2009-03-05 23:27	--------	d-s---w-	c:\program files\Malwarebytes' Anti-Malware
2009-05-26 19:43 . 2009-05-26 19:43	687104	----a-w-	c:\windows\isRS-000.tmp
2009-05-26 19:42 . 2009-04-26 10:21	3371383	----a-w-	c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 11:20 . 2009-03-05 23:27	40160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 11:19 . 2009-03-05 23:28	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-05-22 19:10 . 2009-05-22 19:10	--------	d-----w-	c:\program files\Rockstar Games
2009-05-21 10:44 . 2009-05-21 10:42	--------	d-----w-	c:\documents and settings\Romain Chaldebas\Application Data\HP
2009-05-21 10:43 . 2009-05-21 10:21	187013	----a-w-	c:\windows\hpoins21.dat
2009-05-21 10:42 . 2009-05-21 10:42	--------	d-----w-	c:\documents and settings\All Users\Application Data\WEBREG
2009-05-21 10:27 . 2009-05-21 10:27	--------	d-----w-	c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-05-21 10:27 . 2009-05-21 10:27	--------	d-----w-	c:\documents and settings\All Users\Application Data\HP
2009-05-21 10:27 . 2009-05-21 10:25	--------	d-----w-	c:\program files\HP
2009-05-21 10:26 . 2009-05-21 10:26	--------	d-----w-	c:\program files\Fichiers communs\Hewlett-Packard
2009-05-21 10:26 . 2009-05-21 10:26	--------	d-----w-	c:\program files\Fichiers communs\HP
2009-05-21 10:21 . 2009-05-21 10:21	--------	d-----w-	c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-05-20 08:25 . 2009-05-21 13:16	1553	----a-w-	c:\documents and settings\Romain Chaldebas\Application Data\iolo\Registry\Workingestore.bat
2009-05-13 16:34 . 2009-05-13 16:34	854056	----a-w-	c:\documents and settings\Romain Chaldebas\Application Data\Hide IP NG\hideipng-update.exe
2009-05-13 05:04 . 2008-04-13 17:33	915456	----a-w-	c:\windows\system32\wininet.dll
2009-05-08 23:14 . 2009-06-06 17:02	1418120	----a-w-	c:\windows\system32\wdfcoinstaller01005.dll
2009-05-08 23:14 . 2009-06-06 17:02	14736	----a-w-	c:\windows\system32\drivers
uidfltr.sys
2009-05-07 15:33 . 2008-04-13 17:33	348672	----a-w-	c:\windows\system32\localspl.dll
2009-05-05 07:58 . 2009-03-08 10:13	13976	----a-w-	c:\windows\system32\drivers\videX32.sys
2009-05-01 13:28 . 2009-05-01 13:28	7168	----a-w-	c:\documents and settings\Romain Chaldebas\Application Data\Adobe\CS4ServiceManager\configuration\org.eclipse.osgi\bundles\37\1\.cp\os\win32\JniNetwork.dll
2009-04-23 08:38 . 2009-04-23 08:38	43520	----a-w-	c:\windows\system32\CmdLineExt03.dll
2009-04-21 08:36 . 2009-03-07 18:18	98304	----a-w-	c:\windows\system32\CmdLineExt.dll
2009-04-21 08:09 . 2009-04-21 08:09	297344	----a-w-	c:\windows\system32\drivers\yk51x86.sys
2009-04-21 08:09 . 2009-04-21 08:09	282624	----a-w-	c:\windows\system32\yk51x86.dll
2009-07-17 17:18 . 2009-03-05 22:36	137208	----a-w-	c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-06-06 19:10 . 2008-08-13 17:02	49664	----a-w-	c:\program files\mozilla firefox\components\FFComm.dll
2009-02-24 19:34 . 2009-02-24 19:34	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-10-16 12:09	69144	2BD9953CEFE840CAF31C2D6D1F9AD179	c:\windows\system32\wuauclt.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-04-26 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-06-06 778240]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-01-07 1496968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileSharing"= 1 (0x1)
"MaxRecentDocs"= 11 (0xb)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler	u_logonui.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0ional Edition\0OODB\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\eMule\emule.exe"=
"c:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe"=
"c:\Program Files\Azureus\Azureus.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"=
"c:\Program Files\SpywareBlaster\spywareblaster.exe"=
"c:\Program Files\Microsoft LifeCam\LifeCam.exe"=
"c:\Program Files\Microsoft LifeCam\LifeEnC2.exe"=
"c:\Program Files\Microsoft LifeCam\LifeExp.exe"=
"c:\Program Files\Microsoft LifeCam\LifeTray.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4807:TCP"= 4807:TCP:TCP Emule
"64777:UDP"= 64777:UDP:UDP Emule
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"56789:TCP"= 56789:TCP:TCP Vuze
"443:TCP"= 443:TCP:HTTPS
"21:TCP"= 21:TCP:FTP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [02/07/2008 13:07 82696]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [12/08/2008 18:40 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [14/08/2008 18:54 104328]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/03/2009 01:28 179856]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 13:06 118784]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 audiobridge;Virtual Audio Bridge;c:\windows\system32\drivers\aubridge.sys [23/07/2007 15:04 22528]
S3 cpuz130;cpuz130;\??\c:\docume~1\ROMAIN~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ROMAIN~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/03/2009 01:28 19096]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx	REG_MULTI_SZ   	scan
.
Contents of the 'Scheduled Tasks' folder

2009-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-06-06 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 16:00]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-PskSvcRetail


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.ati.com/online/cccwelcome/drivers.html
uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
uInternet Settings,ProxyServer = socks=127.0.0.1:7070
IE: Download ALL with IDA
IE: Download with IDA
IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Romain Chaldebas\Application Data\Mozilla\Firefox\Profiles\15fmurtv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\ma-config.com
phardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live
pOLW.dll

---- FIREFOX POLICIES ----
FF - user.js: content.switch.threshold - 600000
FF - user.js: dom.disable_window_open_feature.resizable - false
FF - user.js: dom.disable_window_open_feature.minimizable - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
vbsfile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 20:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1417001333-1606980848-2147181963-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3C078FA3-3997-220D-8408-D9C96964ACF7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1417001333-1606980848-2147181963-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ad,2c,32,08,0e,4a,5f,48,62,cc,dd,32,0f,26,b3,40,23,e3,90,84,99,50,5b,
   57,9d,56,1f,23,c0,23,e1,e4,b8,f1,e8,d0,c9,14,75,46,01,49,44,d3,36,08,47,9c,\
"??"=hex:11,9b,4e,6b,e2,c6,35,c7,e3,c4,70,b1,94,ab,14,fd

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="9BDFD6A5F0B0641DBB78E536A38A2BDD832A41B0FE4701DB262871068943803A5A65D7F08184CFCD523446A8B62EDD5E7FF6E5ABB8EE746E28687115D4159A214867BF015D25C323CADE97854C044C2C8A36DBB7ABB1D18C29D181C25416CE4DAFA9DA8FF85889D90BE8AC77044BD746469F1B904268B0952709DC7DE1D6071E0E59C8D9BA898175AB25AA2DF1E9F4EF0ACFED745E8F382D56109434C90DC2B9118300A1FE489F3BFBCA0C5A9DE6AB305E4773A8D449263C9DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B5559DB7CE019D40AA5C3FAD5FB57DE63DBE3BD10775C56A41A2F83B4878A266C784BFCC5692584D45B4066C31BB1266EF55A3646FB860E78EE81624159A3A52513BD2C2F68E22244814A8D9337449D4593F32AFB64A4C2B57D9592B57717F5B1AFE6A2173334778AE37B4E92F1F81B198BC3DCA383984689C14042D1AF5240B21EC51A9A80550C89B561FE0F4F0BE1390C6831E5286A3E8226C3B586F177D7FAB553771F801EEA974613DD85611AA1FE887A4EA6A25EC8BEFE98930EA3505EAC3BDABE0CA96F3C062F74DBF2B1B0F148BDB2343E680C33FD2485A8E2628DA9436DB27B384A656CAD4F0EC57CB21DDC02958E90E3474320BD975801DBCB93F56931F05FC188AB296FDD49FB59825280BB442C406C052E287D917B15C5026179D32A7809FF38B46875361CC44749F29E86495633A025F29626A04062106A16E6EA9C73FD410E974948E894040457DBAE833FE5A0CED5379DBE8C67C1205D072DC588AC4A9E358C448AFEF293CF51E5D2A61E1A233015CEBCAF420742B7B4FF315DEAB7E7EEEFCE043F6709A1E75D4B3E0F154983BBB9BBE17F104B5BB18A96AD4A29AB70831739838EB988D9F366A08D4ABA1FB02A0A5D0BE0818E7689062EE6E4D7DA5D0B1CB5FEE58A8DA4EAD1B446499C7F0BAB7842852A53999A91FEFBFC6CAAB5D337A87CA42C817C30BD796797D0B7980EA0C33ED7877763A48FD3A3ED9CC33D860171E95A0120C6B8CB3025BA5939D18EEADA46FE8F49421676E23F135C9D277DE9AFAA08FC86758DCC27342750A4E06F4B0BD9BF2D309877936F802FBF700FA061A7DEC2447B877D90DF7289889D901802C550AF511808AC51D04BDE3D7620A03B0F7A28A2C4696359B0F2E4F71439E67BC3BF0E6EC5A2C68EF7D97372858AED57AB00B82580A6AF3FD2E996DE341DDD380AFAF516CAACF517F922553EE70D7D49964175D73B089EFC7BBCF5D483D9EC69B66C4D0D538C0C49FE79F2B75F058A634415884E69BEE578D94DD984C572411B6895796367F2BD82A9066C5C85065CA73EA8573E0E07B2CEB887431DBE0975AFC362FE8DEADA27B7A18793DB9"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1872)
c:\windows\system32\scecli.dll
.
Completion time: 2009-07-19 20:40
ComboFix-quarantined-files.txt  2009-07-19 18:40

Pre-Run: 203 426 263 040 octets libres
Post-Run: 203 430 432 768 octets libres

353	--- E O F ---	2009-07-15 16:45

Narco!4 · Answer

Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt

romainC78 · Answer

Le scan est en cours...mais je pense que je viens de découvrir d'ou vient mon problème.Un des sites sur lesquels je me rends au moins une fois par jour a été hacké il y a deux jours (date du début de mes "problèmes"...) Apparemment le site a été hacké de telle sorte qu'il nous redirigeait sur une autre page internet verolé via un code html.Cette page aurait forcé mon navigateur a téléchargé une saloperie...En plus vu que je ne me doutais de rien, je suis retourner sur cette pgae une bonne dizaine de fois...

Le soucis c'est que le scan est a 28% et que nod32 ne trouve rien pour l'instant...

Narco!4 · Answer

laisse faire . . .

romainC78 · Answer

Le scan s'est bloqué à 28%... -_-

PC infecté (ralentissement + son absent)

10 réponses

Votre réponse

Newsletters