zoupet

ComboFix 10-05-09.08 - ZOPET 10/05/2010 20:14:44.2.2 - x86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3327.3048 [GMT 2:00] Lancé depuis: c:\documents and settings\ZOPET\Bureau\ComboFix.exe AV: Antivirus BitDefender *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FW: Pare-feu BitDefender *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Exécution préalable ------- . c:\documents and settings\ZOPET\Application Data\F0481DAC060B0A74FD76CF12671B653B\enemies-names.txt c:\documents and settings\ZOPET\Application Data\F0481DAC060B0A74FD76CF12671B653B\lsrslt.ini c:\documents and settings\ZOPET\Application Data\PnkBstrK.sys c:\windows\ASScrProlog .exe c:\windows\system32\uZQEtNDuIS.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-10 au 2010-05-10 )))))))))))))))))))))))))))))))))))) . 2010-05-10 16:34 . 2010-05-10 16:37 -------- d-----w- C:\Ad-Remover 2010-05-10 11:39 . 2010-05-10 14:05 -------- d-----w- c:\program files\trend micro 2010-05-10 11:39 . 2010-05-10 11:40 -------- d-----w- C:\rsit 2010-05-10 10:20 . 2010-05-10 14:36 -------- d-----w- c:\program files\ZHPDiag 2010-05-10 08:39 . 2010-05-10 08:39 -------- d-----w- c:\program files\ESET 2010-05-06 16:44 . 2010-05-06 16:44 -------- d-----w- c:\documents and settings\ZOPET\Local Settings\Application Data\Risen 2010-05-06 16:43 . 2010-05-06 16:43 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys 2010-05-06 16:43 . 2010-05-06 16:43 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2010-05-06 16:37 . 2010-05-06 16:37 -------- d-----w- c:\program files\Deep Silver 2010-05-06 16:20 . 2010-05-06 16:20 -------- d-----w- c:\documents and settings\ZOPET\Local Settings\Application Data\Identities 2010-05-05 09:19 . 2010-05-10 17:41 81984 ----a-w- c:\windows\system32\bdod.bin 2010-05-05 09:11 . 2010-05-05 09:11 -------- d-----w- c:\documents and settings\ZOPET\Application Data\BitDefender 2010-05-05 09:10 . 2010-05-10 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender 2010-05-05 09:10 . 2010-05-05 09:11 -------- d-----w- c:\program files\BitDefender 2010-05-05 09:08 . 2010-05-05 09:10 -------- d-----w- c:\program files\Fichiers communs\BitDefender 2010-05-05 09:06 . 2010-05-05 09:06 -------- d-----w- c:\windows\BDOSCAN8 2010-05-04 13:02 . 2010-05-04 13:02 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2010-05-04 13:01 . 2010-05-04 13:01 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2010-05-04 12:07 . 2010-05-04 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2010-04-28 21:20 . 2010-04-28 21:20 -------- d-----w- c:\documents and settings\ZOPET\Application Data\Malwarebytes 2010-04-28 21:20 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-28 21:20 . 2010-04-28 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-28 21:20 . 2010-04-28 21:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-28 21:20 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-28 19:56 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys 2010-04-28 19:56 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-04-28 19:56 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys 2010-04-28 19:56 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-04-28 19:56 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-04-28 19:56 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-04-14 22:02 . 2008-04-14 02:33 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-04-14 21:04 . 2001-08-23 15:47 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll 2010-04-14 21:04 . 2001-08-23 15:47 8704 ----a-w- c:\windows\system32\kbdjpn.dll 2010-04-14 21:04 . 2001-08-23 15:47 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll 2010-04-14 21:04 . 2001-08-23 15:47 8192 ----a-w- c:\windows\system32\kbdkor.dll 2010-04-14 21:04 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll 2010-04-14 21:04 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101c.dll 2010-04-14 21:04 . 2001-08-17 20:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll 2010-04-14 21:04 . 2001-08-17 20:55 5632 ----a-w- c:\windows\system32\kbd103.dll 2010-04-14 21:04 . 2008-04-14 02:31 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll 2010-04-14 21:04 . 2008-04-14 02:31 6144 ----a-w- c:\windows\system32\kbd106.dll 2010-04-14 21:04 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll 2010-04-14 21:04 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101b.dll 2010-04-13 21:33 . 2010-05-02 10:55 -------- d-----w- c:\program files\LogMeIn Hamachi 2010-04-13 16:47 . 2007-01-01 18:03 40960 ----a-r- c:\windows\system32\psfind.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-10 17:40 . 2010-02-27 12:03 -------- d-----w- c:\documents and settings\ZOPET\Application Data\DNA 2010-05-10 17:30 . 2010-02-27 12:03 -------- d-----w- c:\program files\DNA 2010-05-10 14:33 . 2010-02-16 19:02 -------- d-----w- c:\documents and settings\ZOPET\Application Data\vlc 2010-05-07 07:36 . 2009-08-30 11:00 -------- d-----w- c:\program files\McAfee 2010-05-06 16:37 . 2009-08-30 10:32 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-06 12:25 . 2010-05-01 18:33 112 ----a-w- c:\documents and settings\All Users\Application Data\X0r3tT.dat 2010-05-06 10:49 . 2010-04-08 08:27 21840 ----atw- c:\windows\system32\SIntfNT.dll 2010-05-06 10:49 . 2010-04-08 08:27 17212 ----atw- c:\windows\system32\SIntf32.dll 2010-05-06 10:49 . 2010-04-08 08:27 12067 ----atw- c:\windows\system32\SIntf16.dll 2010-05-06 10:42 . 2010-04-08 08:19 -------- d-----w- c:\program files\Diablo II 2010-05-05 19:39 . 2010-04-03 18:36 -------- d-----w- c:\program files\RomStation 2010-05-05 12:01 . 2010-02-16 19:02 -------- d-----w- c:\documents and settings\ZOPET\Application Data\dvdcss 2010-05-05 09:18 . 2009-02-12 14:52 104456 ----a-w- c:\windows\system32\drivers\bdfndisf.sys 2010-05-04 15:10 . 2010-01-07 15:17 137256 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-05-04 15:10 . 2010-01-07 15:16 218808 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-05-04 12:08 . 2009-12-07 19:52 -------- d-----w- c:\program files\ATI 2010-05-04 12:05 . 2009-08-30 10:42 -------- d-----w- c:\program files\ATI Technologies 2010-05-04 11:30 . 2009-08-30 16:53 -------- d-----w- c:\program files\ma-config.com 2010-05-04 11:30 . 2009-08-30 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2010-04-29 15:34 . 2009-08-30 10:34 -------- d-----w- c:\program files\ASUS 2010-04-15 07:41 . 2009-08-30 11:28 69576 -c--a-w- c:\documents and settings\ZOPET\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-14 22:02 . 2009-08-30 10:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-12 19:49 . 2010-01-11 15:35 -------- d-----w- c:\program files\World of Warcraft 2010-04-08 08:27 . 2010-04-08 08:22 34405 ----a-w- c:\windows\DIIUnin.dat 2010-04-08 08:22 . 2010-04-08 08:22 94208 ----a-w- c:\windows\DIIUnin.exe 2010-04-08 08:22 . 2010-04-08 08:22 2829 ----a-w- c:\windows\DIIUnin.pif 2010-04-07 02:42 . 2009-03-16 21:33 4687872 ----a-w- c:\windows\system32\drivers\ati2mtag.sys 2010-04-07 02:02 . 2009-03-16 19:35 45056 ----a-w- c:\windows\system32\aticalrt.dll 2010-04-07 02:02 . 2009-03-16 19:34 45056 ----a-w- c:\windows\system32\aticalcl.dll 2010-04-07 02:01 . 2009-03-16 20:17 311296 ----a-w- c:\windows\system32\atiiiexx.dll 2010-04-07 02:00 . 2009-03-16 19:33 3981312 ----a-w- c:\windows\system32\aticaldd.dll 2010-04-07 01:52 . 2009-03-16 20:04 14356480 ----a-w- c:\windows\system32\atioglxx.dll 2010-04-07 01:46 . 2009-03-16 20:27 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll 2010-04-07 01:45 . 2009-03-16 20:26 300544 ----a-w- c:\windows\system32\ati2dvag.dll 2010-04-07 01:41 . 2009-03-16 20:06 3620288 ----a-w- c:\windows\system32\ati3duag.dll 2010-04-07 01:31 . 2009-03-16 20:17 208896 ----a-w- c:\windows\system32\atipdlxx.dll 2010-04-07 01:30 . 2009-03-16 20:16 155648 ----a-w- c:\windows\system32\Oemdspif.dll 2010-04-07 01:30 . 2009-03-16 20:16 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe 2010-04-07 01:30 . 2009-03-16 20:16 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2010-04-07 01:30 . 2009-03-16 20:16 159744 ----a-w- c:\windows\system32\ati2evxx.dll 2010-04-07 01:28 . 2009-03-16 20:15 602112 ----a-w- c:\windows\system32\ati2evxx.exe 2010-04-07 01:28 . 2009-03-16 19:53 2220928 ----a-w- c:\windows\system32\ativvaxx.dll 2010-04-07 01:27 . 2009-03-16 19:53 887724 ----a-w- c:\windows\system32\ativva6x.dat 2010-04-07 01:27 . 2009-03-16 19:53 3 ----a-w- c:\windows\system32\ativva5x.dat 2010-04-07 01:27 . 2009-03-16 20:13 53248 ----a-w- c:\windows\system32\ATIDDC.DLL 2010-04-07 01:26 . 2010-03-12 19:15 143360 ----a-w- c:\windows\system32\atiapfxx.exe 2010-04-07 01:23 . 2009-03-16 19:36 585728 ----a-w- c:\windows\system32\atikvmag.dll 2010-04-07 01:21 . 2009-03-16 19:35 393216 ----a-w- c:\windows\system32\atiok3x2.dll 2010-04-07 01:21 . 2009-03-16 19:35 184320 ----a-w- c:\windows\system32\atiadlxx.dll 2010-04-07 01:20 . 2009-03-16 19:34 17408 ----a-w- c:\windows\system32\atitvo32.dll 2010-04-07 01:15 . 2009-03-16 19:28 638976 ----a-w- c:\windows\system32\ati2cqag.dll 2010-04-07 01:15 . 2009-03-16 19:34 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2010-04-07 01:14 . 2009-03-16 19:40 65024 ----a-w- c:\windows\system32\atimpc32.dll 2010-04-07 01:14 . 2009-03-16 19:40 65024 ----a-w- c:\windows\system32\amdpcom32.dll 2010-04-03 21:47 . 2004-08-05 12:00 85834 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-03 21:47 . 2004-08-05 12:00 512628 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-03 17:17 . 2009-10-12 16:07 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-03-31 22:10 . 2009-11-06 23:05 374952 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-03-25 12:52 . 2009-10-05 16:26 -------- d-----w- c:\documents and settings\ZOPET\Application Data\teamspeak2 2010-03-17 15:23 . 2010-03-17 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus! 2010-03-17 15:20 . 2010-03-17 15:20 -------- d-----w- c:\program files\Messenger Plus! Live 2010-03-17 15:06 . 2009-02-23 21:39 202234 ----a-w- c:\windows\system32\atiicdxx.dat 2010-03-14 11:37 . 2010-03-14 11:37 -------- d-----w- c:\program files\Fichiers communs\ATI Technologies 2010-03-12 20:57 . 2010-03-12 20:57 -------- d-----w- c:\program files\Electronic Arts 2010-03-12 20:16 . 2010-01-07 15:16 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-03-10 06:16 . 2004-08-05 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-27 12:05 . 2010-02-27 11:49 6235384 ----a-w- c:\windows\LCD Demo.exe 2010-02-27 12:05 . 2010-02-27 11:49 262512 ----a-w- c:\windows\ASUS LCD ScreenSaver Uninstaller.exe 2010-02-27 12:05 . 2010-02-27 11:49 503808 ----a-w- c:\windows\Asus_LCD_ScreenSaver.scr 2010-02-27 12:05 . 2010-02-27 11:49 606848 ----a-w- c:\windows\flashax.exe 2010-02-27 12:05 . 2010-02-27 11:49 12288 ----a-w- c:\windows\impborl.dll 2010-02-25 06:17 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-08-05 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 19:06 . 2004-08-05 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:06 . 2004-08-04 00:49 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 10:03 . 2010-03-23 18:36 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-12 04:34 . 2004-08-05 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-08-05 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-05-05 09:18 . 2010-05-05 09:15 65536 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . <pre> c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe c:\program files\ASUS\EPU-4 Engine\FourEngine .exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe c:\program files\LogMeIn Hamachi\hamachi-2-ui .exe c:\program files\McAfee.com\Agent\mcagent .exe </pre> ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-02-27 323392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-07-15 33636352] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^ZOPET^Menu Démarrer^Programmes^Démarrage^CurseClientStartup.ccip] path=c:\documents and settings\ZOPET\Menu Démarrer\Programmes\Démarrage\CurseClientStartup.ccip backup=c:\windows\pss\CurseClientStartup.ccipStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent] 2010-05-05 09:18 782336 ----a-w- c:\program files\BitDefender\BitDefender 2009\bdagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper] 2009-02-23 09:30 69632 ----a-w- c:\program files\BitDefender\BitDefender 2009\IEShow.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe] 2010-02-11 10:36 1218008 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RomStation] 2010-04-16 22:54 988160 ----a-w- c:\program files\RomStation\RomStation.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] c:\program files\Steam\Steam.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/10/2009 18:06 721904] S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [06/10/2008 18:16 82696] S2 fdtaagbf;PCI Bus h256e Helper;c:\windows\System32\svchost.exe -k netsvcs [05/08/2004 14:00 14336] S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [30/08/2009 19:01 10384] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [31/08/2009 13:02 93320] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 19:16 172032] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 12:09 111112] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [12/02/2009 16:52 104456] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [01/05/2010 13:58 271728] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [30/08/2009 12:35 1381632] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs fdtaagbf . Contenu du dossier 'Tâches planifiées' 2009-08-30 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-30 10:22] 2009-08-30 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-30 10:22] 2010-05-10 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-09-02 20:18] . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = <local> IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\ZOPET\Application Data\Mozilla\Firefox\Profiles\tur6fhfl.default\ FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHELINS SUPPRIMES - - - - ShellIconOverlayIdentifiers-{600BA2AF-1705-4E8F-8388-A41A908B4C16} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-10 20:19 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(240) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll - - - - - - - > 'explorer.exe'(1604) c:\windows\system32\eappprxy.dll c:\program files\BitDefender\BitDefender 2009\bdshelxt.dll c:\windows\system32\txmlutil.dll c:\program files\BitDefender\BitDefender 2009\txmlx.dll c:\program files\BitDefender\BitDefender 2009\FRA\bdshelxt.ui c:\program files\Malwarebytes' Anti-Malware\mbamext.dll c:\program files\BitDefender\BitDefender 2009\bdfvsctx.dll c:\program files\BitDefender\BitDefender 2009\FRA\bdfvsctx.ui c:\program files\BitDefender\BitDefender 2009\fshredctx.dll c:\program files\BitDefender\BitDefender 2009\FRA\fshredctx.ui c:\program files\7-Zip\7-zip.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll . Heure de fin: 2010-05-10 20:21:43 ComboFix-quarantined-files.txt 2010-05-10 18:21 Avant-CF: 32 560 693 248 octets libres Après-CF: 32 520 568 832 octets libres Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 16FF078858B72116A6DE02D30D4AE967

Ad-report clean : . ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 07/05/10 à 16:50 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 18:36:36 le 10/05/2010 | Mode sans echec | Option: CLEAN Exécuté de: C:\Ad-Remover\ADR.exe SE: Microsoft® Windows XP™ Service Pack 3 - X86 Nom du PC: JULIEN Utilisateur actuel: ZOPET . ============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== . . C:\Documents and Settings\All Users\Application Data\Trymedia C:\WINDOWS\system32\noxlrysbffaladlm.exe (!) -- Fichiers temporaires supprimés. . HKCU\Software\AppDataLow\software\{C99EA013-017A-ADF6-90D9-423AC492A899} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0822758D-8EED-4767-B54F-9D5E018CA85B} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0822758D-8EED-4767-B54F-9D5E018CA85B} HKLM\Software\Classes\CLSID\{0822758D-8EED-4767-B54F-9D5E018CA85B} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\noxlrysbffaladlm HKLM\Software\Trymedia Systems . (Orpheline) HKLM,Run - SysMetrix - C:\Program Files\SysMetrix\SysMetrix.exe (Fichier manquant) (Orpheline) HKCU,Run - Software Informer - C:\Program Files\Software Informer\softinfo.exe (Fichier manquant) (Orpheline) BHO: () -{600BA2AF-1705-4E8F-8388-A41A908B4C16} - c:\windows\system32\jlxafmc.dll (Fichier manquant) . ============== SCAN ADDITIONNEL ============== . * Mozilla FireFox Version 3.6.3 (fr) * . . . * Internet Explorer Version 8.0.6001.18702 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Search Asst: no . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ======================================== . C:\Ad-Remover\Quarantine: 1 Fichier(s) C:\Ad-Remover\Backup: 12 Fichier(s) . C:\Ad-Report-CLEAN[1].txt - 2723 Octet(s) C:\Ad-Report-SCAN[1].txt - 2259 Octet(s) . Fin à: 18:37:57, 10/05/2010 . ============== E.O.F - CLEAN[1] ============== >>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Ad report SCAN: . ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 07/05/10 à 16:50 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 18:34:04 le 10/05/2010 | Mode sans echec | Option: SCAN Exécuté de: C:\Ad-Remover\ADR.exe SE: Microsoft® Windows XP™ Service Pack 3 - X86 Nom du PC: JULIEN Utilisateur actuel: ZOPET . ============== ÉLÉMENT(S) TROUVÉ(S) ============== . . C:\Documents and Settings\All Users\Application Data\Trymedia C:\WINDOWS\system32\noxlrysbffaladlm.exe . HKCU\Software\AppDataLow\software\{C99EA013-017A-ADF6-90D9-423AC492A899} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0822758D-8EED-4767-B54F-9D5E018CA85B} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0822758D-8EED-4767-B54F-9D5E018CA85B} HKLM\Software\Classes\CLSID\{0822758D-8EED-4767-B54F-9D5E018CA85B} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\noxlrysbffaladlm HKLM\Software\Trymedia Systems . . ============== SCAN ADDITIONNEL ============== . * Mozilla FireFox Version 3.6.3 (fr) * . . . * Internet Explorer Version 8.0.6001.18702 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://www.google.com/ie Search Page: hxxp://www.google.com Show_ToolBar: yes Start Page: hxxp://www.google.fr/ Use Search Asst: no . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157 . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ======================================== . C:\Ad-Remover\Quarantine: 0 Fichier(s) C:\Ad-Remover\Backup: 0 Fichier(s) . C:\Ad-Report-SCAN[1].txt - 2135 Octet(s) . Fin à: 18:35:48, 10/05/2010 . ============== E.O.F - SCAN[1] ==============

Bonjour, Voila depuis quelques jours j'ai un problème avec un cheval de troie et/ou virus. J'ai téléchargé antimalware byte, spybot j'ai scanner avec bitdefender ainsi qu'avec mcAfee sans succés. ils ont réussis à supprimer quelques éléments infecté mais pas tous. Mon pc à plusieurs problèmes: -je suis obligé de le démarrer en mode sans echec sinon aprés avoir taper mon mot de passe le pc ce bloque au lancement. -lorsqu'il ne ce bloque pas il freeze au moindre éffort (voir ne démarre même pas) je suis obligé de le démarrer en mode sans échec... -Google chrome ne fonctionne plus (il charge indéfiniment) -j'utilise mozilla et pourtant en surfant j'ai des pop up d'internet explorer. -En faisant des recherche sur google et en cliquant sur un lien je suis redirigé vers des sites de jeux en lignes ou autres moteurs de recherche de types ASK. -Bitdefender à trouver le cheval de troie .gen mias ne peut pas le supprimer juste le mettre en quarantaine et il revient toujours. Voici le fichier log d'un scan avec ZHPdiag Bon voila j'ai enfin réussi à mettre le fichier ZHPdiag.txt sur le site cijoint à partir d'un autre PC. http://www.cijoint.fr/cj201005/cij9g1IZEv.txt il m'est impossible de faire des copié coller des fichiers log sur le forums.