Virus ?

Bonjour,

je pense avoir un virus : Bitedeffender se desactive tout seul voir se desinstalle /reinstalle, vista se bloque je suis obligé de reboot le pc, et j'ai perdu mon compte steam et msn =/

Mon frere télécharge beaucoup donc sa ne metonnerait pas qu'il y ai beaucoup de conneries...

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Bonjour,

Je ne pense pas qu'une infection puisse faire tout ça.

Télécharge Catchme (Przemyslaw Gmerek) sur ton Bureau.

Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse. (Ce rapport est sur ton bureau.)

&

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

Double clique sur HJTInstall.exe pour lancer l'installation.
Clique sur Install.
Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
Accepte la licence en cliquant sur Yes.
Clique sur Do a system scan and save a logfile.
Poste ici le rapport généré.

Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

Aide : Comment utiliser HijackThis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Bonjour et merci de ton aide rapide.

Rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30:07, on 08/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Cyberlink\PowerDVD\PDVDServ.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\rkfree\rkfree.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Users\courtheoux\Desktop\catchme.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trooner.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trooner.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [23C3F5C0] c:\users\courth~1\downlo~1\speedu~1.exe /m="C:\Users\COURTH~1\DOWNLO~1\SPEEDU~1.EXE" /k=""
O4 - HKLM\..\Run: [rkfree] "C:\Program Files\rkfree\rkfree.exe" /b
O4 - HKLM\..\Run: [[webwiz]] "C:\PROGRA~1\_WEBWI~1\WEBWIZ~1.EXE"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [{70A7EA65-4B53-374C-11C1-994C49357903}] C:\Users\courtheoux\AppData\Local\Temp\HLTV-Proxy-Maker_2008-v.1.4.1.exe
O4 - HKCU\..\Run: [{31884173-E508-0B54-233F-B251FB084E84}] C:\Users\courtheoux\AppData\Local\Temp\HLTV-Proxy-Maker_2008-v.1.4.1.exe
O4 - HKCU\..\Run: [a] C:\Users\courtheoux\AppData\Local\Temp\HLTV-Proxy-Maker_2008-v.1.4.1.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: [webwiz] - webcam via ftp - [RUELEPIC] (webwiz) - [ruelepic] - C:\PROGRA~1\_WEBWI~1\Webwizsvc.exe

--
End of file - 10494 bytes

le scan " catchme " est en cour, je le post dés que c'est fini

Répondre à tondlapelouse

Rapport catchme :

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 13:35:05
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B3C0F8B-89AB-AD6B-6012-3E4CA5ADF58E}]
"paencfjpgmnpmpnnoeeleehhcfkapinp"=hex:6a,61,6f,69,70,6e,6e,62,68,64,6d,6f,67,6e,70,6c,67,69,6e,6c,00,..
"abcmmffpcdplgcbkcpaoenfeebhcnekibg"=hex:6a,61,68,69,61,6f,69,6a,64,66,70,6b,68,6e,6e,63,69,69,66,6e,00,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Répondre à tondlapelouse

Me suis trompé

Télécharge ComboFix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique sur ComboFix.exe.
Accepte la licence en cliquant sur Oui.
Le programme va te demander si tu souhaites installer la Console de Récupération. C'est une précaution, au cas où l'ordinateur tomberait en panne. Je te conseille donc de l'installer, ça ne coûte rien, et ça pourrait potentiellement servir !
Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide : Comment utiliser ComboFix.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

ComboFix 09-07-07.A7 - courtheoux 08/07/2009 14:55.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2814.1449 [GMT 2:00]
Lancé depuis: c:\users\courtheoux\Downloads\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un antivirus résident est actif

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3075980186-2255694939-211287601-500
c:\windows\lmhosts
D:\install.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-06-08 au 2009-07-08 ))))))))))))))))))))))))))))))))))))
.

2009-07-08 11:29 . 2009-07-08 11:29 -------- d-----w- c:\program files\Trend Micro
2009-07-08 10:37 . 2009-07-08 10:38 -------- d-----w- c:\program files\AIDA32 - Personal System Information
2009-07-07 19:03 . 2009-07-07 19:03 -------- d-----w- c:\program files\ACSPMonitor
2009-07-07 19:03 . 2009-04-25 22:51 45056 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\ActualSpy\ActualSpy.exe
2009-07-07 18:59 . 2009-07-07 18:59 -------- d-----w- c:\program files\WinPcap
2009-07-07 18:58 . 2009-07-07 18:58 -------- d-----w- c:\program files\IMMonitor
2009-07-07 17:32 . 2009-07-07 17:32 -------- d-----w- c:\users\courtheoux\Police utilisée
2009-07-07 16:44 . 2009-07-07 18:02 -------- d-----w- c:\users\courtheoux\amx help
2009-07-07 11:48 . 2009-07-07 11:49 -------- d-----w- c:\program files\[webwiz]
2009-07-05 17:56 . 2009-07-05 21:05 -------- d-----w- C:\+2H Cheat
2009-07-04 16:29 . 2009-07-07 14:29 -------- d-----w- C:\HammerAutosave
2009-07-03 20:15 . 2009-07-03 20:22 -------- d-----w- c:\users\courtheoux\JAIL MOD
2009-07-03 18:48 . 2009-07-03 18:52 -------- d-----w- C:\Valve Hammer Editor
2009-07-02 19:49 . 2009-07-02 19:49 -------- d-----w- c:\program files\A4Proxy
2009-07-02 16:22 . 2009-07-02 16:23 -------- d-----w- c:\users\courtheoux\skins
2009-06-30 10:17 . 2005-10-02 17:57 -------- d-----w- c:\users\Public\cstrike
2009-06-29 16:28 . 2009-06-29 16:28 -------- d-----w- c:\program files\Common Files\ParallelGraphics
2009-06-28 17:00 . 2009-06-28 17:00 155941 ----a-w- c:\users\courtheoux\FileZilla_3.2.6_win32-setup.exe
2009-06-27 18:51 . 2009-07-02 14:45 -------- d-----w- c:\users\courtheoux\stcheat
2009-06-27 18:46 . 2009-01-04 10:35 31232 ----a-w- c:\windows\system\vdremote.dll
2009-06-27 18:46 . 2009-01-04 10:35 25088 ----a-w- c:\windows\system\vdsvrlnk.dll
2009-06-23 18:00 . 2009-06-23 18:00 -------- d-----w- c:\program files\UZC Trial
2009-06-23 17:58 . 2009-06-23 17:58 -------- d-----w- c:\program files\RAR Password Cracker
2009-06-23 07:23 . 2009-06-23 07:25 -------- d-----w- C:\Perl
2009-06-22 18:15 . 2009-06-22 18:15 -------- d---a-w- c:\programdata\rkfree
2009-06-22 18:15 . 2009-06-22 18:15 -------- d-----w- c:\program files\rkfree
2009-06-22 16:12 . 2009-06-22 16:12 -------- d-----w- c:\program files\X-NetStat
2009-06-22 15:38 . 2009-06-22 15:38 -------- d-----w- c:\program files\NeoTrace Express
2009-06-22 11:08 . 2009-06-22 11:08 -------- dc----w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-06-22 08:05 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-22 08:05 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-22 08:05 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-22 08:05 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-22 08:05 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-22 08:05 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-22 08:05 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-22 07:58 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-22 07:58 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-22 07:58 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-22 07:58 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-22 07:58 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-22 07:54 . 2009-06-22 07:54 -------- d--h--r- C:\AHCache
2009-06-21 18:26 . 2009-06-21 18:26 132 ----a-w- C:\httpdwl.dat
2009-06-21 18:26 . 2009-07-04 15:07 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-21 17:03 . 2009-06-25 06:23 -------- d-----w- c:\windows\system32\logs
2009-06-21 17:03 . 2009-06-21 17:03 -------- d-----w- c:\users\courtheoux\AppData\Roaming\BitDefender
2009-06-21 17:03 . 2009-06-21 17:06 -------- d-----w- c:\programdata\BitDefender
2009-06-21 17:03 . 2009-06-21 17:03 -------- d-----w- c:\program files\BitDefender
2009-06-21 17:01 . 2009-06-21 17:01 -------- d-----w- c:\windows\system32\URTTEMP
2009-06-21 17:01 . 2009-06-21 17:03 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-21 14:07 . 2009-06-21 14:07 -------- d-----w- c:\program files\Bonjour
2009-06-21 14:00 . 2009-06-21 14:00 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-21 10:57 . 2009-06-21 12:59 -------- d-----w- c:\users\courtheoux\AppData\Roaming\JonDo
2009-06-21 10:56 . 2009-06-21 10:56 -------- d-----w- c:\program files\JAP
2009-06-21 09:37 . 2009-06-21 12:05 -------- d-----w- c:\programdata\Symantec
2009-06-21 09:37 . 2009-06-21 12:06 -------- d-----w- c:\programdata\Norton
2009-06-21 09:31 . 2009-06-21 09:36 -------- d-----w- c:\programdata\NortonInstaller
2009-06-21 09:07 . 2009-03-30 17:54 -------- d-----w- c:\users\courtheoux\250EAGAMES
2009-06-21 07:44 . 2008-11-16 18:14 167 ----a-w- c:\users\courtheoux\disable_activation.cmd
2009-06-20 13:38 . 2009-06-20 13:39 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-20 13:38 . 2009-06-20 13:39 -------- d-----w- c:\users\courtheoux\AppData\Roaming\SystemRequirementsLab
2009-06-20 13:38 . 2009-06-20 13:38 207872 ----a-w- c:\users\courtheoux\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-06-20 13:38 . 2009-06-20 13:38 207872 ----a-w- c:\users\courtheoux\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-06-20 13:38 . 2009-06-20 13:38 207872 ----a-w- c:\users\courtheoux\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-06-20 13:38 . 2009-06-20 13:38 207872 ----a-w- c:\users\courtheoux\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-06-13 19:47 . 2009-06-13 19:47 -------- d-----w- c:\program files\DOSBox-0.72
2009-06-13 16:49 . 2009-06-13 16:49 -------- d-----w- C:\PROGRAMM
2009-06-13 16:42 . 2009-06-13 16:42 -------- d-----w- c:\users\courtheoux\AppData\Roaming\ScummVM
2009-06-13 16:42 . 2009-06-13 16:42 -------- d-----w- c:\program files\ScummVM
2009-06-13 16:23 . 2009-06-13 16:46 -------- d-----w- C:\oldies
2009-06-13 11:33 . 2009-06-13 11:43 -------- d-----w- C:\World of Warcraft
2009-06-13 10:55 . 2009-06-13 10:55 -------- d-----w- c:\users\courtheoux\patch
2009-06-12 12:41 . 2009-07-08 12:07 -------- d-----w- c:\users\courtheoux\Tracing
2009-06-12 12:38 . 2009-06-12 12:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-12 12:37 . 2009-06-12 12:37 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-06-12 12:36 . 2008-06-26 03:21 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-06-12 12:36 . 2008-06-26 03:21 347648 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-06-12 12:33 . 2009-06-12 12:38 -------- d-----w- c:\program files\Microsoft
2009-06-12 12:33 . 2009-06-12 12:33 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-12 12:27 . 2009-06-12 12:27 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-09 06:40 . 2009-06-09 06:40 -------- d-----w- c:\users\courtheoux\AppData\Local\Microsoft Help

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-08 12:48 . 2008-11-07 17:24 -------- d-----w- c:\program files\Steam
2009-07-08 11:47 . 2008-12-27 16:04 -------- d-----w- c:\users\courtheoux\AppData\Roaming\FileZilla
2009-07-08 09:56 . 2008-01-21 07:23 713316 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-08 09:56 . 2008-01-21 07:23 143336 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-07 13:23 . 2008-11-11 14:21 -------- d-----w- c:\users\courtheoux\AppData\Roaming\teamspeak2
2009-07-04 19:29 . 2009-02-18 13:30 -------- d-----w- c:\users\courtheoux\AppData\Roaming\Mumble
2009-07-03 18:46 . 2009-06-04 16:33 -------- d-----w- c:\program files\Valve Hammer Editor
2009-07-03 14:03 . 2008-11-07 17:24 -------- d-----w- c:\program files\Common Files\Steam
2009-06-30 15:56 . 2009-03-26 17:49 -------- d-----w- c:\users\courtheoux\AppData\Roaming\LimeWire
2009-06-25 06:19 . 2009-06-07 17:07 -------- d-----w- c:\program files\DeskSpace
2009-06-23 13:33 . 2008-11-07 17:46 -------- d-----w- c:\program files\Dofus
2009-06-22 14:50 . 2009-04-12 17:55 -------- d-----w- c:\programdata\Messenger Plus!
2009-06-21 17:10 . 2008-08-12 16:40 242184 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2009-06-21 17:10 . 2008-04-23 16:34 192512 ----a-w- c:\windows\system32\txmlutil.dll
2009-06-21 17:10 . 2008-08-14 16:54 104328 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2009-06-21 17:10 . 2008-08-12 16:40 111112 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-06-21 17:10 . 2008-07-02 11:07 82696 ----a-w- c:\windows\system32\drivers\BDVEDISK.sys
2009-06-21 17:06 . 2008-11-07 15:54 71280 ----a-w- c:\users\courtheoux\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-21 14:07 . 2008-03-16 21:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-21 09:36 . 2008-03-16 21:24 -------- d-----w- c:\programdata\McAfee
2009-06-13 11:34 . 2009-03-24 14:54 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-06-12 12:38 . 2008-11-07 17:05 -------- d-----w- c:\program files\Windows Live
2009-06-11 06:35 . 2009-04-03 12:03 -------- d-----w- c:\program files\GUILD WARS
2009-06-08 05:46 . 2008-03-16 21:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-07 17:08 . 2009-06-07 17:08 -------- d-----w- c:\users\courtheoux\AppData\Roaming\OtakuSoftware
2009-06-05 06:12 . 2009-06-05 06:12 -------- d-----w- c:\users\courtheoux\AppData\Roaming\Publish Providers
2009-06-05 06:11 . 2009-06-05 06:10 -------- d-----w- c:\users\courtheoux\AppData\Roaming\Sony
2009-06-05 06:10 . 2009-06-05 06:08 -------- d-----w- c:\programdata\Sony
2009-06-05 06:08 . 2009-03-17 17:40 -------- d-----w- c:\program files\VstPlugins
2009-06-05 06:07 . 2009-06-05 06:07 -------- d-----w- c:\program files\Sony
2009-06-05 06:06 . 2009-06-05 06:06 -------- d-----w- c:\program files\Sony Setup
2009-05-30 13:57 . 2009-05-30 13:56 -------- d-----w- c:\program files\AMX Mod X
2009-05-29 06:04 . 2009-05-29 06:04 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-29 06:03 . 2009-05-29 06:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-29 06:03 . 2009-05-29 06:03 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-29 06:03 . 2009-05-29 06:03 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-29 06:03 . 2009-05-29 06:03 -------- d-----w- c:\program files\OpenAL
2009-05-22 11:15 . 2009-04-09 16:49 -------- d-----w- c:\users\courtheoux\AppData\Roaming\HLSW
2009-05-21 15:33 . 2009-05-21 15:31 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-21 15:33 . 2009-05-21 15:31 22328 ----a-w- c:\users\courtheoux\AppData\Roaming\PnkBstrK.sys
2009-05-21 15:33 . 2009-05-21 15:31 22328 ----a-w- c:\users\courtheoux\AppData\Roaming\PnkBstrK.sys
2009-05-21 15:33 . 2009-05-21 15:31 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-21 15:32 . 2009-05-21 15:31 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-21 15:32 . 2009-05-21 15:31 2246144 ----a-w- c:\windows\system32\pbsvc.exe
2009-05-21 14:23 . 2009-05-21 14:23 -------- d-----w- c:\program files\S2SaTstrat
2009-05-13 18:20 . 2009-05-13 18:20 -------- d-----w- c:\program files\Cheat Engine
2009-05-12 08:12 . 2008-11-14 11:24 680 ----a-w- c:\users\courtheoux\AppData\Local\d3d9caps.dat
2009-05-10 14:11 . 2009-03-18 12:05 -------- d-----w- c:\users\courtheoux\AppData\Roaming\mIRC
2009-06-21 17:10 . 2008-08-13 17:02 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Steam"="c:\program files\steam\steam.exe" [2009-06-10 1217784]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 34040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-17 148888]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-06-21 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-06-21 69632]
"rkfree"="c:\program files\rkfree\rkfree.exe" [2009-06-22 71168]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-29 4911104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4103F052-E003-4490-BD69-3540FA6B3A71}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8EC8F6BC-AE56-4326-8E74-C8EDBC486A01}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E6866BB3-8C90-4EEF-9863-C67E0571D394}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{4FDF10B6-8DA0-499A-B9CF-0CE6D8280686}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{C9DE9E3B-1B9B-48AA-82AC-076E1FD1E51E}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{D2108991-E9EA-4E14-A6CB-42E7CF5D0178}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{0E1892D0-A1BA-4AE0-9523-55F224724B90}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{5B0115C2-E5DA-4E9C-803F-ADAD1491E89E}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{F30B0D8F-CC32-4BE9-B123-A607A8D841EC}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{06C21DEA-8BBC-47EF-9862-50630F166761}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{3AABA5A1-838D-4E4A-B859-0DB0F30CE56E}"= UDP:c:\users\courtheoux\Documents\wr_installer_020707.exe:wr_installer_020707
"{1DE28535-4B78-4351-962B-C641C137F1F3}"= TCP:c:\users\courtheoux\Documents\wr_installer_020707.exe:wr_installer_020707
"{CE981C34-E6B4-4C2B-B762-2712A62A4E7A}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{BC024D96-3716-4237-86BA-7D40D1886409}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{B8C5766B-7298-4EB4-8BE3-3F7B9A367C2C}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{1521363D-ADF4-4244-8E6A-677982C04144}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{9CB8C7FF-0C4E-421D-B56F-FDDE8A2D3911}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{745131C6-0346-49AD-9AD0-CD225E780DD3}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{A13EE7B8-EAB2-42C6-9E58-C1ADBF557AA6}"= UDP:c:\windows\System32\PnkBstrA.exenkBstrA
"{A611C902-5A1E-4432-87C0-02ABDB2581F6}"= TCP:c:\windows\System32\PnkBstrA.exenkBstrA
"{1B6A09C8-4DF5-44D8-8B05-922132D61DB3}"= UDP:c:\windows\System32\PnkBstrB.exenkBstrB
"{D1A97554-2099-43EE-91CE-7B01E4EE5503}"= TCP:c:\windows\System32\PnkBstrB.exenkBstrB
"{F5A71369-EE98-4342-A13F-3BCB35B5278B}"= UDP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{020F0101-0DE3-476D-80D7-05A6F5F7E07F}"= TCP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{5C19FF9F-4207-42D1-B508-CCBB49A8A879}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{0607BDE8-A27C-467E-90F7-E290BA02AB86}c:\\program files\\steam\\steamapps\\nainsim\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\nainsim\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{26948E93-825D-4679-9BEB-D09C25232063}c:\\program files\\steam\\steamapps\\nainsim\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\nainsim\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{31470EB6-89D3-4F33-AFB9-AF891BD09E25}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{97D9C475-E89B-472E-BB7E-1A6C36D2EDE9}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{BB84A6C6-9170-40DD-ABA4-5BE9E292D7E4}c:\\program files\\steam\\steamapps\\quentincourtheoux\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\quentincourtheoux\counter-strike source\hl2.exe:hl2
"UDP Query User{81ADB954-8B65-4821-A4A1-F3C7DCC885CE}c:\\program files\\steam\\steamapps\\quentincourtheoux\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\quentincourtheoux\counter-strike source\hl2.exe:hl2
"{6B13BCCF-0B4C-4C43-96E9-C9FEB239442F}"= UDP:c:\program files\ACSPMonitor\ASMonitor.exe:System
"{BCF68AEE-F679-4701-9277-37D9E8D843F2}"= TCP:c:\program files\ACSPMonitor\ASMonitor.exe:System

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [02/07/2008 13:07 82696]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [25/02/2008 19:57 21752]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [16/03/2008 23:23 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/02/2008 03:02 49152]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/02/2008 19:53 131072]
R2 webwiz;[webwiz] - webcam via ftp - [RUELEPIC];c:\progra~1\_WEBWI~1\Webwizsvc.exe [07/07/2009 13:49 301568]
R3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [12/08/2008 18:40 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [14/08/2008 18:54 104328]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\System32\drivers\RTL8187B.sys [07/11/2008 18:17 229376]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 13:06 118784]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [15/03/2009 09:34 216232]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06/11/2007 22:22 34064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bdx REG_MULTI_SZ scan
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-[webwiz] - (no file)
HKLM-Run-23C3F5C0 - c:\users\courth~1\downlo~1\speedu~1.exe
HKLM-Run-eRecoveryService - (no file)

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.trooner.com/
mStart Page = hxxp://www.trooner.com/
uInternet Settings,ProxyOverride = *.local
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\courtheoux\AppData\Roaming\Mozilla\Firefox\Profiles\dx6bwpwe.default\
FF - prefs.js: browser.search.selectedEngine - xeoo.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com" );
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=" );
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox" );
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 15:01
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-3075980186-2255694939-211287601-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B3C0F8B-89AB-AD6B-6012-3E4CA5ADF58E}*]
"paencfjpgmnpmpnnoeeleehhcfkapinp"=hex:6a,61,6f,69,70,6e,6e,62,68,64,6d,6f,67,
6e,70,6c,67,69,6e,6c,00,8b
"abcmmffpcdplgcbkcpaoenfeebhcnekibg"=hex:6a,61,68,69,61,6f,69,6a,64,66,70,6b,
68,6e,6e,63,69,69,66,6e,00,8b
.
Heure de fin: 2009-07-08 15:03
ComboFix-quarantined-files.txt 2009-07-08 13:03

Avant-CF: 24 867 651 584 octets libres
Après-CF: 25 389 617 152 octets libres

299

Répondre à tondlapelouse

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

Note : Si tu ne parviens à télécharger MBAM à part de MajorGeeks, tu peux le télécharger ici!

Aide :

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Le scan " MBAM " est en cours.

Mais je dois en conclure qu'il y a bien un problème sur mon ordinateur ?

Si oui le quel ? ( Parce que j'exécute vos demandes mais je sais même pas il a quoi mon ordinateur )

Répondre à tondlapelouse

Il y a quelques traces d'infections, on fait le ménage. MBAM va nettoyer les restes laissés par Combofix.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Sinon j'ai récupérer mon compte msn & steam, mais la cause était les infections ?

Répondre à tondlapelouse

Ah ça je sais pas

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2393
Windows 6.0.6001 Service Pack 1

08/07/2009 20:08:04
mbam-log-2009-07-08 (20-07-54).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 266069
Temps écoulé: 1 hour(s), 40 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Messenger Monitor Sniffer_is1 (PUP.Logger) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\IMMonitor (PUP.Logger) -> No action taken.
c:\program files\immonitor\MSN Messenger Monitor Sniffer (PUP.Logger) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSN Messenger Monitor Sniffer (PUP.Logger) -> No action taken.

Fichier(s) infecté(s):
c:\program files\immonitor\msn messenger monitor sniffer\MsnMonitor.exe (PUP.Logger) -> No action taken.
c:\program files\immonitor\msn messenger monitor sniffer\Config.ini (PUP.Logger) -> No action taken.
c:\program files\immonitor\msn messenger monitor sniffer\Infomation.txt (PUP.Logger) -> No action taken.
c:\program files\immonitor\msn messenger monitor sniffer\License.txt (PUP.Logger) -> No action taken.
c:\program files\immonitor\msn messenger monitor sniffer\MsnMonitor.exe.manifest (PUP.Logger) -> No action taken.
c:\program files\immonitor\msn messenger monitor sniffer\unins000.dat (PUP.Logger) -> No action taken.
c:\program files\immonitor\msn messenger monitor sniffer\unins000.exe (PUP.Logger) -> No action taken.
c:\program files\immonitor\msn messenger monitor sniffer\Visit Home Page.url (PUP.Logger) -> No action taken.
c:\program files\immonitor\msn messenger monitor sniffer\WinPcap.exe (PUP.Logger) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\msn messenger monitor sniffer\MSN Messenger Monitor Sniffer.lnk (PUP.Logger) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\msn messenger monitor sniffer\Uninstall.lnk (PUP.Logger) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\msn messenger monitor sniffer\Visit Our Web Site.lnk (PUP.Logger) -> No action taken.

C'est grave Doteur ? :s

Répondre à tondlapelouse

J'ai quelques problèmes tels que :

Mon ancien fond d'écrans c'est remis tout seuls.
Firefox n'est plus configurés .

Répondre à tondlapelouse

Désolé de te dire sa mais rien en va : Mon pare Feu, est BitDeffender c'est desactivé tout seul.

Et je ne peut plus jouer en lignes aux jeux tels que : TF2, Counter Strike, Unreal Tournament 3...

Répondre à tondlapelouse

Tu as bien supprimé les infections avec MBAM ? Tu as réactivé firewall et antivirus ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Oui..

Mes jeux c'est réglé, mais ce matin encore mais icônes ont changés de places =s

Répondre à tondlapelouse

Voilà Réglé plus de problèmes

Merci.

Répondre à tondlapelouse

Forum Sécurité - Virus : Virus ?