Accumulation de virus ? :s

Shogi

4 Décembre 2008 20:35:34

J'ai réinstallé HJT ça marche parfait et j'ai l'erreur autoit maintenant :s
Line -1
Error : subscript used with non-Array variable

RSIT se ferme après cette erreur

| Alerter

Répondre à Shogi

Destrio5

4 Décembre 2008 20:43:08

Je ne connais pas cette erreur.

Je te ferai un script pour ComboFix.

| Alerter

Répondre à Destrio5

Shogi

4 Décembre 2008 20:51:23

D'accord, merci

| Alerter

Répondre à Shogi

Destrio5

4 Décembre 2008 21:58:08

Avant de te faire un script, refais un scan ComboFix et poste le rapport.

| Alerter

Répondre à Destrio5

Shogi

5 Décembre 2008 20:10:28

Bonjour, désolé du retard, je fais ça tout de suite

| Alerter

Répondre à Shogi

Destrio5

5 Décembre 2008 20:28:50

Il n'y a aucun problème

| Alerter

Répondre à Destrio5

Shogi

5 Décembre 2008 20:51:39

ComboFix 08-12-05.01 - nour 2008-12-05 21:11:11.3 - NTFSx86
Lancé depuis: c:\documents and settings\nour\Bureau\combafix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\nour\Application Data\urlredir.cfg

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-05 au 2008-12-05 ))))))))))))))))))))))))))))))))))))
.

2008-12-05 19:07 . 2008-12-05 19:20 <REP> d-------- c:\program files\DarKGunZ
2008-12-05 18:50 . 2008-12-05 18:50 <REP> d-------- c:\documents and settings\nour\Application Data\.bittorrent
2008-12-05 17:41 . 2008-12-05 17:41 <REP> d-------- c:\program files\AVG
2008-12-05 17:41 . 2008-12-05 17:41 <REP> d-------- c:\documents and settings\nour\Application Data\AVGTOOLBAR
2008-12-05 17:41 . 2008-12-05 17:42 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-04 21:43 . 2008-12-04 21:43 <REP> d-------- C:\MSNFix
2008-12-04 21:29 . 2008-12-04 21:29 <REP> d-------- C:\rsit
2008-12-04 21:03 . 2008-12-04 21:21 <REP> d-------- C:\Lop SD
2008-12-04 20:17 . 2008-12-04 20:48 <REP> d-------- C:\combat
2008-12-04 19:19 . 2008-12-04 20:08 <REP> d-------- C:\ToolBar SD
2008-12-04 17:59 . 2008-12-04 19:04 <REP> d-------- c:\program files\Navilog1
2008-12-04 17:48 . 2008-12-04 17:51 <REP> d-------- c:\program files\UsbFix
2008-12-04 16:58 . 2008-12-04 20:17 <REP> d-------- C:\ComboFix
2008-12-04 11:49 . 2008-12-04 11:49 <REP> d-------- c:\windows\ERUNT
2008-12-04 11:37 . 2008-12-04 11:45 <REP> d-------- c:\documents and settings\nour\Application Data\Tibia
2008-12-04 11:36 . 2008-12-04 11:36 <REP> d-------- c:\program files\Tibia
2008-12-03 21:11 . 2008-12-03 21:12 <REP> d-------- c:\documents and settings\nour\amsn
2008-12-03 21:10 . 2008-12-03 21:10 <REP> d-------- c:\program files\aMSN
2008-12-03 15:11 . 2008-12-03 15:11 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-03 15:11 . 2008-12-03 15:11 <REP> d-------- c:\documents and settings\nour\Application Data\Malwarebytes
2008-12-03 15:11 . 2008-12-03 15:11 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-03 15:11 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 15:11 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-03 14:54 . 2008-12-03 14:54 <REP> d-------- c:\documents and settings\nour\backups_old1
2008-12-03 14:54 . 2008-12-03 14:54 <REP> d-------- c:\documents and settings\nour\backups_old
2008-12-03 14:54 . 2008-12-03 14:54 <REP> d-------- c:\documents and settings\nour\backups
2008-12-03 14:53 . 2008-12-03 14:53 <REP> d-------- c:\documents and settings\nour\backups_old2
2008-12-03 14:52 . 2008-12-03 14:52 <REP> d-------- c:\documents and settings\nour\backups_old3
2008-12-03 14:51 . 2008-12-03 14:51 <REP> d-------- c:\documents and settings\nour\backups_old4
2008-12-03 14:51 . 2008-12-03 14:51 <REP> d-------- c:\documents and settings\nour\backupreg
2008-12-03 14:00 . 2008-11-06 02:03 <REP> d-------- C:\SDFix
2008-12-03 12:44 . 2008-12-03 12:44 <REP> d-------- c:\program files\Trend Micro
2008-12-02 19:41 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-12-02 19:40 . 2008-12-02 19:40 <REP> d-------- c:\program files\Panda Security
2008-12-02 17:03 . 2008-12-02 17:03 1,181,696 --a------ c:\windows\system32\Paris Hilton 1.scr
2008-12-02 17:03 . 2008-12-02 17:03 18,432 --a------ c:\windows\ss3unstl.exe
2008-11-29 19:22 . 2008-12-02 16:30 <REP> d-------- c:\program files\Metin2_France
2008-11-29 14:49 . 2008-06-20 14:33 32,256 --a------ c:\windows\system32\alading.dll
2008-11-28 20:27 . 2008-11-28 20:27 <REP> d-------- c:\program files\Xvid
2008-11-28 20:27 . 2008-04-27 10:33 765,952 --a------ c:\windows\system32\xvidcore.dll
2008-11-28 20:27 . 2008-04-27 10:35 180,224 --a------ c:\windows\system32\xvidvfw.dll
2008-11-28 20:26 . 2008-11-28 20:26 <REP> d-------- c:\program files\ZD Soft
2008-11-28 17:26 . 2008-11-28 17:26 677,376 --a------ c:\windows\system32\nsc1C5.dll
2008-11-27 21:48 . 2008-12-01 15:42 <REP> d-------- c:\documents and settings\nour\Incomplete
2008-11-27 21:47 . 2008-11-27 21:47 <REP> d-------- c:\program files\LimeWire
2008-11-27 21:47 . 2008-12-01 17:59 <REP> d-------- c:\documents and settings\nour\Application Data\LimeWire
2008-11-27 21:39 . 2008-11-27 21:39 <REP> d-------- c:\documents and settings\nour\Application Data\Creative
2008-11-27 21:38 . 2008-11-27 21:38 <REP> d-------- c:\documents and settings\nour\Application Data\Publish Providers
2008-11-27 21:37 . 2008-11-27 21:37 <REP> d-------- c:\documents and settings\nour\Application Data\Sony
2008-11-26 20:04 . 2008-11-26 20:04 <REP> d-------- c:\program files\Zattoo
2008-11-18 17:19 . 2008-11-25 10:49 <REP> d-------- C:\Endless Dream
2008-11-17 19:59 . 2008-11-17 19:59 96,093 --a------ c:\windows\system32\kfzgqmbmonflcl.dll-uninst.exe
2008-11-12 17:02 . 2008-11-28 21:43 <REP> d-------- c:\program files\Wakfu
2008-11-09 18:20 . 2008-11-09 18:20 <REP> d-------- c:\documents and settings\nour\Application Data\DivX
2008-11-08 14:14 . 2008-11-08 14:14 <REP> d-------- c:\documents and settings\nour\Application Data\DMV Technologies
2008-11-08 13:59 . 2008-11-08 13:59 <REP> d-------- c:\windows\MaxTV
2008-11-08 13:59 . 2008-11-08 13:59 <REP> d-------- c:\program files\DMV
2008-11-05 17:19 . 2008-11-05 17:19 <REP> d-------- c:\program files\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 16:47 --------- d-----w c:\documents and settings\nour\Application Data\DMCache
2008-12-04 21:05 --------- d-----w c:\program files\Pack Securite
2008-12-04 16:06 1,037,312 ----a-w c:\windows\explorer.exe
2008-12-04 10:51 1,068,690 ----a-w C:\Blizzard Updater.exe
2008-11-29 13:49 --------- d-----w c:\program files\alaplaya
2008-11-29 13:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-28 20:18 53,966 ----a-w c:\windows\system32\cont_dcads-remove.exe
2008-11-28 18:38 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-27 20:07 --------- d-----w c:\program files\CamStudio
2008-11-27 18:13 --------- d-----w c:\program files\lx_cats
2008-11-24 16:12 6,748 ----a-w c:\documents and settings\nour\Application Data\wklnhst.dat
2008-11-23 18:17 --------- d-----w c:\program files\Dofus
2008-11-20 15:25 --------- d-----w c:\program files\GPotato
2008-11-18 13:13 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-12 17:30 --------- d-----w c:\program files\Ruff-Rose
2008-11-12 17:28 --------- d-----w c:\program files\LRose
2008-11-12 17:26 --------- d-----w c:\program files\Outspark
2008-11-12 17:15 25,600 ----a-w c:\windows\system32\wcdrtc32.dll
2008-11-12 17:10 --------- d-----w c:\program files\America's Army
2008-11-12 16:34 --------- d-----w c:\program files\Speed Rose Onlinea
2008-11-12 16:33 --------- d-----w c:\program files\Valhalla-Destiny
2008-11-12 16:33 --------- d-----w c:\program files\LegendGunZ V1.2
2008-11-12 16:33 --------- d-----w c:\program files\Kantaris
2008-11-03 18:44 --------- d-----w c:\program files\DriftCity
2008-11-03 18:41 --------- d--h--w c:\documents and settings\nour\Application Data\ijjigame
2008-11-03 18:39 --------- d-----w c:\documents and settings\All Users\Application Data\IJJIGame
2008-11-03 17:12 --------- d-----w c:\documents and settings\nour\Application Data\.purple
2008-11-02 18:02 --------- d-----w c:\program files\iTunes
2008-11-02 18:02 --------- d-----w c:\program files\iPod
2008-11-02 18:02 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-02 18:01 --------- d-----w c:\documents and settings\nour\Application Data\Apple Computer
2008-11-02 18:00 --------- d-----w c:\program files\QuickTime
2008-11-02 18:00 --------- d-----w c:\program files\Bonjour
2008-11-02 17:59 --------- d-----w c:\program files\Fichiers communs\Apple
2008-11-02 17:57 --------- d-----w c:\program files\Apple Software Update
2008-11-02 17:56 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-11-01 18:51 --------- d-----w c:\documents and settings\nour\Application Data\vlc
2008-11-01 11:41 --------- d-----w c:\documents and settings\nour\Application Data\IDM
2008-10-30 18:00 --------- d-----w c:\documents and settings\Shogi\Application Data\mIRC
2008-10-30 17:39 --------- d-----w c:\program files\mIRC
2008-10-30 17:06 --------- d-----w c:\documents and settings\Shogi\Application Data\DMCache
2008-10-30 13:58 --------- d-----w c:\documents and settings\All Users\Application Data\fssg
2008-10-30 12:18 --------- d-----w c:\program files\VS Revo Group
2008-10-28 13:44 --------- d-----w c:\documents and settings\All Users\Application Data\F-Secure
2008-10-27 16:35 --------- d-----w c:\program files\SFR
2008-10-27 16:35 --------- d-----w c:\program files\neuf telecom
2008-10-27 16:19 --------- d-----w c:\program files\Fichiers communs\Eltima Shared
2008-10-27 16:19 --------- d-----w c:\program files\Eltima Software
2008-10-27 16:19 --------- d-----w c:\documents and settings\Shogi\Application Data\Eltima Software
2008-10-26 18:17 --------- d-----w c:\program files\Fichiers communs\DVDVideoSoft
2008-10-26 14:50 --------- d-----w c:\program files\FlyForFuture
2008-10-22 14:29 --------- d-----w c:\program files\Windows Live
2008-10-22 14:28 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-10-22 14:26 --------- d-----w c:\program files\Microsoft
2008-10-22 14:19 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-10-22 14:13 --------- d-----w c:\documents and settings\Shogi\Application Data\.purple
2008-10-20 13:32 --------- d-----w c:\documents and settings\Shogi\Application Data\vlc
2008-10-20 12:38 401,510 ----a-w c:\windows\system32\xpcom_core.dll
2008-10-18 15:03 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-18 10:50 --------- d-----w c:\program files\Neuf
2008-10-18 10:27 --------- d-----w c:\program files\adslTV
2008-10-16 20:05 20,480 ----a-w c:\windows\system32\plc4.dll
2008-10-16 20:05 198,144 ----a-w c:\windows\system32\nspr4.dll
2008-10-16 20:05 17,920 ----a-w c:\windows\system32\xpcom.dll
2008-10-16 20:05 17,408 ----a-w c:\windows\system32\plds4.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 10:53 --------- d-----w c:\documents and settings\Shogi\Application Data\Yahoo!
2008-10-11 17:52 990 ----a-w c:\documents and settings\Shogi\Application Data\wklnhst.dat
2008-10-11 17:41 --------- d-----w c:\documents and settings\Shogi\Application Data\gtk-2.0
2008-10-11 15:46 --------- d-----w c:\program files\GAMENAO
2008-10-11 12:08 --------- d--h--w c:\documents and settings\Shogi\Application Data\ijjigame
2008-10-10 17:10 --------- d-----w c:\program files\Flyff
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-08 22:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
2008-09-05 14:04 288,768 ----a-w c:\windows\WLXPGSS.SCR
2008-06-19 10:24 107,880 ----a-w c:\documents and settings\SAYAH NOUR\Application Data\GDIPFONTCACHEV1.DAT
2008-06-12 14:25 107,880 ----a-w c:\documents and settings\nour\Application Data\GDIPFONTCACHEV1.DAT
2008-05-02 13:53 36,976 ----a-w c:\documents and settings\SAYAH NOUR\Application Data\wklnhst.dat
2008-04-01 18:58 2,000 ----a-w c:\documents and settings\Administrateur\Application Data\wklnhst.dat
2008-02-28 17:32 22,328 ----a-w c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys
2007-12-22 16:46 22,328 ----a-w c:\documents and settings\Shogi\Application Data\PnkBstrK.sys
2007-12-03 11:53 108,304 ----a-w c:\documents and settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2007-12-02 17:24 22,328 ----a-w c:\documents and settings\SAYAH NOUR\Application Data\PnkBstrK.sys
2006-02-25 19:12 251 ----a-w c:\program files\wt3d.ini
2004-12-17 22:44 1,221,312 ----a-w c:\documents and settings\Nouveau dossier (2)\Installer.exe
2001-03-28 10:02 122,880 ----a-w c:\windows\inf\Agfa\message.exe
2005-11-30 07:58 610,816 ----a-w c:\program files\mozilla firefox\plugins\MannequinPlayer.dll
2007-01-13 16:10 10,240 --sha-w c:\windows\rnapxs\rnapxs.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-04_17.18.58.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-19 23:10:02 107,520 ----a-w c:\windows\system32\rundll32.exe
+ 2004-08-19 23:10:02 33,792 ----a-w c:\windows\system32\rundll32.exe
+ 2008-12-05 20:01:30 16,384 ----atw c:\windows\temp\Perflib_Perfdata_d5c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db8ba7b4-4b66-41f8-5722-e5d875944fd8}]
2008-11-28 17:26 677376 --a------ c:\windows\system32\nsc1C5.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-02-20 2667952]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-08 3582976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-02-23 3026944]
"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 106496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 495616]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 359208]
"nwiz"="nwiz.exe" [2004-02-23 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2005-01-27 263776]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2004-06-30 95344]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 287864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"StartMS"="c:\program files\Creative\Shared Files\Media Sniffer\StartMS.EXE" [2003-03-26 57344]
"CMSRegOW.exe"="c:\program files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 57344]
"SRUUninstall"="c:\windows\system32\msiexec.exe" [2005-05-04 78848]
"SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 c:\windows\MIDIDEF.EXE]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"MSACM.VOXACM118"= vdk32118.acm
"MSACM.NSX83"= nsx83p32.acm
"MSACM.NSPAC"= NSPAC32.ACM
"msacm.divxa32"= DivXa32.acm
"VIDC.SP54"= SP5X_32.DLL
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 359208 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-02-27 08:25 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2007-01-29 12:07 3718312 c:\program files\TomTom HOME\TomTomHOME.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Slayers Online\\slayersonline.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"c:\\Program Files\\softnyx\\Rakion\\Bin\\Rakion.bin"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Pack Securite\\backweb\\361343\\Program\\fspex.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Documents and Settings\\SAYAH NOUR\\Bureau\\Public Release\\LegacyGamersFullClientUpdateV4.6Update2\\LegacyGamers.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\ijji\\ENGLISH\\u_skid.exe"=
"c:\\Program Files\\DriftCity\\DriftCity.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"c:\\Program Files\\Trinity Entertainment\\Trinity GunZ\\Trinity.exe"=
"c:\\Program Files\\Zattoo\\Zattoo2.exe"=
"c:\\ijji\\ENGLISH\\u_sf.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\alaplaya\\S4League\\S4Client.exe"=
"c:\\Documents and Settings\\Shogi\\Bureau\\Tales_Runner_Client_us080814\\trgame.exe"=
"c:\\Program Files\\Softnyx\\Rakion-bdrs\\Bin\\rakion.bin"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"=
"c:\\Flyff\\Neuz.exe"=
"c:\\WINDOWS\\BricoPacks\\Vista Inspirat 2\\UberIcon\\UberIcon Manager.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\Steam.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\lxctPSWX.EXE"=
"c:\\WINDOWS\\BricoPacks\\Vista Inspirat 2\\RocketDock\\RocketDock.exe"=
"c:\\lunia\\LuniaClient.exe"=
"c:\\WINDOWS\\BricoPacks\\Vista Inspirat 2\\YzShadow\\YzShadow.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= c:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe
"c:\\Program Files\\CCleaner\\ccleaner.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\BricoPacks\\Vista Inspirat 2\\TransBar\\TransBar.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\nDoors\\Atlantica\\Atlantica.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Internet Download Manager\\IEMonitor.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\Program Files\\DMV\\MaxTV4\\core\\maxtv_xul.exe"=
"c:\\Program Files\\Microsoft Works\\WkDStore.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\DMV\\MaxTV4\\maxtv.exe"=
"c:\\Documents and Settings\\nour\\Bureau\\msgr9fr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\alaplaya\\launcher\\AlaplayaLauncher.exe"=
"c:\\Documents and Settings\\nour\\Mes documents\\Downloads\\Programs\\wowclient-downloader.exe"=
"c:\\Program Files\\Tibia\\Tibia.exe"=
"c:\\WINDOWS\\VFIND.exe"=
"c:\\DOCUME~1\\nour\\LOCALS~1\\Temp\\gaobyn.exe"=
"c:\\DOCUME~1\\nour\\LOCALS~1\\Temp\\winddajqo.exe"=
"c:\\DOCUME~1\\nour\\LOCALS~1\\Temp\\fsqd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9149:TCP"= 9149:TCP:BitComet 9149 TCP
"9149:UDP"= 9149:UDP:BitComet 9149 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"6901:TCP"= 6901:TCP:ro1
"6122:TCP"= 6122:TCP:ro2
"5122:TCP"= 5122:TCP:ro3
"5000:UDP"= 5000:UDP

w
"5010:UDP"= 5010:UDP

w2
"19998:TCP"= 19998:TCP

w3
"21000:TCP"= 21000:TCP

w4
"23404:TCP"= 23404:TCP:BitComet 23404 TCP
"23404:UDP"= 23404:UDP:BitComet 23404 UDP
"21925:TCP"= 21925:TCP:*

isabled:SolidNetworkManager
"21925:UDP"= 21925:UDP:*

isabled:SolidNetworkManager
"58292:TCP"= 58292:TCP

ando P2P TCP Listening Port
"58292:UDP"= 58292:UDP

ando P2P UDP Listening Port
.
Contenu du dossier 'Tâches planifiées'

2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-21 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\PACKSE~1\ANTI-V~1\fsav.exe []

2008-12-05 c:\windows\Tasks\Windows Update.job
- c:\windows\system32\wupdmgr.exe [2004-02-11 22:01]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: &Bloquer cette fenêtre publicitaire - c:\program files\Pack Securite\Anti-Spyware\blockpopups.htm
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Shogi\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Shogi\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk -
Handler: alaplaya - {60E6FD61-FA26-4706-BF07-C55B3A49E66C} - c:\windows\system32\alading.dll

c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_b...
c:\windows\Downloaded Program Files\SysReqLab3.osd

O16 -: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader3.ocx
O16 -: {92E7E45A-D8C8-480E-AF99-176E43997CAA}
hxxp://www.3suissesphotos.fr/Components/Upload/ImageUploader3....
c:\windows\Downloaded Program Files\ImageUploader3.inf

c:\windows\system32\comctl32.ocx - c:\windows\system32\msvbvm60.dll
c:\windows\system32\OLEAUT32.DLL
c:\windows\system32\OLEPRO32.DLL
c:\windows\system32\ASYCFILT.DLL
c:\windows\system32\STDOLE2.TLB
c:\windows\system32\COMCAT.DLL
c:\windows\system32\IVBExtractImageLib.tlb
c:\windows\system32\dbgwproc.dll
c:\windows\system32\ISHF_Ex.tlb
c:\windows\system32\JPegsize.dll
c:\windows\Downloaded Program Files\MCLPhoto.ocx
O16 -: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5}
hxxp://auchan.fujifilmnet.com/MCLPhoto.CAB
c:\windows\Downloaded Program Files\MCLPhoto.INF

c:\windows\system32\msvcp60.dll - c:\windows\system32\atl.dll
c:\windows\Downloaded Program Files\AdVerifierADP.dll
c:\windows\Downloaded Program Files\AdSignerADP.dll
O16 -: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF}
hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
c:\windows\Downloaded Program Files\AdSignerADP.inf

c:\windows\Downloaded Program Files\iaplayer.dll - O16 -: {DB7BF79A-FC51-4B5A-92BC-A65731174380}
hxxp://www.instantaction.com/download/iaplayer.cab
c:\windows\Downloaded Program Files\cab.inf

O16 -: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
FireFox -: Profile - c:\documents and settings\nour\Application Data\Mozilla\Firefox\Profiles\o2t1tnz1.default\
FF -: plugin - c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdrmv2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npGraalPlugin.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava11.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava12.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava131_18.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava32.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npoji600.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npredoute.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npssn.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\np32dsw.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npaudio.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npavi32.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npbeatnk.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npcosmop.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npdrmv2.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npdsplay.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\NPJava11.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\NPJava12.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\NPJava131_18.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\NPJava32.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\nplau32.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npnul32.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\nppdf32.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\nppl3260.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin2.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin3.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin4.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin5.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin6.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin7.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\NPSVGVw.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\NPSWF32.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npwmsdrm.dll
FF -: plugin - c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Virtools\3D Life Player\npvirtools.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
FF -: plugin - c:\windows\system32\SolidStateNetworks\SolidStateION\npssn.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 21:17:44
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-12-05 21:45:56
ComboFix-quarantined-files.txt 2008-12-05 20:45:54
ComboFix2.txt 2008-12-04 19:48:38
ComboFix3.txt 2008-12-04 16:30:43

Avant-CF: 34 927 783 936 octets libres
Après-CF: 34,921,521,152 octets libres

481 --- E O F --- 2008-10-28 22:09:43

C'était long ..

30mn
J'y vais, j'ai une interro de 2 heures demain

Je serai là vers 12h-13h
bonne nuit et merci

| Alerter

Répondre à Shogi

Destrio5

5 Décembre 2008 20:55:52

Ok, à demain alors.

c:\documents and settings\nour\

Ce sont des documents à toi dedans ?

Si la réponse est non, peux-tu me dire ce qu'il y a à l'intérieur ?

| Alerter

Répondre à Destrio5

Shogi

6 Décembre 2008 13:01:38

oui ce sont mes docs ^^

| Alerter

Répondre à Shogi

Destrio5

6 Décembre 2008 13:12:02

/!\ Seul Shogi peut suivre cette procédure /!\

Désactive toute protection résidente (Antivirus...) !

---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

KillAll::

File::
c:\windows\system32\Paris Hilton 1.scr
c:\windows\ss3unstl.exe
c:\windows\system32\kfzgqmbmonflcl.dll-uninst.exe
c:\windows\system32\wcdrtc32.dll
c:\windows\system32\nsc1C5.dll

Folder::
C:\DOCUME~1\ALLUSE~1\APPLIC~1\data blue open mail

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db8ba7b4-4b66-41f8-5722-e5d875944fd8}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000

DirLook::
c:\windows\rnapxs

FileLook::
c:\windows\system32\cont_dcads-remove.exe
c:\program files\wt3d.ini
c:\windows\rnapxs\rnapxs.dat

---> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer.
- Quitte le Bloc-notes.

---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :

Cela va relancer Combofix : au message qui apparaît (Type 1 to continue, or 2 to abort), tape 1 puis valide.

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.

Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

| Alerter

Répondre à Destrio5

Shogi

6 Décembre 2008 13:45:34

ComboFix 08-12-05.06 - nour 2008-12-06 14:16:06.4 - NTFSx86
Lancé depuis: c:\documents and settings\nour\Bureau\combofax.exe
Commutateurs utilisés :: c:\documents and settings\nour\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\ss3unstl.exe
c:\windows\system32\kfzgqmbmonflcl.dll-uninst.exe
c:\windows\system32\nsc1C5.dll
c:\windows\system32\Paris Hilton 1.scr
c:\windows\system32\wcdrtc32.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ALLUSE~1\APPLIC~1\data blue open mail
c:\docume~1\ALLUSE~1\APPLIC~1\data blue open mail\BiasDentAxis
c:\docume~1\ALLUSE~1\APPLIC~1\data blue open mail\Cornantemove
c:\docume~1\ALLUSE~1\APPLIC~1\data blue open mail\Skip Axis Soft
c:\documents and settings\nour\Application Data\urlredir.cfg
c:\windows\ss3unstl.exe
c:\windows\system32\kfzgqmbmonflcl.dll-uninst.exe
c:\windows\system32\nsc1C5.dll
c:\windows\system32\Paris Hilton 1.scr
c:\windows\system32\wcdrtc32.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-06 au 2008-12-06 ))))))))))))))))))))))))))))))))))))
.

2008-12-05 19:07 . 2008-12-05 19:20 <REP> d-------- c:\program files\DarKGunZ
2008-12-05 18:50 . 2008-12-05 18:50 <REP> d-------- c:\documents and settings\nour\Application Data\.bittorrent
2008-12-05 17:41 . 2008-12-05 17:41 <REP> d-------- c:\program files\AVG
2008-12-05 17:41 . 2008-12-05 17:41 <REP> d-------- c:\documents and settings\nour\Application Data\AVGTOOLBAR
2008-12-05 17:41 . 2008-12-05 17:42 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-04 21:43 . 2008-12-04 21:43 <REP> d-------- C:\MSNFix
2008-12-04 21:29 . 2008-12-04 21:29 <REP> d-------- C:\rsit
2008-12-04 21:03 . 2008-12-04 21:21 <REP> d-------- C:\Lop SD
2008-12-04 20:17 . 2008-12-04 20:48 <REP> d-------- C:\combat
2008-12-04 19:19 . 2008-12-04 20:08 <REP> d-------- C:\ToolBar SD
2008-12-04 17:59 . 2008-12-04 19:04 <REP> d-------- c:\program files\Navilog1
2008-12-04 17:48 . 2008-12-04 17:51 <REP> d-------- c:\program files\UsbFix
2008-12-04 16:58 . 2008-12-04 20:17 <REP> d-------- C:\ComboFix
2008-12-04 11:49 . 2008-12-04 11:49 <REP> d-------- c:\windows\ERUNT
2008-12-04 11:37 . 2008-12-04 11:45 <REP> d-------- c:\documents and settings\nour\Application Data\Tibia
2008-12-04 11:36 . 2008-12-04 11:36 <REP> d-------- c:\program files\Tibia
2008-12-03 21:11 . 2008-12-03 21:12 <REP> d-------- c:\documents and settings\nour\amsn
2008-12-03 21:10 . 2008-12-03 21:10 <REP> d-------- c:\program files\aMSN
2008-12-03 15:11 . 2008-12-03 15:11 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-03 15:11 . 2008-12-03 15:11 <REP> d-------- c:\documents and settings\nour\Application Data\Malwarebytes
2008-12-03 15:11 . 2008-12-03 15:11 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-03 15:11 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 15:11 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-03 14:54 . 2008-12-03 14:54 <REP> d-------- c:\documents and settings\nour\backups_old1
2008-12-03 14:54 . 2008-12-03 14:54 <REP> d-------- c:\documents and settings\nour\backups_old
2008-12-03 14:54 . 2008-12-03 14:54 <REP> d-------- c:\documents and settings\nour\backups
2008-12-03 14:53 . 2008-12-03 14:53 <REP> d-------- c:\documents and settings\nour\backups_old2
2008-12-03 14:52 . 2008-12-03 14:52 <REP> d-------- c:\documents and settings\nour\backups_old3
2008-12-03 14:51 . 2008-12-03 14:51 <REP> d-------- c:\documents and settings\nour\backups_old4
2008-12-03 14:51 . 2008-12-03 14:51 <REP> d-------- c:\documents and settings\nour\backupreg
2008-12-03 14:00 . 2008-11-06 02:03 <REP> d-------- C:\SDFix
2008-12-03 12:44 . 2008-12-03 12:44 <REP> d-------- c:\program files\Trend Micro
2008-12-02 19:41 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-12-02 19:40 . 2008-12-02 19:40 <REP> d-------- c:\program files\Panda Security
2008-11-29 19:22 . 2008-12-02 16:30 <REP> d-------- c:\program files\Metin2_France
2008-11-29 14:49 . 2008-06-20 14:33 32,256 --a------ c:\windows\system32\alading.dll
2008-11-28 20:27 . 2008-11-28 20:27 <REP> d-------- c:\program files\Xvid
2008-11-28 20:27 . 2008-04-27 10:33 765,952 --a------ c:\windows\system32\xvidcore.dll
2008-11-28 20:27 . 2008-04-27 10:35 180,224 --a------ c:\windows\system32\xvidvfw.dll
2008-11-28 20:26 . 2008-11-28 20:26 <REP> d-------- c:\program files\ZD Soft
2008-11-27 21:48 . 2008-12-01 15:42 <REP> d-------- c:\documents and settings\nour\Incomplete
2008-11-27 21:47 . 2008-11-27 21:47 <REP> d-------- c:\program files\LimeWire
2008-11-27 21:47 . 2008-12-01 17:59 <REP> d-------- c:\documents and settings\nour\Application Data\LimeWire
2008-11-27 21:39 . 2008-11-27 21:39 <REP> d-------- c:\documents and settings\nour\Application Data\Creative
2008-11-27 21:38 . 2008-11-27 21:38 <REP> d-------- c:\documents and settings\nour\Application Data\Publish Providers
2008-11-27 21:37 . 2008-11-27 21:37 <REP> d-------- c:\documents and settings\nour\Application Data\Sony
2008-11-26 20:04 . 2008-11-26 20:04 <REP> d-------- c:\program files\Zattoo
2008-11-18 17:19 . 2008-11-25 10:49 <REP> d-------- C:\Endless Dream
2008-11-12 17:02 . 2008-11-28 21:43 <REP> d-------- c:\program files\Wakfu
2008-11-09 18:20 . 2008-11-09 18:20 <REP> d-------- c:\documents and settings\nour\Application Data\DivX
2008-11-08 14:14 . 2008-11-08 14:14 <REP> d-------- c:\documents and settings\nour\Application Data\DMV Technologies
2008-11-08 13:59 . 2008-11-08 13:59 <REP> d-------- c:\windows\MaxTV
2008-11-08 13:59 . 2008-11-08 13:59 <REP> d-------- c:\program files\DMV

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 13:23 --------- d-----w c:\documents and settings\nour\Application Data\DMCache
2008-12-06 11:48 --------- d-----w c:\documents and settings\All Users\Application Data\fssg
2008-12-04 21:05 --------- d-----w c:\program files\Pack Securite
2008-12-04 16:06 1,037,312 ----a-w c:\windows\explorer.exe
2008-12-04 10:51 1,068,690 ----a-w C:\Blizzard Updater.exe
2008-11-29 13:49 --------- d-----w c:\program files\alaplaya
2008-11-29 13:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-28 18:38 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-27 20:07 --------- d-----w c:\program files\CamStudio
2008-11-27 18:13 --------- d-----w c:\program files\lx_cats
2008-11-24 16:12 6,748 ----a-w c:\documents and settings\nour\Application Data\wklnhst.dat
2008-11-23 18:17 --------- d-----w c:\program files\Dofus
2008-11-20 15:25 --------- d-----w c:\program files\GPotato
2008-11-18 13:13 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-12 17:30 --------- d-----w c:\program files\Ruff-Rose
2008-11-12 17:28 --------- d-----w c:\program files\LRose
2008-11-12 17:26 --------- d-----w c:\program files\Outspark
2008-11-12 17:10 --------- d-----w c:\program files\America's Army
2008-11-12 16:34 --------- d-----w c:\program files\Speed Rose Onlinea
2008-11-12 16:33 --------- d-----w c:\program files\Valhalla-Destiny
2008-11-12 16:33 --------- d-----w c:\program files\LegendGunZ V1.2
2008-11-12 16:33 --------- d-----w c:\program files\Kantaris
2008-11-05 16:19 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-03 18:44 --------- d-----w c:\program files\DriftCity
2008-11-03 18:41 --------- d--h--w c:\documents and settings\nour\Application Data\ijjigame
2008-11-03 18:39 --------- d-----w c:\documents and settings\All Users\Application Data\IJJIGame
2008-11-03 17:12 --------- d-----w c:\documents and settings\nour\Application Data\.purple
2008-11-02 18:02 --------- d-----w c:\program files\iTunes
2008-11-02 18:02 --------- d-----w c:\program files\iPod
2008-11-02 18:02 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-02 18:01 --------- d-----w c:\documents and settings\nour\Application Data\Apple Computer
2008-11-02 18:00 --------- d-----w c:\program files\QuickTime
2008-11-02 18:00 --------- d-----w c:\program files\Bonjour
2008-11-02 17:59 --------- d-----w c:\program files\Fichiers communs\Apple
2008-11-02 17:57 --------- d-----w c:\program files\Apple Software Update
2008-11-02 17:56 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-11-01 18:51 --------- d-----w c:\documents and settings\nour\Application Data\vlc
2008-11-01 11:41 --------- d-----w c:\documents and settings\nour\Application Data\IDM
2008-10-30 18:00 --------- d-----w c:\documents and settings\Shogi\Application Data\mIRC
2008-10-30 17:39 --------- d-----w c:\program files\mIRC
2008-10-30 17:06 --------- d-----w c:\documents and settings\Shogi\Application Data\DMCache
2008-10-30 12:18 --------- d-----w c:\program files\VS Revo Group
2008-10-28 13:44 --------- d-----w c:\documents and settings\All Users\Application Data\F-Secure
2008-10-27 16:35 --------- d-----w c:\program files\SFR
2008-10-27 16:35 --------- d-----w c:\program files\neuf telecom
2008-10-27 16:19 --------- d-----w c:\program files\Fichiers communs\Eltima Shared
2008-10-27 16:19 --------- d-----w c:\program files\Eltima Software
2008-10-27 16:19 --------- d-----w c:\documents and settings\Shogi\Application Data\Eltima Software
2008-10-26 18:17 --------- d-----w c:\program files\Fichiers communs\DVDVideoSoft
2008-10-26 14:50 --------- d-----w c:\program files\FlyForFuture
2008-10-22 14:29 --------- d-----w c:\program files\Windows Live
2008-10-22 14:28 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-10-22 14:26 --------- d-----w c:\program files\Microsoft
2008-10-22 14:19 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-10-22 14:13 --------- d-----w c:\documents and settings\Shogi\Application Data\.purple
2008-10-20 13:32 --------- d-----w c:\documents and settings\Shogi\Application Data\vlc
2008-10-18 15:03 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-18 10:50 --------- d-----w c:\program files\Neuf
2008-10-18 10:27 --------- d-----w c:\program files\adslTV
2008-10-15 10:53 --------- d-----w c:\documents and settings\Shogi\Application Data\Yahoo!
2008-10-11 17:52 990 ----a-w c:\documents and settings\Shogi\Application Data\wklnhst.dat
2008-10-11 17:41 --------- d-----w c:\documents and settings\Shogi\Application Data\gtk-2.0
2008-10-11 15:46 --------- d-----w c:\program files\GAMENAO
2008-10-11 12:08 --------- d--h--w c:\documents and settings\Shogi\Application Data\ijjigame
2008-10-10 17:10 --------- d-----w c:\program files\Flyff
2008-06-19 10:24 107,880 ----a-w c:\documents and settings\SAYAH NOUR\Application Data\GDIPFONTCACHEV1.DAT
2008-06-12 14:25 107,880 ----a-w c:\documents and settings\nour\Application Data\GDIPFONTCACHEV1.DAT
2008-05-02 13:53 36,976 ----a-w c:\documents and settings\SAYAH NOUR\Application Data\wklnhst.dat
2008-04-01 18:58 2,000 ----a-w c:\documents and settings\Administrateur\Application Data\wklnhst.dat
2008-02-28 17:32 22,328 ----a-w c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys
2007-12-22 16:46 22,328 ----a-w c:\documents and settings\Shogi\Application Data\PnkBstrK.sys
2007-12-03 11:53 108,304 ----a-w c:\documents and settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2007-12-02 17:24 22,328 ----a-w c:\documents and settings\SAYAH NOUR\Application Data\PnkBstrK.sys
2006-02-25 19:12 251 ----a-w c:\program files\wt3d.ini
2004-12-17 22:44 1,221,312 ----a-w c:\documents and settings\Nouveau dossier (2)\Installer.exe
2005-11-30 07:58 610,816 ----a-w c:\program files\mozilla firefox\plugins\MannequinPlayer.dll
2007-01-13 16:10 10,240 --sha-w c:\windows\rnapxs\rnapxs.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\wt3d.ini -- Invalid filepath or file no longer exist
MD5: 989566d38d32e38030e5bbd16ee18f4b

c:\windows\rnapxs\rnapxs.dat -- Invalid filepath or file no longer exist
MD5: fb1ea9ef23e7010d65ee3f320ac1b09e

c:\windows\system32\cont_dcads-remove.exe -- Invalid filepath or file no longer exist
MD5: bc4a840a18f11e3a32174b696fa961cb

---- Directory of c:\windows\rnapxs ----

2007-01-13 17:10 10240 --ahs---- c:\windows\rnapxs\rnapxs.dat

((((((((((((((((((((((((((((( snapshot@2008-12-04_17.18.58.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-19 23:10:02 107,520 ----a-w c:\windows\system32\rundll32.exe
+ 2004-08-19 23:10:02 33,792 ----a-w c:\windows\system32\rundll32.exe
+ 2008-12-06 13:24:25 16,384 ----atw c:\windows\temp\Perflib_Perfdata_d14.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-02-20 2667952]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-08 3582976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-02-23 3026944]
"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 106496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 495616]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 359208]
"nwiz"="nwiz.exe" [2004-02-23 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2005-01-27 263776]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2004-06-30 95344]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 287864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"StartMS"="c:\program files\Creative\Shared Files\Media Sniffer\StartMS.EXE" [2003-03-26 57344]
"CMSRegOW.exe"="c:\program files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 57344]
"SRUUninstall"="c:\windows\system32\msiexec.exe" [2005-05-04 78848]
"SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"MSACM.VOXACM118"= vdk32118.acm
"MSACM.NSX83"= nsx83p32.acm
"MSACM.NSPAC"= NSPAC32.ACM
"msacm.divxa32"= DivXa32.acm
"VIDC.SP54"= SP5X_32.DLL
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 359208 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-02-27 08:25 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2007-01-29 12:07 3718312 c:\program files\TomTom HOME\TomTomHOME.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Slayers Online\\slayersonline.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"c:\\Program Files\\softnyx\\Rakion\\Bin\\Rakion.bin"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Pack Securite\\backweb\\361343\\Program\\fspex.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Documents and Settings\\SAYAH NOUR\\Bureau\\Public Release\\LegacyGamersFullClientUpdateV4.6Update2\\LegacyGamers.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\ijji\\ENGLISH\\u_skid.exe"=
"c:\\Program Files\\DriftCity\\DriftCity.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"c:\\Program Files\\Trinity Entertainment\\Trinity GunZ\\Trinity.exe"=
"c:\\Program Files\\Zattoo\\Zattoo2.exe"=
"c:\\ijji\\ENGLISH\\u_sf.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\alaplaya\\S4League\\S4Client.exe"=
"c:\\Documents and Settings\\Shogi\\Bureau\\Tales_Runner_Client_us080814\\trgame.exe"=
"c:\\Program Files\\Softnyx\\Rakion-bdrs\\Bin\\rakion.bin"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"=
"c:\\Flyff\\Neuz.exe"=
"c:\\WINDOWS\\BricoPacks\\Vista Inspirat 2\\UberIcon\\UberIcon Manager.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\Steam.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\lxctPSWX.EXE"=
"c:\\WINDOWS\\BricoPacks\\Vista Inspirat 2\\RocketDock\\RocketDock.exe"=
"c:\\lunia\\LuniaClient.exe"=
"c:\\WINDOWS\\BricoPacks\\Vista Inspirat 2\\YzShadow\\YzShadow.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= c:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe
"c:\\Program Files\\CCleaner\\ccleaner.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\BricoPacks\\Vista Inspirat 2\\TransBar\\TransBar.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\nDoors\\Atlantica\\Atlantica.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Internet Download Manager\\IEMonitor.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\Program Files\\DMV\\MaxTV4\\core\\maxtv_xul.exe"=
"c:\\Program Files\\Microsoft Works\\WkDStore.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\DMV\\MaxTV4\\maxtv.exe"=
"c:\\Documents and Settings\\nour\\Bureau\\msgr9fr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\alaplaya\\launcher\\AlaplayaLauncher.exe"=
"c:\\Documents and Settings\\nour\\Mes documents\\Downloads\\Programs\\wowclient-downloader.exe"=
"c:\\Program Files\\Tibia\\Tibia.exe"=
"c:\\WINDOWS\\VFIND.exe"=
"c:\\WINDOWS\\system32\\CF7483.exe"=
"c:\\combofax\\nircmd.com"=
"c:\\DOCUME~1\\nour\\LOCALS~1\\Temp\\winnkfdde.exe"=
"c:\\DOCUME~1\\nour\\LOCALS~1\\Temp\\bsfoe.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9149:TCP"= 9149:TCP:BitComet 9149 TCP
"9149:UDP"= 9149:UDP:BitComet 9149 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"6901:TCP"= 6901:TCP:ro1
"6122:TCP"= 6122:TCP:ro2
"5122:TCP"= 5122:TCP:ro3
"5000:UDP"= 5000:UDP

w
"5010:UDP"= 5010:UDP

w2
"19998:TCP"= 19998:TCP

w3
"21000:TCP"= 21000:TCP

w4
"23404:TCP"= 23404:TCP:BitComet 23404 TCP
"23404:UDP"= 23404:UDP:BitComet 23404 UDP
"21925:TCP"= 21925:TCP:*

isabled:SolidNetworkManager
"21925:UDP"= 21925:UDP:*

isabled:SolidNetworkManager
"58292:TCP"= 58292:TCP

ando P2P TCP Listening Port
"58292:UDP"= 58292:UDP

ando P2P UDP Listening Port

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a683e6ea-62b9-11dc-aa89-5050506f4531}]
\ShElL\AUtOpLay\CoMmanD - G:\fowgy.pif
\ShElL\AutoRun\command - G:\fowgy.pif
\ShElL\exPLorE\commAnd - G:\fowgy.pif
\ShElL\open\COmmaNd - G:\fowgy.pif

*Newly Created Service* - FSIHS
.
Contenu du dossier 'Tâches planifiées'

2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-21 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\PACKSE~1\ANTI-V~1\fsav.exe []

2008-12-06 c:\windows\Tasks\Windows Update.job
- c:\windows\system32\wupdmgr.exe [2004-02-11 22:01]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: &Bloquer cette fenêtre publicitaire - c:\program files\Pack Securite\Anti-Spyware\blockpopups.htm
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Shogi\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Shogi\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk -
Handler: alaplaya - {60E6FD61-FA26-4706-BF07-C55B3A49E66C} - c:\windows\system32\alading.dll

c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_b...
c:\windows\Downloaded Program Files\SysReqLab3.osd

O16 -: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader3.ocx
O16 -: {92E7E45A-D8C8-480E-AF99-176E43997CAA}
hxxp://www.3suissesphotos.fr/Components/Upload/ImageUploader3....
c:\windows\Downloaded Program Files\ImageUploader3.inf

c:\windows\system32\comctl32.ocx - c:\windows\system32\msvbvm60.dll
c:\windows\system32\OLEAUT32.DLL
c:\windows\system32\OLEPRO32.DLL
c:\windows\system32\ASYCFILT.DLL
c:\windows\system32\STDOLE2.TLB
c:\windows\system32\COMCAT.DLL
c:\windows\system32\IVBExtractImageLib.tlb
c:\windows\system32\dbgwproc.dll
c:\windows\system32\ISHF_Ex.tlb
c:\windows\system32\JPegsize.dll
c:\windows\Downloaded Program Files\MCLPhoto.ocx
O16 -: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5}
hxxp://auchan.fujifilmnet.com/MCLPhoto.CAB
c:\windows\Downloaded Program Files\MCLPhoto.INF

c:\windows\system32\msvcp60.dll - c:\windows\system32\atl.dll
c:\windows\Downloaded Program Files\AdVerifierADP.dll
c:\windows\Downloaded Program Files\AdSignerADP.dll
O16 -: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF}
hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
c:\windows\Downloaded Program Files\AdSignerADP.inf

c:\windows\Downloaded Program Files\iaplayer.dll - O16 -: {DB7BF79A-FC51-4B5A-92BC-A65731174380}
hxxp://www.instantaction.com/download/iaplayer.cab
c:\windows\Downloaded Program Files\cab.inf

O16 -: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
FireFox -: Profile - c:\documents and settings\nour\Application Data\Mozilla\Firefox\Profiles\o2t1tnz1.default\
FF -: plugin - c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdrmv2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npGraalPlugin.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava11.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava12.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava131_18.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava32.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npoji600.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npredoute.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npssn.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\np32dsw.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npaudio.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npavi32.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npbeatnk.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npcosmop.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npdrmv2.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npdsplay.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\NPJava11.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\NPJava12.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\NPJava131_18.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\NPJava32.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\nplau32.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npnul32.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\nppdf32.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\nppl3260.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin2.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin3.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin4.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin5.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin6.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin7.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\NPSVGVw.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\NPSWF32.dll
FF -: plugin - c:\program files\Netscape\Communicator\Program\Plugins\npwmsdrm.dll
FF -: plugin - c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Virtools\3D Life Player\npvirtools.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
FF -: plugin - c:\windows\system32\SolidStateNetworks\SolidStateION\npssn.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 14:23:28
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\CTSVCCDA.EXE
c:\windows\eHome\ehsched.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\lxctcoms.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\docume~1\nour\LOCALS~1\temp\winnkfdde.exe
c:\docume~1\nour\LOCALS~1\temp\bsfoe.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Heure de fin: 2008-12-06 14:44:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-06 13:44:39
ComboFix2.txt 2008-12-05 20:45:58
ComboFix3.txt 2008-12-04 19:48:38
ComboFix4.txt 2008-12-04 16:30:43

Avant-CF: 34 726 731 776 octets libres
Après-CF: 34,804,195,328 octets libres

513 --- E O F --- 2008-10-28 22:09:43

| Alerter

Répondre à Shogi

Destrio5

6 Décembre 2008 14:02:48

Réessaie la manip' avec SDFix.

| Alerter

Répondre à Destrio5

Accumulation de virus ? :s - Page 2

Tom's guide dans le monde