I just finish a scan with SDFix, and it found some trojan crap, here's the report:
SDFix: Version 1.161
Run by Alexandre on 2008-03-25 at 16:41
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\ALEXAN~1\Bureau\SDFix
Checking Services :
Name:
NtmlSvc
Path:
NtmlSvc - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\SYSTEM32\KQDUA.DLL - Deleted
C:\WINDOWS\SYSTEM32\NEB47A~1.XML - Deleted
C:\WINDOWS\SYSTEM32\NEWJZA~2.XML - Deleted
C:\WINDOWS\SYSTEM32\NEWJZA~3.XML - Deleted
C:\WINDOWS\SYSTEM32\NEWJZA~4.XML - Deleted
C:\WINDOWS\SYSTEM32\NEWJZA~2.XML - Deleted
C:\WINDOWS\SYSTEM32\NEWJZA~3.XML - Deleted
C:\WINDOWS\hosts - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-03-25 16:47:46
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Maple 7\\BIN.WNT\\mserver.exe"="C:\\Program Files\\Maple 7\\BIN.WNT\\mserver.exe:*:Enabled:mserver"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\DOCUME~1\ALEXAN~1\Bureau\SDFix\backups\backups. zip
Files with Hidden Attributes :
Fri 3 Mar 2006 80 ..SHR --- "C:\WINDOWS\system32\57E29F705C.dll"
Wed 15 Aug 2007 6,652 ..SH. --- "C:\WINDOWS\system32\dgjlm.tmp"
Wed 15 Aug 2007 6,486 ..SH. --- "C:\WINDOWS\system32\dgjlm.bak1"
Tue 24 Jul 2007 12,160 ..SH. --- "C:\WINDOWS\system32\ttvwa.tmp"
Sat 9 Sep 2006 243,712 A..H. --- "C:\Documents and Settings\Alexandre\Mes documents\Alex.bak"
Sat 9 Sep 2006 165,888 A..H. --- "C:\Documents and Settings\Alexandre\Mes documents\Nicole Fournier.bak"
Wed 13 Apr 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 28 Dec 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Wed 28 Dec 2005 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Wed 28 Dec 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v3ks.bla.bak"
Wed 24 Jul 2002 42,948 A..H. --- "C:\Documents and Settings\Alexandre\Alexandre\Bureau\JOJ_War3.exe"
Wed 24 Jul 2002 57,864 A..H. --- "C:\Documents and Settings\Alexandre\Alexandre\Bureau\JOJ_WorldEdit. exe"
Sat 16 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 7 Oct 2005 22,528 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL0004.tmp"
Tue 3 Apr 2007 56,832 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL0005.tmp"
Sun 20 May 2007 77,824 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL0853.tmp"
Sun 20 May 2007 70,144 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL1251.tmp"
Sun 20 May 2007 79,360 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL1635.tmp"
Sun 20 May 2007 81,920 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL1674.tmp"
Thu 2 Feb 2006 244,736 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL2040.tmp"
Sun 20 May 2007 73,216 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL2879.tmp"
Tue 3 Apr 2007 57,856 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL2957.tmp"
Sat 15 Sep 2007 77,312 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL3369.tmp"
Fri 20 Jan 2006 15,616 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll"
Thu 19 Aug 2004 4,096 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll"
Mon 26 Dec 2005 638,976 A..H. --- "C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.bak"
Finished!
But, the Internet doesn't seem to be correct, it's maybe a little bit faster, but still slow. (After 10 min waiting for the "Post Quick Reply"... I reboot in safe mode and Did A Real QUICK reply).
Sorry, it really piss me off.