Win32/Adware.Agent.NFX

Salut

il te le détecte où ??

Télécharge ceci :

Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.


++
Le moyen d'aimer une chose est de se dire qu'on pourrait la perdre (Gilbert Keith Chesterton)

Voici le rapport de hijackthis de mon système et merci de ton coup de main green day.

Scan saved at 17:49:23, on 27/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\lxczcoms.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Jonathan\Bureau\nod32kui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&­lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skynet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {AC546B33-036A-41DA-B1CC-C1D15659520E} - C:\WINDOWS\movctrlflm.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [starter] scvhostingg.exe
O4 - HKLM\..\Run: [SystemControler] syscon.exe
O4 - HKLM\..\Run: [Microsofts media] wingtp.exe
O4 - HKLM\..\Run: [Msn Plug] msnplus.exe
O4 - HKLM\..\Run: [Service Pack 2] usbdrvs.exe
O4 - HKLM\..\Run: [Windows Utility Manager] msgplus.exe
O4 - HKLM\..\Run: [McAfee Windows Protection] mcafee32.exe
O4 - HKLM\..\Run: [Windows Network Controller] winmms32.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\System32\Utility.exe \1008
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [*Microsoft Update] wucxt.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [h39WtF44] C:\WINDOWS\bacjhdk.exe
O4 - HKLM\..\Run: [h$vùõš/‚²�ÆßfÏNb­»C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\bacjhdk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Overnet] C:\Program Files\Overnet\eDonkey2000.exe -t
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~3\bdswitch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [] zzcatQQ.exe
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~4\bdmcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\DefenseNetSurfage\mc.exe" dm=http://defensenetsurfage.com; ad=http://defensenetsurfage.com
O4 - HKLM\..\Run: [ugdccw] "C:\PROGRA~1\DEFENS~1\UGDCcw.exe" -start
O4 - HKLM\..\RunServices: [starter] scvhostingg.exe
O4 - HKLM\..\RunServices: [SystemControler] syscon.exe
O4 - HKLM\..\RunServices: [Microsofts media] wingtp.exe
O4 - HKLM\..\RunServices: [Msn Plug] msnplus.exe
O4 - HKLM\..\RunServices: [Service Pack 2] usbdrvs.exe
O4 - HKLM\..\RunServices: [Windows Utility Manager] msgplus.exe
O4 - HKLM\..\RunServices: [McAfee Windows Protection] mcafee32.exe
O4 - HKLM\..\RunServices: [Windows Network Controller] winmms32.exe
O4 - HKLM\..\RunServices: [*Microsoft Update] wucxt.exe
O4 - HKLM\..\RunServices: [] zzcatQQ.exe
O4 - HKCU\..\Run: [starter] scvhostingg.exe
O4 - HKCU\..\Run: [Msn Plug] msnplus.exe
O4 - HKCU\..\Run: [Service Pack 2] usbdrvs.exe
O4 - HKCU\..\Run: [Windows Utility Manager] msgplus.exe
O4 - HKCU\..\Run: [Windows Network Controller] winmms32.exe
O4 - HKCU\..\Run: [McAfee Windows Protection] mcafee32.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [filecroc] "C:\Program Files\FileCroc\FileCroc.exe" -h
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [] zzcatQQ.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [DefenseNetSurfage] C:\Program Files\DefenseNetSurfage\GDC.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\RunServices: [Service Pack 2] usbdrvs.exe
O4 - HKCU\..\RunServices: [] zzcatQQ.exe
O4 - HKLM\..\Policies\Explorer\Run: [*Microsoft Update] wucxt.exe
O4 - HKCU\..\Policies\Explorer\Run: [*Microsoft Update] wucxt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Service Pack 2] usbdrvs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [*windows update] wsctl.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Utility Manager] msgplus.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [McAfee Windows Protection] mcafee32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Network Controller] winmms32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Task Manager] taskmgrs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [*Microsoft Update] wucxt.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] zzcatQQ.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [starter] scvhostingg.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Service Pack 2] usbdrvs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [*windows update] wsctl.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [starter] scvhostingg.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Service Pack 2] usbdrvs.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [*windows update] wsctl.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Analyser avec LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O8 - Extra context menu item: Télécharger en utilisant l'assistant LeechGet - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Télécharger en utilisant LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (file missing) (HKCU)
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/O­CI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {DE910060-8EFB-44B9-B492-75180696643F} - http://www.hotsearchbar.com/toolbar30/hsrb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A396A7C-5BBA-4ACF-BE6E-5­F3100B55192}: NameServer = 195.238.2.21 195.238.2.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A396A7C-5BBA-4ACF-BE6E-5­F3100B55192}: NameServer = 195.238.2.21 195.238.2.22
O21 - SSODL: ocgrep - {748121FF-A994-4DAD-9DF4-7A81DD7F801A} - C:\WINDOWS\ocgrep.dll
O21 - SSODL: bxsbang - {6B1BDD5D-8F96-4274-918B-B2FDBB98C075} - C:\WINDOWS\bxsbang.dll (file missing)
O21 - SSODL: msmhost - {E195C17E-3376-4521-961E-69372FC2D3D8} - C:\WINDOWS\msmhost.dll (file missing)
O21 - SSODL: msmdev - {AFDABC11-26ED-4210-B908-1A7E0F093095} - C:\WINDOWS\msmdev.dll (file missing)
O23 - Service: *Microsoft Update - Unknown owner - C:\WINDOWS\System32\wucxt.exe (file missing)
O23 - Service: *windows update - Unknown owner - C:\WINDOWS\System32\wsctl.exe (file missing)
O23 - Service: lxcz_device - - C:\WINDOWS\System32\lxczcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: starter (Protector) - Unknown owner - C:\WINDOWS\System32\scvhostingg.exe (file missing)
O23 - Service: Windows Utility Manager (Sms Systems) - Unknown owner - C:\WINDOWS\System32\msgplus.exe (file missing)
End of file - 11816 bytes

Euh green day si tu pouvais me répondre avant la fin de l'année 2032 ça me ferait bien plaisir car apparemment j' en ai de plus en plus de ces m..des donc si tu povais me renseigner vite ça m'arrangerais mais si quelqu'un d'autre se porte volontaire je ne demande pas mieux.


Merci d'avance et une réponse s'il vous plaît j' en ai besoin.

Salut :-)

Lol ! désolée, j'ai étais très très prise ! :)


Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

++
Le moyen d'aimer une chose est de se dire qu'on pourrait la perdre (Gilbert Keith Chesterton)

D'accord mais comment redémarre-t-on en mode sans échec ?

re

oubli combo, il est indisponible pour le moment !

Télécharge GenProc de (Narco4 & jean-chretien1) sur ton Bureau.
Dézippe le dossier: clic droit dessus > Extraire ici ou Tout Extrait.
Ouvre le dossier jaune GenProc sur ton Bureau > double-clique sur GenProc.bat
Suis les instructions ...
Poste ici le rapport qui sera généré.

Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html


++
Le moyen d'aimer une chose est de se dire qu'on pourrait la perdre (Gilbert Keith Chesterton)

Voici green day le rapport que tu m'as demander hier avec GenProc:



Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

# Etape 1/ Télécharge :

- SDfix http://downloads.andymanchesta.com/RemovalTools/SDFix.exe (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

- MSNFix.zip (de !aur3n7) http://sosvirus.changelog.fr/MSNFix.zip et décompresse-le sur le Bureau.


***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici http://www.microsoft.com/... (choisis ta session courante "Jonathan") *****


# Etape 2/

Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur "RunThis.bat" pour lancer le script.
- Appuie sur "Y" pour commencer le processus de nettoyage.
- Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
- Appuie sur une touche pour redémarrer le PC.
- Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
- Après le chargement du Bureau, l'outil terminera son travail et affichera "Finished".
- Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
- Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom "Report.txt".
~ Le fichier "SDFIX_README.htm" (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
~ Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésite donc pas à télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.

# Etape 3/

Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
- Exécute l'option R.
- Si l'infection est détectée, exécute l'option N.
- Sauvegarde ce rapport sur ton bureau.

# Etape 4/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 5/

Redémarre normalement et poste :
- Un nouveau rapport HijackThis, toutes fenêtres et applications fermées http://www.trendsecure.com/portal/en-US/threat_analytics/HiJ­ackThis.exe ;
- Le contenu du fichier Report.txt ;
- Le contenu du rapport MSNfix situé sur le Bureau ;


Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

Yop !

on va suivre les recommandations !

suffit de faire ce que dit le rapport ;-)

++
Le moyen d'aimer une chose est de se dire qu'on pourrait la perdre (Gilbert Keith Chesterton)

Voilà green day j'ai suivi à la lettre les diffèrentes procédures et j'espère que cela à porter ses fruits.

Voici d'abord le nouveau rapport de hijack this:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:51:51, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\lxczcoms.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Jonathan\Bureau\nod32kui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skynet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SystemControler] syscon.exe
O4 - HKLM\..\Run: [Microsofts media] wingtp.exe
O4 - HKLM\..\Run: [Msn Plug] msnplus.exe
O4 - HKLM\..\Run: [Windows Utility Manager] msgplus.exe
O4 - HKLM\..\Run: [McAfee Windows Protection] mcafee32.exe
O4 - HKLM\..\Run: [Windows Network Controller] winmms32.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\System32\Utility.exe \1008
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [*Microsoft Update] wucxt.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [h39WtF44] C:\WINDOWS\bacjhdk.exe
O4 - HKLM\..\Run: [h$vùõš/‚²�ÆßfÏNb­»C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\bacjhdk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Overnet] C:\Program Files\Overnet\eDonkey2000.exe -t
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~3\bdswitch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~4\bdmcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\DefenseNetSurfage\mc.exe" dm=http://defensenetsurfage.com; ad=http://defensenetsurfage.com
O4 - HKLM\..\RunServices: [SystemControler] syscon.exe
O4 - HKLM\..\RunServices: [Microsofts media] wingtp.exe
O4 - HKLM\..\RunServices: [Msn Plug] msnplus.exe
O4 - HKLM\..\RunServices: [Windows Utility Manager] msgplus.exe
O4 - HKLM\..\RunServices: [McAfee Windows Protection] mcafee32.exe
O4 - HKLM\..\RunServices: [Windows Network Controller] winmms32.exe
O4 - HKLM\..\RunServices: [*Microsoft Update] wucxt.exe
O4 - HKCU\..\Run: [Msn Plug] msnplus.exe
O4 - HKCU\..\Run: [Windows Utility Manager] msgplus.exe
O4 - HKCU\..\Run: [Windows Network Controller] winmms32.exe
O4 - HKCU\..\Run: [McAfee Windows Protection] mcafee32.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [filecroc] "C:\Program Files\FileCroc\FileCroc.exe" -h
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [DefenseNetSurfage] C:\Program Files\DefenseNetSurfage\GDC.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\RunServices: [Service Pack 2] usbdrvs.exe
O4 - HKCU\..\RunServices: [] zzcatQQ.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [*windows update] wsctl.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Utility Manager] msgplus.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [McAfee Windows Protection] mcafee32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Network Controller] winmms32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Task Manager] taskmgrs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [*Microsoft Update] wucxt.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [starter] scvhostingg.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Service Pack 2] usbdrvs.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [starter] scvhostingg.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Service Pack 2] usbdrvs.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Analyser avec LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O8 - Extra context menu item: Télécharger en utilisant l'assistant LeechGet - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Télécharger en utilisant LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (file missing) (HKCU)
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/O­CI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {DE910060-8EFB-44B9-B492-75180696643F} - http://www.hotsearchbar.com/toolbar30/hsrb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A396A7C-5BBA-4ACF-BE6E-5­F3100B55192}: NameServer = 195.238.2.21 195.238.2.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A396A7C-5BBA-4ACF-BE6E-5­F3100B55192}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: *Microsoft Update - Unknown owner - C:\WINDOWS\System32\wucxt.exe (file missing)
O23 - Service: *windows update - Unknown owner - C:\WINDOWS\System32\wsctl.exe (file missing)
O23 - Service: lxcz_device - - C:\WINDOWS\System32\lxczcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: starter (Protector) - Unknown owner - C:\WINDOWS\System32\scvhostingg.exe (file missing)
O23 - Service: Windows Utility Manager (Sms Systems) - Unknown owner - C:\WINDOWS\System32\msgplus.exe (file missing)
End of file - 9880 bytes

Ensuite le report.txt:

SDFix: Version 1.115


Run by Jonathan on jeu. 22/11/2007 at 17:29

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\Jonathan\Bureau\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\R.EXE - Deleted
C:\WINDOWS\SYSTEM32\SVHOST.EXE - Deleted
C:\DFR2E10.TMP - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\system32\aspr_keys.ini - Deleted
C:\WINDOWS\system32\bling.exe - Deleted
C:\WINDOWS\system32\i - Deleted
C:\WINDOWS\system32\o - Deleted
C:\WINDOWS\system32\r.exe - Deleted
C:\WINDOWS\system32\svhost.exe - Deleted
C:\WINDOWS\system32\TFTP1064 - Deleted
C:\WINDOWS\system32\TFTP1204 - Deleted
C:\WINDOWS\system32\TFTP1628 - Deleted
C:\WINDOWS\system32\TFTP1956 - Deleted
C:\WINDOWS\system32\TFTP2696 - Deleted
C:\WINDOWS\system32\TFTP2984 - Deleted
C:\WINDOWS\system32\TFTP3332 - Deleted
C:\WINDOWS\system32\TFTP3348 - Deleted
C:\WINDOWS\system32\TFTP3400 - Deleted
C:\WINDOWS\system32\TFTP3472 - Deleted
C:\WINDOWS\system32\TFTP3496 - Deleted
C:\WINDOWS\system32\TFTP3728 - Deleted
C:\WINDOWS\system32\TFTP3732 - Deleted
C:\WINDOWS\system32\TFTP3768 - Deleted
C:\WINDOWS\system32\TFTP4936 - Deleted
C:\WINDOWS\system32\TFTP5304 - Deleted
C:\WINDOWS\system32\TFTP6564 - Deleted
C:\WINDOWS\system32\TFTP7948 - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2007-11-22 17:34:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventl­og\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system3­2\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\syst­em32\ESENT.dll"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shared­access\parameters\firewallpolicy\standardprofile\authorizeda­pplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\­system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\messenger\\msmsgs.exe"="C:\\Program Files\\messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shared­access\parameters\firewallpolicy\domainprofile\authorizedapp­lications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\­system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\Jonathan\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 11 Mar 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 1 Mar 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv10.bak"
Thu 10 Mar 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Thu 10 Mar 2005 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Thu 10 Mar 2005 400 A.SH. --- "C:\Documents and Settings\All Users\DRM\v3ks.bla.bak"
Tue 2 Jan 2007 20,992 ...H. --- "C:\Documents and Settings\patricia\Mes documents\~WRL2770.tmp"
Wed 14 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 31 Oct 2007 388,090 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT10.tmp"
Sat 27 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT139C.tmp"
Sat 27 Oct 2007 388,090 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT139D.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT16.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT2.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT21.tmp"
Wed 31 Oct 2007 388,090 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT22.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT23.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT24.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT25.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT26.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT27.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT28.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT29.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT2A.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT2B.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT2C.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT2D.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT2E.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT2F.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT3.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT30.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT31.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT32.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT33.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT34.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT35.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT36.tmp"
Tue 13 Nov 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT37.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT38.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT39.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT3A.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT3B.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT3C.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT3D.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT3E.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT3F.tmp"
Mon 29 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT4.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT40.tmp"
Tue 13 Nov 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT41.tmp"
Tue 13 Nov 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT42.tmp"
Tue 13 Nov 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT43.tmp"
Tue 13 Nov 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT44.tmp"
Tue 13 Nov 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT45.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT46.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT47.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT48.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT49.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT4A.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT4B.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT4C.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT4D.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT4E.tmp"
Thu 25 Oct 2007 388,090 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT4F.tmp"
Mon 29 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT5.tmp"
Wed 24 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT51.tmp"
Sat 27 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT54.tmp"
Mon 29 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT6.tmp"
Wed 8 Aug 2007 85,946 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT7.tmp"
Wed 24 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT76.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT8.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BIT9.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BITA.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BITB.tmp"
Wed 24 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BITBB.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BITC.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BITD.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BITE.tmp"
Wed 24 Oct 2007 388,090 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BITE4.tmp"
Wed 31 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BITF.tmp"
Thu 25 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BITF4.tmp"
Sat 27 Oct 2007 0 A..H. --- "C:\Documents and Settings\patricia\Local Settings\Temp\BITF5.tmp"
Mon 29 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\388e66e644283­db0233c4a98f2fd08a0\BIT27.tmp"
Mon 23 Apr 2007 19,456 ...H. --- "C:\Documents and Settings\Jonathan\Application Data\Microsoft\Word\~WRL0005.tmp"
Mon 23 Apr 2007 23,552 ...H. --- "C:\Documents and Settings\Jonathan\Application Data\Microsoft\Word\~WRL1507.tmp"
Sun 25 Feb 2007 19,968 ...H. --- "C:\Documents and Settings\patricia\Application Data\Microsoft\Word\~WRL0004.tmp"
Sun 25 Feb 2007 20,992 ...H. --- "C:\Documents and Settings\patricia\Application Data\Microsoft\Word\~WRL0273.tmp"
Tue 2 Jan 2007 19,456 ...H. --- "C:\Documents and Settings\patricia\Application Data\Microsoft\Word\~WRL0459.tmp"
Sun 25 Feb 2007 21,504 ...H. --- "C:\Documents and Settings\patricia\Application Data\Microsoft\Word\~WRL0904.tmp"

Finished!

Et enfin le papport MSNfix:

MSNFix 1.588


C:\Documents and Settings\Jonathan\Bureau\MSNFix
Fix exécuté le jeu. 22/11/2007 - 17:43:59,92 By Jonathan
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

Aucun dossier trouvé


************************ Fichiers suspects

Aucun Fichier trouvé



------------------------------------------------------------­------------
Auteur : !aur3n7 Contact:
------------------------------------------------------------­------------

--------------------------------------------- END ---------------------------------------------

Voilà j'espère vraiment que c'est terminer mais si il y a toujours un problème avertit moi au plus vite.Merci

Salut

on a pas encore fini !

poste un rapport combo stp ! il est a nouveau disponible

++
Le moyen d'aimer une chose est de se dire qu'on pourrait la perdre (Gilbert Keith Chesterton)

Voici le rapport de ComboFix que tu m' as demander hier green day:

ComboFix 07-11-19.3 - Jonathan 2007-11-23 17:08:31.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.624 [GMT 1:00]
Running from: C:\Documents and Settings\Jonathan\Mes documents\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FMTR


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-23 to 2007-11-23 ))))))))))))))))))))))))))))))))))))
.

2007-11-22 17:28 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-14 18:18 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-11-14 18:18 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2007-11-14 17:56 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysma­in.sdb
2007-11-14 17:56 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp­.sdb
2007-11-14 17:56 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp­.sdb
2007-11-14 17:55 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-11-14 17:54 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-11-14 17:54 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF­
2007-10-27 19:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.­sys
2007-10-27 19:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.ex­e
2007-10-27 19:14 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.d­ll
2007-10-27 17:33 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.­dll
2007-10-27 13:57 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2007-10-26 18:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-26 18:52 <REP> d-------- C:\WINDOWS\provisioning
2007-10-26 18:52 <REP> d-------- C:\WINDOWS\peernet
2007-10-26 18:48 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-10-26 18:28 <REP> d-------- C:\WINDOWS\EHome
2007-10-25 17:07 <REP> d-------- C:\Program Files\CCleaner
2007-10-25 16:59 <REP> d-------- C:\Program Files\Trend Micro
2007-10-25 16:38 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-25 16:38 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-25 16:35 <REP> d-------- C:\Program Files\RogueRemover FREE
2007-10-24 16:46 <REP> d-------- C:\Program Files\Lavasoft
2007-10-24 16:04 <REP> d-------- C:\Documents and Settings\patricia\Application Data\ProtectionConue
2007-10-23 17:02 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\DefenseNetSurfage
2007-10-23 16:40 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\ProtectionConue
2007-10-23 16:39 <REP> d-------- C:\Program Files\Fichiers communs\ProtectionConue
2007-10-23 16:39 <REP> d-------- C:\Program Files\Fichiers communs\DefenseNetSurfage

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-22 18:47 --------- d-----w C:\Program Files\SpywareBlaster
2007-11-22 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-19 16:21 --------- d-----w C:\Documents and Settings\patricia\Application Data\FaxCtr
2007-11-03 16:11 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Vso
2007-10-27 12:59 --------- d-----w C:\Program Files\MSN Messenger
2007-10-24 15:47 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Lavasoft
2007-10-22 16:02 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Syntrillium
2007-10-18 16:33 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-18 16:33 249,856 ------w C:\WINDOWS\Setup1.exe
2007-10-15 15:23 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2007-10-13 18:08 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\AVS4YOU
2007-10-13 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-10-06 16:33 --------- d-----w C:\Program Files\LimeWire
2007-09-28 15:20 --------- d-----w C:\Program Files\Fichiers communs\PrintFit Shared
2007-09-27 17:35 --------- d-----w C:\Program Files\Everest Poker
2007-05-24 12:06 81,920 ----a-w C:\Documents and Settings\Jonathan\Application Data\ezpinst.exe
2007-05-24 12:06 47,360 ----a-w C:\Documents and Settings\Jonathan\Application Data\pcouffin.sys
2006-08-03 16:06 323 ----a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion­\Run]
"Msn Plug"="msnplus.exe" []
"Windows Utility Manager"="msgplus.exe" []
"Windows Network Controller"="winmms32.exe" []
"McAfee Windows Protection"="mcafee32.exe" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 00:04]
"filecroc"="C:\Program Files\FileCroc\FileCroc.exe" []
"ares"="C:\Program Files\Ares\Ares.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" []
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" []
"Pando"="C:\Program Files\Pando Networks\Pando\pando.exe" []
"DefenseNetSurfage"="C:\Program Files\DefenseNetSurfage\GDC.exe" []
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MIC­ROS~1\DW\dwtrig20.exe" [2005-04-25 13:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion­\RunServices]
"Service Pack 2"="usbdrvs.exe" []
"@"="zzcatQQ.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Run]
"SystemControler"="syscon.exe" []
"Microsofts media"="wingtp.exe" []
"Msn Plug"="msnplus.exe" []
"Windows Utility Manager"="msgplus.exe" []
"McAfee Windows Protection"="mcafee32.exe" []
"Windows Network Controller"="winmms32.exe" []
"Outpost Firewall"="C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.ex­e" []
"CloseDNF"="C:\WINDOWS\System32\Utility.exe&q­uot; []
"AME_CSA"="amecsa.cpl" []
"*Microsoft Update"="wucxt.exe" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"h39WtF44"="C:\WINDOWS\bacjhdk.exe" []
"h$vùõš/‚²�ÆßfÏNb­»C:\Program Files\ISTsvc\istsvc.exe"="C:\WINDOWS\bacjhdk.exe&q­uot; []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" []
"Overnet"="C:\Program Files\Overnet\eDonkey2000.exe" []
"BDSwitchAgent"="C:\PROGRA~1\softwin\BITDEF~3­\bdswitch.exe" []
"NeroFilterCheck"