Se connecter / S'enregistrer
Votre question

L'ordi fais ce qu'il veut(rapport highjack)

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Novembre 2007 18:05:22

Tout d'abord bonjours

bon depuis une semaine l'ordi me ferme la session,des logiciels s'installe tout seul,de pub viennent sans arret des truc se lance alors que j'ai rien demander,il reboot de temp en temp et plein d'autres choses comme ça

donc j'ai fais un rapport hihgjack car je pense que j'ai un virus si vous pouvez m'aidé je serais vraiment heureux car j'ai vraiment pas envie de le formaté

merci de m'aidé svp

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:58:53, on 29/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\emVybw\command.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\pspvideo9\pspvideo9.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\PROGRA~1\FlashGet\FlashGet.exe
C:\windows\system32\lblleoz.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trojan Remover\Trjscan.exe
C:\WINDOWS\system32\OfcpfwSvcs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinAble\winable.exe
C:\Program Files\Insider\Insider.exe
C:\PROGRA~1\SKS~1\cmd.exe
C:\Documents and Settings\zero\Bureau\HiJackThis_v2.exe
C:\Documents and Settings\zero\Application Data\Microsoft\Windows\koxkdvv.exe
C:\WINDOWS\?ymbols\?hkdsk.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F4BB8B8-0A75-4E0B-8F25-712EFBA9CE1B} - C:\Program Files\Windows Media Player\hoke83122.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} - C:\WINDOWS\system32\rqrpolm.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {56702C90-F66B-481F-B61E-4177C210F2B7} - C:\WINDOWS\system32\jkklk.dll
O2 - BHO: (no name) - {6C6FAFBA-4B46-4D4B-8703-832B6A005E98} - C:\Program Files\Windows Media Player\hoke4444.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B9FDFA12-44AD-392F-DC5A-4BE679810BB7} - C:\WINDOWS\system32\wle.dll
O2 - BHO: (no name) - {C1C5FDC5-CD7B-4E9D-90B5-010998D1F63A} - C:\Program Files\Windows Media Player\hoke24418.dll
O2 - BHO: 0 - {E2E24A61-D2B6-4E3E-C29B-3D6904D779A0} - C:\Program Files\Messenger\lavuma560.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspvideo9.exe -t
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Flashget] "C:\PROGRA~1\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [lblleoz] c:\windows\system32\lblleoz.exe lblleoz
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [OfcpfwSvcs.exe] C:\WINDOWS\system32\OfcpfwSvcs.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\MenacesProtection\bm.exe" dm=http://menacesprotection.com; ad=http://menacesprotection.com
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\zero\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [Lsrc] "C:\PROGRA~1\SKS~1\cmd.exe" -vt yazb
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\zero\Application Data\Microsoft\Windows\koxkdvv.exe
O4 - HKCU\..\Run: [Yqlvk] C:\WINDOWS\?ymbols\?hkdsk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rqrpolm - C:\WINDOWS\SYSTEM32\rqrpolm.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\emVybw\command.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Messenger\profsyby.html

--
End of file - 13184 bytes

Autres pages sur : ordi fais veut rapport highjack

29 Novembre 2007 18:10:39

Salut,

Ya du boulot.


Télécharge SDFix (d’Andy Manchesta)

Enregistre le sur ton le bureau.

Lance le.
Fais install afin qu’il puisse s’extraire.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Lance SDFix.
Double clique sur RunThis.bat .
Appuie sur Y pour le lancer.

Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished

Appuie sur une touche.

Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<

Puis :

Infection Vundo :

Fais ces manips dans l’ordre :

1/ Télécharge VundoFix.exe (d’ Atribune) :

Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok

Poste le rapport qui se trouve dans C:\vundofix.txt

2/ Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt

3/ Poste un nouveau rapport HiJackThis (en ayant renommé HiJackthis.exe en SCANNER.EXE)
Avec cette fois cette version ----> Hijackthis
29 Novembre 2007 18:15:16

merci bien je vais le faire tout de suite
29 Novembre 2007 19:37:51

voilà le premier rapport du logiciel sdfix


SDFix: Version 1.116

Run by zero on 29/11/2007 at 18:36

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
cmdService
Network Monitor

Path:
C:\WINDOWS\emVybw\command.exe
C:\Program Files\Network Monitor\netmon.exe service

cmdService - Deleted
Network Monitor - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\emVybw\asappsrv.dll - Deleted
C:\WINDOWS\emVybw\command.exe - Deleted
C:\WINDOWS\emVybw\yApVvT.vbs - Deleted
C:\DOCUME~1\ZERO\APPLIC~1\MICROS~1\WINDOWS\KOXKDVV.EXE - Deleted
C:\PROGRA~1\MESSEN~1\LAVUMA.DLL - Deleted
C:\PROGRA~1\MESSEN~1\LAVUMA~1.DLL - Deleted
C:\PROGRA~1\MESSEN~1\LAVUMA~2.DLL - Deleted
C:\PROGRA~1\MESSEN~1\LAVUMA~3.DLL - Deleted
C:\PROGRA~1\MESSEN~1\PROFSY~1.HTM - Deleted
C:\PROGRA~1\MESSEN~1\LAVUMA~1 - Deleted
C:\Documents and Settings\zero\Application Data\WinTouch\wintouch.cfg - Deleted
C:\Documents and Settings\zero\Application Data\WinTouch\WinTouch.exe - Deleted
C:\Documents and Settings\zero\Application Data\WinTouch\WTUninstaller.exe - Deleted
C:\Documents and Settings\zero\Local Settings\Temp\ubiB9D.tmp.exe - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Temp\abW9\tPho.log - Deleted
C:\WINDOWS\mrofinu572.exe.tmp - Deleted
C:\Program Files\Insider\Insider.exe - Deleted
C:\Program Files\Insider\UnInstall.exe - Deleted
C:\Program Files\Temporary\wininstall.exe - Deleted
C:\Program Files\WinAble\winable.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\DOCUME~1\zero\LOCALS~1\Temp\removalfile.bat - Deleted
C:\WINDOWS\17PHolmes572.exe - Deleted
C:\WINDOWS\b122.exe - Deleted
C:\WINDOWS\b128.exe - Deleted
C:\WINDOWS\b138.exe - Deleted
C:\WINDOWS\b147.exe - Deleted
C:\WINDOWS\b149.exe - Deleted
C:\WINDOWS\mrofinu1000106.exe - Deleted
C:\WINDOWS\mrofinu572.exe - Deleted
C:\WINDOWS\mrofinu572.exe.tmp - Deleted
C:\WINDOWS\system32\atmtd.dll - Deleted
C:\WINDOWS\system32\atmtd.dll._ - Deleted
C:\WINDOWS\system32\bpk.dat - Deleted
C:\WINDOWS\system32\ckl009.dat - Deleted
C:\WINDOWS\system32\inst.dat - Deleted
C:\WINDOWS\system32\pk.bin - Deleted
C:\WINDOWS\system32\reginv.dll - Deleted
C:\WINDOWS\system32\web.dat - Deleted
C:\WINDOWS\tk58.exe - Deleted
C:\WINDOWS\TTC-4444.exe - Deleted
C:\WINDOWS\uninstall_nmon.vbs - Deleted



Folder C:\Documents and Settings\zero\Application Data\WinTouch - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Insider - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\WinAble - Removed
Folder C:\Temp\abW9 - Removed
Folder C:\Temp\1cb - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 19:00:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2f22ad82
"s2"=dword:f86852bf
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:81,05,42,2f,d0,43,ad,09,10,88,60,25,63,10,2a,7e,a6,c5,1a,cd,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:cc,37,e2,89,46,3c,5f,51,96,6b,db,46,15,a5,3c,01,85,2c,71,a1,94,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b1,db,26,1e,fe,ee,88,b5,91,8e,b6,38,ef,cb,99,3f,17,..
"khjeh"=hex:D b,83,00,4e,21,08,d7,00,c0,03,8e,ae,16,0b,3f,ce,f4,04,05,e1,3b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ba,67,49,cd,70,0f,a9,6c,66,69,de,3f,9d,bf,25,b0,5b,9a,49,3f,82,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:78,57,71,cf,cf,ea,d3,e9,79,d6,f1,a8,49,d3,9a,21,4c,7b,a7,a0,a7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:81,05,42,2f,d0,43,ad,09,10,88,60,25,63,10,2a,7e,a6,c5,1a,cd,1b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:cc,37,e2,89,46,3c,5f,51,96,6b,db,46,15,a5,3c,01,85,2c,71,a1,94,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b1,db,26,1e,fe,ee,88,b5,91,8e,b6,38,ef,cb,99,3f,17,..
"khjeh"=hex:D b,83,00,4e,21,08,d7,00,c0,03,8e,ae,16,0b,3f,ce,f4,04,05,e1,3b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ba,67,49,cd,70,0f,a9,6c,66,69,de,3f,9d,bf,25,b0,5b,9a,49,3f,82,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:78,57,71,cf,cf,ea,d3,e9,79,d6,f1,a8,49,d3,9a,21,4c,7b,a7,a0,a7,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000078
"TracesSuccessful"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6C13C7BA-56BA-6BE6-278E-D306D03BBDCB}]
"iaflklkcfbjhdalaeh"=hex:6a,61,62,67,62,68,62,6e,61,6b,68,69,65,6b,69,66,63,61,64,66,00,..
"hahkakncponfjjfa"=hex:6a,61,62,67,62,68,62,6e,61,6b,68,69,65,6b,69,66,63,61,64,66,00,..

scanning hidden files ...

C:\WINDOWS\Temp\Perflib_Perfdata_8d4.dat 16384 bytes
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\subliminal92@hotmail.com\SharingMetadata\elodie_frege724@hotmail.com\DFSR\Staging\CS{D4AA6795-D0FD-16C2-C19C-2989D877A32B}\01\10-{D4AA6795-D0FD-16C2-C19C-2989D877A32B}-v1-{5725D384-53D8-412C-8601-BB2F0C9E9DD0}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\romanodu34@hotmail.com\DFSR\Staging\CS{40ACDE2B-57C4-8EE0-5F95-87C46D271074}\01\34-{40ACDE2B-57C4-8EE0-5F95-87C46D271074}-v1-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\romanodu34@hotmail.com\DFSR\Staging\CS{40ACDE2B-57C4-8EE0-5F95-87C46D271074}\35\35-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v35-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\romanodu34@hotmail.com\DFSR\Staging\CS{40ACDE2B-57C4-8EE0-5F95-87C46D271074}\37\37-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v37-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7716 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\romanodu34@hotmail.com\DFSR\Staging\CS{40ACDE2B-57C4-8EE0-5F95-87C46D271074}\37\37-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v37-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 944 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\romanodu34@hotmail.com\DFSR\Staging\CS{40ACDE2B-57C4-8EE0-5F95-87C46D271074}\39\39-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v39-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 660 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\romanodu34@hotmail.com\DFSR\Staging\CS{40ACDE2B-57C4-8EE0-5F95-87C46D271074}\39\39-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v39-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\romanodu34@hotmail.com\DFSR\Staging\CS{40ACDE2B-57C4-8EE0-5F95-87C46D271074}\41\41-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v41-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\romanodu34@hotmail.com\DFSR\Staging\CS{40ACDE2B-57C4-8EE0-5F95-87C46D271074}\42\42-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v42-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\romanodu34@hotmail.com\DFSR\Staging\CS{40ACDE2B-57C4-8EE0-5F95-87C46D271074}\44\44-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v44-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\romanodu34@hotmail.com\DFSR\Staging\CS{40ACDE2B-57C4-8EE0-5F95-87C46D271074}\49\49-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v49-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\romanodu34@hotmail.com\DFSR\Staging\CS{40ACDE2B-57C4-8EE0-5F95-87C46D271074}\52\52-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v52-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\romanodu34@hotmail.com\DFSR\Staging\CS{40ACDE2B-57C4-8EE0-5F95-87C46D271074}\54\54-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v54-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\romanodu34@hotmail.com\DFSR\Staging\CS{40ACDE2B-57C4-8EE0-5F95-87C46D271074}\56\56-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v56-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 108228 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\romanodu34@hotmail.com\DFSR\Staging\CS{40ACDE2B-57C4-8EE0-5F95-87C46D271074}\56\56-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v56-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 7590 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\romanodu34@hotmail.com\DFSR\Staging\CS{40ACDE2B-57C4-8EE0-5F95-87C46D271074}\56\56-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v56-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 12296 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\romanodu34@hotmail.com\DFSR\Staging\CS{40ACDE2B-57C4-8EE0-5F95-87C46D271074}\57\57-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v57-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v57-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\romanodu34@hotmail.com\DFSR\Staging\CS{40ACDE2B-57C4-8EE0-5F95-87C46D271074}\59\59-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v59-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\rudy-du-93110@hotmail.fr\DFSR\Staging\CS{B5E73D2D-3986-7A6C-AE65-0802323A6B98}\01\61-{B5E73D2D-3986-7A6C-AE65-0802323A6B98}-v1-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v61-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\rudy-du-93110@hotmail.fr\DFSR\Staging\CS{B5E73D2D-3986-7A6C-AE65-0802323A6B98}\62\62-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v62-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v62-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\rudy-du-93110@hotmail.fr\DFSR\Staging\CS{B5E73D2D-3986-7A6C-AE65-0802323A6B98}\77\77-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v77-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v77-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2226 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\rudy-du-93110@hotmail.fr\DFSR\Staging\CS{B5E73D2D-3986-7A6C-AE65-0802323A6B98}\77\77-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v77-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v77-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 280 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\rudy-du-93110@hotmail.fr\DFSR\Staging\CS{B5E73D2D-3986-7A6C-AE65-0802323A6B98}\79\79-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v79-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v79-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1632 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\rudy-du-93110@hotmail.fr\DFSR\Staging\CS{B5E73D2D-3986-7A6C-AE65-0802323A6B98}\79\79-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v79-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v79-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 176 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\thomasdu93@msn.com\DFSR\Staging\CS{A29D056D-2599-209A-E3F1-CD79BA92C49C}\01\12-{A29D056D-2599-209A-E3F1-CD79BA92C49C}-v1-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\wayzani_2003@hotmail.com\DFSR\Staging\CS{BE9DA093-8649-1741-C98A-C04FA10B0D13}\01\28-{BE9DA093-8649-1741-C98A-C04FA10B0D13}-v1-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\zero\Local Settings\Application Data\Microsoft\Messenger\yakuza93@msn.com\SharingMetadata\wayzani_2003@hotmail.com\DFSR\Staging\CS{BE9DA093-8649-1741-C98A-C04FA10B0D13}\29\29-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v29-{19823EDC-519F-4EE7-9EFC-674150AAFBB0}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 28


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:emule"
"C:\\Program Files\\eMulen$\\emule.exe"="C:\\Program Files\\eMulen$\\emule.exe:*:Enabled:eMule"
"C:\\Documents and Settings\\zero\\Bureau\\WoW-frFR-Installer-downloader.exe"="C:\\Documents and Settings\\zero\\Bureau\\WoW-frFR-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Atari\\Act of War - Direct Action\\ACTOFWAR.EXE"="C:\\Program Files\\Atari\\Act of War - Direct Action\\ACTOFWAR.EXE:*:Enabled:ACTOFWAR"
"C:\\Program Files\\Ubisoft\\Demo\\Tom Clancy's Splinter Cell Double Agent Demo\\SCDA-Offline\\System\\SplinterCell4.exe"="C:\\Program Files\\Ubisoft\\Demo\\Tom Clancy's Splinter Cell Double Agent Demo\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4"
"C:\\Program Files\\PeerTV\\PeerCast.exe"="C:\\Program Files\\PeerTV\\PeerCast.exe:*:Enabled:p eerCast"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\\Program Files\\Atari\\Act of War - High Treason\\ActOfWar_HighTreason.exe"="C:\\Program Files\\Atari\\Act of War - High Treason\\ActOfWar_HighTreason.exe:*:Enabled:ActOfWar_HighTreason"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Atari\\Act of War - Direct Action\\fpupdate.exe"="C:\\Program Files\\Atari\\Act of War - Direct Action\\fpupdate.exe:*:Enabled:fpupdate"
"C:\\Program Files\\Atari\\Act of War - Direct Action\\AowEditor.exe"="C:\\Program Files\\Atari\\Act of War - Direct Action\\AowEditor.exe:*:Enabled:AowEditor"
"C:\\Program Files\\Atari\\Act of War - High Treason\\AOW_HT_Editor.exe"="C:\\Program Files\\Atari\\Act of War - High Treason\\AOW_HT_Editor.exe:*:Enabled:AOW_HT_Editor"
"C:\\Program Files\\eMuleNg\\emule.exe"="C:\\Program Files\\eMuleNg\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4.exe"="C:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4.exe:*:Enabled:SWAT 4"
"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"="C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat:*:Enabled:La Bataille pour la Terre du Milieu T II"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Enabled:Torrent P2P application"
"C:\\Program Files\\Red Storm Entertainment\\Raven Shield Multiplayer Demo\\system\\RavenShield.exe"="C:\\Program Files\\Red Storm Entertainment\\Raven Shield Multiplayer Demo\\system\\RavenShield.exe:*:Enabled:RavenShield"
"C:\\Program Files\\Ubisoft\\Demo\\Ghost Recon Advanced Warfighter Demo\\GRAW_demo.exe"="C:\\Program Files\\Ubisoft\\Demo\\Ghost Recon Advanced Warfighter Demo\\GRAW_demo.exe:*:Enabled:GRAW_demo"
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\graw.exe"="C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\graw.exe:*:Enabled:graw"
"C:\\Program Files\\Bohemia Interactive\\ArmA Demo\\ArmADemo.exe"="C:\\Program Files\\Bohemia Interactive\\ArmA Demo\\ArmADemo.exe:*:Enabled:ArmA"
"C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"="C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\\Program Files\\eMulesf\\eMule.exe"="C:\\Program Files\\eMulesf\\eMule.exe:*:Enabled:eMule Plus"
"C:\\Documents and Settings\\zero\\Bureau\\PSP PC\\USB.exe"="C:\\Documents and Settings\\zero\\Bureau\\PSP PC\\USB.exe:*:Enabled:USB"
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\\Documents and Settings\\zero\\Bureau\\Nouveau dossier\\PSP PC\\USB.exe"="C:\\Documents and Settings\\zero\\Bureau\\Nouveau dossier\\PSP PC\\USB.exe:*:Enabled:USB"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:p ando"
"C:\\Documents and Settings\\zero\\Bureau\\dossier DILLON\\PSP PC\\USB.exe"="C:\\Documents and Settings\\zero\\Bureau\\dossier DILLON\\PSP PC\\USB.exe:*:Enabled:USB"
"C:\\Program Files\\Postal2STP\\ApocalypseWeekend\\System\\postal2.exe"="C:\\Program Files\\Postal2STP\\ApocalypseWeekend\\System\\postal2.exe:*:Enabled:p ostal2"
"C:\\Program Files\\Postal2\\ApocalypseWeekend\\System\\postal2.exe"="C:\\Program Files\\Postal2\\ApocalypseWeekend\\System\\postal2.exe:*:Enabled:p ostal2"
"C:\\Program Files\\Postal2\\eternal damnation\\System\\EternalDamnation.exe"="C:\\Program Files\\Postal2\\eternal damnation\\System\\EternalDamnation.exe:*:Enabled:EternalDamnation"
"C:\\Program Files\\Postal2\\System\\Postal2.exe"="C:\\Program Files\\Postal2\\System\\Postal2.exe:*:Enabled:p ostal2"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"="C:\\Program Files\\Codemasters\\DiRT\\DiRT.exe:*:Enabled:D iRT Executable"
"C:\\Program Files\\CAPCOM\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"="C:\\Program Files\\CAPCOM\\Lost Planet Extreme Condition\\LostPlanetDx9.exe:*:Enabled:LostPlanetDx9"
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"="C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe:*:Enabled:Ghost Recon Advanced Warfighter© 2"
"C:\\Documents and Settings\\zero\\empires2.exe"="C:\\Documents and Settings\\zero\\empires2.exe:*:Enabled:Age of Empires II"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Documents and Settings\\zero\\age2_x1.exe"="C:\\Documents and Settings\\zero\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"="C:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"C:\\WINDOWS\\WinIogon.exe"="C:\\WINDOWS\\WinIogon.exe:*:Enabled:WinIogon"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:p nkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:p nkBstrB"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Midway Home Entertainment\\Stranglehold Demo\\Binaries\\Retail-Stranglehold.exe"="C:\\Program Files\\Midway Home Entertainment\\Stranglehold Demo\\Binaries\\Retail-Stranglehold.exe:*:Enabled:Stranglehold Demo"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Documents and Settings\\TVUPlayer\\TVUPlayer.exe"="C:\\Documents and Settings\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"="C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe:*:Enabled:etqwded.exe"
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"="C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe:*:Enabled:World in Conflict"
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"="C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe:*:Enabled:World in Conflict - Online Only"
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"="C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server"
"C:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"="C:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe:*:Enabled:Unreal Tournament 3 Demo"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe:*:Enabled:Crysis_32_sp_demo"
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"="C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) "
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\wamp\\Apache2\\bin\\httpd.exe"="C:\\wamp\\Apache2\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\WINDOWS\\services.exe"="C:\\WINDOWS\\services.exe:*:Enabled:services"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\zero\\Bureau\\ProRat1.9 FIX2\\ProConnective.exe"="C:\\Documents and Settings\\zero\\Bureau\\ProRat1.9 FIX2\\ProConnective.exe:*:Enabled:p roHack.Net Reverse Connective Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 19 Mar 2006 262,144 A.SH. --- "C:\Program Files\MessengerDiscovery\SpellCHK.exe"
Fri 20 Apr 2007 11,264 A..H. --- "C:\Program Files\MSN Messenger\VERSION.dll"
Fri 20 Apr 2007 10,752 A..H. --- "C:\Program Files\MSN Messenger\WINHTTP.dll"
Wed 28 Nov 2007 72,704 ..SHR --- "C:\Program Files\??sks\cmd.exe"
Fri 19 Jan 2007 56 ..SHR --- "C:\WINDOWS\system32\4FDBACB208.sys"
Mon 23 Jul 2007 64,000 A.SH. --- "C:\WINDOWS\system32\autorun3.exe"
Fri 16 Nov 2007 39,325 A.SH. --- "C:\WINDOWS\system32\kas.exe"
Fri 19 Jan 2007 2,098 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 27 Nov 2007 14,502 ..SH. --- "C:\WINDOWS\system32\klkkj.tmp"
Tue 27 Nov 2007 6,496 ..SH. --- "C:\WINDOWS\system32\klkkj.bak1"
Thu 29 Nov 2007 6,553 ..SH. --- "C:\WINDOWS\system32\klkkj.bak2"
Mon 23 Jul 2007 64,000 A.SH. --- "C:\WINDOWS\system32\OfcpfwSvcs.exe"
Thu 1 Nov 2007 230,400 ..SHR --- "C:\WINDOWS\?ymbols\?hkdsk.exe"
Sun 14 Jan 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 2 Dec 2005 53,248 A..H. --- "C:\Program Files\Landesoft\UMD RIPPER 2.5\AxInterop.WMPLib.DLL"
Fri 2 Dec 2005 290,816 A..H. --- "C:\Program Files\Landesoft\UMD RIPPER 2.5\Interop.WMPLib.DLL"
Wed 30 Nov 2005 8,381,440 A..H. --- "C:\Program Files\Landesoft\UMD RIPPER 2.5\mencoder.exe"
Sun 17 Apr 2005 8,087,040 A..H. --- "C:\Program Files\Landesoft\UMD RIPPER 2.5\mplayer.exe"
Thu 11 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 18 Oct 2007 7,154 ...HR --- "C:\Documents and Settings\zero\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

je continue ce que tu ma dit de faire apres ?
29 Novembre 2007 20:35:09

Oui ;) 
29 Novembre 2007 20:44:16

le scan de vundofix


VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.11

Scan started at 19:40:04 29/11/2007

Listing files found while scanning....

No infected files were found.

le scan de combofix

ComboFix 07-11-19.4C - zero 2007-11-29 19:59:48.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.544 [GMT 1:00]
Running from: C:\Documents and Settings\zero\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\zero\Application Data\macromedia\Flash Player\#SharedObjects\NRKXGPJA\www.broadcaster.com
C:\Documents and Settings\zero\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\zero\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\zero\Menu Démarrer\Programmes\Outerinfo
C:\Documents and Settings\zero\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\zero\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Documents and Settings\zero\Menu Démarrer\Programmes\WebMediaPlayer
C:\Documents and Settings\zero\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\zero\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
C:\Program Files\asembl~1
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\01029340.urr
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\Messenger\lavuma.dll
C:\Program Files\Messenger\profsyby.html
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\04C11CBF
C:\Program Files\MyWebSearch\bar\Cache\0D6D12AF.bin
C:\Program Files\MyWebSearch\bar\Cache\0D6D1445.bin
C:\Program Files\MyWebSearch\bar\Cache\0D6D1697.bin
C:\Program Files\MyWebSearch\bar\Cache\0D6D1947.bin
C:\Program Files\MyWebSearch\bar\Cache\0D6E2529.bin
C:\Program Files\MyWebSearch\bar\Cache\0D6E2642.bin
C:\Program Files\MyWebSearch\bar\Cache\0D6E274C.bin
C:\Program Files\MyWebSearch\bar\Cache\0D6E2911.bin
C:\Program Files\MyWebSearch\bar\Cache\0D6E2A3A.bin
C:\Program Files\MyWebSearch\bar\Cache\0D6E2B53
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe.ren
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\sks~1
C:\Program Files\sks~1\??sks\
C:\Program Files\sks~1\cmd.exe
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.url
C:\UGA6P
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\c3
C:\WINDOWS\system32\c3\baslook11.exe
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\klkkj.bak1
C:\WINDOWS\system32\klkkj.bak2
C:\WINDOWS\system32\klkkj.ini
C:\WINDOWS\system32\klkkj.ini2
C:\WINDOWS\system32\klkkj.tmp
c:\WINDOWS\system32\lblleoz.dat
c:\windows\system32\lblleoz.exe
c:\WINDOWS\system32\lblleoz_nav.dat
c:\WINDOWS\system32\lblleoz_navps.dat
C:\WINDOWS\system32\m4
C:\WINDOWS\system32\m4\ejup83122.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\W007T32W.DLL
C:\WINDOWS\system32\wapiisv32.exe
C:\WINDOWS\system32\wle.dll
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\ymbols~1
C:\WINDOWS\ymbols~1\?hkdsk.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-29 ))))))))))))))))))))))))))))))))))))
.

2007-11-29 19:40 <REP> d-------- C:\VundoFix Backups
2007-11-29 18:35 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-28 22:16 <REP> d-------- C:\Program Files\AxBx
2007-11-27 21:31 <REP> d-------- C:\Documents and Settings\zero\Application Data\MenacesProtection
2007-11-27 21:31 38,912 --a------ C:\WINDOWS\system32\opnopmk.dll
2007-11-27 21:30 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-11-27 21:27 <REP> d-------- C:\WINDOWS\emVybw
2007-11-27 21:26 38,912 --a------ C:\WINDOWS\system32\rqrpolm.dll
2007-11-26 10:13 <REP> d-------- C:\Documents and Settings\zero\Application Data\Microsoft Games
2007-11-19 13:42 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2007-11-17 15:15 <REP> d-------- C:\Program Files\The All-Seeing Eye
2007-11-10 14:36 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-11-10 14:22 <REP> d-------- C:\Program Files\Trojan Remover
2007-11-10 14:22 <REP> d-------- C:\Documents and Settings\zero\Application Data\Simply Super Software
2007-11-10 14:22 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-10 14:22 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-09 22:23 <REP> d-------- C:\Program Files\FTPRush
2007-11-05 18:44 <REP> d-------- C:\Program Files\Kylotonn Entertainment
2007-11-02 19:01 <REP> d-------- C:\wamp
2007-10-30 20:49 <REP> d-------- C:\Documents and Settings\zero\Shared
2007-10-30 20:49 <REP> d-------- C:\Documents and Settings\zero\Incomplete
2007-10-30 20:34 <REP> d-------- C:\Program Files\LimeWire
2007-10-30 20:34 <REP> d-------- C:\Documents and Settings\zero\Application Data\LimeWire

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 19:12 17,006,112 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-29 19:11 624,928 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-29 19:11 59,636 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-29 19:11 228,812 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-29 19:11 --------- d-----w C:\Program Files\FlashGet
2007-11-29 18:52 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-29 18:50 --------- d-----w C:\Documents and Settings\zero\Application Data\Skype
2007-11-29 18:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-29 17:22 --------- d-----w C:\Documents and Settings\zero\Application Data\Xfire
2007-11-29 13:10 --------- d-----w C:\Program Files\eMuleNg
2007-11-28 21:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-27 21:08 --------- d-----w C:\Program Files\Java
2007-11-26 09:10 --------- d-----w C:\Documents and Settings\zero\Application Data\InstallShield
2007-11-26 08:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-26 08:44 --------- d-----w C:\Program Files\Codemasters
2007-11-26 08:32 --------- d-----w C:\Program Files\Microsoft Games
2007-11-25 13:25 --------- d-----w C:\Program Files\Electronic Arts
2007-11-25 12:45 --------- d-----w C:\Program Files\Activision
2007-11-21 06:54 --------- d-----w C:\Program Files\Xfire
2007-11-19 12:42 22,328 ----a-w C:\Documents and Settings\zero\Application Data\PnkBstrK.sys
2007-11-17 14:53 --------- d-----w C:\Program Files\Ubisoft
2007-11-12 05:51 7,433,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-11-10 18:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-11-10 13:43 --------- d-----w C:\Program Files\SpeedFan
2007-11-09 12:35 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-11-05 17:56 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-02 17:16 --------- d-----w C:\Program Files\VCDROM Extension
2007-11-01 01:59 --------- d-----w C:\Program Files\eMule
2007-10-25 11:37 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-23 19:25 --------- d-----w C:\Program Files\ColMather
2007-10-23 19:24 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-23 19:24 253,952 ------w C:\WINDOWS\Setup1.exe
2007-10-20 17:49 --------- d-----w C:\Documents and Settings\zero\Application Data\Codemasters
2007-10-19 22:41 --------- d-----w C:\Documents and Settings\zero\Application Data\Novalogic
2007-10-18 15:45 --------- d-----w C:\Documents and Settings\zero\Application Data\Leadertech
2007-10-18 15:44 --------- d-----w C:\Program Files\NovaLogic
2007-10-18 10:47 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-18 10:47 --------- d-----w C:\Documents and Settings\zero\Application Data\Sports Interactive
2007-10-18 07:06 --------- d--h--w C:\Program Files\Zero G Registry
2007-10-18 07:03 --------- d-----w C:\Program Files\Sports Interactive
2007-10-17 16:04 --------- d-----w C:\Documents and Settings\zero\Application Data\Bioshock
2007-10-15 19:30 --------- d-----w C:\Documents and Settings\zero\Application Data\InstallShield Installation Information
2007-10-15 19:27 --------- d-----w C:\Program Files\Unreal Tournament 3 Demo
2007-10-15 19:22 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-14 12:10 --------- d-----w C:\Program Files\VirtualDub
2007-10-13 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-10-13 09:57 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-10-12 22:50 --------- d-----w C:\Program Files\Sierra
2007-10-04 16:09 --------- d-----w C:\Program Files\Sierra Entertainment
2007-09-29 19:11 --------- d-----w C:\Program Files\DivX
2007-09-29 17:11 --------- d-----w C:\Program Files\id Software
2007-09-28 22:33 --------- d-----w C:\Program Files\Google
2007-09-28 06:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-28 06:08 --------- d-----w C:\Program Files\Microsoft Works
2007-09-28 06:07 --------- d-----w C:\Program Files\MSBuild
2007-09-28 06:06 --------- d-----w C:\Program Files\Microsoft.NET
2007-09-28 06:02 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-09-23 23:10 53,245 ----a-w C:\Documents and Settings\TVUPlayer\uninst.exe
2007-09-21 09:42 86,016 ----a-w C:\Documents and Settings\TVUPlayer\wvchk.exe
2007-09-21 09:42 685,336 ----a-w C:\Documents and Settings\TVUPlayer\TVUPlayer.exe
2007-09-21 09:42 359,528 ----a-w C:\Documents and Settings\TVUPlayer\TVUAx.dll
2007-09-21 09:42 177,464 ----a-w C:\Documents and Settings\TVUPlayer\AutoUpgrade.exe
2007-09-21 09:41 188,416 ----a-w C:\Documents and Settings\TVUPlayer\reszh-CN.dll
2007-09-21 09:40 176,128 ----a-w C:\Documents and Settings\TVUPlayer\LibChFile.dll
2007-09-21 09:40 15,872 ----a-w C:\Documents and Settings\TVUPlayer\LibDownMgr.dll
2007-08-09 18:24 293,947 ----a-w C:\Documents and Settings\zero\CisoPlus.exe
2007-06-29 02:43 147,456 ----a-w C:\Documents and Settings\TVUPlayer\CrashCatcher.dll
2007-05-17 05:58 143,360 ----a-w C:\Documents and Settings\TVUPlayer\libexpatw.dll
2007-03-28 02:40 266,342 ----a-w C:\Documents and Settings\TVUPlayer\libcurl.dll
2007-03-24 13:42 1 ----a-w C:\Documents and Settings\zero\SI.bin
2006-10-18 09:32 640,000 ----a-w C:\Documents and Settings\TVUPlayer\dbghelp.dll
2006-10-18 09:32 499,712 ----a-w C:\Documents and Settings\TVUPlayer\msvcp71.dll
2006-10-18 09:32 348,160 ----a-w C:\Documents and Settings\TVUPlayer\msvcr71.dll
2006-10-18 09:32 1,777,664 ----a-w C:\Documents and Settings\TVUPlayer\GDIPLUS.DLL
2006-10-16 10:44 196,608 ----a-w C:\Documents and Settings\TVUPlayer\ssleay32.dll
2006-10-16 10:44 1,028,096 ----a-w C:\Documents and Settings\TVUPlayer\libeay32.dll
2000-08-08 12:44 340 ----a-w C:\Documents and Settings\zero\setup.bat
2000-08-08 12:39 45,056 ----a-w C:\Documents and Settings\zero\SETUPREG.EXE
2000-08-08 12:18 34 ----a-w C:\Documents and Settings\zero\fonts.bat
2000-08-08 12:17 0 ----a-w C:\Documents and Settings\zero\STPENUX.DLL
2000-08-07 22:13 2,695,213 ----a-w C:\Documents and Settings\zero\age2_x1.exe
2000-08-06 22:11 20,992 ----a-w C:\Documents and Settings\zero\mythxpak.exe
2000-06-21 07:52 32,768 ----a-w C:\Documents and Settings\zero\replwavs.exe
2000-06-12 22:09 339,968 ------w C:\Documents and Settings\zero\language_x1.dll
2000-06-12 21:59 53,299 ------w C:\Documents and Settings\zero\ebueulax.dll
1999-11-17 10:00 32,768 ----a-w C:\Documents and Settings\zero\SETUPENU.DLL
1999-09-22 00:32 53,304 ------w C:\Documents and Settings\zero\EBUEula.dll
1999-09-22 00:32 499,712 ------w C:\Documents and Settings\zero\language.dll
1999-09-22 00:32 365,568 ------w C:\Documents and Settings\zero\HA312W32.DLL
1999-09-22 00:32 112,688 ------w C:\Documents and Settings\zero\SHW32.DLL
1999-09-21 15:46 2,560,000 ----a-w C:\Documents and Settings\zero\empires2.exe
2007-01-19 12:36 56 --sh--r C:\WINDOWS\system32\4FDBACB208.sys
2007-07-23 18:29 64,000 --sha-w C:\WINDOWS\system32\autorun3.exe
2007-01-19 12:36 2,098 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-23 18:29 64,000 --sha-w C:\WINDOWS\system32\OfcpfwSvcs.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F4BB8B8-0A75-4E0B-8F25-712EFBA9CE1B}]
2007-08-02 14:43 282624 --a------ C:\Program Files\Windows Media Player\hoke83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}]
2007-11-27 21:26 38912 --a------ C:\WINDOWS\system32\rqrpolm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C6FAFBA-4B46-4D4B-8703-832B6A005E98}]
2007-08-02 14:43 282624 --a------ C:\Program Files\Windows Media Player\hoke4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1C5FDC5-CD7B-4E9D-90B5-010998D1F63A}]
2007-08-02 14:43 282624 --a------ C:\Program Files\Windows Media Player\hoke24418.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2007-08-08 02:54 266240]

[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 04:05]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:10]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-10-05 11:33]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-06-08 14:18]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-06 16:41]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"Lsrc"="C:\PROGRA~1\SKS~1\cmd.exe" []
"Yqlvk"="C:\WINDOWS\?ymbols\?hkdsk.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 10:28 C:\WINDOWS\RTHDCPL.EXE]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"PSPVideo9"="C:\Program Files\pspvideo9\pspvideo9.exe" [2005-10-30 01:56]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-05-19 21:36]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 16:10 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-11-12 06:51 C:\WINDOWS\system32\nwiz.exe]
"Flashget"="C:\PROGRA~1\FlashGet\FlashGet.exe" [2007-09-25 09:10]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-03-16 13:44]
"OfcpfwSvcs.exe"="C:\WINDOWS\system32\OfcpfwSvcs.exe" [2007-07-23 19:29]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-19 16:10 C:\WINDOWS\system32\rundll32.exe]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2007-10-24 21:23]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}"= C:\WINDOWS\system32\rqrpolm.dll [2007-11-27 21:26 38912]
C:\WINDOWS\system32\klogon.dll 2007-05-19 21:37 206352 C:\WINDOWS\system32\klogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrpolm]
rqrpolm.dll 2007-11-27 21:26 38912 C:\WINDOWS\system32\rqrpolm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkklk.dll

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys
R1 ISODrive;ISO DVD/CD-ROM Device Driver;\??\C:\Program Files\UltraISO\drivers\ISODrive.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
S3 jfdcd;jfdcd;\??\C:\DOCUME~1\zero\LOCALS~1\Temp\jfdcd.sys
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys
S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;C:\WINDOWS\system32\DRIVERS\MRVW225.sys
S3 SGIR;SGIR;C:\WINDOWS\system32\drivers\iMON_PAD.sys
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c58c90c-abd0-11db-bd78-0060b3db87fc}]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4e65658-c8e0-11db-bd90-0060b3db87fc}]
\Shell\AutoRun\command - G:\autorun.exe
\Shell\setup\command - G:\setup.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-29 19:00:02 C:\WINDOWS\Tasks\B8EF4C8C9588F7E4.job"
- c:\docume~1\zero\applic~1\antieach\Bat New Rdr.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 20:13:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-29 20:15:52 - machine was rebooted
.
--- E O F ---
29 Novembre 2007 21:01:52

Beau ménage de fait.
Tu es vraiment très infecté, je vois de nouvelles infections : Lop, Egdaccess !

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\DOCUME~1\zero\LOCALS~1\Temp\jfdcd.sys
C:\WINDOWS\system32\rqrpolm.dll
C:\Program Files\Windows Media Player\hoke83122.dll
C:\Program Files\Windows Media Player\hoke4444.dll
C:\Program Files\Windows Media Player\hoke24418.dll
C:\WINDOWS\system32\opnopmk.dll

Folder::
C:\Program Files\Windows Live Safety Center
C:\VundoFix Backups

Registry::
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrpolm]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lsrc"=-
"Yqlvk"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F4BB8B8-0A75-4E0B-8F25-712EFBA9CE1B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C6FAFBA-4B46-4D4B-8703-832B6A005E98}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1C5FDC5-CD7B-4E9D-90B5-010998D1F63A}]


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.

+++++++++

Aller dans poste de travail>outils>option des dossiers>affichage>afficher les fichiers et dossiers cachés. - - > Appliquer - - > OK

Aller dans poste de travail>outils>option des dossiers>affichage>décocher masquer les fichiers protégés du système d’exploitation. - - > Appliquer - - > OK
(Tu recoches après)

Fais analyser ces fichier sur ce site >> Virustotal <<

Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\WINDOWS\system32\OfcpfwSvcs.exe
Clique maintenant sur envoyer le fichier.
Poste le rapport
Fais la même chose avec ces fichiers : C:\WINDOWS\system32\autorun3.exe et C:\WINDOWS\system32\4FDBACB208.sys



29 Novembre 2007 22:35:22

donc le rapport

ComboFix 07-11-19.4C - zero 2007-11-29 21:34:00.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.454 [GMT 1:00]
Running from: C:\Documents and Settings\zero\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\zero\Mes documents\My Pando Packages\CFScript.txt
* Created a new restore point

FILE
C:\DOCUME~1\zero\LOCALS~1\Temp\jfdcd.sys
C:\Program Files\Windows Media Player\hoke24418.dll
C:\Program Files\Windows Media Player\hoke4444.dll
C:\Program Files\Windows Media Player\hoke83122.dll
C:\WINDOWS\system32\opnopmk.dll
C:\WINDOWS\system32\rqrpolm.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Windows Live Safety Center
C:\Program Files\Windows Live Safety Center\base.xml
C:\Program Files\Windows Live Safety Center\mpdaily.vdm
C:\Program Files\Windows Live Safety Center\mpdef.vdm
C:\Program Files\Windows Live Safety Center\mpengine.dll
C:\Program Files\Windows Live Safety Center\mputils.dll
C:\Program Files\Windows Live Safety Center\scnAVAS.dll
C:\Program Files\Windows Live Safety Center\scnAVAS.inf
C:\Program Files\Windows Live Safety Center\scnAVdaily.inf
C:\Program Files\Windows Live Safety Center\scnAVdef.inf
C:\Program Files\Windows Live Safety Center\scnAVengine.inf
C:\Program Files\Windows Live Safety Center\wlscCore.dll
C:\Program Files\Windows Live Safety Center\wlscCore.inf
C:\Program Files\Windows Live Safety Center\wlscLoc.inf
C:\Program Files\Windows Live Safety Center\wlscLoc.xml
C:\Program Files\Windows Live Safety Center\wlscUploader.exe
C:\Program Files\Windows Media Player\hoke24418.dll
C:\Program Files\Windows Media Player\hoke4444.dll
C:\Program Files\Windows Media Player\hoke83122.dll
C:\VundoFix Backups
C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\opnopmk.dll
C:\WINDOWS\system32\rqrpolm.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFDRV01
-------\SFDRV01


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-29 ))))))))))))))))))))))))))))))))))))
.

2007-11-29 18:35 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-27 21:31 <REP> d-------- C:\Documents and Settings\zero\Application Data\MenacesProtection
2007-11-27 21:30 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-11-27 21:27 <REP> d-------- C:\WINDOWS\emVybw
2007-11-26 10:13 <REP> d-------- C:\Documents and Settings\zero\Application Data\Microsoft Games
2007-11-19 13:42 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2007-11-17 15:15 <REP> d-------- C:\Program Files\The All-Seeing Eye
2007-11-10 14:36 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-11-10 14:22 <REP> d-------- C:\Program Files\Trojan Remover
2007-11-10 14:22 <REP> d-------- C:\Documents and Settings\zero\Application Data\Simply Super Software
2007-11-10 14:22 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-10 14:22 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-09 22:23 <REP> d-------- C:\Program Files\FTPRush
2007-11-05 18:44 <REP> d-------- C:\Program Files\Kylotonn Entertainment
2007-11-02 19:01 <REP> d-------- C:\wamp
2007-10-30 20:49 <REP> d-------- C:\Documents and Settings\zero\Shared
2007-10-30 20:49 <REP> d-------- C:\Documents and Settings\zero\Incomplete
2007-10-30 20:34 <REP> d-------- C:\Program Files\LimeWire
2007-10-30 20:34 <REP> d-------- C:\Documents and Settings\zero\Application Data\LimeWire

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 20:43 17,122,592 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-29 20:42 630,560 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-29 20:42 60,164 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-29 20:42 230,372 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-29 19:52 --------- d-----w C:\Program Files\FlashGet
2007-11-29 19:44 --------- d-----w C:\Documents and Settings\zero\Application Data\Skype
2007-11-29 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-29 18:52 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-29 17:22 --------- d-----w C:\Documents and Settings\zero\Application Data\Xfire
2007-11-29 13:10 --------- d-----w C:\Program Files\eMuleNg
2007-11-28 21:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-27 21:08 --------- d-----w C:\Program Files\Java
2007-11-26 09:10 --------- d-----w C:\Documents and Settings\zero\Application Data\InstallShield
2007-11-26 08:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-26 08:44 --------- d-----w C:\Program Files\Codemasters
2007-11-26 08:32 --------- d-----w C:\Program Files\Microsoft Games
2007-11-25 13:25 --------- d-----w C:\Program Files\Electronic Arts
2007-11-25 12:45 --------- d-----w C:\Program Files\Activision
2007-11-21 06:54 --------- d-----w C:\Program Files\Xfire
2007-11-19 12:42 22,328 ----a-w C:\Documents and Settings\zero\Application Data\PnkBstrK.sys
2007-11-17 14:53 --------- d-----w C:\Program Files\Ubisoft
2007-11-12 05:51 7,433,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-11-10 18:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-11-10 13:43 --------- d-----w C:\Program Files\SpeedFan
2007-11-05 17:56 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-02 17:16 --------- d-----w C:\Program Files\VCDROM Extension
2007-11-01 01:59 --------- d-----w C:\Program Files\eMule
2007-10-25 11:37 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-23 19:25 --------- d-----w C:\Program Files\ColMather
2007-10-23 19:24 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-23 19:24 253,952 ------w C:\WINDOWS\Setup1.exe
2007-10-20 17:49 --------- d-----w C:\Documents and Settings\zero\Application Data\Codemasters
2007-10-19 22:41 --------- d-----w C:\Documents and Settings\zero\Application Data\Novalogic
2007-10-18 15:45 --------- d-----w C:\Documents and Settings\zero\Application Data\Leadertech
2007-10-18 15:44 --------- d-----w C:\Program Files\NovaLogic
2007-10-18 10:47 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-18 10:47 --------- d-----w C:\Documents and Settings\zero\Application Data\Sports Interactive
2007-10-18 07:06 --------- d--h--w C:\Program Files\Zero G Registry
2007-10-18 07:03 --------- d-----w C:\Program Files\Sports Interactive
2007-10-17 16:04 --------- d-----w C:\Documents and Settings\zero\Application Data\Bioshock
2007-10-15 19:30 --------- d-----w C:\Documents and Settings\zero\Application Data\InstallShield Installation Information
2007-10-15 19:27 --------- d-----w C:\Program Files\Unreal Tournament 3 Demo
2007-10-15 19:22 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-14 12:10 --------- d-----w C:\Program Files\VirtualDub
2007-10-13 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-10-13 09:57 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-10-12 22:50 --------- d-----w C:\Program Files\Sierra
2007-10-04 16:09 --------- d-----w C:\Program Files\Sierra Entertainment
2007-09-29 19:11 --------- d-----w C:\Program Files\DivX
2007-09-29 17:11 --------- d-----w C:\Program Files\id Software
2007-09-28 22:33 --------- d-----w C:\Program Files\Google
2007-09-28 06:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-28 06:08 --------- d-----w C:\Program Files\Microsoft Works
2007-09-28 06:07 --------- d-----w C:\Program Files\MSBuild
2007-09-28 06:06 --------- d-----w C:\Program Files\Microsoft.NET
2007-09-28 06:02 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-09-23 23:10 53,245 ----a-w C:\Documents and Settings\TVUPlayer\uninst.exe
2007-09-21 09:42 86,016 ----a-w C:\Documents and Settings\TVUPlayer\wvchk.exe
2007-09-21 09:42 685,336 ----a-w C:\Documents and Settings\TVUPlayer\TVUPlayer.exe
2007-09-21 09:42 359,528 ----a-w C:\Documents and Settings\TVUPlayer\TVUAx.dll
2007-09-21 09:42 177,464 ----a-w C:\Documents and Settings\TVUPlayer\AutoUpgrade.exe
2007-09-21 09:41 188,416 ----a-w C:\Documents and Settings\TVUPlayer\reszh-CN.dll
2007-09-21 09:40 176,128 ----a-w C:\Documents and Settings\TVUPlayer\LibChFile.dll
2007-09-21 09:40 15,872 ----a-w C:\Documents and Settings\TVUPlayer\LibDownMgr.dll
2007-08-09 18:24 293,947 ----a-w C:\Documents and Settings\zero\CisoPlus.exe
2007-06-29 02:43 147,456 ----a-w C:\Documents and Settings\TVUPlayer\CrashCatcher.dll
2007-05-17 05:58 143,360 ----a-w C:\Documents and Settings\TVUPlayer\libexpatw.dll
2007-03-28 02:40 266,342 ----a-w C:\Documents and Settings\TVUPlayer\libcurl.dll
2007-03-24 13:42 1 ----a-w C:\Documents and Settings\zero\SI.bin
2006-10-18 09:32 640,000 ----a-w C:\Documents and Settings\TVUPlayer\dbghelp.dll
2006-10-18 09:32 499,712 ----a-w C:\Documents and Settings\TVUPlayer\msvcp71.dll
2006-10-18 09:32 348,160 ----a-w C:\Documents and Settings\TVUPlayer\msvcr71.dll
2006-10-18 09:32 1,777,664 ----a-w C:\Documents and Settings\TVUPlayer\GDIPLUS.DLL
2006-10-16 10:44 196,608 ----a-w C:\Documents and Settings\TVUPlayer\ssleay32.dll
2006-10-16 10:44 1,028,096 ----a-w C:\Documents and Settings\TVUPlayer\libeay32.dll
2000-08-08 12:44 340 ----a-w C:\Documents and Settings\zero\setup.bat
2000-08-08 12:39 45,056 ----a-w C:\Documents and Settings\zero\SETUPREG.EXE
2000-08-08 12:18 34 ----a-w C:\Documents and Settings\zero\fonts.bat
2000-08-08 12:17 0 ----a-w C:\Documents and Settings\zero\STPENUX.DLL
2000-08-07 22:13 2,695,213 ----a-w C:\Documents and Settings\zero\age2_x1.exe
2000-08-06 22:11 20,992 ----a-w C:\Documents and Settings\zero\mythxpak.exe
2000-06-21 07:52 32,768 ----a-w C:\Documents and Settings\zero\replwavs.exe
2000-06-12 22:09 339,968 ------w C:\Documents and Settings\zero\language_x1.dll
2000-06-12 21:59 53,299 ------w C:\Documents and Settings\zero\ebueulax.dll
1999-11-17 10:00 32,768 ----a-w C:\Documents and Settings\zero\SETUPENU.DLL
1999-09-22 00:32 53,304 ------w C:\Documents and Settings\zero\EBUEula.dll
1999-09-22 00:32 499,712 ------w C:\Documents and Settings\zero\language.dll
1999-09-22 00:32 365,568 ------w C:\Documents and Settings\zero\HA312W32.DLL
1999-09-22 00:32 112,688 ------w C:\Documents and Settings\zero\SHW32.DLL
1999-09-21 15:46 2,560,000 ----a-w C:\Documents and Settings\zero\empires2.exe
2007-01-19 12:36 56 --sh--r C:\WINDOWS\system32\4FDBACB208.sys
2007-07-23 18:29 64,000 --sha-w C:\WINDOWS\system32\autorun3.exe
2007-01-19 12:36 2,098 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-23 18:29 64,000 --sha-w C:\WINDOWS\system32\OfcpfwSvcs.exe
.

((((((((((((((((((((((((((((( snapshot@2007-11-29_20.14.05.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2007-08-08 02:54 266240]

[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2007-08-08 02:54 266240]

[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 04:05]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:10]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-10-05 11:33]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-06-08 14:18]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 10:28 C:\WINDOWS\RTHDCPL.EXE]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"PSPVideo9"="C:\Program Files\pspvideo9\pspvideo9.exe" [2005-10-30 01:56]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-05-19 21:36]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 16:10 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-11-12 06:51 C:\WINDOWS\system32\nwiz.exe]
"Flashget"="C:\PROGRA~1\FlashGet\FlashGet.exe" [2007-09-25 09:10]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-03-16 13:44]
"OfcpfwSvcs.exe"="C:\WINDOWS\system32\OfcpfwSvcs.exe" [2007-07-23 19:29]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-19 16:10 C:\WINDOWS\system32\rundll32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09]
C:\WINDOWS\system32\klogon.dll 2007-05-19 21:37 206352 C:\WINDOWS\system32\klogon.dll

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys
R1 ISODrive;ISO DVD/CD-ROM Device Driver;\??\C:\Program Files\UltraISO\drivers\ISODrive.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
S3 jfdcd;jfdcd;\??\C:\DOCUME~1\zero\LOCALS~1\Temp\jfdcd.sys
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys
S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;C:\WINDOWS\system32\DRIVERS\MRVW225.sys
S3 SGIR;SGIR;C:\WINDOWS\system32\drivers\iMON_PAD.sys
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c58c90c-abd0-11db-bd78-0060b3db87fc}]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4e65658-c8e0-11db-bd90-0060b3db87fc}]
\Shell\AutoRun\command - G:\autorun.exe
\Shell\setup\command - G:\setup.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-29 20:00:00 C:\WINDOWS\Tasks\B8EF4C8C9588F7E4.job"
- c:\docume~1\zero\applic~1\antieach\Bat New Rdr.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 21:43:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-29 21:45:01 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-29 20:15
.
--- E O F ---
29 Novembre 2007 23:06:51

premier fichier

File OfcpfwSvcs.exe received on 11.29.2007 05:08:31 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 24/32 (75%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 - - Win-Trojan/Autorun.64000
AntiVir - - DR/PcClient.Gen
Authentium - - -
Avast - - Win32:p cClient-FD
AVG - - BackDoor.Generic6.UJN
BitDefender - - -
CAT-QuickHeal - - Backdoor.PcClient.wi
ClamAV - - Trojan.PcClient-278
DrWeb - - BackDoor.PcClient
eSafe - - -
eTrust-Vet - - Win32/Pcclient.BR
Ewido - - Backdoor.PcClient.wi
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - Backdoor.Win32.PcClient.wi
Ikarus - - Backdoor.Win32.PcClient.wi
Kaspersky - - Backdoor.Win32.PcClient.wi
McAfee - - BackDoor-CKB
Microsoft - - Backdoor:Win32/PcClient
NOD32v2 - - a variant of Win32/PcClient.WI
Norman - - W32/PCClient.CWS
Panda - - Bck/PcClient.DU
Prevx1 - - Heuristic: Suspicious Self Modifying File
Rising - - Worm.Win32.Agent.yzh
Sophos - - W32/SillyFDC-E
Sunbelt - - -
Symantec - - Trojan Horse
TheHacker - - Backdoor/PcClient.wi
VBA32 - - Backdoor.Win32.PcClient.wi
VirusBuster - - -
Webwasher-Gateway - - Trojan.Dropper.PcClient.Gen
Additional information
MD5: aecf66b5080e8bc6536dbb2c13411e6a



deuxieme

Fichier autorun3.exe reçu le 2007.11.29 22:44:21 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 24/32 (75%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 38 et 54 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.30.0 2007.11.29 Win-Trojan/Autorun.64000
AntiVir 7.6.0.34 2007.11.29 DR/PcClient.Gen
Authentium 4.93.8 2007.11.29 -
Avast 4.7.1074.0 2007.11.29 Win32:p cClient-FD
AVG 7.5.0.503 2007.11.29 BackDoor.Generic6.UJN
BitDefender 7.2 2007.11.29 -
CAT-QuickHeal 9.00 2007.11.29 Backdoor.PcClient.wi
ClamAV 0.91.2 2007.11.29 Trojan.PcClient-278
DrWeb 4.44.0.09170 2007.11.29 BackDoor.PcClient
eSafe 7.0.15.0 2007.11.29 -
eTrust-Vet 31.3.5335 2007.11.29 Win32/Pcclient.BF
Ewido 4.0 2007.11.29 Backdoor.PcClient.wi
FileAdvisor 1 2007.11.29 -
Fortinet 3.14.0.0 2007.11.29 -
F-Prot 4.4.2.54 2007.11.29 -
F-Secure 6.70.13030.0 2007.11.29 Backdoor.Win32.PcClient.wi
Ikarus T3.1.1.12 2007.11.29 Backdoor.Win32.PcClient.wi
Kaspersky 7.0.0.125 2007.11.29 Backdoor.Win32.PcClient.wi
McAfee 5174 2007.11.29 BackDoor-CKB
Microsoft 1.3007 2007.11.29 Backdoor:Win32/PcClient
NOD32v2 2693 2007.11.29 a variant of Win32/PcClient.WI
Norman 5.80.02 2007.11.29 W32/PCClient.CWS
Panda 9.0.0.4 2007.11.28 Bck/PcClient.DU
Prevx1 V2 2007.11.29 BackDoor.Generic6.UJN
Rising 20.20.22.00 2007.11.29 Worm.Win32.Agent.yzh
Sophos 4.23.0 2007.11.29 W32/SillyFDC-E
Sunbelt 2.2.907.0 2007.11.27 -
Symantec 10 2007.11.29 Trojan Horse
TheHacker 6.2.9.144 2007.11.28 Backdoor/PcClient.wi
VBA32 3.12.2.5 2007.11.28 Backdoor.Win32.PcClient.wi
VirusBuster 4.3.26:9 2007.11.29 -
Webwasher-Gateway 6.6.2 2007.11.29 Trojan.Dropper.PcClient.Gen
Information additionnelle
File size: 64000 bytes
MD5: aecf66b5080e8bc6536dbb2c13411e6a
SHA1: a7a3cfad1e04b1fc3b1f23dce118e398fff79d27
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=B928B7FF00E8...

troisieme

Fichier 4FDBACB208.sys reçu le 2007.11.29 23:00:58 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 2.
L'heure estimée de démarrage est entre 41 et 59 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.30.0 2007.11.29 -
AntiVir 7.6.0.34 2007.11.29 -
Authentium 4.93.8 2007.11.29 -
Avast 4.7.1074.0 2007.11.29 -
AVG 7.5.0.503 2007.11.29 -
BitDefender 7.2 2007.11.29 -
CAT-QuickHeal 9.00 2007.11.29 -
ClamAV 0.91.2 2007.11.29 -
DrWeb 4.44.0.09170 2007.11.29 -
eSafe 7.0.15.0 2007.11.29 -
eTrust-Vet 31.3.5335 2007.11.29 -
Ewido 4.0 2007.11.29 -
FileAdvisor 1 2007.11.29 -
Fortinet 3.14.0.0 2007.11.29 -
F-Prot 4.4.2.54 2007.11.29 -
F-Secure 6.70.13030.0 2007.11.29 -
Ikarus T3.1.1.12 2007.11.29 -
Kaspersky 7.0.0.125 2007.11.29 -
McAfee 5174 2007.11.29 -
Microsoft 1.3007 2007.11.29 -
NOD32v2 2693 2007.11.29 -
Norman 5.80.02 2007.11.29 -
Panda 9.0.0.4 2007.11.28 -
Prevx1 V2 2007.11.29 -
Rising 20.20.22.00 2007.11.29 -
Sophos 4.23.0 2007.11.29 -
Sunbelt 2.2.907.0 2007.11.27 -
Symantec 10 2007.11.29 -
TheHacker 6.2.9.144 2007.11.28 -
VBA32 3.12.2.5 2007.11.28 -
VirusBuster 4.3.26:9 2007.11.29 -
Webwasher-Gateway 6.6.2 2007.11.29 -
Information additionnelle
File size: 56 bytes
MD5: f541572a48128ff5d4925c6579807913
SHA1: 212aaac14916a606da372101c436916958250322




Merci encore pour ton aide t'es vraiment sympa de m'aidé parce que franchment je vois pas du tout comment tu fais pour te retrouver dans ces rapport qui font 100 ligne...
29 Novembre 2007 23:42:10

Re, (de rien ;) )

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\OfcpfwSvcs.exe
C:\WINDOWS\system32\autorun3.exe

Folder::
C:\WINDOWS\emVybw
C:\Documents and Settings\zero\Application Data\MenacesProtection
C:\Program Files\MenacesProtection


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
30 Novembre 2007 02:04:06

Dernier rapport (je supose)

ComboFix 07-11-19.4C - zero 2007-11-30 1:52:29.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.527 [GMT 1:00]
Running from: C:\Documents and Settings\zero\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\zero\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\autorun3.exe
C:\WINDOWS\system32\OfcpfwSvcs.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\zero\Application Data\MenacesProtection
C:\Documents and Settings\zero\Application Data\MenacesProtection\avtasks.dat
C:\Documents and Settings\zero\Application Data\MenacesProtection\Logs\av.log
C:\Documents and Settings\zero\Application Data\MenacesProtection\Logs\ga6Support.log
C:\WINDOWS\emVybw
C:\WINDOWS\system32\autorun3.exe
C:\WINDOWS\system32\OfcpfwSvcs.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))))))))
.

2007-11-29 23:08 <REP> d-------- C:\WINDOWS\LastGood
2007-11-29 18:35 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-27 22:08 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-27 21:31 38,912 --a------ C:\WINDOWS\system32\gebcbxx.dll
2007-11-27 21:30 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-11-27 21:28 38,912 --a------ C:\WINDOWS\system32\gebbbya.dll
2007-11-26 10:13 <REP> d-------- C:\Documents and Settings\zero\Application Data\Microsoft Games
2007-11-19 13:42 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2007-11-17 15:15 <REP> d-------- C:\Program Files\The All-Seeing Eye
2007-11-16 09:01 39,325 --ahs---- C:\WINDOWS\system32\kas.exe
2007-11-12 06:51 1,089,536 --a------ C:\WINDOWS\system32\nvcuda.dll
2007-11-10 14:22 <REP> d-------- C:\Program Files\Trojan Remover
2007-11-10 14:22 <REP> d-------- C:\Documents and Settings\zero\Application Data\Simply Super Software
2007-11-09 22:23 <REP> d-------- C:\Program Files\FTPRush
2007-11-05 18:44 <REP> d-------- C:\Program Files\Kylotonn Entertainment
2007-11-02 19:01 <REP> d-------- C:\wamp
2007-10-30 20:49 <REP> d-------- C:\Documents and Settings\zero\Shared
2007-10-30 20:49 <REP> d-------- C:\Documents and Settings\zero\Incomplete
2007-10-30 20:34 <REP> d-------- C:\Program Files\LimeWire
2007-10-30 20:34 <REP> d-------- C:\Documents and Settings\zero\Application Data\LimeWire
2007-10-23 20:24 <REP> d-------- C:\Program Files\ColMather
2007-10-23 20:24 253,952 --------- C:\WINDOWS\Setup1.exe
2007-10-23 20:24 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2007-10-20 18:49 <REP> d-------- C:\Documents and Settings\zero\Application Data\Codemasters
2007-10-20 13:59 <REP> d-------- C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP
2007-10-19 23:41 <REP> d-------- C:\Documents and Settings\zero\Application Data\Novalogic
2007-10-18 16:45 <REP> d-------- C:\Documents and Settings\zero\Application Data\Leadertech
2007-10-18 11:47 <REP> d-------- C:\Documents and Settings\zero\Application Data\Sports Interactive
2007-10-18 08:03 <REP> d--h----- C:\Program Files\Zero G Registry
2007-10-18 08:03 <REP> d-------- C:\Program Files\Sports Interactive
2007-10-18 08:02 <REP> d--h----- C:\Documents and Settings\zero\InstallAnywhere
2007-10-15 20:30 <REP> d-------- C:\Documents and Settings\zero\Application Data\InstallShield Installation Information
2007-10-15 20:27 <REP> d-------- C:\Program Files\Unreal Tournament 3 Demo
2007-10-15 20:23 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-10-15 20:23 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-10-15 20:23 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-10-15 00:47 <REP> d-------- C:\Program Files\NovaLogic
2007-10-15 00:47 <REP> d-------- C:\Documents and Settings\zero\WINDOWS
2007-10-13 22:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-10-13 22:37 <REP> d-------- C:\WINDOWS\nview
2007-10-13 22:37 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-10-13 22:37 161,965 --a------ C:\WINDOWS\system32\nvapps.xml
2007-10-13 00:12 <REP> d-------- C:\NVIDIA
2007-10-12 23:50 <REP> d-------- C:\Program Files\Sierra
2007-10-04 12:40 <REP> d-------- C:\Program Files\Sierra Entertainment

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 00:56 637,984 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-30 00:56 17,253,408 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-30 00:49 --------- d-----w C:\Documents and Settings\zero\Application Data\Xfire
2007-11-30 00:07 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-30 00:06 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-29 22:07 --------- d-----w C:\Program Files\FlashGet
2007-11-29 22:07 --------- d-----w C:\Documents and Settings\zero\Application Data\Skype
2007-11-29 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-29 20:42 60,164 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-29 20:42 230,372 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-29 13:10 --------- d-----w C:\Program Files\eMuleNg
2007-11-28 21:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-27 21:08 --------- d-----w C:\Program Files\Java
2007-11-26 09:10 --------- d-----w C:\Documents and Settings\zero\Application Data\InstallShield
2007-11-26 08:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-26 08:44 --------- d-----w C:\Program Files\Codemasters
2007-11-26 08:32 --------- d-----w C:\Program Files\Microsoft Games
2007-11-25 13:25 --------- d-----w C:\Program Files\Electronic Arts
2007-11-25 12:45 --------- d-----w C:\Program Files\Activision
2007-11-21 06:54 --------- d-----w C:\Program Files\Xfire
2007-11-19 12:42 22,328 ----a-w C:\Documents and Settings\zero\Application Data\PnkBstrK.sys
2007-11-17 14:53 --------- d-----w C:\Program Files\Ubisoft
2007-11-12 21:28 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-12 07:03 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-11-12 05:51 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-11-12 05:51 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-11-12 05:51 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-11-12 05:51 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-11-12 05:51 7,433,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-11-12 05:51 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-11-12 05:51 6,537,216 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-11-12 05:51 5,770,880 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-11-12 05:51 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-11-12 05:51 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-11-12 05:51 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-11-12 05:51 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-11-12 05:51 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-11-12 05:51 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-11-12 05:51 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-11-12 05:51 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-11-12 05:51 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-11-12 05:51 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-11-12 05:51 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-11-12 05:51 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-11-12 05:51 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-11-12 05:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-11-12 05:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-11-12 05:51 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-11-12 05:51 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-11-12 05:51 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-11-12 05:51 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-11-12 05:51 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-11-12 05:51 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-11-12 05:51 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-11-12 05:51 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-11-12 05:51 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-11-12 05:51 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-11-12 05:51 3,330,048 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-11-12 05:51 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-11-12 05:51 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-11-12 05:51 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-11-12 05:51 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-11-12 05:51 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-11-12 05:51 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-11-12 05:51 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-11-12 05:51 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-11-12 05:51 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-11-12 05:51 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-11-12 05:51 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-11-12 05:51 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-11-12 05:51 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-11-12 05:51 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-11-12 05:51 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-11-12 05:51 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-11-12 05:51 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-11-12 05:51 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-11-12 05:51 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-11-12 05:51 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-11-12 05:51 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-01-19 12:36 56 --sh--r C:\WINDOWS\system32\4FDBACB208.sys
2007-01-19 12:36 2,098 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-29_20.14.05.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2004-08-19 15:09:22 66,560 ----a-w C:\WINDOWS\LastGood\system32\cdm.dll
+ 2004-08-19 15:09:50 432,640 ----a-w C:\WINDOWS\LastGood\system32\wuapi.dll
+ 2004-08-19 15:10:06 112,640 ----a-w C:\WINDOWS\LastGood\system32\wuauclt.exe
+ 2004-08-19 15:09:50 1,134,592 ----a-w C:\WINDOWS\LastGood\system32\wuaueng.dll
+ 2004-08-19 15:09:50 114,176 ----a-w C:\WINDOWS\LastGood\system32\wucltui.dll
+ 2004-08-19 15:09:50 36,864 ----a-w C:\WINDOWS\LastGood\system32\wups.dll
+ 2004-08-19 15:09:50 120,320 ----a-w C:\WINDOWS\LastGood\system32\wuweb.dll
- 2004-08-19 15:09:22 66,560 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 18:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 18:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-30 18:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2007-07-30 18:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-30 18:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-30 18:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2007-07-30 18:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
- 2004-08-19 15:09:50 432,640 ------w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-30 18:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2004-08-19 15:10:06 112,640 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 18:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2004-08-19 15:09:50 1,134,592 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 18:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2004-08-19 15:09:50 114,176 ------w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-30 18:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-30 18:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
- 2004-08-19 15:09:50 120,320 ------w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 18:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2007-08-08 02:54 266240]

[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 04:05]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:10]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-10-05 11:33]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-06-08 14:18]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 10:28 C:\WINDOWS\RTHDCPL.EXE]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"PSPVideo9"="C:\Program Files\pspvideo9\pspvideo9.exe" [2005-10-30 01:56]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-05-19 21:36]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 16:10 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-11-12 06:51 C:\WINDOWS\system32\nwiz.exe]
"Flashget"="C:\PROGRA~1\FlashGet\FlashGet.exe" [2007-09-25 09:10]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-03-16 13:44]
"OfcpfwSvcs.exe"="C:\WINDOWS\system32\OfcpfwSvcs.exe" []
"NvMediaCenter"="RUNDLL32.exe" [2004-08-19 16:10 C:\WINDOWS\system32\rundll32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09]

C:\Documents and Settings\zero\Menu D‚marrer\Programmes\D‚marrage\
PowerReg Scheduler.exe [2007-11-10 15:51:13]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-11-15 02:00:40]
C:\WINDOWS\system32\klogon.dll 2007-05-19 21:37 206352 C:\WINDOWS\system32\klogon.dll

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys
R1 ISODrive;ISO DVD/CD-ROM Device Driver;\??\C:\Program Files\UltraISO\drivers\ISODrive.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
S3 jfdcd;jfdcd;\??\C:\DOCUME~1\zero\LOCALS~1\Temp\jfdcd.sys
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys
S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;C:\WINDOWS\system32\DRIVERS\MRVW225.sys
S3 SGIR;SGIR;C:\WINDOWS\system32\drivers\iMON_PAD.sys
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c58c90c-abd0-11db-bd78-0060b3db87fc}]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4e65658-c8e0-11db-bd90-0060b3db87fc}]
\Shell\AutoRun\command - G:\autorun.exe
\Shell\setup\command - G:\setup.exe

*Newly Created Service* - PNKBSTRK
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-30 00:00:00 C:\WINDOWS\Tasks\B8EF4C8C9588F7E4.job"
- c:\docume~1\zero\applic~1\antieach\Bat New Rdr.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 01:57:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-30 1:57:46
C:\ComboFix2.txt ... 2007-11-29 21:45
C:\ComboFix3.txt ... 2007-11-29 20:15
.
--- E O F ---
voilà
30 Novembre 2007 11:34:49

Re,

Télécharge OTMoveIt > Tuto <

Sauvegarde-le sur le Bureau

Séléctionne l'encadré ci-dessous
C:\WINDOWS\system32\gebcbxx.dll
C:\WINDOWS\system32\gebbbya.dll

Lance maintenant OTMoveIt .
Assure toi que la case unregister dll’s and ocx’s soit cochée.
Deux cadres apparaissent , clique droit sur le cadre de gauche , puis colle l'encadré ci desssus.
Et clique sur Movelt !

Si le programme te demande de redemarrer, accepte.

Poste le rapport qui se trouve dans : C:\_OTMoveIt\MovedFiles\date de création!

NOTE : Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.

+++++++++


Télécharge Navilog (de Il-Mafioso)

Enregistre-le sur ton Bureau.
Installe-le en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2,3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.

Le rapport se trouve ici :C:\fixnavi.txt

+++++++++++++

Télécharge Lop S&D.exe ( d’ Eric 71 & Angeldark ) sur ton bureau

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )

    ( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
    1 Décembre 2007 21:47:55

    Rapport d'ot move it:

    DllUnregisterServer procedure not found in C:\WINDOWS\system32\gebcbxx.dll
    C:\WINDOWS\system32\gebcbxx.dll NOT unregistered.
    C:\WINDOWS\system32\gebcbxx.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\gebbbya.dll
    C:\WINDOWS\system32\gebbbya.dll NOT unregistered.
    C:\WINDOWS\system32\gebbbya.dll moved successfully.

    Created on 12/01/2007 21:12:21

    rapport de Navilog

    Search Navipromo version 3.3.6 commencé le 01/12/2007 à 21:14:29,28

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 14.11.2007 à 18h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 6.0.2900.2180


    *** Recherche Programmes installés ***




    *** Recherche dossiers dans C:\WINDOWS ***



    *** Recherche dossiers dans C:\Program Files ***



    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




    *** Recherche dossiers dans C:\Documents and Settings\zero\Application Data ***


    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun fichier trouvé dans :

    - C:\WINDOWS\system32
    - C:\DOCUME~1\ZERO\LOCALS~1\APPLIC~1



    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans C:\WINDOWS\system32 *

    * Recherche dans C:\DOCUME~1\ZERO\LOCALS~1\APPLIC~1 *



    *** Recherche fichiers ***




    *** Recherche clés spécifiques dans le Registre ***


    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:

    2)Recherche Heuristique :



    3)Recherche Certificats :

    Certificat Egroup absent !


    *** Analyse terminée le 01/12/2007 à 21:15:07,03 ***


    Rapport de lopsd


    ------------------------------[ Lop S&D 2.0 ]----------------------------

    Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

    "C:\Program Files\Lop SD"

    [ 01/12/2007 | 21:43:09,90 ] [ ZERO-XROQT48VQ7 ]


    -------------[ Listing des dossiers dans Application Data ]------------

    C:\Documents and Settings\Administrateur\APPLIC~1\Microsoft
    C:\Documents and Settings\Administrateur\APPLIC~1\desktop.ini

    C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab
    C:\Documents and Settings\All Users\APPLIC~1\TEMP
    C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab Setup Files
    C:\Documents and Settings\All Users\APPLIC~1\nView_Profiles
    C:\Documents and Settings\All Users\APPLIC~1\Microsoft Help
    C:\Documents and Settings\All Users\APPLIC~1\Microsoft
    C:\Documents and Settings\All Users\APPLIC~1\Ubisoft
    C:\Documents and Settings\All Users\APPLIC~1\Google
    C:\Documents and Settings\All Users\APPLIC~1\InstallShield
    C:\Documents and Settings\All Users\APPLIC~1\Skype
    C:\Documents and Settings\All Users\APPLIC~1\Elsesizeinsidecamp
    C:\Documents and Settings\All Users\APPLIC~1\MSN6
    C:\Documents and Settings\All Users\APPLIC~1\Apple Computer
    C:\Documents and Settings\All Users\APPLIC~1\River Past G5
    C:\Documents and Settings\All Users\APPLIC~1\Microsoft Corporation
    C:\Documents and Settings\All Users\APPLIC~1\Messenger Plus!
    C:\Documents and Settings\All Users\APPLIC~1\Trymedia
    C:\Documents and Settings\All Users\APPLIC~1\Adobe
    C:\Documents and Settings\All Users\APPLIC~1\Windows Genuine Advantage
    C:\Documents and Settings\All Users\APPLIC~1\desktop.ini

    C:\Documents and Settings\Default User\APPLIC~1\Microsoft
    C:\Documents and Settings\Default User\APPLIC~1\desktop.ini


    C:\Documents and Settings\LocalService\APPLIC~1\Xfire
    C:\Documents and Settings\LocalService\APPLIC~1\Microsoft

    C:\Documents and Settings\NetworkService\APPLIC~1\Xfire
    C:\Documents and Settings\NetworkService\APPLIC~1\Microsoft


    C:\Documents and Settings\zero\APPLIC~1\Skype
    C:\Documents and Settings\zero\APPLIC~1\Xfire
    C:\Documents and Settings\zero\APPLIC~1\Microsoft Games
    C:\Documents and Settings\zero\APPLIC~1\Microsoft
    C:\Documents and Settings\zero\APPLIC~1\InstallShield
    C:\Documents and Settings\zero\APPLIC~1\PnkBstrK.sys
    C:\Documents and Settings\zero\APPLIC~1\Simply Super Software
    C:\Documents and Settings\zero\APPLIC~1\LimeWire
    C:\Documents and Settings\zero\APPLIC~1\Codemasters
    C:\Documents and Settings\zero\APPLIC~1\Novalogic
    C:\Documents and Settings\zero\APPLIC~1\Leadertech
    C:\Documents and Settings\zero\APPLIC~1\Sports Interactive
    C:\Documents and Settings\zero\APPLIC~1\Bioshock
    C:\Documents and Settings\zero\APPLIC~1\InstallShield Installation Information
    C:\Documents and Settings\zero\APPLIC~1\TVU networks
    C:\Documents and Settings\zero\APPLIC~1\AdobeUM
    C:\Documents and Settings\zero\APPLIC~1\Google
    C:\Documents and Settings\zero\APPLIC~1\Lionhead Studios
    C:\Documents and Settings\zero\APPLIC~1\La Bataille pour la Terre du Milieu T II
    C:\Documents and Settings\zero\APPLIC~1\Macromedia
    C:\Documents and Settings\zero\APPLIC~1\ReaSoft
    C:\Documents and Settings\zero\APPLIC~1\Atari
    C:\Documents and Settings\zero\APPLIC~1\Disney Interactive Studios
    C:\Documents and Settings\zero\APPLIC~1\SystemRequirementsLab
    C:\Documents and Settings\zero\APPLIC~1\Ahead
    C:\Documents and Settings\zero\APPLIC~1\Command & Conquer 3 Les guerres du Tiberium
    C:\Documents and Settings\zero\APPLIC~1\Help
    C:\Documents and Settings\zero\APPLIC~1\NetPumper
    C:\Documents and Settings\zero\APPLIC~1\Screenshot Sender
    C:\Documents and Settings\zero\APPLIC~1\F-Secure
    C:\Documents and Settings\zero\APPLIC~1\antieach
    C:\Documents and Settings\zero\APPLIC~1\ispnews
    C:\Documents and Settings\zero\APPLIC~1\SEGA
    C:\Documents and Settings\zero\APPLIC~1\System Requirements Lab
    C:\Documents and Settings\zero\APPLIC~1\SecuROM
    C:\Documents and Settings\zero\APPLIC~1\Sun
    C:\Documents and Settings\zero\APPLIC~1\BitDownload
    C:\Documents and Settings\zero\APPLIC~1\Command & Conquer 3 Tiberium Wars Demo
    C:\Documents and Settings\zero\APPLIC~1\MSN6
    C:\Documents and Settings\zero\APPLIC~1\Apple Computer
    C:\Documents and Settings\zero\APPLIC~1\River Past G5
    C:\Documents and Settings\zero\APPLIC~1\Adobe
    C:\Documents and Settings\zero\APPLIC~1\AccurateRip
    C:\Documents and Settings\zero\APPLIC~1\Shareaza
    C:\Documents and Settings\zero\APPLIC~1\Media Player Classic
    C:\Documents and Settings\zero\APPLIC~1\Mozilla
    C:\Documents and Settings\zero\APPLIC~1\Identities
    C:\Documents and Settings\zero\APPLIC~1\desktop.ini

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    C:\WINDOWS\tasks\B8EF4C8C9588F7E4.job
    C:\WINDOWS\tasks\SA.DAT
    C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    C:\Program Files\[LandeSoft]
    C:\Program Files\Activision
    C:\Program Files\Adobe
    C:\Program Files\Adverts
    C:\Program Files\AGEIA Technologies
    C:\Program Files\Alcohol Soft
    C:\Program Files\AliveMedia
    C:\Program Files\Alwil Software
    C:\Program Files\antieach
    C:\Program Files\Atari
    C:\Program Files\Audacity
    C:\Program Files\AviSynth 2.5
    C:\Program Files\Bethesda Softworks
    C:\Program Files\BitDownload
    C:\Program Files\Blitzkrieg 2 Demo
    C:\Program Files\BPK
    C:\Program Files\CAPCOM
    C:\Program Files\Cheewoo
    C:\Program Files\Codemasters
    C:\Program Files\ColMather
    C:\Program Files\ComPlus Applications
    C:\Program Files\Convertor
    C:\Program Files\CSO-DAX Compressor
    C:\Program Files\DAEMON Tools
    C:\Program Files\DaemonTools_WhenUSave_Installer
    C:\Program Files\DebugMode
    C:\Program Files\Devious Codeworks
    C:\Program Files\directx
    C:\Program Files\DivX
    C:\Program Files\DivX_311alpha
    C:\Program Files\DkZ Studio
    C:\Program Files\EA GAMES
    C:\Program Files\EA SPORTS
    C:\Program Files\Eggiz
    C:\Program Files\Eidos
    C:\Program Files\Elaborate Bytes
    C:\Program Files\Electronic Arts
    C:\Program Files\Empire Interactive
    C:\Program Files\eMule
    C:\Program Files\eMuleNg
    C:\Program Files\ETSV
    C:\Program Files\Fichiers communs
    C:\Program Files\FlashGet
    C:\Program Files\FLV Player
    C:\Program Files\Free Audio Pack
    C:\Program Files\Free Internet TV
    C:\Program Files\F-Secure Internet Security
    C:\Program Files\FTPRush
    C:\Program Files\GameSpy Arcade
    C:\Program Files\Google
    C:\Program Files\Gta Save
    C:\Program Files\HT MPEG Encoder 7.0 Trial
    C:\Program Files\id Software
    C:\Program Files\Illustrate
    C:\Program Files\Internet Explorer
    C:\Program Files\iPod
    C:\Program Files\iTunes
    C:\Program Files\Java
    C:\Program Files\Kaspersky Lab
    C:\Program Files\K-Lite Codec Pack
    C:\Program Files\KONAMI
    C:\Program Files\Kylotonn Entertainment
    C:\Program Files\Landesoft
    C:\Program Files\Last of the patriots
    C:\Program Files\Lavalys
    C:\Program Files\LimeWire
    C:\Program Files\Lionhead Studios
    C:\Program Files\Lionhead Studios Ltd
    C:\Program Files\Lop SD
    C:\Program Files\Marvell
    C:\Program Files\Media Player Classic
    C:\Program Files\Messenger
    C:\Program Files\Messenger Plus! Live
    C:\Program Files\MessengerDiscovery
    C:\Program Files\microsoft frontpage
    C:\Program Files\Microsoft Games
    C:\Program Files\Microsoft Office
    C:\Program Files\Microsoft Visual Studio
    C:\Program Files\Microsoft Visual Studio 8
    C:\Program Files\Microsoft Works
    C:\Program Files\Microsoft.NET
    C:\Program Files\Midway Home Entertainment
    C:\Program Files\Movie Maker
    C:\Program Files\Mozilla Firefox
    C:\Program Files\MP3 WAV Converter
    C:\Program Files\mp3DirectCut
    C:\Program Files\MSBuild
    C:\Program Files\MSN
    C:\Program Files\MSN Gaming Zone
    C:\Program Files\MSN Messenger
    C:\Program Files\MSXML 4.0
    C:\Program Files\MTA San Andreas
    C:\Program Files\Multi_Media_France
    C:\Program Files\Navilog1
    C:\Program Files\Nero
    C:\Program Files\NetMeeting
    C:\Program Files\NovaLogic
    C:\Program Files\NVIDIA
    C:\Program Files\OLITEC
    C:\Program Files\OpenAL
    C:\Program Files\Outlook Express
    C:\Program Files\Pando Networks
    C:\Program Files\PandoBar
    C:\Program Files\PBP Unpacker
    C:\Program Files\PeerTV
    C:\Program Files\PENDULO Studios
    C:\Program Files\PhotoFiltre
    C:\Program Files\Postal2STP
    C:\Program Files\Postal2STPDemo
    C:\Program Files\PQDVD
    C:\Program Files\pspvideo9
    C:\Program Files\QuickTime
    C:\Program Files\Radical Games
    C:\Program Files\Raveille
    C:\Program Files\Realtek
    C:\Program Files\ReaSoft
    C:\Program Files\Red Storm Entertainment
    C:\Program Files\ReflexiveArcade
    C:\Program Files\River Past
    C:\Program Files\Rockstar Games
    C:\Program Files\San Andreas Mod Installer
    C:\Program Files\SEGA
    C:\Program Files\Serious Sam 2
    C:\Program Files\Services en ligne
    C:\Program Files\SETI
    C:\Program Files\SEUCDaS
    C:\Program Files\Shareaza
    C:\Program Files\Sierra
    C:\Program Files\Sierra Entertainment
    C:\Program Files\Silverback Studios Ltd
    C:\Program Files\Skype
    C:\Program Files\SpeedFan
    C:\Program Files\Sports Interactive
    C:\Program Files\Starbreeze Studios
    C:\Program Files\Steel Walker -DEMO
    C:\Program Files\SystemRequirementsLab
    C:\Program Files\The All-Seeing Eye
    C:\Program Files\THQ
    C:\Program Files\Trojan Remover
    C:\Program Files\TVUPlayer
    C:\Program Files\Ubi Soft
    C:\Program Files\Ubisoft
    C:\Program Files\UltraISO
    C:\Program Files\Unreal Tournament 3 Demo
    C:\Program Files\Utilitaire de gestion du LAN Wifi IEEE 802.11g
    C:\Program Files\VCDROM Extension
    C:\Program Files\VirtualDub
    C:\Program Files\Vivendi Universal Games
    C:\Program Files\Web TV
    C:\Program Files\WinAVI MP4 Converter
    C:\Program Files\WinAVI Video Converter
    C:\Program Files\Windows Live
    C:\Program Files\Windows Media Connect 2
    C:\Program Files\Windows Media Player
    C:\Program Files\Windows NT
    C:\Program Files\WinISO
    C:\Program Files\WinRAR
    C:\Program Files\Witcobber
    C:\Program Files\Wolfenstein - Enemy Territory
    C:\Program Files\xat.com xatquiz
    C:\Program Files\xerox
    C:\Program Files\Xfire
    C:\Program Files\Xilisoft
    C:\Program Files\XviD
    C:\Program Files\Zeallsoft

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    C:\Program Files\Fichiers communs\Adobe
    C:\Program Files\Fichiers communs\Ahead
    C:\Program Files\Fichiers communs\Cheewoo
    C:\Program Files\Fichiers communs\DESIGNER
    C:\Program Files\Fichiers communs\EZB Systems
    C:\Program Files\Fichiers communs\GTK
    C:\Program Files\Fichiers communs\InstallShield
    C:\Program Files\Fichiers communs\Java
    C:\Program Files\Fichiers communs\Microsoft Shared
    C:\Program Files\Fichiers communs\MSSoap
    C:\Program Files\Fichiers communs\ODBC
    C:\Program Files\Fichiers communs\River Past
    C:\Program Files\Fichiers communs\Services
    C:\Program Files\Fichiers communs\Skype
    C:\Program Files\Fichiers communs\SpeechEngines
    C:\Program Files\Fichiers communs\System
    C:\Program Files\Fichiers communs\SystemRequirementsLab
    C:\Program Files\Fichiers communs\Wise Installation Wizard

    ----------------------[ Recherche avec S_Lop ]---------------------

    C:\Documents and Settings\zero\APPLIC~1\antieach

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\DOCUME~1\zero\APPLIC~1\Bitdownload
    C:\DOCUME~1\zero\APPLIC~1\NetPumper
    C:\Program Files\Adverts
    C:\Program Files\Bitdownload
    C:\Program Files\Multi_Media_France
    C:\WINDOWS\Tasks\B8EF4C8C9588F7E4.job

    ----------------------[ Verification du Registre ]----------------------

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\funk hope meet]
    "DisplayName"="CiD Help"
    "UninstallString"="C:\\DOCUME~1\\zero\\APPLIC~1\\antieach\\wave help dumb.exe -uninstall"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-01 21:44:41
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    --------------------[ Fin du rapport a 21:44:50,20 ]----------------------
    1 Décembre 2007 21:53:04

    Re,

    Relance Lop S&D

  • Choisis cette fois ci l'Option 2 ( Suppression )
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré ( C:\lopR.txt )

    ( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
    1 Décembre 2007 22:16:40

    rapport:


    ------------------------------[ Lop S&D 2.0 ]----------------------------

    Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

    "C:\Program Files\Lop SD"

    [ 01/12/2007 | 22:15:17,18 ] [ ZERO-XROQT48VQ7 ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Supprimé! - C:\DOCUME~1\zero\APPLIC~1\Bitdownload
    Supprimé! - C:\DOCUME~1\zero\APPLIC~1\NetPumper
    Supprimé! - C:\Program Files\Adverts
    Supprimé! - C:\Program Files\Bitdownload
    Supprimé! - C:\Program Files\Multi_Media_France
    Supprimé! - C:\WINDOWS\Tasks\B8EF4C8C9588F7E4.job
    Supprimé! - C:\Documents and Settings\zero\APPLIC~1\antieach

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    -------------[ Listing des dossiers dans Application Data ]------------

    C:\Documents and Settings\Administrateur\APPLIC~1\Microsoft
    C:\Documents and Settings\Administrateur\APPLIC~1\desktop.ini

    C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab
    C:\Documents and Settings\All Users\APPLIC~1\TEMP
    C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab Setup Files
    C:\Documents and Settings\All Users\APPLIC~1\nView_Profiles
    C:\Documents and Settings\All Users\APPLIC~1\Microsoft Help
    C:\Documents and Settings\All Users\APPLIC~1\Microsoft
    C:\Documents and Settings\All Users\APPLIC~1\Ubisoft
    C:\Documents and Settings\All Users\APPLIC~1\Google
    C:\Documents and Settings\All Users\APPLIC~1\InstallShield
    C:\Documents and Settings\All Users\APPLIC~1\Skype
    C:\Documents and Settings\All Users\APPLIC~1\Elsesizeinsidecamp
    C:\Documents and Settings\All Users\APPLIC~1\MSN6
    C:\Documents and Settings\All Users\APPLIC~1\Apple Computer
    C:\Documents and Settings\All Users\APPLIC~1\River Past G5
    C:\Documents and Settings\All Users\APPLIC~1\Microsoft Corporation
    C:\Documents and Settings\All Users\APPLIC~1\Messenger Plus!
    C:\Documents and Settings\All Users\APPLIC~1\Trymedia
    C:\Documents and Settings\All Users\APPLIC~1\Adobe
    C:\Documents and Settings\All Users\APPLIC~1\Windows Genuine Advantage
    C:\Documents and Settings\All Users\APPLIC~1\desktop.ini

    C:\Documents and Settings\Default User\APPLIC~1\Microsoft
    C:\Documents and Settings\Default User\APPLIC~1\desktop.ini


    C:\Documents and Settings\LocalService\APPLIC~1\Xfire
    C:\Documents and Settings\LocalService\APPLIC~1\Microsoft

    C:\Documents and Settings\NetworkService\APPLIC~1\Xfire
    C:\Documents and Settings\NetworkService\APPLIC~1\Microsoft


    C:\Documents and Settings\zero\APPLIC~1\Skype
    C:\Documents and Settings\zero\APPLIC~1\Xfire
    C:\Documents and Settings\zero\APPLIC~1\Microsoft Games
    C:\Documents and Settings\zero\APPLIC~1\Microsoft
    C:\Documents and Settings\zero\APPLIC~1\InstallShield
    C:\Documents and Settings\zero\APPLIC~1\PnkBstrK.sys
    C:\Documents and Settings\zero\APPLIC~1\Simply Super Software
    C:\Documents and Settings\zero\APPLIC~1\LimeWire
    C:\Documents and Settings\zero\APPLIC~1\Codemasters
    C:\Documents and Settings\zero\APPLIC~1\Novalogic
    C:\Documents and Settings\zero\APPLIC~1\Leadertech
    C:\Documents and Settings\zero\APPLIC~1\Sports Interactive
    C:\Documents and Settings\zero\APPLIC~1\Bioshock
    C:\Documents and Settings\zero\APPLIC~1\InstallShield Installation Information
    C:\Documents and Settings\zero\APPLIC~1\TVU networks
    C:\Documents and Settings\zero\APPLIC~1\AdobeUM
    C:\Documents and Settings\zero\APPLIC~1\Google
    C:\Documents and Settings\zero\APPLIC~1\Lionhead Studios
    C:\Documents and Settings\zero\APPLIC~1\La Bataille pour la Terre du Milieu T II
    C:\Documents and Settings\zero\APPLIC~1\Macromedia
    C:\Documents and Settings\zero\APPLIC~1\ReaSoft
    C:\Documents and Settings\zero\APPLIC~1\Atari
    C:\Documents and Settings\zero\APPLIC~1\Disney Interactive Studios
    C:\Documents and Settings\zero\APPLIC~1\SystemRequirementsLab
    C:\Documents and Settings\zero\APPLIC~1\Ahead
    C:\Documents and Settings\zero\APPLIC~1\Command & Conquer 3 Les guerres du Tiberium
    C:\Documents and Settings\zero\APPLIC~1\Help
    C:\Documents and Settings\zero\APPLIC~1\Screenshot Sender
    C:\Documents and Settings\zero\APPLIC~1\F-Secure
    C:\Documents and Settings\zero\APPLIC~1\ispnews
    C:\Documents and Settings\zero\APPLIC~1\SEGA
    C:\Documents and Settings\zero\APPLIC~1\System Requirements Lab
    C:\Documents and Settings\zero\APPLIC~1\SecuROM
    C:\Documents and Settings\zero\APPLIC~1\Sun
    C:\Documents and Settings\zero\APPLIC~1\Command & Conquer 3 Tiberium Wars Demo
    C:\Documents and Settings\zero\APPLIC~1\MSN6
    C:\Documents and Settings\zero\APPLIC~1\Apple Computer
    C:\Documents and Settings\zero\APPLIC~1\River Past G5
    C:\Documents and Settings\zero\APPLIC~1\Adobe
    C:\Documents and Settings\zero\APPLIC~1\AccurateRip
    C:\Documents and Settings\zero\APPLIC~1\Shareaza
    C:\Documents and Settings\zero\APPLIC~1\Media Player Classic
    C:\Documents and Settings\zero\APPLIC~1\Mozilla
    C:\Documents and Settings\zero\APPLIC~1\Identities
    C:\Documents and Settings\zero\APPLIC~1\desktop.ini

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    C:\WINDOWS\tasks\SA.DAT
    C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    C:\Program Files\[LandeSoft]
    C:\Program Files\Activision
    C:\Program Files\Adobe
    C:\Program Files\AGEIA Technologies
    C:\Program Files\Alcohol Soft
    C:\Program Files\AliveMedia
    C:\Program Files\Alwil Software
    C:\Program Files\antieach
    C:\Program Files\Atari
    C:\Program Files\Audacity
    C:\Program Files\AviSynth 2.5
    C:\Program Files\Bethesda Softworks
    C:\Program Files\Blitzkrieg 2 Demo
    C:\Program Files\BPK
    C:\Program Files\CAPCOM
    C:\Program Files\Cheewoo
    C:\Program Files\Codemasters
    C:\Program Files\ColMather
    C:\Program Files\ComPlus Applications
    C:\Program Files\Convertor
    C:\Program Files\CSO-DAX Compressor
    C:\Program Files\DAEMON Tools
    C:\Program Files\DaemonTools_WhenUSave_Installer
    C:\Program Files\DebugMode
    C:\Program Files\Devious Codeworks
    C:\Program Files\directx
    C:\Program Files\DivX
    C:\Program Files\DivX_311alpha
    C:\Program Files\DkZ Studio
    C:\Program Files\EA GAMES
    C:\Program Files\EA SPORTS
    C:\Program Files\Eggiz
    C:\Program Files\Eidos
    C:\Program Files\Elaborate Bytes
    C:\Program Files\Electronic Arts
    C:\Program Files\Empire Interactive
    C:\Program Files\eMule
    C:\Program Files\eMuleNg
    C:\Program Files\ETSV
    C:\Program Files\Fichiers communs
    C:\Program Files\FlashGet
    C:\Program Files\FLV Player
    C:\Program Files\Free Audio Pack
    C:\Program Files\Free Internet TV
    C:\Program Files\F-Secure Internet Security
    C:\Program Files\FTPRush
    C:\Program Files\GameSpy Arcade
    C:\Program Files\Google
    C:\Program Files\Gta Save
    C:\Program Files\HT MPEG Encoder 7.0 Trial
    C:\Program Files\id Software
    C:\Program Files\Illustrate
    C:\Program Files\Internet Explorer
    C:\Program Files\iPod
    C:\Program Files\iTunes
    C:\Program Files\Java
    C:\Program Files\Kaspersky Lab
    C:\Program Files\K-Lite Codec Pack
    C:\Program Files\KONAMI
    C:\Program Files\Kylotonn Entertainment
    C:\Program Files\Landesoft
    C:\Program Files\Last of the patriots
    C:\Program Files\Lavalys
    C:\Program Files\LimeWire
    C:\Program Files\Lionhead Studios
    C:\Program Files\Lionhead Studios Ltd
    C:\Program Files\Lop SD
    C:\Program Files\Marvell
    C:\Program Files\Media Player Classic
    C:\Program Files\Messenger
    C:\Program Files\Messenger Plus! Live
    C:\Program Files\MessengerDiscovery
    C:\Program Files\microsoft frontpage
    C:\Program Files\Microsoft Games
    C:\Program Files\Microsoft Office
    C:\Program Files\Microsoft Visual Studio
    C:\Program Files\Microsoft Visual Studio 8
    C:\Program Files\Microsoft Works
    C:\Program Files\Microsoft.NET
    C:\Program Files\Midway Home Entertainment
    C:\Program Files\Movie Maker
    C:\Program Files\Mozilla Firefox
    C:\Program Files\MP3 WAV Converter
    C:\Program Files\mp3DirectCut
    C:\Program Files\MSBuild
    C:\Program Files\MSN
    C:\Program Files\MSN Gaming Zone
    C:\Program Files\MSN Messenger
    C:\Program Files\MSXML 4.0
    C:\Program Files\MTA San Andreas
    C:\Program Files\Navilog1
    C:\Program Files\Nero
    C:\Program Files\NetMeeting
    C:\Program Files\NovaLogic
    C:\Program Files\NVIDIA
    C:\Program Files\OLITEC
    C:\Program Files\OpenAL
    C:\Program Files\Outlook Express
    C:\Program Files\Pando Networks
    C:\Program Files\PandoBar
    C:\Program Files\PBP Unpacker
    C:\Program Files\PeerTV
    C:\Program Files\PENDULO Studios
    C:\Program Files\PhotoFiltre
    C:\Program Files\Postal2STP
    C:\Program Files\Postal2STPDemo
    C:\Program Files\PQDVD
    C:\Program Files\pspvideo9
    C:\Program Files\QuickTime
    C:\Program Files\Radical Games
    C:\Program Files\Raveille
    C:\Program Files\Realtek
    C:\Program Files\ReaSoft
    C:\Program Files\Red Storm Entertainment
    C:\Program Files\ReflexiveArcade
    C:\Program Files\River Past
    C:\Program Files\Rockstar Games
    C:\Program Files\San Andreas Mod Installer
    C:\Program Files\SEGA
    C:\Program Files\Serious Sam 2
    C:\Program Files\Services en ligne
    C:\Program Files\SETI
    C:\Program Files\SEUCDaS
    C:\Program Files\Shareaza
    C:\Program Files\Sierra
    C:\Program Files\Sierra Entertainment
    C:\Program Files\Silverback Studios Ltd
    C:\Program Files\Skype
    C:\Program Files\SpeedFan
    C:\Program Files\Sports Interactive
    C:\Program Files\Starbreeze Studios
    C:\Program Files\Steel Walker -DEMO
    C:\Program Files\SystemRequirementsLab
    C:\Program Files\The All-Seeing Eye
    C:\Program Files\THQ
    C:\Program Files\Trojan Remover
    C:\Program Files\TVUPlayer
    C:\Program Files\Ubi Soft
    C:\Program Files\Ubisoft
    C:\Program Files\UltraISO
    C:\Program Files\Unreal Tournament 3 Demo
    C:\Program Files\Utilitaire de gestion du LAN Wifi IEEE 802.11g
    C:\Program Files\VCDROM Extension
    C:\Program Files\VirtualDub
    C:\Program Files\Vivendi Universal Games
    C:\Program Files\Web TV
    C:\Program Files\WinAVI MP4 Converter
    C:\Program Files\WinAVI Video Converter
    C:\Program Files\Windows Live
    C:\Program Files\Windows Media Connect 2
    C:\Program Files\Windows Media Player
    C:\Program Files\Windows NT
    C:\Program Files\WinISO
    C:\Program Files\WinRAR
    C:\Program Files\Witcobber
    C:\Program Files\Wolfenstein - Enemy Territory
    C:\Program Files\xat.com xatquiz
    C:\Program Files\xerox
    C:\Program Files\Xfire
    C:\Program Files\Xilisoft
    C:\Program Files\XviD
    C:\Program Files\Zeallsoft

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    C:\Program Files\Fichiers communs\Adobe
    C:\Program Files\Fichiers communs\Ahead
    C:\Program Files\Fichiers communs\Cheewoo
    C:\Program Files\Fichiers communs\DESIGNER
    C:\Program Files\Fichiers communs\EZB Systems
    C:\Program Files\Fichiers communs\GTK
    C:\Program Files\Fichiers communs\InstallShield
    C:\Program Files\Fichiers communs\Java
    C:\Program Files\Fichiers communs\Microsoft Shared
    C:\Program Files\Fichiers communs\MSSoap
    C:\Program Files\Fichiers communs\ODBC
    C:\Program Files\Fichiers communs\River Past
    C:\Program Files\Fichiers communs\Services
    C:\Program Files\Fichiers communs\Skype
    C:\Program Files\Fichiers communs\SpeechEngines
    C:\Program Files\Fichiers communs\System
    C:\Program Files\Fichiers communs\SystemRequirementsLab
    C:\Program Files\Fichiers communs\Wise Installation Wizard

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-01 22:16:11
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    --------------------[ Fin du rapport a 22:16:19,20 ]----------------------

    ps:merci encore
    1 Décembre 2007 22:18:48

    Re,

    Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
    Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
    Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
    Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
    Le rapport se trouve ici : C:\rapport_clean.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS