Probleme d'injection de code

resalut, desolé ca prend du temps je jongle entre les 2 ordinateurs
Je te remercie de t'occuper de mon cas en tout cas

Alors ca y est il a fini et voici le rapport:

VundoFix V7.0.6

Scan started at 10:44:59 PM 7/3/2008

Listing files found while scanning....

C:\Windows\system32\efcBrolJ.dll
C:\Windows\system32\flqsbrhw.dll
C:\Windows\system32\geBrOgGA.dll
C:\Windows\system32\ggpywqdh.dll
C:\Windows\system32\hdqwypgg.ini
C:\Windows\system32\heqlrpqu.dll
C:\Windows\system32\ifrtpjnu.dll
C:\Windows\system32\JlorBcfe.ini
C:\Windows\system32\JlorBcfe.ini2
C:\Windows\system32\kltlaycc.dll
C:\Windows\system32\oxhqxbee.dll
C:\Windows\system32\scxnam.dll
C:\Windows\system32\uqprlqeh.ini
C:\Windows\system32\wgpfaf.dll
C:\Windows\system32\xxyvuUnN.dll

Beginning removal...

Attempting to delete C:\Windows\system32\efcBrolJ.dll
C:\Windows\system32\efcBrolJ.dll Has been deleted!

Attempting to delete C:\Windows\system32\flqsbrhw.dll
C:\Windows\system32\flqsbrhw.dll Has been deleted!

Attempting to delete C:\Windows\system32\geBrOgGA.dll
C:\Windows\system32\geBrOgGA.dll Could not be deleted.

Attempting to delete C:\Windows\system32\ggpywqdh.dll
C:\Windows\system32\ggpywqdh.dll Has been deleted!

Attempting to delete C:\Windows\system32\hdqwypgg.ini
C:\Windows\system32\hdqwypgg.ini Has been deleted!

Attempting to delete C:\Windows\system32\heqlrpqu.dll
C:\Windows\system32\heqlrpqu.dll Could not be deleted.

Attempting to delete C:\Windows\system32\ifrtpjnu.dll
C:\Windows\system32\ifrtpjnu.dll Has been deleted!

Attempting to delete C:\Windows\system32\JlorBcfe.ini
C:\Windows\system32\JlorBcfe.ini Has been deleted!

Attempting to delete C:\Windows\system32\JlorBcfe.ini2
C:\Windows\system32\JlorBcfe.ini2 Has been deleted!

Attempting to delete C:\Windows\system32\kltlaycc.dll
C:\Windows\system32\kltlaycc.dll Has been deleted!

Attempting to delete C:\Windows\system32\oxhqxbee.dll
C:\Windows\system32\oxhqxbee.dll Could not be deleted.

Attempting to delete C:\Windows\system32\scxnam.dll
C:\Windows\system32\scxnam.dll Has been deleted!

Attempting to delete C:\Windows\system32\uqprlqeh.ini
C:\Windows\system32\uqprlqeh.ini Has been deleted!

Attempting to delete C:\Windows\system32\wgpfaf.dll
C:\Windows\system32\wgpfaf.dll Has been deleted!

Attempting to delete C:\Windows\system32\xxyvuUnN.dll
C:\Windows\system32\xxyvuUnN.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\Windows\system32\geBrOgGA.dll
C:\Windows\system32\geBrOgGA.dll Could not be deleted.

Attempting to delete C:\Windows\system32\heqlrpqu.dll
C:\Windows\system32\heqlrpqu.dll Has been deleted!

Attempting to delete C:\Windows\system32\oxhqxbee.dll
C:\Windows\system32\oxhqxbee.dll Has been deleted!

Performing Repairs to the registry.
Done!


Par contre quand j'ai redemarre il me dit que les 2 derniers fichiers manquent sur mon ordi!!!!!
Est ce normal??

Voici le rapport,
Mais apres avoir marche quelques minutes (je parle d'internet ) j'ai de nouveau le meme probleme qu'avant (kerio me dit encore qu'il y a une injection)

Logfile of HijackThis v1.99.1
Scan saved at 11:34:26 PM, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
D:\Eset\nod32kui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Cyberlink\Shared Files\brs.exe
D:\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
D:\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe
C:\WINDOWS\system32\spoolsv.exe
D:\MSI\Core Center\CoreCenter.exe
D:\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
D:\MagicDisc\MagicDisc.exe
D:\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
D:\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\CDBurnerXP\NMSAccessU.exe
D:\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
D:\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
D:\Ac Browser Plus\ACB.exe
C:\DOCUME~1\Jeso\LOCALS~1\Temp\$ACB$\ACB03\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10A0964C-80E6-49B9-9611-74AA87DA0531} - C:\WINDOWS\system32\qoMeFyvV.dll
O2 - BHO: (no name) - {25D6F5B5-593A-464B-8CC0-3C11822259E6} - (no file)
O2 - BHO: {48867920-25e2-bdb9-ee54-15ffa6019f93} - {39f9106a-ff51-45ee-9bdb-2e5202976884} - C:\WINDOWS\system32\thnrii.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79E9BB14-A5F2-46E0-B996-FB3D571DD3E1} - C:\WINDOWS\system32\geBrOgGA.dll
O2 - BHO: (no name) - {ADBEE84F-8905-4642-8A29-90D1C5B6D92f} - C:\WINDOWS\system32\eybjhglm.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "D:\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] D:\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] D:\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [8c20be8f] rundll32.exe "C:\WINDOWS\system32\ildjfurx.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpriteService] "C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe"
O4 - Startup: MagicDisc.lnk = D:\MagicDisc\MagicDisc.exe
O4 - Global Startup: CoreCenter.lnk = D:\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Sitecom USB Wireless LAN Utility.lnk = D:\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: esentprf32 - C:\WINDOWS\SYSTEM32\esentprf32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: MySQL - Unknown owner - D:\MySQL\MySQL.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - D:\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Jeso\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Et voila le rapport!
Qu'en penses tu?

ComboFix 08-07-02.5 - Jeso 2008-07-04 0:03:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1539 [GMT 2:00]
Running from: C:\Documents and Settings\Jeso\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM8f138d13.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\eybjhglm.dll
C:\WINDOWS\system32\geBrOgGA.dll
C:\WINDOWS\system32\ildjfurx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\qoMeFyvV.dll
C:\WINDOWS\system32\thnrii.dll
C:\WINDOWS\system32\uefhifcs.ini
C:\WINDOWS\system32\vqyefsco.dll
C:\WINDOWS\system32\VvyFeMoq.ini
C:\WINDOWS\system32\VvyFeMoq.ini2
C:\WINDOWS\system32\waipwlne.ini
C:\WINDOWS\system32\xrufjdli.ini
N:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 )))))))))))))))))))))))))))))))
.

2008-07-03 22:44 . 2008-07-03 23:24 <DIR> d-------- C:\VundoFix Backups
2008-07-02 21:37 . 2008-07-02 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lionhead Studios
2008-07-01 21:54 . 2008-07-02 04:52 <DIR> d-------- C:\Program Files\Navilog1
2008-07-01 08:42 . 2008-07-03 09:57 110,419 --a------ C:\WINDOWS\BM8f138d13.xml
2008-06-30 21:15 . 2008-06-30 21:22 <DIR> d-------- C:\Documents and Settings\Jeso\Application Data\SoftMaker
2008-06-30 20:09 . 2008-06-30 20:09 <DIR> d--h----- C:\Documents and Settings\Jeso\Application Data\IFViewer
2008-06-24 08:52 . 2008-06-24 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-24 08:45 . 2008-06-24 08:52 <DIR> d-------- C:\Program Files\Bonjour
2008-06-24 08:37 . 2008-06-24 08:37 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-21 19:53 . 2008-06-21 19:53 <DIR> d-------- C:\Documents and Settings\Jeso\WINDOWS
2008-06-21 19:53 . 1997-05-12 17:53 314,368 --a------ C:\WINDOWS\uninst.exe
2008-06-19 22:07 . 2008-06-19 22:07 12,499 --a------ C:\WINDOWS\system32\Seagate.bin
2008-06-19 20:16 . 2008-06-19 20:32 <DIR> d-------- C:\Documents and Settings\Jeso\avidemux
2008-06-19 19:35 . 2008-06-19 19:35 <DIR> d-------- C:\Documents and Settings\Jeso\Application Data\Idruna
2008-06-19 07:25 . 2008-04-14 13:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-19 07:25 . 2008-04-14 13:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 21:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-02 20:44 --------- d-----w C:\Documents and Settings\Jeso\Application Data\Newsbin
2008-07-02 18:39 --------- d-----w C:\Documents and Settings\Jeso\Application Data\Lionhead Studios
2008-06-30 21:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-29 10:51 --------- d-----w C:\Documents and Settings\Jeso\Application Data\foobar2000
2008-06-24 06:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-22 07:42 2,405 ----a-w C:\WINDOWS\PIF\DOTT.PIF
2008-06-21 17:09 --------- d-----w C:\Documents and Settings\Jeso\Application Data\AdobeUM
2008-06-19 19:48 --------- d-----w C:\Documents and Settings\Jeso\Application Data\gtk-2.0
2008-05-24 17:21 --------- d-----w C:\Documents and Settings\Jeso\Application Data\Apple Computer
2008-05-24 17:14 --------- d-----w C:\Program Files\Apple Software Update
2008-05-24 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-24 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-20 18:26 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-20 18:26 249,856 ------w C:\WINDOWS\Setup1.exe
2008-05-17 09:38 --------- d-----w C:\Documents and Settings\Jeso\Application Data\NewsLeecher
2008-05-08 12:14 203,008 ------w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 03:35 827,392 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-12 12:15 348,160 ----a-w C:\WINDOWS\MSVCR71.DLL
2008-04-12 12:15 1,060,864 ----a-w C:\WINDOWS\MFC71.DLL
2008-04-12 12:14 49,152 ----a-w C:\WINDOWS\SimTestDll.dll
2008-03-23 10:55 3,766 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-03-23 10:48 88 --sh--r C:\Documents and Settings\All Users\Application Data\1E286CEFAF.sys
2008-01-03 23:33 22,328 ----a-w C:\Documents and Settings\Jeso\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [2007-10-15 17:57 1025264]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 05:40 86960]
"H/PC Connection Agent"="D:\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 21:21 1204224]
"SpriteService"="C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe" [2006-07-27 09:49 544768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nod32kui"="D:\Eset\nod32kui.exe" [2007-12-08 23:31 949376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2007-11-16 20:20 91432]
"RemoteControl"="D:\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 10:35 72736]
"LanguageShortcut"="D:\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 13:06 62760]
"QuickTime Task"="D:\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 15:20 16844800 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="D:\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

C:\Documents and Settings\Jeso\Start Menu\Programs\Startup\
MagicDisc.lnk - D:\MagicDisc\MagicDisc.exe [2007-12-09 11:47:54 557568]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
CoreCenter.lnk - D:\MSI\Core Center\CoreCenter.exe [2007-12-08 23:42:10 932864]
Sitecom USB Wireless LAN Utility.lnk - D:\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe [2007-12-08 23:45:40 3477504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
2006-07-23 00:49 5376 C:\WINDOWS\system32\antiwpa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\esentprf32]
2004-11-22 07:58 8704 C:\WINDOWS\system32\esentprf32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"MSVideo"= CxCap.drv
"msvideo1"= CxCap.drv
"msvideo2"= CxCap.drv
=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
--a------ 2008-01-16 18:19 72192 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2007-10-07 16:43 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\neuf talk]
--a------ 2005-11-15 21:21 1204224 D:\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 11:12 695808 D:\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"D:\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"D:\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"D:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"D:\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"D:\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"D:\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"D:\\VoipCheapCom\\VoipCheapCom.exe"=
"D:\Microsoft ActiveSync\rapimgr.exe"= D:\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"D:\Microsoft ActiveSync\wcescomm.exe"= D:\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"D:\Microsoft ActiveSync\WCESMgr.exe"= D:\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"D:\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"8285:TCP"= 8285:TCP:messenger
"4273:TCP"= 4273:TCP:messenger

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 19:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 19:01]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};D:\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 01:12]
R2 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-01-16 18:19]
R2 NMSAccessU;NMSAccessU;D:\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34]
R3 PCAlertDriver;PCAlertDriver;D:\MSI\Core Center\NTGLM7X.sys [2006-10-24 17:21]
R3 RushTopDevice;RushTopDevice;D:\MSI\Core Center\RushTop.sys [2006-12-19 11:49]
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" []
S2 SessionLauncher;SessionLauncher;C:\DOCUME~1\Jeso\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 Jukebox3_1394;Jukebox3_1394;C:\WINDOWS\system32\DRIVERS\ctpd1394.sys [2003-10-23 02:23]
S3 NPF;WinPcap Packet Driver (NPF);C:\WINDOWS\system32\drivers\NPF.sys [2007-11-19 05:31]
S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-07-05 23:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a4ecb40-c65a-11dc-81df-000cf6111c39}]
\Shell\AutoRun\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4053ce9d-a5d4-11dc-b2ba-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

*Newly Created Service* - NVR0DEV
*Newly Created Service* - PCALERTDRIVER
*Newly Created Service* - RUSHTOPDEVICE
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-8c20be8f - C:\WINDOWS\system32\ildjfurx.dll
MSConfigStartUp-Creative Detector - D:\Creative\MediaSource\Detector\CTDetect.exe
MSConfigStartUp-CTSyncU - C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
MSConfigStartUp-RoxWatchTray - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
MSConfigStartUp-POINTER - point32.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 00:11:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
"ImagePath"="\"D:\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"D:\MySQL\MySQL Server 5.0\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\D:\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
------------------------ Other Running Processes ------------------------
.
D:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
D:\MICROS~3\rapimgr.exe
D:\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
D:\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-07-04 0:14:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-03 22:14:01

Pre-Run: 6,560,628,736 bytes free
Post-Run: 6,416,912,384 bytes free

218 --- E O F --- 2008-06-19 17:59:23

A+