BNJOUR. JE SUIS ENVAHI PAR DES PUB INTEMPESTIVES ET DES TROJANS. J AI BIEN ESSAYÉ DE M EN OCCUPER SEUL MAIS EN VAIN.
POUVEZ-VOUS M AIDER SVP? VOICI MON RAPPORT HIJACKTHIS.

Logfile of HijackThis v1.99.1
Scan saved at 07:53:07, on 2007-10-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eye On Network\Eye On Network.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mario Després\Bureau\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sympatico.msn.ca/defaultf.aspx
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Eye On Network] C:\Program Files\Eye On Network\Eye On Network.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://forum.matbe.com
O15 - Trusted Zone: http://www.hotmail.msn.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/engli [...] nicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///CProgram%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/stg_drm.ocx
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file:///CProgram%20Files/Mystery%20Solitaire/Images/stg_drm.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn. [...] nPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 5274281718
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Download [...] _Win32.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///CProgram%20Files/Agatha%20Christie/Images/armhelper.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn. [...] Atchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing)

Bonjour,

Cesse d'écrire en majuscule. Règles du forum.

Infection Vundo :

Fais ces manips dans l’ordre :

1/ Télécharge VundoFix.exe :

Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok

Poste le rapport qui se trouve dans C:\vundofix.txt

2/ Télécharge Combofix (par sUBs) sur ton Bureau. (Tuto)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt

3/ Poste un nouveau rapport HiJackThis (en ayant renommé HiJackthis.exe en SCANNER.EXE)

voicle rapport :scanner.exe ,mer
VundoFix V6.5.11

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 08:10:48 2007-10-30

Listing files found while scanning....

C:\WINDOWS\system32\lkecpnrr.dll

Beginning removal...

Performing Repairs to the registry.
Done!
ci et sans majuscule.:-)

Tu as posté le rapport Vundofix en entier ?
Il manque le rapport combofix et scanner.exe

ComboFix 07-10-29.1 - Mario Després 2007-10-30 10:51:19.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1620 [GMT -4:00]
Running from: C:\Documents and Settings\Mario Després\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\llnmp.ini2
C:\WINDOWS\system32\llnmp.tmp
C:\WINDOWS\system32\pmnll.dll
.
---- Previous Run -------
.
C:\Documents and Settings\marie josée\Application Data\macromedia\Flash Player\#SharedObjects\7H9BZ65Z\iforex.com
C:\Documents and Settings\marie josée\Application Data\macromedia\Flash Player\#SharedObjects\7H9BZ65Z\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\marie josée\Application Data\macromedia\Flash Player\#SharedObjects\7H9BZ65Z\www.broadcaster.com
C:\Documents and Settings\marie josée\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\marie josée\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\marie josée\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\marie josée\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\marie josée\Application Data\searchtoolbarcorp
C:\Documents and Settings\marie josée\Bureau\internet.lnk
C:\Documents and Settings\marie josée\Bureau\internetgamebox.lnk
C:\Documents and Settings\marie josée\Favoris\Online Security Guide.lnk
C:\Documents and Settings\marie josée\Menu Démarrer\Programmes\InternetGameBox
C:\Documents and Settings\marie josée\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk
C:\Documents and Settings\marie josée\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk
C:\Documents and Settings\marie josée\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk
C:\Documents and Settings\marie josée\Menu Démarrer\Programmes\InternetGameBox\Website.lnk
C:\Documents and Settings\Mario Després\Favoris\Online Security Guide.lnk
C:\Program Files\internetgamebox
C:\Program Files\internetgamebox\Conditions générales.url
C:\Program Files\internetgamebox\Confidentialité.url
C:\Program Files\internetgamebox\InternetGameBox.exe
C:\Program Files\internetgamebox\language
C:\Program Files\internetgamebox\ressources\AttenteOff.html
C:\Program Files\internetgamebox\ressources\AttenteOn.html
C:\Program Files\internetgamebox\ressources\configv2_en.xml
C:\Program Files\internetgamebox\ressources\configv2_es.xml
C:\Program Files\internetgamebox\ressources\configv2_fr.xml
C:\Program Files\internetgamebox\ressources\favoris\defaultv2.swf
C:\Program Files\internetgamebox\skins\skinv2.skn
C:\Program Files\internetgamebox\uninst.exe
C:\Program Files\internetgamebox\Website.url
C:\Program Files\Temporary
C:\Program Files\tsks~1
C:\Program Files\tsks~1\dexplore.exe
C:\Program Files\tsks~1\T?sks\
C:\Program Files\WinAble
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ajuuqspm.ini
C:\WINDOWS\system32\brvytae.dat
C:\WINDOWS\system32\brvytae_nav.dat
C:\WINDOWS\system32\brvytae_navps.dat
C:\WINDOWS\system32\dfqfajls.ini
C:\WINDOWS\system32\hpopavio.dll
C:\WINDOWS\system32\ljrjhicn.dll
C:\WINDOWS\system32\llnmp.bak1
C:\WINDOWS\system32\llnmp.bak2
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\llnmp.ini2
C:\WINDOWS\system32\llnmp.tmp
C:\WINDOWS\system32\mpsquuja.dll
C:\WINDOWS\system32\njxyzd.dat
C:\WINDOWS\system32\njxyzd_navps.dat
C:\WINDOWS\system32\nvrssk.dll
C:\WINDOWS\system32\nvrssl.dll
C:\WINDOWS\system32\oivapoph.ini
C:\WINDOWS\system32\sbshqqtjk.dat
C:\WINDOWS\system32\sbshqqtjk.exe
C:\WINDOWS\system32\sbshqqtjk_nav.dat
C:\WINDOWS\system32\sbshqqtjk_navps.dat
C:\WINDOWS\system32\sljafqfd.dll
C:\WINDOWS\system32\wcpicomsv32.exe
C:\WINDOWS\system32\ydqiofcx.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\nm


-------\LEGACY_DOMAINSERVICE
-------\nm


((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-30 ))))))))))))))))))))))))))))))))))))
.

2007-10-30 08:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 08:16 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-10-30 08:10 <REP> d-------- C:\VundoFix Backups
2007-10-30 08:10 115,712 --a------ C:\Program Files\VundoFix.exe
2007-10-29 19:19 <REP> d-------- C:\Program Files\RegSupreme Pro
2007-10-29 11:29 7,467,056 --a------ C:\Program Files\spybotsd15.exe
2007-10-29 09:33 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-28 18:03 <REP> d-------- C:\Temp
2007-10-28 17:52 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-10-28 17:52 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-10-28 17:51 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-10-28 17:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-28 17:51 4,972,832 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-28 17:51 95,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-28 09:04 <REP> d-------- C:\Program Files\Ashley Jones and the Heart of Egypt
2007-10-26 09:08 <REP> d-------- C:\Program Files\The Scruffs
2007-10-24 15:33 <REP> d-------- C:\test
2007-10-20 19:36 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\iWin
2007-10-20 16:45 <REP> d-------- C:\Program Files\Mindscape
2007-10-16 19:07 <REP> d-------- C:\Program Files\Air Strike 2
2007-10-16 14:17 <REP> d-------- C:\Nancy Drew
2007-10-12 21:15 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\Abra Academy2
2007-10-11 17:29 <REP> d-------- C:\Program Files\Chainz
2007-10-10 21:43 <REP> d-------- C:\Documents and Settings\Mario Després\Application Data\Legends of pirates
2007-10-10 14:24 <REP> d-------- C:\Program Files\Pirateville
2007-10-06 07:49 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\Legends of pirates
2007-10-04 21:31 <REP> d-------- C:\Program Files\iWin.com
2007-10-04 21:09 <REP> d-------- C:\Program Files\iWin Games
2007-10-02 13:55 <REP> d-------- C:\Program Files\Azada
2007-10-02 13:55 <REP> d-------- C:\Documents and Settings\Mario Després\Application Data\Big Fish Games
2007-09-27 13:59 <REP> d-------- C:\Program Files\OCCT
2007-09-23 08:46 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\ForgottenRiddles
2007-09-21 19:13 <REP> d-------- C:\Program Files\Magic Shop
2007-09-21 06:58 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-18 11:03 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\EleFun Games
2007-09-18 11:02 <REP> d-------- C:\Program Files\Story of Fairy Place
2007-09-17 20:06 <REP> d-------- C:\Program Files\Zen Games
2007-09-17 14:41 322,560 --a------ C:\WINDOWS\system32\njxyzd.exe.bd.ren.bd.ren
2007-09-17 14:41 287,805 --a------ C:\WINDOWS\system32\njxyzd_nav.dat.bd.ren
2007-09-17 14:41 5,063 --a------ C:\WINDOWS\system32\njxyzd.dat.bd.ren
2007-09-17 14:41 1,487 --a------ C:\WINDOWS\system32\njxyzd_navps.dat.bd.ren
2007-09-14 18:06 <REP> d-------- C:\Documents and Settings\Mario Després\Contacts
2007-09-14 18:06 <REP> d-------- C:\Documents and Settings\Mario Després\Contacts
2007-09-14 16:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2007-09-13 19:30 <REP> d-------- C:\Documents and Settings\marie josée\Contacts
2007-09-13 19:30 <REP> d-------- C:\Documents and Settings\marie josée\Contacts
2007-09-13 12:13 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\AlwaysNeat
2007-09-01 08:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Enkord

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 14:59 68,648 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-30 14:59 10,976 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-30 14:50 --------- d-----w C:\Program Files\Eye On Network
2007-10-30 01:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-29 21:35 --------- d-----w C:\Documents and Settings\Mario Després\Application Data\uTorrent
2007-10-29 21:32 16,452 ----a-w C:\Program Files\-_mininova.org_-_McAfee_VirusScan_Plus_2007+_CRAck.zip.torrent
2007-10-29 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-29 15:17 --------- d-----w C:\Program Files\PopUpCop
2007-10-29 00:47 --------- d-----w C:\Documents and Settings\Mario Després\Application Data\Lavasoft
2007-10-29 00:46 --------- d-----w C:\Program Files\Lavasoft
2007-10-28 20:48 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-10-28 20:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2007-10-28 20:31 --------- d-----w C:\Program Files\XoftSpySE
2007-10-28 09:13 --------- d-----w C:\Program Files\Common Files
2007-10-25 17:12 --------- d-----w C:\Program Files\Zylom Games
2007-10-25 11:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-10-25 09:06 --------- d-----w C:\Documents and Settings\Mario Després\Application Data\PopupCop
2007-10-24 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2007-10-23 11:19 --------- d-----w C:\Documents and Settings\antoine\Application Data\Oberon Media
2007-10-22 22:59 --------- d-----w C:\Program Files\Microsoft Games
2007-10-22 22:38 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-22 16:06 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-22 15:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-19 18:39 --------- d-----w C:\Program Files\ReflexiveArcade
2007-10-14 00:02 --------- d-----w C:\Program Files\GameFiesta
2007-10-13 23:39 --------- d-----w C:\Program Files\GameHouse
2007-10-13 14:29 --------- d-----w C:\Documents and Settings\marie josée\Application Data\GameHouse
2007-09-23 22:02 --------- d-----w C:\Program Files\RealArcade
2007-09-23 21:54 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-09-22 20:01 --------- d-----w C:\Program Files\QuickTime
2007-09-21 23:09 --------- d-----w C:\Program Files\PlayFirst
2007-09-21 23:07 --------- d-----w C:\Program Files\Alawar
2007-09-21 10:59 --------- d-----w C:\Program Files\MSN Messenger
2007-09-21 00:43 --------- d-----w C:\Program Files\X-masTree
2007-09-21 00:43 --------- d-----w C:\Documents and Settings\marie josée\Application Data\Zylom
2007-09-18 15:57 36,256 ----a-w C:\WINDOWS\Prefetch\NJXYZD.EXE-3294DD7E.pf.bd.ren
2007-08-31 19:26 --------- d-----w C:\Program Files\PopCap Games
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-01-09 02:14 4,049,311 ----a-w C:\Program Files\liveupdate.exe
2006-12-05 02:07 497 ----a-w C:\Program Files\Raccourci vers lumieres.lnk
2006-12-05 02:00 57,513 ----a-w C:\Program Files\snow.zip
2006-12-05 01:58 9,440 ----a-w C:\Program Files\lumieres.zip
2006-11-29 02:35 817 -c--a-w C:\Program Files\recoil.err
2006-08-28 23:39 983,745 ----a-w C:\Program Files\PowerpointImageExtractor.zip
2006-03-07 03:07 31,944 ----a-w C:\Program Files\Uninst.isu
2006-02-03 16:53 243,512 ----a-w C:\Program Files\jre-1_5_0_06-windows-i586-p-iftw.exe
2006-02-03 16:25 359,112 ----a-w C:\Program Files\LimeWireWin.exe
2005-10-29 02:45 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-03-11 17:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
1999-10-06 21:40 1,765,376 ------w C:\Documents and Settings\Mario Després\SETUPENU.DLL
1999-10-06 21:40 1,765,376 ------w C:\Documents and Settings\Mario Després\SETUPENU.DLL
1999-01-12 21:19 75,776 ----a-w C:\Program Files\messages.dll
1998-11-06 19:50 57,344 ----a-w C:\Program Files\Uninst.dll
1998-11-04 16:41 201,216 ----a-w C:\Program Files\a3dapi.dll
1997-10-09 20:54 30,720 ----a-w C:\Program Files\regsvr32.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BD44495-83E6-4D39-BFBC-1C9B39078CD9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F5F0160-20D8-4C4F-AF4C-02AD925015CD}]
C:\WINDOWS\system32\khfeefe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8BD682E-F6B7-9412-B928-FA8A42F424C4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D93605C5-20FA-4C4E-AA01-765091CA42CF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"Eye On Network"="C:\Program Files\Eye On Network\Eye On Network.exe" [2003-09-13 13:47]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 23:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"=~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"=0 (0x0)
"NoRun"=0 (0x0)
"NoClose"=0 (0x0)
"NoCommonGroups"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1F5F0160-20D8-4C4F-AF4C-02AD925015CD}"= C:\WINDOWS\system32\khfeefe.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfeefe]
khfeefe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ydqiofcx]
ydqiofcx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnll.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlackICE PC Protection.lnk]
backup=C:\WINDOWS\pss\BlackICE PC Protection.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mario Després^Menu Démarrer^Programmes^Démarrage^Enregistrement d'un produit Joint Operations Typhoon Rising.lnk]
backup=C:\WINDOWS\pss\Enregistrement d'un produit Joint Operations Typhoon Rising.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\76e986ea.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brvytae]
c:\windows\system32\brvytae.exe brvytae

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGateway]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
"C:\Program Files\Logitech\Profiler\lwemon.exe" /noui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]

R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
R0 vIdeBus;vIdeBus;C:\WINDOWS\system32\DRIVERS\vIdeBus.sys
R0 vIdePort;VIA IDE Controller PORT Driver;C:\WINDOWS\system32\DRIVERS\vIdePort.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R3 RushTopDevice;RushTopDevice;\??\C:\Program Files\MSI\Core Center\RushTop.sys
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S0 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys
S2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
S3 atidgllk;atidgllk;\??\C:\Program Files\ASUS\SmartDoctor\atidgllk.sys
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 Fadpu16E;Fadpu16E;\??\C:\WINDOWS\TEMP\Fadpu16E.sys
S3 RapFile;RapFile;\??\C:\WINDOWS\system32\drivers\RapFile.sys
S3 RapNet;RapNet;\??\C:\WINDOWS\system32\drivers\RapNet.sys
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-30 14:00:52 C:\WINDOWS\Tasks\89B45F728117D092.job"
- c:\docume~1\mariej~1\applic~1\jugson~1\Hold Else Atom.exe
"2006-03-09 03:40:26 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
"2007-10-30 15:01:18 C:\WINDOWS\Tasks\XoftSpySE 2.job"
"2007-10-27 07:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 11:02:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????l?@?l?@?D??????w???????????????wl?@?l?@????? ???????????g??w???w???????w???wx??????????w???????? ??????????????|x???0??????????????????w????????????????????????????????l?@?l?@????????w????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-30 11:02:56 - machine was rebooted
.
--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 11:12:08, on 2007-10-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eye On Network\Eye On Network.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mario Després\Bureau\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sympatico.msn.ca/defaultf.aspx
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {0BD44495-83E6-4D39-BFBC-1C9B39078CD9} - (no file)
O2 - BHO: (no name) - {1F5F0160-20D8-4C4F-AF4C-02AD925015CD} - C:\WINDOWS\system32\khfeefe.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - blank (file missing)
O2 - BHO: (no name) - {C8BD682E-F6B7-9412-B928-FA8A42F424C4} - blank (file missing)
O2 - BHO: (no name) - {D93605C5-20FA-4C4E-AA01-765091CA42CF} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Eye On Network] C:\Program Files\Eye On Network\Eye On Network.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://forum.matbe.com
O15 - Trusted Zone: http://www.hotmail.msn.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/engli [...] nicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///CProgram%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/stg_drm.ocx
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file:///CProgram%20Files/Mystery%20Solitaire/Images/stg_drm.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn. [...] nPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 5274281718
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Download [...] _Win32.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///CProgram%20Files/Agatha%20Christie/Images/armhelper.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn. [...] Atchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: khfeefe - khfeefe.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: ydqiofcx - ydqiofcx.dll (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing)


et voila!! pour vundofix... c ce qu il ma donné... t en veut un autre?

Non c'est bon
Et ben dis-donc, on en découvre des infections, en plus de vundo, tu as egdaccess et Lop !

Connais tu PowerBar ?

On va nettoyer

Désinstalle SweetIm et Macromaging, supprime leurs dossier dans Program Files.

Télécharge ZebRestore
Dézippe-le. Ouvre le dossier, lance le en double cliquant sur l%u2019exe.
Coche :
- RegEdit
- Clés RUN
- Bouton Arrêter
- Windows Update
- Gestionnaire des tâches
- Panneau de configuration
- Ajout/Suppression de programmes
- Policies
- Bureau
- Réparation IE
- Extension des fichiers
- Sites de confiance et sensibles
- Préfixes et Protocoles Internet :
- Réinitialiser Fichier Hosts
Clique sur Restaurer. Ferme le programme.

++++++++++++

Copie le texte se situant dans le cadre ci-dessous :

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.

+++++++++

Cherche ce fichier : 76e986ea.exe par démarrer/rechercher, supprime-le.

On continuera après

ComboFix 07-10-29.1 - Mario Després 2007-10-30 15:24:43.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1545 [GMT -4:00]
Running from: C:\Documents and Settings\Mario Després\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mario Després\cfscript.txt..txt
* Created a new restore point

FILE::
C:\Program Files\-_mininova.org_-_McAfee_VirusScan_Plus_2007+_CRAck.zip.torrent
c:\windows\system32\brvytae.exe
C:\WINDOWS\system32\drivers\secdrv.sys
C:\WINDOWS\system32\lkecpnrr.dll
C:\WINDOWS\system32\njxyzd.dat.bd.ren
C:\WINDOWS\system32\njxyzd.exe.bd.ren.bd.ren
C:\WINDOWS\system32\njxyzd_nav.dat.bd.ren
C:\WINDOWS\system32\njxyzd_navps.dat.bd.ren
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\VundoFixSVC.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\mariej~1\applic~1\jugson~1
c:\docume~1\mariej~1\applic~1\jugson~1\7D3EBEA0
C:\Program Files\-_mininova.org_-_McAfee_VirusScan_Plus_2007+_CRAck.zip.torrent
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\WINDOWS\system32\drivers\secdrv.sys
C:\WINDOWS\system32\njxyzd.dat.bd.ren
C:\WINDOWS\system32\njxyzd.exe.bd.ren.bd.ren
C:\WINDOWS\system32\njxyzd_nav.dat.bd.ren
C:\WINDOWS\system32\njxyzd_navps.dat.bd.ren
C:\WINDOWS\system32\VundoFixSVC.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-30 ))))))))))))))))))))))))))))))))))))
.

2007-10-30 08:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 08:10 115,712 --a------ C:\Program Files\VundoFix.exe
2007-10-29 11:29 7,467,056 --a------ C:\Program Files\spybotsd15.exe
2007-10-29 09:33 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-28 18:03 <REP> d-------- C:\Temp
2007-10-28 17:52 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-10-28 17:52 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-10-28 17:51 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-10-28 17:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-28 17:51 5,121,568 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-28 17:51 98,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-28 09:04 <REP> d-------- C:\Program Files\Ashley Jones and the Heart of Egypt
2007-10-26 09:08 <REP> d-------- C:\Program Files\The Scruffs
2007-10-24 15:33 <REP> d-------- C:\test
2007-10-20 19:36 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\iWin
2007-10-20 16:45 <REP> d-------- C:\Program Files\Mindscape
2007-10-16 19:07 <REP> d-------- C:\Program Files\Air Strike 2
2007-10-16 14:17 <REP> d-------- C:\Nancy Drew
2007-10-12 21:15 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\Abra Academy2
2007-10-11 17:29 <REP> d-------- C:\Program Files\Chainz
2007-10-10 21:43 <REP> d-------- C:\Documents and Settings\Mario Després\Application Data\Legends of pirates
2007-10-10 14:24 <REP> d-------- C:\Program Files\Pirateville
2007-10-06 07:49 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\Legends of pirates
2007-10-04 21:31 <REP> d-------- C:\Program Files\iWin.com
2007-10-04 21:09 <REP> d-------- C:\Program Files\iWin Games
2007-10-02 13:55 <REP> d-------- C:\Program Files\Azada
2007-10-02 13:55 <REP> d-------- C:\Documents and Settings\Mario Després\Application Data\Big Fish Games
2007-09-27 13:59 <REP> d-------- C:\Program Files\OCCT
2007-09-23 08:46 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\ForgottenRiddles
2007-09-21 19:13 <REP> d-------- C:\Program Files\Magic Shop
2007-09-21 06:58 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-18 11:03 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\EleFun Games
2007-09-18 11:02 <REP> d-------- C:\Program Files\Story of Fairy Place
2007-09-17 20:06 <REP> d-------- C:\Program Files\Zen Games
2007-09-14 18:06 <REP> d-------- C:\Documents and Settings\Mario Després\Contacts
2007-09-14 18:06 <REP> d-------- C:\Documents and Settings\Mario Després\Contacts
2007-09-14 16:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2007-09-13 19:30 <REP> d-------- C:\Documents and Settings\marie josée\Contacts
2007-09-13 19:30 <REP> d-------- C:\Documents and Settings\marie josée\Contacts
2007-09-13 12:13 <REP> d-------- C:\Documents and Settings\marie josée\Application Data\AlwaysNeat
2007-09-01 08:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Enkord

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 19:01 --------- d-----w C:\Program Files\Eye On Network
2007-10-30 14:59 68,648 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-30 14:59 10,976 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-30 01:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-29 21:35 --------- d-----w C:\Documents and Settings\Mario Després\Application Data\uTorrent
2007-10-29 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-29 15:17 --------- d-----w C:\Program Files\PopUpCop
2007-10-29 00:47 --------- d-----w C:\Documents and Settings\Mario Després\Application Data\Lavasoft
2007-10-29 00:46 --------- d-----w C:\Program Files\Lavasoft
2007-10-28 20:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2007-10-28 20:31 --------- d-----w C:\Program Files\XoftSpySE
2007-10-28 09:13 --------- d-----w C:\Program Files\Common Files
2007-10-25 17:12 --------- d-----w C:\Program Files\Zylom Games
2007-10-25 11:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-10-25 09:06 --------- d-----w C:\Documents and Settings\Mario Després\Application Data\PopupCop
2007-10-24 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2007-10-23 11:19 --------- d-----w C:\Documents and Settings\antoine\Application Data\Oberon Media
2007-10-22 22:59 --------- d-----w C:\Program Files\Microsoft Games
2007-10-22 22:38 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-22 15:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-19 18:39 --------- d-----w C:\Program Files\ReflexiveArcade
2007-10-14 00:02 --------- d-----w C:\Program Files\GameFiesta
2007-10-13 23:39 --------- d-----w C:\Program Files\GameHouse
2007-10-13 14:29 --------- d-----w C:\Documents and Settings\marie josée\Application Data\GameHouse
2007-09-23 22:02 --------- d-----w C:\Program Files\RealArcade
2007-09-23 21:54 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-09-22 20:01 --------- d-----w C:\Program Files\QuickTime
2007-09-21 23:09 --------- d-----w C:\Program Files\PlayFirst
2007-09-21 23:07 --------- d-----w C:\Program Files\Alawar
2007-09-21 10:59 --------- d-----w C:\Program Files\MSN Messenger
2007-09-21 00:43 --------- d-----w C:\Program Files\X-masTree
2007-09-21 00:43 --------- d-----w C:\Documents and Settings\marie josée\Application Data\Zylom
2007-09-18 15:57 36,256 ----a-w C:\WINDOWS\Prefetch\NJXYZD.EXE-3294DD7E.pf.bd.ren
2007-08-31 19:26 --------- d-----w C:\Program Files\PopCap Games
2007-01-09 02:14 4,049,311 ----a-w C:\Program Files\liveupdate.exe
2006-12-05 02:07 497 ----a-w C:\Program Files\Raccourci vers lumieres.lnk
2006-12-05 02:00 57,513 ----a-w C:\Program Files\snow.zip
2006-12-05 01:58 9,440 ----a-w C:\Program Files\lumieres.zip
2006-11-29 02:35 817 -c--a-w C:\Program Files\recoil.err
2006-08-28 23:39 983,745 ----a-w C:\Program Files\PowerpointImageExtractor.zip
2006-03-07 03:07 31,944 ----a-w C:\Program Files\Uninst.isu
2006-02-03 16:53 243,512 ----a-w C:\Program Files\jre-1_5_0_06-windows-i586-p-iftw.exe
2006-02-03 16:25 359,112 ----a-w C:\Program Files\LimeWireWin.exe
2005-10-29 02:45 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-03-11 17:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
1999-10-06 21:40 1,765,376 ------w C:\Documents and Settings\Mario Després\SETUPENU.DLL
1999-10-06 21:40 1,765,376 ------w C:\Documents and Settings\Mario Després\SETUPENU.DLL
1999-01-12 21:19 75,776 ----a-w C:\Program Files\messages.dll
1998-11-06 19:50 57,344 ----a-w C:\Program Files\Uninst.dll
1998-11-04 16:41 201,216 ----a-w C:\Program Files\a3dapi.dll
1997-10-09 20:54 30,720 ----a-w C:\Program Files\regsvr32.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BD44495-83E6-4D39-BFBC-1C9B39078CD9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8BD682E-F6B7-9412-B928-FA8A42F424C4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D93605C5-20FA-4C4E-AA01-765091CA42CF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"Eye On Network"="C:\Program Files\Eye On Network\Eye On Network.exe" [2003-09-13 13:47]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 23:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"=~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlackICE PC Protection.lnk]
backup=C:\WINDOWS\pss\BlackICE PC Protection.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Déma