Votre question

win32 .zlob a l aide svp

Tags :
  • Win32
  • Sécurité
Dernière réponse : dans Sécurité et virus
28 Janvier 2008 17:12:17

salut.j ai un trojan win32.zlob que j voudrais bien eliminer.voici un rapport hijackthis.
Logfile of HijackThis v1.97.7
Scan saved at 11:05:55, on 2008-01-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eye On Network\Eye On Network.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mario Després\Bureau\Nouveau dossier\3 Menage\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Eye On Network] C:\Program Files\Eye On Network\Eye On Network.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: Statistiques d’Anti-Virus Internet (HKLM)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware (HKLM)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode...
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Agatha%20Christie%20-%20Peril%20at%20End%20House/Images/stg_drm.ocx
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/dir...
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32....
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get/flashplayer/curren...
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Agatha%20Christie/Images/armhelper.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.com/activex/HMAtchmt....

Autres pages sur : win32 zlob aide svp

a b 8 Sécurité
28 Janvier 2008 18:05:33

Un bonjour ?
Le rapport est complet ?
28 Janvier 2008 19:10:26

BONJOUR, c est tout ce que j ai dans mon rapport.
j en refais un nouveau si tu veux...
Contenus similaires
a b 8 Sécurité
28 Janvier 2008 19:22:23

Ok.

Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.

**Si le lien ne fonctionne pas, clique ici**
28 Janvier 2008 19:42:44

SmitFraudFix v2.276

Rapport fait à 13:38:12.17, 2008-01-28
Executé à partir de C:\Documents and Settings\Mario Després\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eye On Network\Eye On Network.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mario Després


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mario Després\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MARIOD~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Rhine II Fast Ethernet Adapter
DNS Server Search Order: 67.69.39.200
DNS Server Search Order: 67.69.39.201

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7B9546DF-0DD2-4F87-B941-448E2AFAB302}: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7B9546DF-0DD2-4F87-B941-448E2AFAB302}: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7B9546DF-0DD2-4F87-B941-448E2AFAB302}: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=67.69.39.200 67.69.39.201
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=67.69.39.200 67.69.39.201


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

a b 8 Sécurité
28 Janvier 2008 19:44:41

Rien.

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    28 Janvier 2008 19:55:00

    merde! c quoi ca??? de l ancien araméen ou des hierogliphes?
    ``HOUSTON,ON A UN PROBLEME``
    a b 8 Sécurité
    28 Janvier 2008 20:00:14

    1- tu écris en français
    2- tu fais un effort
    28 Janvier 2008 20:05:24

    desolé mai combofix fais des folies. c est illisible
    28 Janvier 2008 20:15:10

    ComboFix 08-01-28.2 - Mario Després 2008-01-28 14:07:23.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1498 [GMT -5:00]
    ˆÌÐÐλÖÃ: C:\Documents and Settings\Mario Després\Bureau\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    (((((((((((((((((((((((((((((((((((((( ÆäËûÔâ„h³ýµÄ™n°¸ ))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\_syst.dll
    C:\WINDOWS\system32\systDel.dll

    .
    (((((((((((((((((((((((((((( 2007-12-28 - 2008-01-28 Ö®ég½¨Á¢µÄ™n°¸ )))))))))))))))))))))))))))))))))
    .

    2008-01-28 13:37 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-01-28 13:37 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-01-28 13:37 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-01-28 13:37 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-01-28 13:37 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-01-28 13:37 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-01-25 14:52 . 2008-01-25 14:52 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
    2008-01-25 08:57 . 2008-01-26 19:41 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\CaribbeanHideaway
    2008-01-22 18:55 . 2008-01-22 18:55 <REP> d-------- C:\VundoFix Backups
    2008-01-13 20:58 . 2008-01-13 20:59 <REP> d-------- C:\Program Files\Blood Ties
    2008-01-13 19:00 . 2008-01-13 19:00 <REP> d-------- C:\WINDOWS\Hidden Secrets - The Nightmare
    2008-01-13 19:00 . 2008-01-20 18:28 <REP> d-------- C:\Program Files\Hidden Secrets - The Nightmare
    2008-01-13 18:57 . 2008-01-13 18:57 <REP> d-------- C:\Documents and Settings\Mario Després\Application Data\BloodTies
    2008-01-13 08:02 . 2008-01-13 21:11 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\BloodTies
    2008-01-06 14:14 . 2008-01-06 14:18 <REP> d-------- C:\Program Files\Seeds of Sorcery
    2008-01-04 13:14 . 2008-01-04 15:00 <REP> d-------- C:\Program Files\Ashley Jones
    2008-01-02 16:24 . 2008-01-25 14:52 <REP> d-------- C:\Program Files\Incredijeux
    2008-01-01 17:12 . 2008-01-01 17:12 <REP> d-------- C:\Documents and Settings\Mario Després\Application Data\iWinArcade
    2007-12-29 17:38 . 2007-12-29 17:38 244 --ah----- C:\sqmnoopt02.sqm
    2007-12-29 17:38 . 2007-12-29 17:38 232 --ah----- C:\sqmdata02.sqm

    .
    (((((((((((((((((((((((((((((((((((( ½üÈý‚€Ôƒȸü„ӵęn°¸ )))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-28 19:09 29,761,568 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-01-28 19:09 1,261,856 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-01-28 18:46 --------- d-----w C:\Program Files\Eye On Network
    2008-01-28 15:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-01-27 00:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-27 00:17 --------- d-----w C:\Program Files\Zylom Games
    2008-01-25 19:56 --------- d-----w C:\Documents and Settings\marie josée\Application Data\Zylom
    2008-01-25 12:01 --------- d-----w C:\Program Files\GameHouse
    2008-01-25 12:01 --------- d-----w C:\Documents and Settings\marie josée\Application Data\GameHouse
    2008-01-24 22:35 --------- d-----w C:\Documents and Settings\Mario Després\Application Data\uTorrent
    2008-01-24 00:19 --------- d-----w C:\Program Files\Hidden Expedition - Everest
    2008-01-23 15:46 371,552 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-01-23 15:46 108,608 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-01-23 13:31 --------- d-----w C:\Program Files\Chainz
    2008-01-23 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-22 22:43 --------- d-----w C:\Program Files\XoftSpySE
    2008-01-22 17:42 --------- d-----w C:\Documents and Settings\Mario Després\Application Data\LimeWire
    2008-01-19 00:31 --------- d-----w C:\Program Files\iWin.com
    2008-01-13 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
    2008-01-02 20:58 --------- d-----w C:\Program Files\Alawar
    2008-01-02 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AlawarGameBox
    2008-01-02 19:30 --------- d-----w C:\Program Files\GameFiesta
    2008-01-01 14:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-30 13:21 --------- d-----w C:\Program Files\PlayFirst
    2007-12-28 17:36 --------- d-----w C:\Program Files\RealArcade
    2007-12-27 23:21 --------- d-----w C:\Program Files\Mystery Case Files Prime Suspects
    2007-12-21 01:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
    2007-12-20 19:39 91,492 ----a-w C:\WINDOWS\system32\drivers\klin.dat
    2007-12-19 21:37 --------- d-----w C:\Documents and Settings\marie josée\Application Data\iWin
    2007-12-19 16:25 --------- d-----w C:\Documents and Settings\marie josée\Application Data\PlayFirst
    2007-12-19 14:28 --------- d-----w C:\Program Files\Oberon Media
    2007-12-19 01:51 --------- d-----w C:\Program Files\GamesBar
    2007-12-18 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterAction studios
    2007-12-16 22:39 --------- d-----w C:\Program Files\Hidden Relics
    2007-12-16 22:38 --------- d-----w C:\Program Files\Hidden Expedition Titanic
    2007-12-16 22:38 --------- d-----w C:\Program Files\Hawaiian Explorer Pearl Harbor
    2007-12-15 20:05 23,908 ----a-w C:\WINDOWS\system32\wcb.dll
    2007-12-15 20:05 23,668 ----a-w C:\WINDOWS\system32\wca.dll
    2007-12-15 20:05 --------- d-----w C:\Program Files\directx
    2007-12-15 20:02 --------- d-----w C:\Program Files\ElkMultiMedia
    2007-12-15 00:39 --------- d-----w C:\Program Files\Fichiers communs\Real
    2007-12-14 11:44 --------- d-----w C:\Documents and Settings\marie josée\Application Data\Big Fish Games
    2007-12-12 22:49 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
    2007-12-09 12:36 --------- d-----w C:\Documents and Settings\marie josée\Application Data\iWinArcade
    2007-12-09 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\iWin Games
    2007-12-07 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grey Alien Games
    2007-12-05 12:06 --------- d-----w C:\Program Files\Diego`s Safari Adventure
    2007-12-04 19:49 --------- d-----w C:\Program Files\The Adventure Company
    2007-12-02 17:07 --------- d-----w C:\Program Files\iWin Games
    2007-11-30 01:22 --------- d-----w C:\Program Files\Christmasville
    2007-11-29 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Christmasville
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-30 12:10 115,712 ----a-w C:\Program Files\VundoFix.exe
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 15:29 7,467,056 ----a-w C:\Program Files\spybotsd15.exe
    2007-09-18 15:57 36,256 ----a-w C:\WINDOWS\Prefetch\NJXYZD.EXE-3294DD7E.pf.bd.ren
    2007-01-09 02:14 4,049,311 ----a-w C:\Program Files\liveupdate.exe
    2006-12-05 02:07 497 ----a-w C:\Program Files\Raccourci vers lumieres.lnk
    2006-12-05 02:00 57,513 ----a-w C:\Program Files\snow.zip
    2006-12-05 01:58 9,440 ----a-w C:\Program Files\lumieres.zip
    2006-11-29 02:35 817 -c--a-w C:\Program Files\recoil.err
    2006-08-28 23:39 983,745 ----a-w C:\Program Files\PowerpointImageExtractor.zip
    2006-03-07 03:07 31,944 ----a-w C:\Program Files\Uninst.isu
    2006-02-03 16:53 243,512 ----a-w C:\Program Files\jre-1_5_0_06-windows-i586-p-iftw.exe
    2005-10-29 02:45 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2004-03-11 17:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    1999-10-06 21:40 1,765,376 ------w C:\Documents and Settings\Mario Després\SETUPENU.DLL
    1999-10-06 21:40 1,765,376 ------w C:\Documents and Settings\Mario Després\SETUPENU.DLL
    1999-01-12 21:19 75,776 ----a-w C:\Program Files\messages.dll
    1998-11-06 19:50 57,344 ----a-w C:\Program Files\Uninst.dll
    1998-11-04 16:41 201,216 ----a-w C:\Program Files\a3dapi.dll
    1997-10-09 20:54 30,720 ----a-w C:\Program Files\regsvr32.exe
    .

    (((((((((((((((((((((((((((((((((((((((((( ÖØÒªµÇä›™n )))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *×¢Òâ* ¿Õ°×»òºÏ·¨µÄµÇä›ÖµŒ¢²»•þï@ʾ.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PowerBar"="" []
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
    "Eye On Network"="C:\Program Files\Eye On Network\Eye On Network.exe" [2003-09-13 12:47 1553920]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 22:02 200768]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-25 09:47 77824]
    "nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AAW"="C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" [2004-09-17 01:45 838656]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360]
    "msnmsgr"="~C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]

    C:\Documents and Settings\Mario Després\Menu Démarrer\Programmes\Démarrage\
    iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2007-12-09 07:35:43 58368]

    C:\Documents and Settings\marie josée\Menu Démarrer\Programmes\Démarrage\
    iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2007-12-09 07:35:43 58368]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="LogonUI.EXE"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlackICE PC Protection.lnk]
    backup=C:\WINDOWS\pss\BlackICE PC Protection.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
    backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
    backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
    backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Mario Després^Menu Démarrer^Programmes^Démarrage^Enregistrement d'un produit Joint Operations Typhoon Rising.lnk]
    backup=C:\WINDOWS\pss\Enregistrement d'un produit Joint Operations Typhoon Rising.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
    --a------ 2004-12-14 15:50 983040 C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-05 07:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    --a------ 2005-01-18 16:07 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    --a------ 2005-01-18 16:47 458752 C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    --a------ 2005-01-18 16:37 217088 C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    --a------ 2004-10-08 10:52 221184 C:\WINDOWS\system32\LVCOMSX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGateway]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2007-06-28 23:43 8466432 C:\WINDOWS\system32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2007-06-28 23:43 81920 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2005-12-25 09:47 77824 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2003-12-08 16:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
    --a------ 2004-04-23 13:28 77824 C:\Program Files\Logitech\Profiler\lwemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]

    R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys [2007-06-25 13:45]
    R0 vIdeBus;vIdeBus;C:\WINDOWS\system32\DRIVERS\vIdeBus.sys [2007-06-25 14:12]
    R0 vIdePort;VIA IDE Controller PORT Driver;C:\WINDOWS\system32\DRIVERS\vIdePort.sys [2007-06-25 14:12]
    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-06-25 13:45]
    R3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\Core Center\NTGLM7X.sys [2004-11-16 08:27]
    R3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [2004-11-16 10:54]
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 18:56]
    S0 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys []
    S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
    S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []
    S3 atidgllk;atidgllk;C:\Program Files\ASUS\SmartDoctor\atidgllk.sys [2004-06-16 13:34]
    S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
    S3 Fadpu16E;Fadpu16E;C:\WINDOWS\TEMP\Fadpu16E.sys []
    S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-02-25 18:26]
    S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-02-25 18:26]
    S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 22:58]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []

    .
    Åų̹¤×÷ÙYÁÏŠAµÄƒÈÈÝ
    "2006-03-09 03:40:26 C:\WINDOWS\Tasks\XoftSpy.job"
    - C:\Program Files\XoftSpy\XoftSpy.exe
    "2008-01-28 15:46:06 C:\WINDOWS\Tasks\XoftSpySE 2.job"
    - C:\Program Files\XoftSpySE\XoftSpy.exe
    "2008-01-22 08:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
    - C:\Program Files\XoftSpySE\XoftSpy.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-28 14:09:24
    Windows 5.1.2600 Service Pack 2 NTFS

    ’ßÃèë[²ØµÄ³ÌÐò ...

    ’ßÃèë[²ØµÄßM³Ì ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    PowerBar = ????????????l?@?l?@?D?????9~??????????????9~l?@?l?@????? ???????????W?<~??9~??????9~K?9~x???????[?9~???????? ??????????????|x???0???????????? jt??9~??????????????????,?????????????l?@?l?@?????Q?:~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

    ’ßÃèë[²ØµÄ™n°¸ ...

    ’ßÃèÍê³É
    ë[²Ø™n°¸: 0

    **************************************************************************
    .
    Íê³É•rég: 2008-01-28 14:10:19
    ComboFix-quarantined-files.txt 2008-01-28 19:10:05
    .
    2008-01-09 11:59:53 --- E O F ---


    et voila! j espere que c ok car j ai rien pu lire. si tu voyais ca...
    a b 8 Sécurité
    28 Janvier 2008 20:25:24

    Tu as bien désactivé Spybot ?
    a b 8 Sécurité
    28 Janvier 2008 21:09:49

    PAS DE SMS !
    Refais un scan Combofix.
    28 Janvier 2008 22:16:41

    ComboFix 08-01-28.2 - Mario Després 2008-01-28 16:08:11.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1499 [GMT -5:00]
    ˆÌÐÐλÖÃ: C:\Documents and Settings\Mario Després\Bureau\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    (((((((((((((((((((((((((((( 2007-12-28 - 2008-01-28 Ö®ég½¨Á¢µÄ™n°¸ )))))))))))))))))))))))))))))))))
    .

    2008-01-28 13:37 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-01-28 13:37 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-01-28 13:37 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-01-28 13:37 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-01-28 13:37 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-01-28 13:37 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-01-25 14:52 . 2008-01-25 14:52 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
    2008-01-25 08:57 . 2008-01-26 19:41 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\CaribbeanHideaway
    2008-01-22 18:55 . 2008-01-22 18:55 <REP> d-------- C:\VundoFix Backups
    2008-01-13 20:58 . 2008-01-13 20:59 <REP> d-------- C:\Program Files\Blood Ties
    2008-01-13 19:00 . 2008-01-13 19:00 <REP> d-------- C:\WINDOWS\Hidden Secrets - The Nightmare
    2008-01-13 19:00 . 2008-01-20 18:28 <REP> d-------- C:\Program Files\Hidden Secrets - The Nightmare
    2008-01-13 18:57 . 2008-01-13 18:57 <REP> d-------- C:\Documents and Settings\Mario Després\Application Data\BloodTies
    2008-01-13 08:02 . 2008-01-13 21:11 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\BloodTies
    2008-01-06 14:14 . 2008-01-06 14:18 <REP> d-------- C:\Program Files\Seeds of Sorcery
    2008-01-04 13:14 . 2008-01-04 15:00 <REP> d-------- C:\Program Files\Ashley Jones
    2008-01-02 16:24 . 2008-01-25 14:52 <REP> d-------- C:\Program Files\Incredijeux
    2008-01-01 17:12 . 2008-01-01 17:12 <REP> d-------- C:\Documents and Settings\Mario Després\Application Data\iWinArcade
    2007-12-29 17:38 . 2007-12-29 17:38 244 --ah----- C:\sqmnoopt02.sqm
    2007-12-29 17:38 . 2007-12-29 17:38 232 --ah----- C:\sqmdata02.sqm

    .
    (((((((((((((((((((((((((((((((((((( ½üÈý‚€Ôƒȸü„ӵęn°¸ )))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-28 21:10 1,264,160 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-01-28 21:09 29,849,376 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-01-28 21:05 --------- d-----w C:\Program Files\Eye On Network
    2008-01-28 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-01-27 00:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-27 00:17 --------- d-----w C:\Program Files\Zylom Games
    2008-01-25 19:56 --------- d-----w C:\Documents and Settings\marie josée\Application Data\Zylom
    2008-01-25 12:01 --------- d-----w C:\Program Files\GameHouse
    2008-01-25 12:01 --------- d-----w C:\Documents and Settings\marie josée\Application Data\GameHouse
    2008-01-24 22:35 --------- d-----w C:\Documents and Settings\Mario Després\Application Data\uTorrent
    2008-01-24 00:19 --------- d-----w C:\Program Files\Hidden Expedition - Everest
    2008-01-23 15:46 371,552 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-01-23 15:46 108,608 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-01-23 13:31 --------- d-----w C:\Program Files\Chainz
    2008-01-23 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-22 22:43 --------- d-----w C:\Program Files\XoftSpySE
    2008-01-22 17:42 --------- d-----w C:\Documents and Settings\Mario Després\Application Data\LimeWire
    2008-01-19 00:31 --------- d-----w C:\Program Files\iWin.com
    2008-01-13 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
    2008-01-02 20:58 --------- d-----w C:\Program Files\Alawar
    2008-01-02 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AlawarGameBox
    2008-01-02 19:30 --------- d-----w C:\Program Files\GameFiesta
    2008-01-01 14:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-30 13:21 --------- d-----w C:\Program Files\PlayFirst
    2007-12-28 17:36 --------- d-----w C:\Program Files\RealArcade
    2007-12-27 23:21 --------- d-----w C:\Program Files\Mystery Case Files Prime Suspects
    2007-12-21 01:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
    2007-12-20 19:39 91,492 ----a-w C:\WINDOWS\system32\drivers\klin.dat
    2007-12-19 21:37 --------- d-----w C:\Documents and Settings\marie josée\Application Data\iWin
    2007-12-19 16:25 --------- d-----w C:\Documents and Settings\marie josée\Application Data\PlayFirst
    2007-12-19 14:28 --------- d-----w C:\Program Files\Oberon Media
    2007-12-19 01:51 --------- d-----w C:\Program Files\GamesBar
    2007-12-18 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterAction studios
    2007-12-16 22:39 --------- d-----w C:\Program Files\Hidden Relics
    2007-12-16 22:38 --------- d-----w C:\Program Files\Hidden Expedition Titanic
    2007-12-16 22:38 --------- d-----w C:\Program Files\Hawaiian Explorer Pearl Harbor
    2007-12-15 20:05 23,908 ----a-w C:\WINDOWS\system32\wcb.dll
    2007-12-15 20:05 23,668 ----a-w C:\WINDOWS\system32\wca.dll
    2007-12-15 20:05 --------- d-----w C:\Program Files\directx
    2007-12-15 20:02 --------- d-----w C:\Program Files\ElkMultiMedia
    2007-12-15 00:39 --------- d-----w C:\Program Files\Fichiers communs\Real
    2007-12-14 11:44 --------- d-----w C:\Documents and Settings\marie josée\Application Data\Big Fish Games
    2007-12-12 22:49 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
    2007-12-09 12:36 --------- d-----w C:\Documents and Settings\marie josée\Application Data\iWinArcade
    2007-12-09 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\iWin Games
    2007-12-07 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grey Alien Games
    2007-12-05 12:06 --------- d-----w C:\Program Files\Diego`s Safari Adventure
    2007-12-04 19:49 --------- d-----w C:\Program Files\The Adventure Company
    2007-12-02 17:07 --------- d-----w C:\Program Files\iWin Games
    2007-11-30 01:22 --------- d-----w C:\Program Files\Christmasville
    2007-11-29 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Christmasville
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-30 12:10 115,712 ----a-w C:\Program Files\VundoFix.exe
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 15:29 7,467,056 ----a-w C:\Program Files\spybotsd15.exe
    2007-09-18 15:57 36,256 ----a-w C:\WINDOWS\Prefetch\NJXYZD.EXE-3294DD7E.pf.bd.ren
    2007-01-09 02:14 4,049,311 ----a-w C:\Program Files\liveupdate.exe
    2006-12-05 02:07 497 ----a-w C:\Program Files\Raccourci vers lumieres.lnk
    2006-12-05 02:00 57,513 ----a-w C:\Program Files\snow.zip
    2006-12-05 01:58 9,440 ----a-w C:\Program Files\lumieres.zip
    2006-11-29 02:35 817 -c--a-w C:\Program Files\recoil.err
    2006-08-28 23:39 983,745 ----a-w C:\Program Files\PowerpointImageExtractor.zip
    2006-03-07 03:07 31,944 ----a-w C:\Program Files\Uninst.isu
    2006-02-03 16:53 243,512 ----a-w C:\Program Files\jre-1_5_0_06-windows-i586-p-iftw.exe
    2005-10-29 02:45 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2004-03-11 17:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    1999-10-06 21:40 1,765,376 ------w C:\Documents and Settings\Mario Després\SETUPENU.DLL
    1999-10-06 21:40 1,765,376 ------w C:\Documents and Settings\Mario Després\SETUPENU.DLL
    1999-01-12 21:19 75,776 ----a-w C:\Program Files\messages.dll
    1998-11-06 19:50 57,344 ----a-w C:\Program Files\Uninst.dll
    1998-11-04 16:41 201,216 ----a-w C:\Program Files\a3dapi.dll
    1997-10-09 20:54 30,720 ----a-w C:\Program Files\regsvr32.exe
    .

    (((((((((((((((((((((((((((((((((((((((((( ÖØÒªµÇä›™n )))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *×¢Òâ* ¿Õ°×»òºÏ·¨µÄµÇä›ÖµŒ¢²»•þï@ʾ.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PowerBar"="" []
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
    "Eye On Network"="C:\Program Files\Eye On Network\Eye On Network.exe" [2003-09-13 12:47 1553920]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 22:02 200768]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-25 09:47 77824]
    "nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AAW"="C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" [2004-09-17 01:45 838656]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360]
    "msnmsgr"="~C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]

    C:\Documents and Settings\Mario Després\Menu Démarrer\Programmes\Démarrage\
    iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2007-12-09 07:35:43 58368]

    C:\Documents and Settings\marie josée\Menu Démarrer\Programmes\Démarrage\
    iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2007-12-09 07:35:43 58368]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="LogonUI.EXE"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlackICE PC Protection.lnk]
    backup=C:\WINDOWS\pss\BlackICE PC Protection.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
    backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
    backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
    backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Mario Després^Menu Démarrer^Programmes^Démarrage^Enregistrement d'un produit Joint Operations Typhoon Rising.lnk]
    backup=C:\WINDOWS\pss\Enregistrement d'un produit Joint Operations Typhoon Rising.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
    --a------ 2004-12-14 15:50 983040 C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-05 07:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    --a------ 2005-01-18 16:07 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    --a------ 2005-01-18 16:47 458752 C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    --a------ 2005-01-18 16:37 217088 C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    --a------ 2004-10-08 10:52 221184 C:\WINDOWS\system32\LVCOMSX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGateway]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2007-06-28 23:43 8466432 C:\WINDOWS\system32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2007-06-28 23:43 81920 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2005-12-25 09:47 77824 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2003-12-08 16:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
    --a------ 2004-04-23 13:28 77824 C:\Program Files\Logitech\Profiler\lwemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]

    R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys [2007-06-25 13:45]
    R0 vIdeBus;vIdeBus;C:\WINDOWS\system32\DRIVERS\vIdeBus.sys [2007-06-25 14:12]
    R0 vIdePort;VIA IDE Controller PORT Driver;C:\WINDOWS\system32\DRIVERS\vIdePort.sys [2007-06-25 14:12]
    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-06-25 13:45]
    R3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\Core Center\NTGLM7X.sys [2004-11-16 08:27]
    R3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [2004-11-16 10:54]
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 18:56]
    S0 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys []
    S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
    S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []
    S3 atidgllk;atidgllk;C:\Program Files\ASUS\SmartDoctor\atidgllk.sys [2004-06-16 13:34]
    S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
    S3 Fadpu16E;Fadpu16E;C:\WINDOWS\TEMP\Fadpu16E.sys []
    S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-02-25 18:26]
    S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-02-25 18:26]
    S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 22:58]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []

    .
    Åų̹¤×÷ÙYÁÏŠAµÄƒÈÈÝ
    "2006-03-09 03:40:26 C:\WINDOWS\Tasks\XoftSpy.job"
    - C:\Program Files\XoftSpy\XoftSpy.exe
    "2008-01-28 21:05:19 C:\WINDOWS\Tasks\XoftSpySE 2.job"
    - C:\Program Files\XoftSpySE\XoftSpy.exe
    "2008-01-22 08:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
    - C:\Program Files\XoftSpySE\XoftSpy.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-28 16:10:12
    Windows 5.1.2600 Service Pack 2 NTFS

    ’ßÃèë[²ØµÄ³ÌÐò ...

    ’ßÃèë[²ØµÄßM³Ì ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    PowerBar = ????????????l?@?l?@?D?????9~??????????????9~l?@?l?@????? ???????????W?<~??9~??????9~K?9~x???????[?9~???????? ??????????????|x???0???????????? jt??9~??????????????????,?????????????l?@?l?@?????Q?:~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

    ’ßÃèë[²ØµÄ™n°¸ ...

    ’ßÃèÍê³É
    ë[²Ø™n°¸: 0

    **************************************************************************
    .
    Íê³É•rég: 2008-01-28 16:11:06
    ComboFix-quarantined-files.txt 2008-01-28 21:10:51
    ComboFix2.txt 2008-01-28 19:10:20
    .
    2008-01-09 11:59:53 --- E O F ---


    revoila le rapport. excuse le sms. on est pointilleux maintenant? j ai vu pire sur d autres post mais ok,je me plie a la regle :) 

    29 Janvier 2008 01:26:53

    j ai un nouveau log combofix pour toi.
    ComboFix 08-01-29.2 - Mario Després 2008-01-28 19:18:20.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1471 [GMT -5:00]
    Endroit: C:\Documents and Settings\Mario Després\Local Settings\Temporary Internet Files\Content.IE5\3W575CYI\ComboFix[1].exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-28 13:37 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-01-28 13:37 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-01-28 13:37 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-01-28 13:37 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-01-28 13:37 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-01-28 13:37 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-01-25 14:52 . 2008-01-25 14:52 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
    2008-01-25 08:57 . 2008-01-26 19:41 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\CaribbeanHideaway
    2008-01-22 18:55 . 2008-01-22 18:55 <REP> d-------- C:\VundoFix Backups
    2008-01-13 20:58 . 2008-01-13 20:59 <REP> d-------- C:\Program Files\Blood Ties
    2008-01-13 19:00 . 2008-01-13 19:00 <REP> d-------- C:\WINDOWS\Hidden Secrets - The Nightmare
    2008-01-13 19:00 . 2008-01-20 18:28 <REP> d-------- C:\Program Files\Hidden Secrets - The Nightmare
    2008-01-13 18:57 . 2008-01-13 18:57 <REP> d-------- C:\Documents and Settings\Mario Després\Application Data\BloodTies
    2008-01-13 08:02 . 2008-01-13 21:11 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\BloodTies
    2008-01-06 14:14 . 2008-01-06 14:18 <REP> d-------- C:\Program Files\Seeds of Sorcery
    2008-01-04 13:14 . 2008-01-04 15:00 <REP> d-------- C:\Program Files\Ashley Jones
    2008-01-02 16:24 . 2008-01-25 14:52 <REP> d-------- C:\Program Files\Incredijeux
    2008-01-01 17:12 . 2008-01-01 17:12 <REP> d-------- C:\Documents and Settings\Mario Després\Application Data\iWinArcade
    2007-12-29 17:38 . 2007-12-29 17:38 244 --ah----- C:\sqmnoopt02.sqm
    2007-12-29 17:38 . 2007-12-29 17:38 232 --ah----- C:\sqmdata02.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-29 00:20 29,965,856 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-01-29 00:20 1,267,232 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-01-28 23:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-01-28 23:20 --------- d-----w C:\Program Files\Eye On Network
    2008-01-27 00:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-27 00:17 --------- d-----w C:\Program Files\Zylom Games
    2008-01-25 19:56 --------- d-----w C:\Documents and Settings\marie josée\Application Data\Zylom
    2008-01-25 12:01 --------- d-----w C:\Program Files\GameHouse
    2008-01-25 12:01 --------- d-----w C:\Documents and Settings\marie josée\Application Data\GameHouse
    2008-01-24 22:35 --------- d-----w C:\Documents and Settings\Mario Després\Application Data\uTorrent
    2008-01-24 00:19 --------- d-----w C:\Program Files\Hidden Expedition - Everest
    2008-01-23 15:46 371,552 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-01-23 15:46 108,608 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-01-23 13:31 --------- d-----w C:\Program Files\Chainz
    2008-01-23 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-22 22:43 --------- d-----w C:\Program Files\XoftSpySE
    2008-01-22 17:42 --------- d-----w C:\Documents and Settings\Mario Després\Application Data\LimeWire
    2008-01-19 00:31 --------- d-----w C:\Program Files\iWin.com
    2008-01-13 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
    2008-01-02 20:58 --------- d-----w C:\Program Files\Alawar
    2008-01-02 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AlawarGameBox
    2008-01-02 19:30 --------- d-----w C:\Program Files\GameFiesta
    2008-01-01 14:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-30 13:21 --------- d-----w C:\Program Files\PlayFirst
    2007-12-28 17:36 --------- d-----w C:\Program Files\RealArcade
    2007-12-27 23:21 --------- d-----w C:\Program Files\Mystery Case Files Prime Suspects
    2007-12-21 01:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
    2007-12-20 19:39 91,492 ----a-w C:\WINDOWS\system32\drivers\klin.dat
    2007-12-19 21:37 --------- d-----w C:\Documents and Settings\marie josée\Application Data\iWin
    2007-12-19 16:25 --------- d-----w C:\Documents and Settings\marie josée\Application Data\PlayFirst
    2007-12-19 14:28 --------- d-----w C:\Program Files\Oberon Media
    2007-12-19 01:51 --------- d-----w C:\Program Files\GamesBar
    2007-12-18 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterAction studios
    2007-12-16 22:39 --------- d-----w C:\Program Files\Hidden Relics
    2007-12-16 22:38 --------- d-----w C:\Program Files\Hidden Expedition Titanic
    2007-12-16 22:38 --------- d-----w C:\Program Files\Hawaiian Explorer Pearl Harbor
    2007-12-15 20:05 23,908 ----a-w C:\WINDOWS\system32\wcb.dll
    2007-12-15 20:05 23,668 ----a-w C:\WINDOWS\system32\wca.dll
    2007-12-15 20:05 --------- d-----w C:\Program Files\directx
    2007-12-15 20:02 --------- d-----w C:\Program Files\ElkMultiMedia
    2007-12-15 00:39 --------- d-----w C:\Program Files\Fichiers communs\Real
    2007-12-14 11:44 --------- d-----w C:\Documents and Settings\marie josée\Application Data\Big Fish Games
    2007-12-12 22:49 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
    2007-12-09 12:36 --------- d-----w C:\Documents and Settings\marie josée\Application Data\iWinArcade
    2007-12-09 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\iWin Games
    2007-12-07 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grey Alien Games
    2007-12-05 12:06 --------- d-----w C:\Program Files\Diego`s Safari Adventure
    2007-12-04 19:49 --------- d-----w C:\Program Files\The Adventure Company
    2007-12-02 17:07 --------- d-----w C:\Program Files\iWin Games
    2007-11-30 01:22 --------- d-----w C:\Program Files\Christmasville
    2007-11-29 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Christmasville
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-30 12:10 115,712 ----a-w C:\Program Files\VundoFix.exe
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 15:29 7,467,056 ----a-w C:\Program Files\spybotsd15.exe
    2007-09-18 15:57 36,256 ----a-w C:\WINDOWS\Prefetch\NJXYZD.EXE-3294DD7E.pf.bd.ren
    2007-01-09 02:14 4,049,311 ----a-w C:\Program Files\liveupdate.exe
    2006-12-05 02:07 497 ----a-w C:\Program Files\Raccourci vers lumieres.lnk
    2006-12-05 02:00 57,513 ----a-w C:\Program Files\snow.zip
    2006-12-05 01:58 9,440 ----a-w C:\Program Files\lumieres.zip
    2006-11-29 02:35 817 -c--a-w C:\Program Files\recoil.err
    2006-08-28 23:39 983,745 ----a-w C:\Program Files\PowerpointImageExtractor.zip
    2006-03-07 03:07 31,944 ----a-w C:\Program Files\Uninst.isu
    2006-02-03 16:53 243,512 ----a-w C:\Program Files\jre-1_5_0_06-windows-i586-p-iftw.exe
    2005-10-29 02:45 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2004-03-11 17:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    1999-10-06 21:40 1,765,376 ------w C:\Documents and Settings\Mario Després\SETUPENU.DLL
    1999-10-06 21:40 1,765,376 ------w C:\Documents and Settings\Mario Després\SETUPENU.DLL
    1999-01-12 21:19 75,776 ----a-w C:\Program Files\messages.dll
    1998-11-06 19:50 57,344 ----a-w C:\Program Files\Uninst.dll
    1998-11-04 16:41 201,216 ----a-w C:\Program Files\a3dapi.dll
    1997-10-09 20:54 30,720 ----a-w C:\Program Files\regsvr32.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PowerBar"="" []
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
    "Eye On Network"="C:\Program Files\Eye On Network\Eye On Network.exe" [2003-09-13 12:47 1553920]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 22:02 200768]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-25 09:47 77824]
    "nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AAW"="C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" [2004-09-17 01:45 838656]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360]
    "msnmsgr"="~C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]

    C:\Documents and Settings\Mario Després\Menu Démarrer\Programmes\Démarrage\
    iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2007-12-09 07:35:43 58368]

    C:\Documents and Settings\marie josée\Menu Démarrer\Programmes\Démarrage\
    iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2007-12-09 07:35:43 58368]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="LogonUI.EXE"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlackICE PC Protection.lnk]
    backup=C:\WINDOWS\pss\BlackICE PC Protection.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
    backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
    backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
    backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Mario Després^Menu Démarrer^Programmes^Démarrage^Enregistrement d'un produit Joint Operations Typhoon Rising.lnk]
    backup=C:\WINDOWS\pss\Enregistrement d'un produit Joint Operations Typhoon Rising.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
    --a------ 2004-12-14 15:50 983040 C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-05 07:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    --a------ 2005-01-18 16:07 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    --a------ 2005-01-18 16:47 458752 C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    --a------ 2005-01-18 16:37 217088 C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    --a------ 2004-10-08 10:52 221184 C:\WINDOWS\system32\LVCOMSX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGateway]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2007-06-28 23:43 8466432 C:\WINDOWS\system32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2007-06-28 23:43 81920 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2005-12-25 09:47 77824 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2003-12-08 16:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
    --a------ 2004-04-23 13:28 77824 C:\Program Files\Logitech\Profiler\lwemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]

    R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys [2007-06-25 13:45]
    R0 vIdeBus;vIdeBus;C:\WINDOWS\system32\DRIVERS\vIdeBus.sys [2007-06-25 14:12]
    R0 vIdePort;VIA IDE Controller PORT Driver;C:\WINDOWS\system32\DRIVERS\vIdePort.sys [2007-06-25 14:12]
    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-06-25 13:45]
    R3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\Core Center\NTGLM7X.sys [2004-11-16 08:27]
    R3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [2004-11-16 10:54]
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 18:56]
    S0 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys []
    S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
    S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []
    S3 atidgllk;atidgllk;C:\Program Files\ASUS\SmartDoctor\atidgllk.sys [2004-06-16 13:34]
    S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
    S3 Fadpu16E;Fadpu16E;C:\WINDOWS\TEMP\Fadpu16E.sys []
    S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-02-25 18:26]
    S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-02-25 18:26]
    S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 22:58]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2006-03-09 03:40:26 C:\WINDOWS\Tasks\XoftSpy.job"
    - C:\Program Files\XoftSpy\XoftSpy.exe
    "2008-01-28 23:21:14 C:\WINDOWS\Tasks\XoftSpySE 2.job"
    - C:\Program Files\XoftSpySE\XoftSpy.exe
    "2008-01-22 08:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
    - C:\Program Files\XoftSpySE\XoftSpy.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-28 19:21:00
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    PowerBar = ????????????l?@?l?@?D?????9~??????????????9~l?@?l?@????? ???????????W?<~??9~??????9~K?9~x???????[?9~???????? ??????????????|x???0???????????? jt??9~??????????????????,?????????????l?@?l?@?????Q?:~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-01-28 19:22:00
    ComboFix-quarantined-files.txt 2008-01-29 00:21:45
    ComboFix2.txt 2008-01-28 21:11:12
    ComboFix3.txt 2008-01-28 19:10:20
    .
    2008-01-09 11:59:53 --- E O F ---
    a b 8 Sécurité
    29 Janvier 2008 12:14:36

    Re,

    Télécharge BTFix ([#ff0000]Bibi26[/#f]).
    Dézippe l'archive sur ton Bureau.
  • Ouvre le dossier BTFix.
  • Double clique sur BTFix.exe.
  • Clique sur Rechercher.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
    29 Janvier 2008 13:06:24

    BTFix 1.072 (par bibi26) - 29/01/2008 07:02:25 - Analyse
    Lancé depuis C:\Documents and Settings\Mario Després\Bureau\BTFix\BTFix\BTFix.exe

    ---> Fichiers/Dossiers trouvés

    - C:\Program Files\GamesBar\

    ---> Analyse terminée



    il y a tout le scan...???!?!?
    a b 8 Sécurité
    29 Janvier 2008 17:52:59

    Re,

  • Ouvre à nouveau BTFix.
  • Clique sur Nettoyer.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
    29 Janvier 2008 22:40:25

    BTFix 1.072 (par bibi26) - 29/01/2008 16:35:33 - Nettoyage - Mode normal
    Lancé depuis C:\Documents and Settings\Mario Després\Bureau\BTFix\BTFix\BTFix.exe

    ---> Fichiers/dossiers supprimés (Première passe)

    - Fichiers temporaires effacés
    - C:\Program Files\GamesBar\

    ---> Nettoyage terminé



    ET VOILA:) 
    a b 8 Sécurité
    30 Janvier 2008 13:28:07

    Reposte un rapport Hijackthis.
    31 Janvier 2008 01:19:44

    Logfile of HijackThis v1.97.7
    Scan saved at 19:17, on 2008-01-30
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Eye On Network\Eye On Network.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSI\Core Center\CoreCenter.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Mario Després\Bureau\Nouveau dossier\3 Menage\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: (no name) - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Eye On Network] C:\Program Files\Eye On Network\Eye On Network.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
    O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
    O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
    O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
    O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
    O9 - Extra 'Tools' menuitem: Console Java (Sun) (HKLM)
    O9 - Extra button: Statistiques d’Anti-Virus Internet (HKLM)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware (HKLM)
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration (HKLM)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode...
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Agatha%20Christie%20-%20Peril%20at%20End%20House/Images/stg_drm.ocx
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/dir...
    O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpl...
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
    O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32....
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-win...
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get/flashplayer/curren...
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Agatha%20Christie/Images/armhelper.ocx
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.com/activex/HMAtchmt....

    c est encore loin grand schtroumpf? scuse mon esprit ludique...
    a b 8 Sécurité
    31 Janvier 2008 18:17:48

    C'est mieux ?
    31 Janvier 2008 20:46:54

    je fais un scan pour voir si kaspersky le detecte et un adaware aussi.ici il est 14h45,donc j te post ca cette nuit pour toi.mais me semble qu il n y a pas de changement...a+
    a b 8 Sécurité
    31 Janvier 2008 21:23:16

    L'emplacement des infections ?
    31 Janvier 2008 21:46:28


    Ad-Aware SE Build 1.05
    Logfile Created on:2008-01-31 15:17:18
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R214 22.01.2008
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    MRU List(TAC index:0):9 total references
    Tracking Cookie(TAC index:3):5 total references
    Win32.Trojan.KillProc(TAC index:10):2 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects


    2008-01-31 15:17:18 - Scan started. (Full System Scan)

    MRU List Object Recognized!
    Location: : S-1-5-21-436374069-1960408961-839522115-1004\software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct3d


    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct3d


    MRU List Object Recognized!
    Location: : S-1-5-21-436374069-1960408961-839522115-1004\software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct X


    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct X


    MRU List Object Recognized!
    Location: : software\microsoft\directdraw\mostrecentapplication
    Description : most recent application to use microsoft directdraw


    MRU List Object Recognized!
    Location: : S-1-5-21-436374069-1960408961-839522115-1007\software\microsoft\directinput\mostrecentapplication
    Description : most recent application to use microsoft directinput


    MRU List Object Recognized!
    Location: : S-1-5-21-436374069-1960408961-839522115-1007\software\microsoft\directinput\mostrecentapplication
    Description : most recent application to use microsoft directinput


    MRU List Object Recognized!
    Location: : S-1-5-21-436374069-1960408961-839522115-1004\software\nvidia corporation\global\nview\windowmanagement
    Description : nvidia nview cached application window positions


    MRU List Object Recognized!
    Location: : S-1-5-21-436374069-1960408961-839522115-1007\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk


    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 312
    ThreadCreationTime : 2008-01-30 12:02:41
    BasePriority : Normal


    #:2 [csrss.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 364
    ThreadCreationTime : 2008-01-30 12:02:43
    BasePriority : Normal


    #:3 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\SYSTEM32\
    ProcessID : 388
    ThreadCreationTime : 2008-01-30 12:02:45
    BasePriority : High


    #:4 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 432
    ThreadCreationTime : 2008-01-30 12:02:45
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Applications Services et Contrôleur
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : services.exe

    #:5 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 444
    ThreadCreationTime : 2008-01-30 12:02:45
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 584
    ThreadCreationTime : 2008-01-30 12:02:45
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:7 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 644
    ThreadCreationTime : 2008-01-30 12:02:46
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:8 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 684
    ThreadCreationTime : 2008-01-30 12:02:46
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:9 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 744
    ThreadCreationTime : 2008-01-30 12:02:46
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:10 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 796
    ThreadCreationTime : 2008-01-30 12:02:46
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:11 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 960
    ThreadCreationTime : 2008-01-30 12:02:47
    BasePriority : Normal
    FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
    ProductVersion : 5.1.2600.2696
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : spoolsv.exe

    #:12 [atkkbservice.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 1048
    ThreadCreationTime : 2008-01-30 12:02:47
    BasePriority : Normal
    FileVersion : 1, 0, 0, 0
    ProductVersion : 1, 0, 0, 0
    ProductName : ASUS Keyboard Service
    CompanyName : ASUSTeK COMPUTER INC.
    FileDescription : ASUS Keyboard Service
    InternalName : ATKKBService
    LegalCopyright : Copyright (C) 2004 @ASUSTeK COMPUTER INC.
    OriginalFilename : ATKKBService.exe

    #:13 [avp.exe]
    FilePath : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\
    ProcessID : 1060
    ThreadCreationTime : 2008-01-30 12:02:47
    BasePriority : Normal
    FileVersion : 6.0.2.614
    ProductVersion : 6.0.2.614
    ProductName : Kaspersky Anti-Virus
    CompanyName : Kaspersky Lab
    FileDescription : Kaspersky Anti-Virus
    InternalName : AVP
    LegalCopyright : Copyright © Kaspersky Lab 1996-2007.
    LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.
    OriginalFilename : AVP.EXE

    #:14 [nvsvc32.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1112
    ThreadCreationTime : 2008-01-30 12:02:47
    BasePriority : Normal
    FileVersion : 6.14.11.6218
    ProductVersion : 6.14.11.6218
    ProductName : NVIDIA Driver Helper Service, Version 162.18
    CompanyName : NVIDIA Corporation
    FileDescription : NVIDIA Driver Helper Service, Version 162.18
    InternalName : NVSVC
    LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
    OriginalFilename : nvsvc32.exe

    #:15 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1196
    ThreadCreationTime : 2008-01-30 12:02:48
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:16 [alg.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1476
    ThreadCreationTime : 2008-01-30 12:02:49
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Application Layer Gateway Service
    InternalName : ALG.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : ALG.exe

    #:17 [usnsvc.exe]
    FilePath : C:\Program Files\MSN Messenger\
    ProcessID : 3332
    ThreadCreationTime : 2008-01-30 12:05:56
    BasePriority : Normal
    FileVersion : 8.1.0178.00
    ProductVersion : 8.1.0178
    ProductName : Messenger
    CompanyName : Microsoft Corporation
    FileDescription : Messenger Sharing USN Journal Reader Service
    InternalName : usnsvc.exe
    LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
    OriginalFilename : usnsvc.exe

    #:18 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 5792
    ThreadCreationTime : 2008-01-31 19:41:42
    BasePriority : Normal
    FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
    ProductVersion : 6.00.2900.3156
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Explorateur Windows
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : EXPLORER.EXE

    #:19 [eye on network.exe]
    FilePath : C:\Program Files\Eye On Network\
    ProcessID : 2332
    ThreadCreationTime : 2008-01-31 19:41:45
    BasePriority : Normal


    #:20 [avp.exe]
    FilePath : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\
    ProcessID : 3368
    ThreadCreationTime : 2008-01-31 19:41:45
    BasePriority : Normal
    FileVersion : 6.0.2.614
    ProductVersion : 6.0.2.614
    ProductName : Kaspersky Anti-Virus
    CompanyName : Kaspersky Lab
    FileDescription : Kaspersky Anti-Virus
    InternalName : AVP
    LegalCopyright : Copyright © Kaspersky Lab 1996-2007.
    LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.
    OriginalFilename : AVP.EXE

    #:21 [jusched.exe]
    FilePath : C:\Program Files\Java\jre1.6.0_03\bin\
    ProcessID : 328
    ThreadCreationTime : 2008-01-31 19:41:45
    BasePriority : Normal


    #:22 [msnmsgr.exe]
    FilePath : C:\Program Files\MSN Messenger\
    ProcessID : 3688
    ThreadCreationTime : 2008-01-31 19:41:45
    BasePriority : Normal
    FileVersion : 8.1.0178.00
    ProductVersion : 8.1.0178
    ProductName : Messenger
    CompanyName : Microsoft Corporation
    FileDescription : Messenger
    InternalName : msnmsgr.exe
    LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
    OriginalFilename : msnmsgr.exe

    #:23 [ctfmon.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 3240
    ThreadCreationTime : 2008-01-31 19:41:45
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : CTF Loader
    InternalName : CTFMON
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : CTFMON.EXE

    #:24 [corecenter.exe]
    FilePath : C:\Program Files\MSI\Core Center\
    ProcessID : 216
    ThreadCreationTime : 2008-01-31 19:41:46
    BasePriority : Normal
    FileVersion : 1, 7, 2, 0
    ProductVersion : 1, 7, 2, 0
    ProductName : FuzzyPWM Application
    FileDescription : FuzzyPWM MFC Application
    InternalName : FuzzyPWM
    LegalCopyright : Copyright (C) 2003
    OriginalFilename : FuzzyPWM.EXE

    #:25 [rundll32.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 4012
    ThreadCreationTime : 2008-01-31 19:41:47
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Exécuter une DLL en tant qu'application
    InternalName : rundll
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : RUNDLL.EXE

    #:26 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID : 5116
    ThreadCreationTime : 2008-01-31 20:16:37
    BasePriority : Normal
    FileVersion : 6.2.0.206
    ProductVersion : VI.Second Edition
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 9


    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 9


    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 9


    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : mario_després@msnportal.112.2o7[1].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Mario Després\Cookies\mario_després@msnportal.112.2o7[1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : mario_després@smartadserver[1].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\Mario Després\Cookies\mario_després@smartadserver[1].txt

    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 2
    Objects found so far: 11



    Deep scanning and examining files (C:) 
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Win32.Trojan.KillProc Object Recognized!
    Type : File
    Data : 00000063.bak
    Category : Malware
    Comment :
    Object : C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\PdmHist\2ac.3C32647001C86353.history\
    FileVersion : 2, 0, 0, 0
    ProductVersion : 2, 0, 0, 0
    ProductName : Command Line Process Utility
    CompanyName : http://www.beyondlogic.org
    FileDescription : Command Line Process Utility
    InternalName : Process.exe
    LegalCopyright : Copyright 2003 Craig.Peacock@beyondlogic.org
    OriginalFilename : Process.exe


    Win32.Trojan.KillProc Object Recognized!
    Type : File
    Data : 00000064.bak
    Category : Malware
    Comment :
    Object : C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\PdmHist\2ac.3C32647001C86353.history\
    FileVersion : 2, 0, 0, 0
    ProductVersion : 2, 0, 0, 0
    ProductName : Command Line Process Utility
    CompanyName : http://www.beyondlogic.org
    FileDescription : Command Line Process Utility
    InternalName : Process.exe
    LegalCopyright : Copyright 2003 Craig.Peacock@beyondlogic.org
    OriginalFilename : Process.exe


    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : marie_josée@atdmt[2].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\marie josée\Cookies\marie_josée@atdmt[2].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : marie_josée@msnportal.112.2o7[1].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\marie josée\Cookies\marie_josée@msnportal.112.2o7[1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : marie_josée@zedo[2].txt
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\marie josée\Cookies\marie_josée@zedo[2].txt
    <STOP>

    Disk Scan Result for C:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 16


    Deep scanning and examining files (E:) 
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for E:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 16
    15:36:10 Scan stopped by user

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:18:51.891
    Objects scanned:239511
    Objects identified:7
    Objects ignored:0
    New critical objects:7

    31 Janvier 2008 21:51:39

    j sais pas si c est valable pour toi mais j vois kek chose ayant rapport avec kaspersky...et ca reviens a chaque scan
    a b 8 Sécurité
    31 Janvier 2008 22:02:15

    Tu n'as pas posté le rapport Kaspersky...
    31 Janvier 2008 23:40:51

    rien a dire sur kaspersky!! scan complet ``aucun code malicieux decouvert``
    et pour ad aware,tu en pense quoi?
    a b 8 Sécurité
    1 Février 2008 13:56:30

    Juste des cookies.
    a b 8 Sécurité
    1 Février 2008 14:23:53

    Et juste, après ton MP, tu peux te brosser pour une désinfection :) 
    1 Février 2008 21:30:16

    eh bien mon cher,si je puis vous nommer ainsi,si je dois me ``brosser``pour une desinfection future,sachez que vous pouvez toujours laisser cours a votre peristaltisme jusqu a ce que défécation
    s ensuive. ca c est francais. en quebecois on dit:va donc chier mon osti!
    4 Février 2008 20:00:39

    BONJOUR. JE TIENS A M EXCUSER PUBLIQUEMENT POUR LA VULGARITÉE DONT J AI FAIT PREUVE DANS MON DERNIER MESSAGE A ANGELDARK .
    si j ai offensé qui que ce soit ,mes excuses s adressent a vous aussi.
    mon petit ``ange noir``,angeldark, pardonne mon insolence.
    a b 8 Sécurité
    4 Février 2008 20:05:16

    1) tu vas te calmern faire ce cinéma pour une sanction de dix minutes
    2) je t'ai déjà répondu le 01/02 à 13h56
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS