Sujet Précédent Sujet Suivant

Noyé dans les virus, spyware, etc...

Rhakzi Messages postés 36 Statut Membre -
Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention - 18 juin 2008 à 23:32

Salut,

j'ai donc un problème relativement gros sur un pc qui n'est pas le mien mais qui est chez moi. Il y a énormément de pop ups, divers et variés et pleins d'autres trucs que les anti virus s'efforcent de supprimer mais qui reviennent et surement encore d'autres trucs.

Bon, voila un rapport Hijack This.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:17, on 07/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\windows\system32\jswnw64k.exe
D:\WINDOWS\system32\kcnttkdm.exe
C:\Cat 5.16.0\code\5.16.0\intel_a\code\bin\CATSysDemon.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\JavaCore\JavaCore.exe
D:\Program Files\QdrPack\QdrPack16.exe
D:\Documents and Settings\Parents\Application Data\s?stem\?pool32.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Network Monitor\netmon.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\PROGRA~1\MICROS~4\rapimgr.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\DOCUME~1\Parents\MYDOCU~1\RACLE~1\csrss.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\System32\msiexec.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.babygo.fr:8118
F1 - win.ini: run=C:\WESTWOOD\REDALERT\INSTICON.EXE C:\WESTWOOD\REDALERT\INSTICON.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PKR Pal] "D:\Program Files\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Host Process] D:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [{B1-10-00-00-DW}] D:\windows\system32\jswnw64k.exe DWramFF
O4 - HKLM\..\Run: [runner1] D:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [ExploreUpdSched] D:\WINDOWS\system32\kcnttkdm.exe DWramFF
O4 - HKLM\..\Run: [{62480975-c5e7-8e98-1ea0-5a26888e07bb}] D:\WINDOWS\System32\Rundll32.exe "D:\WINDOWS\system32\{9ed679f0-b90f-48a1-f051-39fe31e4cdf8}.dll" DllStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BM23af18f5] Rundll32.exe "D:\WINDOWS\system32\axniyjnb.dll",s
O4 - HKLM\..\Run: [9c8b10af] rundll32.exe "D:\WINDOWS\system32\ahhegpqs.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [JavaCore] D:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [Svconr] D:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [QdrPack16] "D:\Program Files\QdrPack\QdrPack16.exe"
O4 - HKCU\..\Run: [Aida] "D:\DOCUME~1\Parents\MYDOCU~1\RACLE~1\csrss.exe" -vt ndrv
O4 - HKCU\..\Run: [Hpqlo] "D:\Documents and Settings\Parents\Application Data\s?stem\?pool32.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = D:\WINDOWS\system32\kcnttkdm.exe
O4 - Startup: DW_Start.lnk = D:\WINDOWS\system32\jswnw64k.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Define - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Cat 5.16.0\code\5.16.0\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Command Service (cmdService) - Unknown owner - D:\WINDOWS\TGF1cmVudCBCZW5rZW1vdW4\command.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - D:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

Afficher la suite

A voir également:

Noyé dans les virus, spyware, etc...
Virus mcafee - Accueil - Piratage
Spyware doctor - Télécharger - Antivirus & Antimalwares
Virus facebook demande d'amis - Accueil - Facebook
Virus informatique - Guide
Spyware terminator - Télécharger - Antivirus & Antimalwares

20 réponses

Réponse 1 / 20

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Salut

Il y a de graves infections, et il faudra impérativement, a la fin de la désinfecter, changer TOUS les mots de passes.

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

Réponse 2 / 20

jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169

Salut Régis ;-))

Sans vouloir m'imposer, peut etre lui faire installer un AV ? Il n'a aucune protection...

@mitiés

Réponse 3 / 20

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Salut Gorginho,

Evidemment :-)
Mais vu le nombre d'infections présentes, à mon avis l'AV va hurler toutes les 2secondes et je ne penses pas qu'il arrivera à bout des infections, seul.

Ca ressemble à du Vundo:
O4 - HKLM\..\Run: [BM23af18f5] Rundll32.exe "D:\WINDOWS\system32\axniyjnb.dll",s
O4 - HKLM\..\Run: [9c8b10af] rundll32.exe "D:\WINDOWS\system32\ahhegpqs.dll",b

Pas beaucoup d'AV le désinfecte...donc c'est pour ça qu'un peu de nettoyage avant fera du bien :-)

@mitiés.

Réponse 4 / 20

jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169

;-))

j'avais vu pour vundo, pas de 02/020 plus ces dll" , mais le fait qu'il soit obligé de se connecter pour venir ici, sans AV ça ne pose pas de soucis ?

ps) Jorginho lol ;-DD

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 20

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Oups excuse pour le pseudo :-S lol

Toute manière vu qu'il est déjà infecté et de forts belles manières....le mal est déjà fait...donc se connecter sur le net, ça revient au même sauf qu'on va désinfecter un peu avant de le protéger.
Faut savoir aussi que certaines infections bloquent l'installation d'un antivirus. Donc parfois, vaut mieux bien désinfecter certaines infections avant de commencer à installer l'AV.

A+

Réponse 6 / 20

jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169

No soucy arfff ;-))

Ok, je prends bonne note....

Bonne continuation

@+

Rhakzi Messages postés 36 Statut Membre

bon ben voila les rapports. d'abord sdfix puis hijackthis

SDFix

[b]SDFix: Version 1.189 [/b]
Run by Administrator on 07/06/2008 at 18:59

Microsoft Windows XP [Version 5.1.2600]
Running From: D:\DOCUME~1\Parents\Desktop\SDFix

[b]Checking Services [/b]:

[b]Name [/b]:
cmdService
Network Monitor

[b]Path [/b]:
D:\WINDOWS\TGF1cmVudCBCZW5rZW1vdW4\command.exe
D:\Program Files\Network Monitor\netmon.exe service

cmdService - Deleted
Network Monitor - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

D:\WINDOWS\system32\byXOiGAs.dll - Deleted
D:\WINDOWS\TGF1cmVudCBCZW5rZW1vdW4\asappsrv.dll - Deleted
D:\WINDOWS\TGF1cmVudCBCZW5rZW1vdW4\n3IYwApRxF1FtqcOtqYSxqb.vbs - Deleted
D:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt - Deleted
D:\Documents and Settings\LocalService\Application Data\NetMon\log.txt - Deleted
D:\WINDOWS\system32\vntiho18\vntiho182328.exe - Deleted
D:\Program Files\ISM\ism.exe - Deleted
D:\Program Files\ISM\Uninstall.exe - Deleted
D:\Program Files\JavaCore\JavaCore.exe - Deleted
D:\Program Files\JavaCore\UnInstall.exe - Deleted
D:\Program Files\QdrPack\dictys.gz - Deleted
D:\Program Files\QdrPack\QdrPack16.exe - Deleted
D:\Program Files\QdrPack\trgtys.gz - Deleted
D:\Program Files\Spcron\Spc.dll - Deleted
D:\WINDOWS\b148.exe - Deleted
D:\WINDOWS\b152.exe - Deleted
D:\WINDOWS\b156.exe - Deleted
D:\Program Files\Network Monitor\netmon.exe - Deleted
D:\WINDOWS\system32\atmtd.dll - Deleted
D:\WINDOWS\system32\atmtd.dll._ - Deleted
D:\WINDOWS\system32\msnav32.ax - Deleted
D:\WINDOWS\system32\pac.txt - Deleted
D:\WINDOWS\system32\rwwnw64d.exe - Deleted
D:\WINDOWS\system32\zxdnt3d.cfg - Deleted

Folder D:\Program Files\InetGet2 - Removed
Folder D:\Program Files\ISM - Removed
Folder D:\Program Files\JavaCore - Removed
Folder D:\Program Files\Network Monitor - Removed
Folder D:\Program Files\QdrPack - Removed
Folder D:\Program Files\Spcron - Removed
Folder D:\Program Files\Temporary - Removed
Folder D:\Documents and Settings\LocalService\Application Data\NetMon - Removed
Folder D:\WINDOWS\system32\vntiho18 - Removed

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 19:41:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\Warcraft III\\Warcraft III.exe"="D:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\\Program Files\\Warcraft III\\War3.exe"="D:\\Program Files\\Warcraft III\\War3.exe:*:Enabled:Warcraft III"
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"="D:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe:*:Enabled:Rise of Nations"
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"="D:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe:*:Enabled:Rise of Nations"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"D:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="D:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="D:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="D:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"D:\\Program Files\\M6Video\\M6video.exe"="D:\\Program Files\\M6Video\\M6video.exe:*:Disabled:OneClick"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"="D:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe:*:Enabled:Rise of Nations"
"D:\\Program Files\\Messenger\\msmsgs.exe"="D:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"="D:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"D:\\Program Files\\Real\\RealPlayer\\realplay.exe"="D:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Cat 5.16.0\\code\\5.16.0\\intel_a\\code\\bin\\CNEXT.exe"="C:\\Cat 5.16.0\\code\\5.16.0\\intel_a\\code\\bin\\CNEXT.exe:*:Enabled:CATIA"
"C:\\Cat 5.16.0\\code\\5.16.0\\intel_a\\code\\bin\\orbixd.exe"="C:\\Cat 5.16.0\\code\\5.16.0\\intel_a\\code\\bin\\orbixd.exe:*:Enabled:orbixd"
"D:\\Program Files\\Naviter\\SeeYou\\SeeYou.exe"="D:\\Program Files\\Naviter\\SeeYou\\SeeYou.exe:*:Enabled:Flight analysis and planning software"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Program Files\\Postal2STP\\System\\Postal2.exe"="D:\\Program Files\\Postal2STP\\System\\Postal2.exe:*:Enabled:Postal2"
"D:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="D:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="D:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="D:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="D:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:

File Backups: - D:\DOCUME~1\Parents\Desktop\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 1 Jan 2007 4,348 A.SH. --- "D:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 30 Dec 2006 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 29 May 2008 230,400 ..SHR --- "D:\Documents and Settings\Parents\Application Data\s?stem\?pool32.exe"
Sat 7 Jun 2008 70,656 ..SHR --- "D:\Documents and Settings\Parents\My Documents\?racle\csrss.exe"
Thu 20 Sep 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BITA.tmp"
Wed 7 May 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT2.tmp"

[b]Finished![/b]

HiJack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:12:32, on 07/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\Rundll32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\DOCUME~1\Parents\MYDOCU~1\RACLE~1\csrss.exe
D:\Documents and Settings\Parents\Application Data\s?stem\?pool32.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Cat 5.16.0\code\5.16.0\intel_a\code\bin\CATSysDemon.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\PROGRA~1\MICROS~4\rapimgr.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
d:\windows\system32\jswnw64k.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\WINDOWS\system32\kcnttkdm.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.babygo.fr:8118
F1 - win.ini: run=C:\WESTWOOD\REDALERT\INSTICON.EXE C:\WESTWOOD\REDALERT\INSTICON.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PKR Pal] "D:\Program Files\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{B1-10-00-00-DW}] d:\windows\system32\jswnw64k.exe DWramFF
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [9c8b10af] rundll32.exe "D:\WINDOWS\system32\ahhegpqs.dll",b
O4 - HKLM\..\Run: [ExploreUpdSched] D:\WINDOWS\system32\kcnttkdm.exe DWramFF
O4 - HKLM\..\Run: [BM23af18f5] Rundll32.exe "D:\WINDOWS\system32\axniyjnb.dll",s
O4 - HKLM\..\Run: [{62480975-c5e7-8e98-1ea0-5a26888e07bb}] D:\WINDOWS\System32\Rundll32.exe "D:\WINDOWS\system32\{9ed679f0-b90f-48a1-f051-39fe31e4cdf8}.dll" DllStart
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [QdrPack16] "D:\Program Files\QdrPack\QdrPack16.exe"
O4 - HKCU\..\Run: [Aida] "D:\DOCUME~1\Parents\MYDOCU~1\RACLE~1\csrss.exe" -vt ndrv
O4 - HKCU\..\Run: [Hpqlo] "D:\Documents and Settings\Parents\Application Data\s?stem\?pool32.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = D:\WINDOWS\system32\kcnttkdm.exe
O4 - Startup: DW_Start.lnk = D:\WINDOWS\system32\jswnw64k.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Define - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Cat 5.16.0\code\5.16.0\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

Réponse 7 / 20

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

OK

Désactive les logiciels de protection (Antivirus, Antispywares) puis :

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

Copie/colle un nouveau rapport HiJackThis avec.

Rhakzi Messages postés 36 Statut Membre

Bon voila les rapports.

Combofix

ComboFix 08-06-07.3 - Parents 2008-06-08 15:53:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.561 [GMT 2:00]
Running from: D:\Documents and Settings\Parents\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\C*******\Application Data\DriveCleaner Free
D:\Documents and Settings\C*******\Application Data\DriveCleaner Free\Logs\update.log
D:\Documents and Settings\Parents 2\Application Data\DriveCleaner Free
D:\Documents and Settings\Parents 2\Application Data\DriveCleaner Free\Logs\update.log
D:\Documents and Settings\Parents\Application Data\FunWebProducts
D:\Documents and Settings\Parents\Application Data\FunWebProducts\Data\Parents\avatar.dat
D:\Documents and Settings\Parents\Application Data\SSTEM~1
D:\Documents and Settings\Parents\My Documents\RACLE~1
D:\Documents and Settings\Parents\My Documents\RACLE~1\csrss.exe
D:\Documents and Settings\Parents\My Documents\RACLE~1\F?nts\
D:\Documents and Settings\Parents\Start Menu\Programs\Internet Speed Monitor
D:\Documents and Settings\Parents\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
D:\Documents and Settings\Parents\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
D:\Program Files\FunWebProducts
D:\Program Files\hottvplayer
D:\Program Files\hottvplayer\hottv.ico
D:\Program Files\MyWebSearch
D:\Program Files\MyWebSearch\bar\History\search2
D:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
D:\Program Files\outerinfo
D:\Program Files\outerinfo\FF\chrome.manifest
D:\Program Files\outerinfo\FF\components\FF.dll
D:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
D:\Program Files\outerinfo\FF\install.rdf
D:\Program Files\Svconr
D:\WINDOWS\BM23af18f5.xml
D:\WINDOWS\cookies.ini
D:\WINDOWS\dialerexe.ini
D:\WINDOWS\Fonts\'
D:\WINDOWS\pack.epk
D:\WINDOWS\pskt.ini
D:\WINDOWS\system32\{9ed679f0-b90f-48a1-f051-39fe31e4cdf8}.dll
D:\WINDOWS\system32\adnxuxul.dll
D:\WINDOWS\system32\bljxufoj.exe
D:\WINDOWS\system32\CMSuCJjl.ini
D:\WINDOWS\system32\CMSuCJjl.ini2
D:\WINDOWS\system32\cxkwhgou.ini
D:\WINDOWS\system32\ewsiymds.ini
D:\WINDOWS\system32\fccbCusq.dll
D:\WINDOWS\system32\fcoksbps.exe
D:\WINDOWS\system32\g59.exe
D:\WINDOWS\system32\geBqPGVo.dll
d:\WINDOWS\system32\gisscou.dat
D:\WINDOWS\system32\gisscou.exe
D:\WINDOWS\system32\gisscou_nav.dat
D:\WINDOWS\system32\gisscou_navps.dat
D:\WINDOWS\system32\gside.exe
D:\WINDOWS\system32\hottvplayer.dll
D:\WINDOWS\system32\idkkduqv.dll
D:\WINDOWS\system32\ixexqgpc.ini
D:\WINDOWS\system32\kcnttkdm.exe
D:\WINDOWS\system32\kxfygigy.ini
D:\WINDOWS\system32\mcrh.tmp
D:\WINDOWS\system32\mkjgxswr.dll
D:\WINDOWS\system32\MSINET.oca
D:\WINDOWS\system32\msnav32.ax
D:\WINDOWS\system32\mwkinolw.dll
D:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
D:\WINDOWS\system32\nvs2.inf
D:\WINDOWS\system32\qwcowbql.exe
D:\WINDOWS\system32\rqRLbBSL.dll
D:\WINDOWS\system32\rwwnw64d.exe
D:\WINDOWS\system32\sqpgehha.ini
D:\WINDOWS\system32\tftxnhrt.dll
D:\WINDOWS\system32\usdhndem.ini
D:\WINDOWS\system32\wimlhowo.exe
D:\WINDOWS\system32\winpfz33.sys
D:\WINDOWS\system32\wvnhqsgj.exe
D:\WINDOWS\system32\zxdnt3d.cfg
D:\Documents and Settings\Parents\Application Data\SSTEM~1\?pool32.exe . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2008-06-08 12:23 . 2008-06-08 12:23 <DIR> d-------- D:\Program Files\YesMessenger
2008-06-08 12:23 . 2007-11-26 14:46 316 --a------ D:\WINDOWS\yes_messenger.ini
2008-06-07 20:06 . 2008-06-07 20:06 268 --ah----- D:\sqmdata14.sqm
2008-06-07 20:06 . 2008-06-07 20:06 244 --ah----- D:\sqmnoopt14.sqm
2008-06-07 18:49 . 2008-06-07 18:49 <DIR> d-------- D:\WINDOWS\ERUNT
2008-06-07 18:48 . 2008-06-07 18:48 <DIR> d-------- D:\Documents and Settings\Administrator
2008-06-07 18:46 . 2008-06-07 18:46 268 --ah----- D:\sqmdata13.sqm
2008-06-07 18:46 . 2008-06-07 18:46 244 --ah----- D:\sqmnoopt13.sqm
2008-06-07 15:33 . 2008-06-07 15:33 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-06-07 15:33 . 2008-06-07 15:33 1,409 --a------ D:\WINDOWS\QTFont.for
2008-06-07 15:13 . 2008-06-07 15:13 <DIR> d-------- D:\Program Files\Trend Micro
2008-06-07 15:01 . 2008-06-07 15:01 94,208 --a------ D:\WINDOWS\system32\ahhegpqs.dll
2008-06-07 15:00 . 2008-06-07 15:00 268 --ah----- D:\sqmdata12.sqm
2008-06-07 15:00 . 2008-06-07 15:00 244 --ah----- D:\sqmnoopt12.sqm
2008-06-07 14:50 . 2008-06-07 14:50 268 --ah----- D:\sqmdata11.sqm
2008-06-07 14:50 . 2008-06-07 14:50 244 --ah----- D:\sqmnoopt11.sqm
2008-06-07 14:48 . 2008-06-07 14:48 111,616 --a------ D:\WINDOWS\system32\jjyhaosh.dll
2008-06-07 14:48 . 2008-06-07 14:48 101,376 --a------ D:\WINDOWS\system32\axniyjnb.dll
2008-06-07 14:40 . 2008-06-07 14:40 111,616 --a------ D:\WINDOWS\system32\uenprtur.dll
2008-06-07 13:06 . 2008-06-07 13:06 101,376 --a------ D:\WINDOWS\system32\gonayctc.dll
2008-06-06 22:25 . 2008-06-06 22:25 <DIR> d-------- D:\Program Files\Sunbelt Software
2008-06-06 19:06 . 2008-06-07 18:47 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2008-06-06 18:36 . 2008-06-06 18:36 <DIR> d-------- D:\Program Files\CCleaner
2008-06-06 16:58 . 2008-06-06 16:58 13,502 --a------ D:\WINDOWS\system32\JambaIconFR.ico
2008-06-06 16:58 . 2008-06-06 16:58 9,662 --a------ D:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-06-06 16:46 . 2008-06-06 16:46 3,072 --a------ D:\WINDOWS\system32\ipnhqeag.dll
2008-06-06 16:42 . 2008-06-06 16:42 99,328 --a------ D:\WINDOWS\system32\uoghwkxc.dll
2008-06-06 13:10 . 2008-06-06 13:10 112,640 --a------ D:\WINDOWS\system32\jhsavdhu.dll
2008-06-05 09:38 . 2008-06-05 09:38 3,072 --a------ D:\WINDOWS\system32\joyojlld.dll
2008-06-02 22:22 . 1999-12-17 08:13 86,016 --a------ D:\WINDOWS\unvise32.exe
2008-06-02 22:15 . 2008-06-03 11:20 <DIR> d-------- D:\Program Files\Postal2STP
2008-06-02 11:33 . 2008-06-07 20:11 63,918 --a------ D:\WINDOWS\system32\{9ed679f0-b90f-48a1-f051-39fe31e4cdf8}.dll-uninst.exe
2008-06-02 11:33 . 2008-06-02 11:33 49,182 --a------ D:\WINDOWS\system32\jswnw64k.exe
2008-06-02 11:27 . 2008-06-02 11:27 275,456 --a------ D:\WINDOWS\system32\ljJCuSMC.dll
2008-06-02 11:26 . 2008-06-02 11:26 147,456 --a------ D:\WINDOWS\system32\vbzip10.dll
2008-06-02 11:23 . 2008-06-07 19:07 <DIR> d-------- D:\WINDOWS\TGF1cmVudCBCZW5rZW1vdW4
2008-06-02 11:23 . 2008-06-02 11:23 <DIR> d-------- D:\WINDOWS\system32\yW3
2008-06-02 11:23 . 2008-06-02 11:23 <DIR> d-------- D:\WINDOWS\system32\hIP5
2008-06-02 11:23 . 2008-06-02 11:23 <DIR> d-------- D:\WINDOWS\system32\cA1
2008-05-29 20:40 . 2008-05-29 20:40 <DIR> d-------- D:\DVDVideoSoft
2008-05-29 20:39 . 2008-05-29 20:39 <DIR> d-------- D:\Program Files\DVDVideoSoft
2008-05-29 20:39 . 2008-05-29 20:39 <DIR> d-------- D:\Program Files\Common Files\DVDVideoSoft
2008-05-29 12:00 . 2008-05-29 12:00 <DIR> d-------- D:\Program Files\Video Edit Converter Pro
2008-05-29 12:00 . 2004-02-08 00:53 856,064 --a------ D:\WINDOWS\system32\mpgfiltr.ax
2008-05-29 12:00 . 2006-07-05 17:42 139,264 --a------ D:\WINDOWS\system32\viscomdepro.dll
2008-05-25 21:36 . 2008-06-06 18:15 <DIR> d-------- D:\Documents and Settings\Parents\Application Data\LimeWire
2008-05-25 19:30 . 2007-06-21 01:53 32,768 --a------ D:\WINDOWS\system32\mf.dll
2008-05-24 13:20 . 2008-05-24 13:20 268 --ah----- D:\sqmdata10.sqm
2008-05-24 13:20 . 2008-05-24 13:20 244 --ah----- D:\sqmnoopt10.sqm
2008-05-22 13:39 . 2008-05-22 13:58 1,520 --a------ D:\AfterRead.xtl
2008-05-22 13:02 . 2008-05-22 13:02 356,352 --a------ D:\WINDOWS\eSellerateEngine.dll
2008-05-22 13:02 . 2004-12-07 10:11 258,352 --a------ D:\WINDOWS\system32\Unicows.dll
2008-05-17 15:06 . 2008-05-17 15:06 <DIR> d-------- D:\Program Files\Vstplugins
2008-05-15 20:00 . 2008-05-24 17:14 <DIR> d-------- D:\Program Files\VideoLAN
2008-05-09 16:55 . 2008-05-09 16:55 268 --ah----- D:\sqmdata09.sqm
2008-05-09 16:55 . 2008-05-09 16:55 244 --ah----- D:\sqmnoopt09.sqm
2008-05-09 11:31 . 2008-05-09 11:31 268 --ah----- D:\sqmdata08.sqm
2008-05-09 11:31 . 2008-05-09 11:31 244 --ah----- D:\sqmnoopt08.sqm
2008-05-09 09:45 . 2008-05-09 09:45 268 --ah----- D:\sqmdata07.sqm
2008-05-09 09:45 . 2008-05-09 09:45 244 --ah----- D:\sqmnoopt07.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 13:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-08 09:22 --------- d-----w D:\Program Files\Mozilla Thunderbird
2008-06-06 11:04 --------- d-----w D:\Program Files\PKR
2008-06-04 10:24 --------- d-----w D:\Program Files\Java
2008-05-22 12:15 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-18 20:03 --------- d-----w D:\Documents and Settings\Parents\Application Data\BitTorrent
2008-05-17 13:06 --------- d-----w D:\Program Files\Sony
2008-05-04 20:07 --------- d-----w D:\Documents and Settings\Parents\Application Data\Temporary
2008-05-04 18:38 --------- d-----w D:\Program Files\Windows Live Toolbar
2008-05-02 15:29 --------- d-----w D:\Program Files\Warcraft III
2008-04-26 06:45 --------- d-----w D:\Program Files\Common Files\xing shared
2008-04-26 06:45 --------- d-----w D:\Program Files\Common Files\Real
2008-04-18 17:55 --------- d-----w D:\Program Files\Google
2008-04-17 16:59 --------- d-----w D:\Documents and Settings\Parents\Application Data\ConvertTemp
2008-04-10 18:25 --------- d-----w D:\Program Files\Naviter
2002-09-18 15:00 109,524 ----a-w D:\Documents and Settings\Parents\Application Data\csilade.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c1025d7-2024-48d3-8711-0880443a8229}]
2008-06-07 14:48 111616 --a------ D:\WINDOWS\system32\jjyhaosh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC074E5E-700E-49A6-9A62-7C72A0F38E17}]
2008-06-02 11:27 275456 --a------ D:\WINDOWS\system32\ljJCuSMC.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC3E9A47-24D1-7D73-AC3C-0CA2E49E4C94}]
D:\WINDOWS\system32\bakwvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
"H/PC Connection Agent"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 21:21 1204224]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"QdrPack16"="D:\Program Files\QdrPack\QdrPack16.exe" [ ]
"Hpqlo"="D:\Documents and Settings\Parents\Application Data\s?stem\?pool32.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2003-07-28 15:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 15:19 323584 D:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus Photo R300 Series"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 05:00 99840]
"UserFaultCheck"="D:\WINDOWS\system32\dumprep 0 -u" [ ]
"PKR Pal"="D:\Program Files\PKR\pkrpal.exe" [2008-06-06 13:04 2273896]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-26 08:45 185896]
"{B1-10-00-00-DW}"="d:\windows\system32\rwwnw64d.exe" [ ]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"9c8b10af"="D:\WINDOWS\system32\ahhegpqs.dll" [2008-06-07 15:01 94208]
"BM23af18f5"="D:\WINDOWS\system32\axniyjnb.dll" [2008-06-07 14:48 101376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:56 15360]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Outil de mise … jour Google.lnk - D:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-18 19:51:37 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= D:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= D:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"D:\\Program Files\\Warcraft III\\War3.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe"= D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe"= D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\AIM\\aim.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Cat 5.16.0\\code\\5.16.0\\intel_a\\code\\bin\\CNEXT.exe"=
"C:\\Cat 5.16.0\\code\\5.16.0\\intel_a\\code\\bin\\orbixd.exe"=
"D:\\Program Files\\Naviter\\SeeYou\\SeeYou.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"D:\\Program Files\\Postal2STP\\System\\Postal2.exe"=
"D:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 BBDemon;Backbone Service;"C:\Cat 5.16.0\code\5.16.0\intel_a\code\bin\CATSysDemon.exe" -service []
S2 PPSCAN;PPSCAN;D:\WINDOWS\system32\drivers\PPSCAN.sys [1998-02-20 15:37]
S3 LUMDriver;LUMDriver;D:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 14:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8fb041-47eb-11da-8bab-806d6172696f}]
\Shell\AutoRun\command - Z:\Setup.bat

.
Contents of the 'Scheduled Tasks' folder
"2008-06-08 14:01:45 D:\WINDOWS\Tasks\XoftSpySE 2.job"
- D:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-01 02:17:15 D:\WINDOWS\Tasks\XoftSpySE.job"
- D:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 16:06:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: D:\WINDOWS\explorer.exe
-> D:\WINDOWS\system32\ahhegpqs.dll
-> D:\WINDOWS\system32\axniyjnb.dll
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\rundll32.exe
D:\PROGRA~1\MICROS~4\rapimgr.exe
D:\Qoobox\Quarantine\D\WINDOWS\system32\rwwnw64d.exe.virpenas
.
**************************************************************************
.
Completion time: 2008-06-08 16:10:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-08 14:10:29

Pre-Run: 34,105,196,544 bytes free
Post-Run: 36,548,636,672 bytes free

265 --- E O F --- 2008-05-28 06:51:49

HiJack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:24, on 08/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
C:\Cat 5.16.0\code\5.16.0\intel_a\code\bin\CATSysDemon.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\PROGRA~1\MICROS~4\rapimgr.exe
d:\windows\system32\rwwnw64d.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.babygo.fr:8118
F1 - win.ini: run=C:\WESTWOOD\REDALERT\INSTICON.EXE C:\WESTWOOD\REDALERT\INSTICON.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PKR Pal] "D:\Program Files\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{B1-10-00-00-DW}] d:\windows\system32\rwwnw64d.exe DWramFF
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [9c8b10af] rundll32.exe "D:\WINDOWS\system32\ahhegpqs.dll",b
O4 - HKLM\..\Run: [BM23af18f5] Rundll32.exe "D:\WINDOWS\system32\akfbjdhi.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [QdrPack16] "D:\Program Files\QdrPack\QdrPack16.exe"
O4 - HKCU\..\Run: [Hpqlo] "D:\Documents and Settings\Parents\Application Data\s?stem\?pool32.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = D:\QooBox\Quarantine\D\WINDOWS\system32\kcnttkdm.exe.vir
O4 - Startup: DW_Start.lnk = D:\WINDOWS\system32\rwwnw64d.exe
O4 - Startup: YesMessenger.lnk = D:\Program Files\YesMessenger\YesMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Define - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Cat 5.16.0\code\5.16.0\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

Réponse 8 / 20

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Ok

Il en reste pas mal à supprimer.

Fais un clic droit sur ce lien :
http://il.mafioso.pagesperso-orange.fr/Navifix/Navilog1.zip
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Fais un clic droit sur navilog1.zip et choisis "tout extraire"
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

A+

Rhakzi Messages postés 36 Statut Membre

voila le rapport

Search Navipromo version 3.5.8 commencé le 09/06/2008 à 13:29:59,87

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis D:\Program Files\navilog1
Session actuelle : "Parents"

Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "D:\WINDOWS" ***

*** Recherche dossiers dans "D:\Program Files" ***

*** Recherche dossiers dans "d:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "d:\docume~1\alluse~1\startm~1\programs" ***

*** Recherche dossiers dans "D:\Documents and Settings\Parents\applic~1" ***

*** Recherche dossiers dans "D:\DOCUME~1\ADMINI~1\applic~1" ***

*** Recherche dossiers dans "D:\DOCUME~1\CLMENC~1\applic~1" ***

*** Recherche dossiers dans "D:\DOCUME~1\Maman\applic~1" ***

*** Recherche dossiers dans "D:\Documents and Settings\Parents\locals~1\applic~1" ***

*** Recherche dossiers dans "D:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Recherche dossiers dans "D:\DOCUME~1\CLMENC~1\locals~1\applic~1" ***

*** Recherche dossiers dans "D:\DOCUME~1\Maman\locals~1\applic~1" ***

*** Recherche dossiers dans "D:\Documents and Settings\Parents\startm~1\programs" ***

*** Recherche dossiers dans "D:\DOCUME~1\ADMINI~1\startm~1\programs" ***

*** Recherche dossiers dans "D:\DOCUME~1\CLMENC~1\startm~1\programs" ***

*** Recherche dossiers dans "D:\DOCUME~1\Maman\startm~1\programs" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "D:\WINDOWS\system32" *

* Recherche dans "D:\Documents and Settings\Parents\locals~1\applic~1" *

* Recherche dans "D:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "D:\DOCUME~1\CLMENC~1\locals~1\applic~1" *

* Recherche dans "D:\DOCUME~1\Maman\locals~1\applic~1" *

*** Recherche fichiers ***

D:\WINDOWS\Downloaded Program Files\IaLdr32.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "D:\WINDOWS\system32" :

* Dans "D:\Documents and Settings\Parents\locals~1\applic~1" :

* Dans "D:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

* Dans "D:\DOCUME~1\CLMENC~1\locals~1\applic~1" :

* Dans "D:\DOCUME~1\Maman\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

D:\WINDOWS\system32\CMSuCJjl.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

*** Analyse terminée le 09/06/2008 à 13:56:25,73 ***

Rhakzi Messages postés 36 Statut Membre > Rhakzi Messages postés 36 Statut Membre

un peu d'aide s'il vous plait.

(si vous êtes occupés IRL, je suis désolé, retournez à vos activités IRL)

Réponse 9 / 20

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Oups, je vous avez oublié, désolé...

Peux tu remettre un nouveau HijackThis?

A+

Rhakzi Messages postés 36 Statut Membre

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:20, on 11/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\PROGRA~1\MICROS~4\rapimgr.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Trend Micro\HijackThis\Hijack11This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.babygo.fr:8118
F1 - win.ini: run=C:\WESTWOOD\REDALERT\INSTICON.EXE C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {6204B773-3C0D-4E64-AE43-E009A78D78D9} - D:\WINDOWS\system32\ljJCuSMC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: gooochi browser optimizer - {a71701b7-dbad-0815-2aff-c1803b5c9466} - D:\WINDOWS\system32\{9ed679f0-b90f-48a1-f051-39fe31e4cdf8}.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {a193c513-784e-d829-83f4-d6645edca7db} - {bd7acde5-466d-4f38-928d-e487315c391a} - D:\WINDOWS\system32\vviaaaqy.dll
O2 - BHO: (no name) - {DC3E9A47-24D1-7D73-AC3C-0CA2E49E4C94} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PKR Pal] "D:\Program Files\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ExploreUpdSched] D:\WINDOWS\system32\kcnttkdm.exe DWramFF
O4 - HKLM\..\Run: [{62480975-c5e7-8e98-1ea0-5a26888e07bb}] D:\WINDOWS\System32\Rundll32.exe "D:\WINDOWS\system32\{9ed679f0-b90f-48a1-f051-39fe31e4cdf8}.dll" DllStart
O4 - HKLM\..\Run: [9c8b10af] rundll32.exe "D:\WINDOWS\system32\jfyrgxwa.dll",b
O4 - HKLM\..\Run: [BM23af18f5] Rundll32.exe "D:\WINDOWS\system32\xsycnlxd.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = D:\WINDOWS\system32\kcnttkdm.exe
O4 - Startup: DW_Start.lnk = D:\QooBox\Quarantine\D\WINDOWS\system32\rwwnw64d.exe.vir
O4 - Startup: YesMessenger.lnk = D:\Program Files\YesMessenger\YesMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Define - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - D:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Cat 5.16.0\code\5.16.0\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

Réponse 10 / 20

Utilisateur anonyme

Salut TLM,

Rhakzi, c'est pas le même PC ? Si ? : http://www.commentcamarche.net/forum/affich 6398947 consommation 100 du processeur

Désolé pour mon intrusion.....

A+

Utilisateur anonyme

Arfff

Je suis trop couillon......

Je viens de voir que non.... (mais je suis couillon quand même).

:)

Réponse 11 / 20

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Pas même log, certes mais même pseudo.
Dois je analyser le Combofix?

Y'a un truc j'ai pas compris du coup.

Réponse 12 / 20

Rhakzi Messages postés 36 Statut Membre

Ben en fait, dans ce poste, je demande de l'aide pour le pc de mes parents. Dans le lien de DllD c'était pour mon propre PC. Aussi, dans le dernier log, j'ai fait la manip pour afficher les lignes 02

Réponse 13 / 20

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Ok...

Donc:

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
D:\Documents and Settings\Parents\Application Data\SSTEM~1\?pool32.exe
D:\sqmdata14.sqm
D:\sqmnoopt14.sqm
D:\sqmdata13.sqm
D:\sqmnoopt13.sqm
D:\WINDOWS\system32\ahhegpqs.dll
D:\sqmdata12.sqm
D:\sqmnoopt12.sqm
D:\sqmdata11.sqm
D:\sqmnoopt11.sqm
D:\WINDOWS\system32\jjyhaosh.dll
D:\WINDOWS\system32\axniyjnb.dll
D:\WINDOWS\system32\uenprtur.dll
D:\WINDOWS\system32\gonayctc.dll
D:\WINDOWS\system32\ipnhqeag.dll
D:\WINDOWS\system32\uoghwkxc.dll
D:\WINDOWS\system32\jhsavdhu.dll
D:\WINDOWS\system32\joyojlld.dll
D:\WINDOWS\system32\{9ed679f0-b90f-48a1-f051-39fe31e4cdf8}.dll-uninst.exe
D:\WINDOWS\system32\jswnw64k.exe
D:\WINDOWS\system32\ljJCuSMC.dll
D:\sqmdata10.sqm
D:\sqmnoopt10.sqm
D:\sqmdata09.sqm
D:\sqmnoopt09.sqm
D:\sqmdata08.sqm
D:\sqmnoopt08.sqm
D:\sqmdata07.sqm
D:\sqmnoopt07.sqm 

Folder::
D:\WINDOWS\TGF1cmVudCBCZW5rZW1vdW4
D:\WINDOWS\system32\yW3
D:\WINDOWS\system32\hIP5
D:\WINDOWS\system32\cA1

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c1025d7-2024-48d3-8711-0880443a8229}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC074E5E-700E-49A6-9A62-7C72A0F38E17}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC3E9A47-24D1-7D73-AC3C-0CA2E49E4C94}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QdrPack16"=- 
"Hpqlo"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{B1-10-00-00-DW}"=-

Enregistre ce fichier sous le nom CFScript

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
[*]Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) ,tape 1 puis valide.
[*]Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
[*]Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis
[*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Rhakzi Messages postés 36 Statut Membre

ça l'air de mieux marcher. plus de pop-ups j'ai l'impression. le pc parait mieux se comporter. j'en suis où?

ComboFix 08-06-12.2 - Parents 2008-06-14 13:19:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.666 [GMT 2:00]
Running from: D:\Documents and Settings\Parents\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Parents\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
D:\sqmdata07.sqm
D:\sqmdata08.sqm
D:\sqmdata09.sqm
D:\sqmdata10.sqm
D:\sqmdata11.sqm
D:\sqmdata12.sqm
D:\sqmdata13.sqm
D:\sqmdata14.sqm
D:\sqmnoopt07.sqm
D:\sqmnoopt08.sqm
D:\sqmnoopt09.sqm
D:\sqmnoopt10.sqm
D:\sqmnoopt11.sqm
D:\sqmnoopt12.sqm
D:\sqmnoopt13.sqm
D:\sqmnoopt14.sqm
D:\WINDOWS\system32\{9ed679f0-b90f-48a1-f051-39fe31e4cdf8}.dll-uninst.exe
D:\WINDOWS\system32\ahhegpqs.dll
D:\WINDOWS\system32\axniyjnb.dll
D:\WINDOWS\system32\gonayctc.dll
D:\WINDOWS\system32\ipnhqeag.dll
D:\WINDOWS\system32\jhsavdhu.dll
D:\WINDOWS\system32\jjyhaosh.dll
D:\WINDOWS\system32\joyojlld.dll
D:\WINDOWS\system32\jswnw64k.exe
D:\WINDOWS\system32\ljJCuSMC.dll
D:\WINDOWS\system32\uenprtur.dll
D:\WINDOWS\system32\uoghwkxc.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\sqmdata07.sqm
D:\sqmdata08.sqm
D:\sqmdata09.sqm
D:\sqmdata10.sqm
D:\sqmdata11.sqm
D:\sqmdata12.sqm
D:\sqmdata13.sqm
D:\sqmdata14.sqm
D:\sqmnoopt07.sqm
D:\sqmnoopt08.sqm
D:\sqmnoopt09.sqm
D:\sqmnoopt10.sqm
D:\sqmnoopt11.sqm
D:\sqmnoopt12.sqm
D:\sqmnoopt13.sqm
D:\sqmnoopt14.sqm
D:\WINDOWS\BM23af18f5.xml
D:\WINDOWS\cookies.ini
D:\WINDOWS\pskt.ini
D:\WINDOWS\system32\akfbjdhi.dll
D:\WINDOWS\system32\awxgryfj.ini
D:\WINDOWS\system32\axniyjnb.dll
D:\WINDOWS\system32\cA1
D:\WINDOWS\system32\cA1\hdpars11.exe
D:\WINDOWS\system32\CMSuCJjl.ini
D:\WINDOWS\system32\CMSuCJjl.ini2
D:\WINDOWS\system32\cscioujs.dll
D:\WINDOWS\system32\dcdjfmun.dll
D:\WINDOWS\system32\dsfsojvs.dll
D:\WINDOWS\system32\ewuntylm.dll
D:\WINDOWS\system32\fvuvgkae.exe
D:\WINDOWS\system32\g59.exe
D:\WINDOWS\system32\gonayctc.dll
D:\WINDOWS\system32\hIP5
D:\WINDOWS\system32\hIP5\moolckr.exe
D:\WINDOWS\system32\humgvjku.exe
D:\WINDOWS\system32\ipnhqeag.dll
D:\WINDOWS\system32\jcukitjw.dll
D:\WINDOWS\system32\jhsavdhu.dll
D:\WINDOWS\system32\jjyhaosh.dll
D:\WINDOWS\system32\joyojlld.dll
D:\WINDOWS\system32\jqogkcrs.dll
D:\WINDOWS\system32\jswnw64k.exe
D:\WINDOWS\system32\kcnttkdm.exe
D:\WINDOWS\system32\kwsdlorg.dll
D:\WINDOWS\system32\ljJCuSMC.dll
D:\WINDOWS\system32\mcrh.tmp
D:\WINDOWS\system32\mkmrcvck.dll
D:\WINDOWS\system32\moiyjuea.dll
D:\WINDOWS\system32\msnav32.ax
D:\WINDOWS\system32\qrbpllgn.ini
D:\WINDOWS\system32\qrdkvdxa.ini
D:\WINDOWS\system32\qugbphtb.dll
D:\WINDOWS\system32\rsrggrhx.dll
D:\WINDOWS\system32\svjosfsd.ini
D:\WINDOWS\system32\tuedbhcr.ini
D:\WINDOWS\system32\uenprtur.dll
D:\WINDOWS\system32\uoghwkxc.dll
D:\WINDOWS\system32\vviaaaqy.dll
D:\WINDOWS\system32\winpfz33.sys
D:\WINDOWS\system32\xsycnlxd.dll
D:\WINDOWS\system32\ymgodylc.ini
D:\WINDOWS\system32\yW3
D:\WINDOWS\system32\yW3\lutdtx2.exe
D:\WINDOWS\system32\zxdnt3d.cfg
D:\WINDOWS\TGF1cmVudCBCZW5rZW1vdW4

.
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2008-06-13 17:46 . 2008-06-13 17:46 40,960 --a------ D:\WINDOWS\system32\cjmdyxoc.dll
2008-06-12 17:37 . 2008-06-12 17:37 40,960 --a------ D:\WINDOWS\system32\foxfcuex.dll
2008-06-11 17:45 . 2008-06-11 17:45 40,960 --a------ D:\WINDOWS\system32\akexbwhe.dll
2008-06-11 13:42 . 2008-06-11 13:42 <DIR> d-------- D:\VundoFix Backups
2008-06-10 17:47 . 2008-06-10 17:47 40,960 --a------ D:\WINDOWS\system32\rccpgjmr.dll
2008-06-09 13:28 . 2008-06-09 13:58 <DIR> d-------- D:\Program Files\Navilog1
2008-06-08 16:10 . 2008-06-08 16:10 <DIR> d-------- D:\Documents and Settings\Clémence
2008-06-08 16:10 . 2008-06-08 16:10 294 --ahs---- D:\WINDOWS\system32\sqpgehha.ini
2008-06-08 12:23 . 2008-06-08 12:23 <DIR> d-------- D:\Program Files\YesMessenger
2008-06-08 12:23 . 2007-11-26 14:46 316 --a------ D:\WINDOWS\yes_messenger.ini
2008-06-07 18:49 . 2008-06-07 18:49 <DIR> d-------- D:\WINDOWS\ERUNT
2008-06-07 18:48 . 2008-06-07 18:48 <DIR> d-------- D:\Documents and Settings\Administrator
2008-06-07 15:13 . 2008-06-07 15:13 <DIR> d-------- D:\Program Files\Trend Micro
2008-06-06 22:25 . 2008-06-06 22:25 <DIR> d-------- D:\Program Files\Sunbelt Software
2008-06-06 19:06 . 2008-06-07 18:47 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2008-06-06 16:58 . 2008-06-06 16:58 13,502 --a------ D:\WINDOWS\system32\JambaIconFR.ico
2008-06-06 16:58 . 2008-06-06 16:58 9,662 --a------ D:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-06-02 22:22 . 1999-12-17 08:13 86,016 --a------ D:\WINDOWS\unvise32.exe
2008-06-02 22:15 . 2008-06-03 11:20 <DIR> d-------- D:\Program Files\Postal2STP
2008-06-02 11:26 . 2008-06-02 11:26 147,456 --a------ D:\WINDOWS\system32\vbzip10.dll
2008-05-29 20:40 . 2008-05-29 20:40 <DIR> d-------- D:\DVDVideoSoft
2008-05-29 20:39 . 2008-05-29 20:39 <DIR> d-------- D:\Program Files\DVDVideoSoft
2008-05-29 20:39 . 2008-05-29 20:39 <DIR> d-------- D:\Program Files\Common Files\DVDVideoSoft
2008-05-29 12:00 . 2008-05-29 12:00 <DIR> d-------- D:\Program Files\Video Edit Converter Pro
2008-05-29 12:00 . 2004-02-08 00:53 856,064 --a------ D:\WINDOWS\system32\mpgfiltr.ax
2008-05-29 12:00 . 2006-07-05 17:42 139,264 --a------ D:\WINDOWS\system32\viscomdepro.dll
2008-05-25 21:36 . 2008-06-06 18:15 <DIR> d-------- D:\Documents and Settings\Parents\Application Data\LimeWire
2008-05-25 19:30 . 2007-06-21 01:53 32,768 --a------ D:\WINDOWS\system32\mf.dll
2008-05-22 13:39 . 2008-05-22 13:58 1,520 --a------ D:\AfterRead.xtl
2008-05-22 13:02 . 2008-05-22 13:02 356,352 --a------ D:\WINDOWS\eSellerateEngine.dll
2008-05-22 13:02 . 2004-12-07 10:11 258,352 --a------ D:\WINDOWS\system32\Unicows.dll
2008-05-17 15:06 . 2008-05-17 15:06 <DIR> d-------- D:\Program Files\Vstplugins
2008-05-15 20:00 . 2008-05-24 17:14 <DIR> d-------- D:\Program Files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 09:34 --------- d-----w D:\Program Files\Mozilla Thunderbird
2008-06-14 09:08 --------- d-----w D:\Program Files\PKR
2008-06-14 07:24 --------- d-----w D:\Program Files\ProfiliV2
2008-06-11 16:35 --------- d-----w D:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-04 10:24 --------- d-----w D:\Program Files\Java
2008-05-22 12:15 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-18 20:03 --------- d-----w D:\Documents and Settings\Parents\Application Data\BitTorrent
2008-05-17 13:06 --------- d-----w D:\Program Files\Sony
2008-05-04 20:07 --------- d-----w D:\Documents and Settings\Parents\Application Data\Temporary
2008-05-04 18:38 --------- d-----w D:\Program Files\Windows Live Toolbar
2008-05-02 15:29 --------- d-----w D:\Program Files\Warcraft III
2008-04-26 06:45 --------- d-----w D:\Program Files\Common Files\xing shared
2008-04-26 06:45 --------- d-----w D:\Program Files\Common Files\Real
2008-04-18 17:55 --------- d-----w D:\Program Files\Google
2008-04-17 16:59 --------- d-----w D:\Documents and Settings\Parents\Application Data\ConvertTemp
2002-09-18 15:00 109,524 ----a-w D:\Documents and Settings\Parents\Application Data\csilade.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-08_16.10.10.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 14:01:26 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-06-14 11:29:34 2,048 --s-a-w D:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
"H/PC Connection Agent"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 21:21 1204224]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2003-07-28 15:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 15:19 323584 D:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus Photo R300 Series"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 05:00 99840]
"UserFaultCheck"="D:\WINDOWS\system32\dumprep 0 -u" [ ]
"PKR Pal"="D:\Program Files\PKR\pkrpal.exe" [2008-06-06 13:04 2273896]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-26 08:45 185896]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:56 15360]

D:\Documents and Settings\Parents\Start Menu\Programs\Startup\
Deewoo.lnk - D:\QooBox\Quarantine\D\WINDOWS\system32\kcnttkdm.exe.vir [2008-06-08 16:16:26 200768]
DW_Start.lnk - D:\QooBox\Quarantine\D\WINDOWS\system32\rwwnw64d.exe.vir [2008-06-08 16:06:09 49188]
YesMessenger.lnk - D:\Program Files\YesMessenger\YesMessenger.exe [2008-06-08 12:23:56 2748416]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Outil de mise … jour Google.lnk - D:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-18 19:51:37 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= D:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= D:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"D:\\Program Files\\Warcraft III\\War3.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe"= D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe"= D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\AIM\\aim.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Cat 5.16.0\\code\\5.16.0\\intel_a\\code\\bin\\CNEXT.exe"=
"C:\\Cat 5.16.0\\code\\5.16.0\\intel_a\\code\\bin\\orbixd.exe"=
"D:\\Program Files\\Naviter\\SeeYou\\SeeYou.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"D:\\Program Files\\Postal2STP\\System\\Postal2.exe"=
"D:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 BBDemon;Backbone Service;"C:\Cat 5.16.0\code\5.16.0\intel_a\code\bin\CATSysDemon.exe" -service []
S2 PPSCAN;PPSCAN;D:\WINDOWS\system32\drivers\PPSCAN.sys [1998-02-20 15:37]
S3 LUMDriver;LUMDriver;D:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 14:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8fb041-47eb-11da-8bab-806d6172696f}]
\Shell\AutoRun\command - Z:\Setup.bat

.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 13:04:28 D:\WINDOWS\Tasks\XoftSpySE 2.job"
- D:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-01 02:17:15 D:\WINDOWS\Tasks\XoftSpySE.job"
- D:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 15:05:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\wscntfy.exe
D:\PROGRA~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Completion time: 2008-06-14 15:09:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-14 13:09:30
ComboFix2.txt 2008-06-08 14:10:36

Pre-Run: 36,958,871,552 bytes free
Post-Run: 36,957,302,784 bytes free

255 --- E O F --- 2008-05-28 06:51:49

Réponse 14 / 20

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Ok ça se termine :-)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
D:\WINDOWS\system32\cjmdyxoc.dll
D:\WINDOWS\system32\foxfcuex.dll
D:\WINDOWS\system32\akexbwhe.dll
D:\WINDOWS\system32\rccpgjmr.dll
D:\WINDOWS\system32\sqpgehha.ini 
D:\Documents and Settings\Parents\Application Data\csilade.dll

Rhakzi Messages postés 36 Statut Membre

ComboFix 08-06-12.2 - Parents 2008-06-16 16:17:22.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.732 [GMT 2:00]
Running from: D:\Documents and Settings\Parents\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Parents\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
D:\Documents and Settings\Parents\Application Data\csilade.dll
D:\WINDOWS\system32\akexbwhe.dll
D:\WINDOWS\system32\cjmdyxoc.dll
D:\WINDOWS\system32\foxfcuex.dll
D:\WINDOWS\system32\rccpgjmr.dll
D:\WINDOWS\system32\sqpgehha.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\Parents\Application Data\csilade.dll
D:\Documents and Settings\Parents\err.log
D:\Documents and Settings\Parents\Start Menu\Programs\Startup\Deewoo.lnk
D:\Documents and Settings\Parents\Start Menu\Programs\Startup\DW_Start.lnk
D:\WINDOWS\system32\akexbwhe.dll
D:\WINDOWS\system32\cjmdyxoc.dll
D:\WINDOWS\system32\foxfcuex.dll
D:\WINDOWS\system32\rccpgjmr.dll
D:\WINDOWS\system32\sqpgehha.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.

2008-06-15 20:11 . 2008-06-15 20:14 1,374 --a------ D:\WINDOWS\imsins.BAK
2008-06-15 18:46 . 2008-06-15 18:46 <DIR> d-------- D:\Documents and Settings\Parents\Application Data\TaoUSign
2008-06-15 10:50 . 2008-04-14 13:01 272,128 -----c--- D:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 13:42 . 2008-06-11 13:42 <DIR> d-------- D:\VundoFix Backups
2008-06-09 13:28 . 2008-06-09 13:58 <DIR> d-------- D:\Program Files\Navilog1
2008-06-08 16:10 . <DIR> D:\Documents and Settings\ClTmence
2008-06-08 12:23 . 2008-06-08 12:23 <DIR> d-------- D:\Program Files\YesMessenger
2008-06-08 12:23 . 2007-11-26 14:46 316 --a------ D:\WINDOWS\yes_messenger.ini
2008-06-07 18:49 . 2008-06-07 18:49 <DIR> d-------- D:\WINDOWS\ERUNT
2008-06-07 18:48 . 2008-06-07 18:48 <DIR> d-------- D:\Documents and Settings\Administrator
2008-06-07 15:13 . 2008-06-07 15:13 <DIR> d-------- D:\Program Files\Trend Micro
2008-06-06 22:25 . 2008-06-06 22:25 <DIR> d-------- D:\Program Files\Sunbelt Software
2008-06-06 19:06 . 2008-06-07 18:47 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2008-06-06 16:58 . 2008-06-06 16:58 13,502 --a------ D:\WINDOWS\system32\JambaIconFR.ico
2008-06-06 16:58 . 2008-06-06 16:58 9,662 --a------ D:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-06-02 22:22 . 1999-12-17 08:13 86,016 --a------ D:\WINDOWS\unvise32.exe
2008-06-02 22:15 . 2008-06-03 11:20 <DIR> d-------- D:\Program Files\Postal2STP
2008-06-02 11:26 . 2008-06-02 11:26 147,456 --a------ D:\WINDOWS\system32\vbzip10.dll
2008-05-29 20:40 . 2008-05-29 20:40 <DIR> d-------- D:\DVDVideoSoft
2008-05-29 20:39 . 2008-05-29 20:39 <DIR> d-------- D:\Program Files\DVDVideoSoft
2008-05-29 20:39 . 2008-05-29 20:39 <DIR> d-------- D:\Program Files\Common Files\DVDVideoSoft
2008-05-29 12:00 . 2008-05-29 12:00 <DIR> d-------- D:\Program Files\Video Edit Converter Pro
2008-05-29 12:00 . 2004-02-08 00:53 856,064 --a------ D:\WINDOWS\system32\mpgfiltr.ax
2008-05-29 12:00 . 2006-07-05 17:42 139,264 --a------ D:\WINDOWS\system32\viscomdepro.dll
2008-05-25 21:36 . 2008-06-06 18:15 <DIR> d-------- D:\Documents and Settings\Parents\Application Data\LimeWire
2008-05-25 19:30 . 2007-06-21 01:53 32,768 --a------ D:\WINDOWS\system32\mf.dll
2008-05-22 13:39 . 2008-05-22 13:58 1,520 --a------ D:\AfterRead.xtl
2008-05-22 13:02 . 2008-05-22 13:02 356,352 --a------ D:\WINDOWS\eSellerateEngine.dll
2008-05-22 13:02 . 2004-12-07 10:11 258,352 --a------ D:\WINDOWS\system32\Unicows.dll
2008-05-17 15:06 . 2008-05-17 15:06 <DIR> d-------- D:\Program Files\Vstplugins

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 06:53 --------- d-----w D:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-16 06:46 --------- d-----w D:\Program Files\Mozilla Thunderbird
2008-06-15 18:13 --------- d-----w D:\Program Files\Microsoft ActiveSync
2008-06-14 09:08 --------- d-----w D:\Program Files\PKR
2008-06-14 07:24 --------- d-----w D:\Program Files\ProfiliV2
2008-06-04 10:24 --------- d-----w D:\Program Files\Java
2008-05-24 15:14 --------- d-----w D:\Program Files\VideoLAN
2008-05-22 12:15 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-18 20:03 --------- d-----w D:\Documents and Settings\Parents\Application Data\BitTorrent
2008-05-17 13:06 --------- d-----w D:\Program Files\Sony
2008-05-08 12:28 202,752 ----a-w D:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w D:\WINDOWS\system32\quartz.dll
2008-05-04 20:07 --------- d-----w D:\Documents and Settings\Parents\Application Data\Temporary
2008-05-04 18:38 --------- d-----w D:\Program Files\Windows Live Toolbar
2008-05-02 15:29 --------- d-----w D:\Program Files\Warcraft III
2008-04-26 06:45 499,712 ----a-w D:\WINDOWS\system32\msvcp71.dll
2008-04-26 06:45 --------- d-----w D:\Program Files\Common Files\xing shared
2008-04-26 06:45 --------- d-----w D:\Program Files\Common Files\Real
2008-04-23 04:16 826,368 ----a-w D:\WINDOWS\system32\wininet.dll
2008-04-18 17:55 --------- d-----w D:\Program Files\Google
2008-04-17 16:59 --------- d-----w D:\Documents and Settings\Parents\Application Data\ConvertTemp
2008-04-04 12:47 368,640 ----a-w D:\WINDOWS\system32\ReWire.dll
2008-04-04 12:47 233,472 ----a-w D:\WINDOWS\system32\REX Shared Library.dll
2008-03-27 08:12 151,583 ----a-w D:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w D:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-08_16.10.10.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 14:01:26 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-06-16 14:09:41 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-04-14 11:01:02 272,128 ------w D:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 13:06:20 124,928 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:06:21 347,136 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:06:21 133,120 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:06:21 63,488 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:06:22 383,488 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:06:24 44,544 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:46 625,664 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:06:25 27,648 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:06:26 459,264 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 16:36:30 3,591,680 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:06:28 478,208 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:06:28 193,024 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:06:29 671,232 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:06:29 102,912 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:06:29 44,544 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:06:29 105,984 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:06:30 233,472 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:06:31 826,368 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
+ 2003-07-15 05:57:34 38,968 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-15 05:53:06 94,768 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 05:56:54 14,904 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-15 05:57:14 98,360 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-15 05:40:12 179,768 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-06-19 00:31:10 252,928 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-07-15 05:51:44 87,104 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-15 05:52:52 17,464 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-14 21:57:16 120,888 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 05:52:52 27,704 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 05:52:56 55,360 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-11 09:15:48 1,292,872 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2003-07-15 10:18:52 376,888 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-14 21:52:54 28,224 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 05:52:52 35,896 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-15 05:46:16 42,040 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 05:45:12 55,360 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 05:45:12 39,488 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-06-19 00:31:50 16,384 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-06-19 23:05:50 364,648 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-15 05:52:58 41,528 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-07-15 06:00:54 145,984 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-15 05:57:10 56,888 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 05:56:52 13,888 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-07-15 10:14:26 242,240 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-15 06:05:24 1,054,264 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-15 10:18:44 93,752 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-05-09 04:54:00 77,824 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 05:57:08 40,512 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-07-14 21:57:08 58,944 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 05:53:14 11,848 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2005-02-03 16:59:22 346,840 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.8173\METCONV.DLL
+ 2005-05-03 23:06:28 465,640 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2005-05-03 23:06:32 1,411,816 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2005-05-03 23:06:26 199,408 ----a-r D:\WINDOWS\Installer\$PatchCache$\Managed\C0403E1900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
- 2008-05-14 20:23:09 593,920 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-06-15 18:14:37 593,920 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-05-14 20:23:09 12,288 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-15 18:14:37 12,288 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-05-14 20:23:09 86,016 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-06-15 18:14:37 86,016 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-05-14 20:23:09 135,168 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-15 18:14:37 135,168 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-05-14 20:23:09 11,264 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-15 18:14:37 11,264 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-05-14 20:23:09 27,136 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-15 18:14:37 27,136 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-05-14 20:23:09 4,096 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-15 18:14:37 4,096 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-05-14 20:23:09 794,624 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-06-15 18:14:37 794,624 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-05-14 20:23:09 249,856 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-06-15 18:14:37 249,856 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-05-14 20:23:09 61,440 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-06-15 18:14:37 61,440 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-05-14 20:23:09 23,040 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-15 18:14:37 23,040 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-05-14 20:23:09 286,720 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-06-15 18:14:37 286,720 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-05-14 20:23:09 409,600 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-15 18:14:37 409,600 ----a-r D:\WINDOWS\Installer\{91E3040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-03-01 13:06:20 124,928 ----a-w D:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w D:\WINDOWS\system32\advpack.dll
- 2008-03-01 13:06:20 124,928 -c----w D:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 -c----w D:\WINDOWS\system32\dllcache\advpack.dll
- 2008-03-01 13:06:21 347,136 -c----w D:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 -c----w D:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 -c----w D:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 -c----w D:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 13:06:21 133,120 -c----w D:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 -c----w D:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 13:06:21 63,488 -c----w D:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:28 63,488 -c----w D:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:55:23 70,656 -c----w D:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 -c----w D:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 -c----w D:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 -c----w D:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:06:21 230,400 -c----w D:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 -c----w D:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c--a-w D:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c--a-w D:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 13:06:22 383,488 -c----w D:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 -c----w D:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 -c----w D:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 -c----w D:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 -c----w D:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w D:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 13:06:24 44,544 -c----w D:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 -c----w D:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 13:06:25 267,776 -c----w D:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:28 267,776 -c----w D:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-02-22 10:00:51 13,824 -c----w D:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 -c----w D:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-02-29 08:55:46 625,664 -c----w D:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:40:18 625,664 -c----w D:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-03-01 13:06:25 27,648 -c----w D:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 -c----w D:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-03-01 13:06:26 459,264 -c----w D:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 -c----w D:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 13:06:26 52,224 -c----w D:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 -c----w D:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 16:36:30 3,591,680 -c----w D:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-23 20:16:30 3,591,680 -c----w D:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 13:06:28 478,208 -c----w D:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 -c----w D:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 13:06:28 193,024 -c----w D:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 -c----w D:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 13:06:29 671,232 -c----w D:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 -c----w D:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 13:06:29 102,912 -c----w D:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 -c----w D:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 13:06:29 44,544 -c----w D:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 -c----w D:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 -c----w D:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c----w D:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w D:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w D:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-03-01 13:06:29 105,984 -c----w D:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 -c----w D:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:06:30 1,159,680 -c----w D:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 -c----w D:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 13:06:30 233,472 -c----w D:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 -c----w D:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 13:06:31 826,368 -c----w D:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 -c----w D:\WINDOWS\system32\dllcache\wininet.dll
- 2004-08-04 06:10:37 274,304 ------w D:\WINDOWS\system32\drivers\bthport.sys
+ 2008-04-14 11:01:02 272,128 ----a-w D:\WINDOWS\system32\drivers\bthport.sys
- 2008-03-01 13:06:21 347,136 ----a-w D:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w D:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w D:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w D:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w D:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w D:\WINDOWS\system32\extmgr.dll
- 2005-03-17 13:39:58 1,146,320 ----a-w D:\WINDOWS\system32\FM20.DLL
+ 2007-06-06 08:53:34 1,195,888 ----a-w D:\WINDOWS\system32\FM20.DLL
- 2003-07-14 21:57:04 32,584 ----a-w D:\WINDOWS\system32\FM20ENU.DLL
+ 2007-03-22 17:17:04 35,440 ----a-w D:\WINDOWS\system32\FM20ENU.DLL
- 2003-07-31 18:46:08 42,128 ----a-w D:\WINDOWS\system32\FM20FRA.DLL
+ 2007-04-05 09:56:36 47,840 ----a-w D:\WINDOWS\system32\FM20FRA.DLL
- 2008-04-24 06:19:57 181,832 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-16 06:40:48 181,832 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT
- 2008-03-01 13:06:21 63,488 ----a-w D:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w D:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:55:23 70,656 ----a-w D:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w D:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ----a-w D:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w D:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ----a-w D:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w D:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w D:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w D:\WINDOWS\system32\ieakui.dll
- 2008-03-01 13:06:22 383,488 ----a-w D:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w D:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ----a-w D:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w D:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w D:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w D:\WINDOWS\system32\ieframe.dll
- 2008-03-01 13:06:24 44,544 ----a-w D:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w D:\WINDOWS\system32\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w D:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w D:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w D:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w D:\WINDOWS\system32\ieudinit.exe
- 2008-03-01 13:06:25 27,648 ----a-w D:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w D:\WINDOWS\system32\jsproxy.dll
- 2004-03-22 14:17:06 24,816 ----a-w D:\WINDOWS\system32\mdimon.dll
+ 2007-04-09 11:23:54 28,040 ----a-w D:\WINDOWS\system32\mdimon.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w D:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w D:\WINDOWS\system32\MRT.exe
- 2008-03-01 13:06:26 459,264 ----a-w D:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w D:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ----a-w D:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w D:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 16:36:30 3,591,680 ----a-w D:\WINDOWS\system32\mshtml.dll
+ 2008-04-23 20:16:30 3,591,680 ----a-w D:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:06:28 478,208 ----a-w D:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w D:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ----a-w D:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w D:\WINDOWS\system32\msrating.dll
- 2008-03-01 13:06:29 671,232 ----a-w D:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w D:\WINDOWS\system32\mstime.dll
- 2008-03-01 13:06:29 102,912 ----a-w D:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w D:\WINDOWS\system32\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w D:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w D:\WINDOWS\system32\pngfilt.dll
- 2007-04-25 03:00:58 18,296 ------w D:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w D:\WINDOWS\system32\spmsg.dll
- 2004-03-22 14:17:04 765,680 ----a-w D:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2007-04-09 11:24:04 758,664 ----a-w D:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2004-03-22 14:17:10 42,224 ----a-w D:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2007-04-09 11:23:58 46,472 ----a-w D:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
- 2004-03-22 14:17:04 765,680 ----a-w D:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
+ 2007-04-09 11:24:04 758,664 ----a-w D:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
- 2004-03-22 14:17:10 42,224 ----a-w D:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
+ 2007-04-09 11:23:58 46,472 ----a-w D:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
- 2004-03-22 14:17:08 25,840 ----a-w D:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-04-09 11:23:54 28,552 ----a-w D:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
- 2008-03-01 13:06:29 105,984 ----a-w D:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w D:\WINDOWS\system32\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w D:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w D:\WINDOWS\system32\urlmon.dll
- 2008-03-01 13:06:30 233,472 ----a-w D:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w D:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
"H/PC Connection Agent"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 21:21 1204224]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2003-07-28 15:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 15:19 323584 D:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus Photo R300 Series"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 05:00 99840]
"UserFaultCheck"="D:\WINDOWS\system32\dumprep 0 -u" [ ]
"PKR Pal"="D:\Program Files\PKR\pkrpal.exe" [2008-06-06 13:04 2273896]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-26 08:45 185896]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:56 15360]

D:\Documents and Settings\Parents\Start Menu\Programs\Startup\
YesMessenger.lnk - D:\Program Files\YesMessenger\YesMessenger.exe [2008-06-08 12:23:56 2748416]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Outil de mise … jour Google.lnk - D:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-18 19:51:37 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= D:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= D:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"D:\\Program Files\\Warcraft III\\War3.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe"= D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe"= D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\AIM\\aim.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Cat 5.16.0\\code\\5.16.0\\intel_a\\code\\bin\\CNEXT.exe"=
"C:\\Cat 5.16.0\\code\\5.16.0\\intel_a\\code\\bin\\orbixd.exe"=
"D:\\Program Files\\Naviter\\SeeYou\\SeeYou.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"D:\\Program Files\\Postal2STP\\System\\Postal2.exe"=
"D:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 BBDemon;Backbone Service;"C:\Cat 5.16.0\code\5.16.0\intel_a\code\bin\CATSysDemon.exe" -service []
S2 PPSCAN;PPSCAN;D:\WINDOWS\system32\drivers\PPSCAN.sys [1998-02-20 15:37]
S3 LUMDriver;LUMDriver;D:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 14:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8fb041-47eb-11da-8bab-806d6172696f}]
\Shell\AutoRun\command - Z:\Setup.bat

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-16 14:11:17 D:\WINDOWS\Tasks\XoftSpySE 2.job"
- D:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-01 02:17:15 D:\WINDOWS\Tasks\XoftSpySE.job"
- D:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 16:20:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-16 16:21:22
ComboFix-quarantined-files.txt 2008-06-16 14:21:16
ComboFix2.txt 2008-06-14 13:09:36
ComboFix3.txt 2008-06-08 14:10:36

Pre-Run: 36,234,657,792 bytes free
Post-Run: 36,223,442,944 bytes free

410 --- E O F --- 2008-06-16 09:44:57

Réponse 15 / 20

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Yop,

Comment vas?

Ou en sont tes soucis?

A+

Rhakzi Messages postés 36 Statut Membre

J'ai l'impression que tout marche.

Réponse 16 / 20

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Tu vérifies et tu me confirmes que tout est ok?

Bonne soirée.

Réponse 17 / 20

Rhakzi

L'anti-virus ne braille pas. Tout à l'air bon.

Réponse 18 / 20

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Ok, Crée un nouveau point de restauration.
Au fait, qu'as tu installé comme Antivirus?

A+

Rhakzi Messages postés 36 Statut Membre

C'est quoi un point de restauration et comment on fait pour en créer un?

J'ai installé Avira Antivir, la version gratuite.

Réponse 19 / 20

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Ok très bien.

Si tu ne l'as pas fais, tu peux supprimer les outils de diagnostics que l'on a utilisé.
Pour le lancer il faut donc cliquer successivement sur Démarrer > Tous les programmes > Accessoires > Outils Système > Restauration du système.
Sélectionne "Créer un point de restauration".
Attribuez lui un nom assez parlant comme suggéré avant de cliquer sur créer. Par exemple: Après désinfection sur CCM.

La présence de la date est de l'heure a pour but de vous aider à retrouver et différencier les points de restauration existants. Il ne reste plus qu'à fermer l'assistant.

Et voilà :-)

Rhakzi Messages postés 36 Statut Membre

Point de restauration crée =D

Réponse 20 / 20

Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention 1 322

Impec,

Bonne continuation :-)

Discussions similaires

Softonic,est-ce un virus ?

Désinstaller Softonic

virus Artemis!

Message Apple virus !!

Noyé dans les virus, spyware, etc...

20 réponses

Votre réponse

Discussions similaires

Newsletters