Dokiato

#1: Je suis désoler auccun fichier ne correspond à se nom #2,3: Je suis encore plus désoler ... ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Error: could not create zip file. Error code: 0 Error: could not create reboot file. Error code: 0 Error: could not create reboot batch. Error code: 0 Et oui j'ai de la misère avec avast/adawar et plein d'autres anti virus :S mais bon il y a des details qu'il faudrait p-t que je t'en parle en privée

Ok , en passant si j'ai dis brb à 6heures c parce que je pencais ne pas pouvoirs revenir avant 6 heures se soir mais j'ai trouver une échapatoir . Daccord j'attend

En passant depuis que j'ai effectuer les 4 étapes de hier je n'ai plus de sound :'( quelqun peux m'aider pour se prob aussi ? ? ?

Salut

En passant,je n'ai pas pu fair la 1ere étape parce que je n'ai pas trouver le fichier,j'ai essayer start/search ,mais rien du tout . Et aussi j'ai eu de la difficulté avec certain fichier avec le scan de AVG ,en particulier avec les dossiers de sdfix.

Combofix: "Scan" - 2007-05-14 11:39:13 Service Pack 2 ComboFix 07-05.09.V - Running from: "F:\User\Gab\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-14 )))))))))))))))))))))))))))))))))) 2007-05-14 00:12 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-05-13 10:30 <DIR> d-------- C:\Servicefilter 2007-05-13 10:19 853 --a------ C:\reboot.cmd 2007-05-13 10:19 68,096 --a------ C:\diff.exe 2007-05-13 10:19 103,424 --a------ C:\grep.exe 2007-05-13 10:03 1,080 --a------ C:\phqqysic.bat 2007-05-13 10:02 60,416 --a------ C:\WINDOWS\system32\drivers\mqxmfvki.sys 2007-05-13 09:44 8,599 --a------ C:\WINDOWS\system32\ckl009.dat 2007-05-12 16:19 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-11 21:24 5,600 --a------ C:\avexport.bat 2007-05-11 21:24 336 --a------ C:\reboot.bat 2007-05-11 21:24 19,814 --a------ C:\reboot.exe 2007-05-11 21:24 126,976 --a------ C:\zip.exe 2007-05-11 21:24 <DIR> d-------- C:\Avenger 2007-05-11 20:11 <DIR> d-------- C:\VundoFix Backups 2007-04-28 17:49 <DIR> d-------- C:\DOCUME~1\Scan\Contacts 2007-04-28 17:48 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE 2007-04-21 10:48 <DIR> d--hs---- C:\FOUND.035 2007-04-18 17:13 <DIR> d--hs---- C:\FOUND.034 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-14 15:42:20 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000F-00001102-00000004-005A1102}.dat 2007-05-14 15:42:20 24 ----a-w C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000F-00001102-00000004-005A1102}.dat 2007-05-08 23:02:28 3,939 ----a-w C:\WINDOWS\mozver.dat 2007-03-18 01:15:30 -------- d-----w C:\DOCUME~1\Scan\APPLIC~1\Ventrilo 2007-02-07 21:12:52 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" "{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"="F:\Programe\BitComet\tools\BitCometBHO.dll" "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" "{9394EDE7-C8B5-483E-8773-474BF36AF6E4}"="C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll" "{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"="C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "UpdReg"="C:\\WINDOWS\\UpdReg.EXE" "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "WINDVDPatch"="CTHELPER.EXE" "Jet Detection"="\"C:\\Program Files\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe\"" "CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run" "Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe" "RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "AVG7_CC"="F:\\Programe\\avgcc.exe /STARTUP" "Uaafn"="C:\\Program Files\\Jhigk\\Agyuq.exe" "nwiz"="nwiz.exe /install" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Steam"="" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup] "CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="F:\\Programe\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] "Generic Host Process"="C:\\WINDOWS\\system32\\camacttiv.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0nwprovau\ Security Packages kerberosmsv1_0schannelwdigest\ Notification Packages scecli\ [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService DnsCache\ rpcss RpcSs\ imgsvc StiSvc\ termsvcs TermService\ HTTPFilter HTTPFilter\ DcomLaunch DcomLaunchTermService\ HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L] Shell\AutoRun\command L:\autorun.exe Shell\directx\command L:\DirectX9\dxsetup.exe Shell\setup\command L:\setup.exe Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-14 11:45:26 Windows 5.1.2600 Service Pack 2 FAT scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????>?????w???w????????\???\???????????U??w???w\???\???????0?a??????C@?\???\??????s????\??????s\????=??A??s?=???C@?x???`|?w\?????@ Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?D?tecteur de disque? ?A???????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A???????B???@?????P?????@?@??????????w??????????@???????????????????B?????????????????????????????????r?B scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-14 11:45:55 - machine was rebooted C:\ComboFix2.txt ... 2007-05-12 16:19 C:\ComboFix-quarantined-files.txt ... 2007-05-14 11:45 Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 11:37:34, on 2007-05-14 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Diskeeper\DkService.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\ShareDLL\MediaDet.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE F:\Programe\Hijackthis\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.hotmail.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Programe\BitComet\tools\BitCometBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] F:\Programe\avgcc.exe /STARTUP O4 - HKLM\..\Run: [uaafn] C:\Program Files\Jhigk\Agyuq.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Download all links using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://F:\Programe\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - F:\Programe\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - F:\Programe\avgupsvc.exe (file missing) O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - F:\Programe\avgemc.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Common Files\SC Test Branding 1 Shared\Service\SCTestService1.exe --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 11:32:49 2007-05-14 + Résultat de l'analyse: C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall6_38.exe.vir -> Adware.NewDotNet : Nettoyé et sauvegardé (mise en quarantaine). C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall7_48.exe.vir -> Adware.NewDotNet : Nettoyé et sauvegardé (mise en quarantaine). F:\Programe\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\hkiujrkb.exe.bad -> Adware.Searchcolor : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\ylkjvxav.exe.bad -> Adware.Searchcolor : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\dycigcpx.exe -> Adware.Searchcolor : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\qcmfgqeo.exe -> Adware.Searchcolor : Nettoyé et sauvegardé (mise en quarantaine). HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : Nettoyé et sauvegardé (mise en quarantaine). HKLM\SOFTWARE\Classes\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473} -> Adware.SysProtect : Nettoyé et sauvegardé (mise en quarantaine). HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Nettoyé et sauvegardé (mise en quarantaine). C:\QooBox\Quarantine\C\WINDOWS\system32\baqanpxs.dll.vir -> Adware.Winfixer : Nettoyé et sauvegardé (mise en quarantaine). C:\QooBox\Quarantine\C\WINDOWS\system32\cpqwptnb.dll.vir -> Adware.Winfixer : Nettoyé et sauvegardé (mise en quarantaine). C:\QooBox\Quarantine\C\WINDOWS\system32\dorvjtgi.dll.vir -> Adware.Winfixer : Nettoyé et sauvegardé (mise en quarantaine). C:\QooBox\Quarantine\C\WINDOWS\system32\irjemvhh.dll.vir -> Adware.Winfixer : Nettoyé et sauvegardé (mise en quarantaine). C:\QooBox\Quarantine\C\WINDOWS\system32\svtxbjec.dll.vir -> Adware.Winfixer : Nettoyé et sauvegardé (mise en quarantaine). C:\Avenger\5ZI4VzBqtz.ini -> Backdoor.Ciadoor.13 : Nettoyé et sauvegardé (mise en quarantaine). C:\Avenger\camacttiv.exe -> Backdoor.Ciadoor.13 : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\Scan\Desktop\sdfix\SDFix\backups\backups.zip/backups/wsock32.sys -> Backdoor.Ciadoor.13 : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\wsock32.sys -> Backdoor.Ciadoor.13 : Nettoyé et sauvegardé (mise en quarantaine). C:\QooBox\Quarantine\C\WINDOWS\system32\maxd641.exe.vir -> Dialer.GBDialer.i : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\Scan\Local Settings\Application Data\hrcopul.dll -> Downloader.Busky : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\nweipeg.dll.bad -> Downloader.Busky : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\hrcopul.dll -> Downloader.Busky.az : Nettoyé et sauvegardé (mise en quarantaine). C:\Avenger\USYP_0001_N76M1005NetInstaller.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine). C:\Avenger\USYP_0001_N76M2004NetInstaller.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine). C:\QooBox\Quarantine\C\WINDOWS\system32\kernels1118.exe.vir -> Downloader.Small.dgk : Nettoyé et sauvegardé (mise en quarantaine). C:\QooBox\Quarantine\C\WINDOWS\system32\dqnxrtdq.dll.vir -> Logger.Agent.ps : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\brehddkr.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\cnksefse.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\fjcugnle.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\ftppyfdu.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\gmjldhlo.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\jjvcbsup.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\jmsatpae.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\ndwtrutu.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\tvicyfgi.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\uecswfvu.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\xtxbdoxk.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\ycsahxoi.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\yfcbdkjo.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\yjwhafgy.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine). C:\FOUND.017\FILE0003.CHK -> Not-A-Virus.Downloader.Win32.WinFixer.b : Nettoyé et sauvegardé (mise en quarantaine). C:\FOUND.017\FILE0004.CHK -> Not-A-Virus.Downloader.Win32.WinFixer.b : Nettoyé et sauvegardé (mise en quarantaine). C:\Avenger\UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\bhtffxlh.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\pbcsvntf.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\whastyes.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\wiwcgiow.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\bbhvwqqc.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\bmnhjddd.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\bwpyvkhw.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\eieskwbp.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\fbqprvil.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\hwhmidji.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\jxtvkcfr.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\npcykfnq.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\rkydrsea.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\whnojvpo.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine). :mozilla.82:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.83:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.84:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.85:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.86:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.87:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.88:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.118:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.298:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.43:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.44:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.45:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.46:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.47:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.48:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.49:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.50:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.51:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.52:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.53:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.211:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.212:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.191:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Adserver : Nettoyé. :mozilla.228:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.229:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.274:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.275:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.40:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé. :mozilla.81:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.22:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Bridgetrack : Nettoyé. :mozilla.23:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Bridgetrack : Nettoyé. :mozilla.24:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Bridgetrack : Nettoyé. :mozilla.193:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé. :mozilla.194:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé. :mozilla.133:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.173:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Com : Nettoyé. :mozilla.34:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.284:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Estat : Nettoyé. :mozilla.19:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.20:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.21:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.18:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Findwhat : Nettoyé. :mozilla.65:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.145:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.147:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.165:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.168:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.297:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.64:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Hitslink : Nettoyé. :mozilla.296:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.234:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Information : Nettoyé. :mozilla.35:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé. :mozilla.184:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé. :mozilla.185:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé. :mozilla.202:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé. :mozilla.203:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé. :mozilla.10:C:\FOUND.017\FILE0001.CHK -> TrackingCookie.Reliablestats : Nettoyé. :mozilla.11:C:\FOUND.017\FILE0001.CHK -> TrackingCookie.Reliablestats : Nettoyé. :mozilla.7:C:\FOUND.017\FILE0001.CHK -> TrackingCookie.Reliablestats : Nettoyé. :mozilla.8:C:\FOUND.017\FILE0001.CHK -> TrackingCookie.Reliablestats : Nettoyé. :mozilla.9:C:\FOUND.017\FILE0001.CHK -> TrackingCookie.Reliablestats : Nettoyé. :mozilla.233:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé. :mozilla.170:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.175:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.195:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.196:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.197:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.198:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.199:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.136:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Skype : Nettoyé. :mozilla.137:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Skype : Nettoyé. :mozilla.277:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.164:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé. :mozilla.166:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé. :mozilla.167:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé. :mozilla.217:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé. :mozilla.218:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé. :mozilla.219:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé. :mozilla.220:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé. :mozilla.224:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé. :mozilla.225:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé. :mozilla.226:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé. :mozilla.157:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.158:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.299:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé. :mozilla.209:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.210:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\WINDOWS\system32\out.dll -> Trojan.Agent.adl : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\lxfwlaay.exe -> Trojan.Agent.ny : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\tlwcuepc.exe -> Trojan.Agent.ny : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\awlgmhpv.dll.bad -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\yxaskoyr.dll.bad -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine). HKLM\SOFTWARE\Classes\CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C} -> Trojan.Ciadoor.m : Nettoyé et sauvegardé (mise en quarantaine). HKU\S-1-5-21-1417001333-706699826-1060284298-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E14DCE67-8FB7-4721-8149-179BAA4D792C} -> Trojan.Ciadoor.m : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\Scan\Desktop\sdfix\SDFix\backups\backups.zip/backups/msasvc.exe -> Trojan.Sinowal.bh : Nettoyé et sauvegardé (mise en quarantaine). C:\QooBox\Quarantine\C\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll.vir -> Trojan.Sinowal.bh : Nettoyé et sauvegardé (mise en quarantaine). C:\QooBox\Quarantine\C\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll.vir -> Trojan.Sinowal.br : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\futhtwnh.exe.bad -> Trojan.Small.ju : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\leuphjgk.exe.bad -> Trojan.Small.ju : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\ntpraaxp.exe.bad -> Trojan.Small.ju : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\rimgygab.exe.bad -> Trojan.Small.ju : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\xhimjrts.exe.bad -> Trojan.Small.ju : Nettoyé et sauvegardé (mise en quarantaine). Fin du rapport

Charles , je devrais être present à 18heurs.

The script did not recognize the services listed below. This does not mean that they are a problem. To copy the entire contents of this document for posting: At the top of this window click "Edit" then "Select All" Next click "Edit" again then "Copy" Now right click in the forum post box then click "Paste" ######################################## ServiceFilter 1.1 by rand1038 Microsoft Windows XP Professional Version: 5.1.2600 Service Pack 2 mai 13, 2007 10:31:54 ===> Begin Service Listing <=== Unknown Service #1 Service Name: Avg7Alrt Display Name: AVG7 Alert Manager Server Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: f:\programe\avgamsvr.exe State: Stopped Process ID: 0 Started: False Exit Code: 0 Accept Pause: False Accept Stop: False Unknown Service #2 Service Name: Avg7UpdSvc Display Name: AVG7 Update Service Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: f:\programe\avgupsvc.exe State: Stopped Process ID: 0 Started: False Exit Code: 0 Accept Pause: False Accept Stop: False Unknown Service # 3 Service Name: AVGEMS Display Name: AVG E-mail Scanner Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: f:\programe\avgemc.exe State: Stopped Process ID: 0 Started: False Exit Code: 0 Accept Pause: False Accept Stop: False Unknown Service #4 Service Name: Diskeeper Display Name: Diskeeper Start Mode: Auto Start Name: LocalSystem Description: Controls the Windows Diskeeper ... Service Type: Own Process Path: c:\program files\diskeeper\dkservice.exe State: Running Process ID: 1940 Started: True Exit Code: 0 Accept Pause: False Accept Stop: True Unknown Service # 5 Service Name: IDriverT Display Name: InstallDriver Table Manager Start Mode: Manual Start Name: LocalSystem Description: Provides support for the Running Object Table for InstallShield ... Service Type: Own Process Path: "c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe" State: Stopped Process ID: 0 Started: False Exit Code: 1077 Accept Pause: False Accept Stop: False Unknown Service # 6 Service Name: NBService Display Name: NBService Start Mode: Manual Start Name: LocalSystem Description: Nero BackItUp Service is responsible to control all jobs created using Nero BackItUp. These jobs ... Service Type: Own Process Path: c:\program files\nero\nero 7\nero backitup\nbservice.exe State: Stopped Process ID: 0 Started: False Exit Code: 1077 Accept Pause: False Accept Stop: False Unknown Service #7 Service Name: Nla Display Name: Network Location Awareness (NLA) Start Mode: Boot Start Name: LocalSystem Description: Collects and stores network configuration and location information, and notifies applications when ... Service Type: Share Process Path: \systemroot\c:\windows\system32\svchost.exe -k netsvcs State: Running Process ID: 1008 Started: True Exit Code: 0 Accept Pause: False Accept Stop: True Unknown Service #8 Service Name: NVSvc Display Name: NVIDIA Display Driver Service Start Mode: Boot Start Name: LocalSystem Description: Provides system and desktop level support to the NVIDIA display ... Service Type: Own Process Path: \systemroot\c:\windows\system32\nvsvc32.exe State: Stopped Process ID: 0 Started: False Exit Code: 1077 Accept Pause: False Accept Stop: False Unknown Service # 9 Service Name: NWCWorkstation Display Name: Client Service for NetWare Start Mode: Auto Start Name: LocalSystem Description: Provides access to file and print resources on NetWare ... Service Type: Share Process Path: c:\windows\system32\svchost.exe -k netsvcs State: Running Process ID: 1008 Started: True Exit Code: 0 Accept Pause: False Accept Stop: True Unknown Service # 10 Service Name: SC Test Branding Service 1 Display Name: SC Test Branding Service 1 Start Mode: Manual Start Name: LocalSystem Description: License Service features ... Service Type: Own Process Path: "c:\program files\common files\sc test branding 1 shared\service\sctestservice1.exe" State: Stopped Process ID: 0 Started: False Exit Code: 1077 Accept Pause: False Accept Stop: False Unknown Service #11 Service Name: SENS Display Name: System Event Notification Start Mode: Boot Start Name: LocalSystem Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System ... Service Type: Share Process Path: \systemroot\c:\windows\system32\svchost.exe -k netsvcs State: Running Process ID: 1008 Started: True Exit Code: 0 Accept Pause: False Accept Stop: True Unknown Service #12 Service Name: SharedAccess Display Name: Windows Firewall/Internet Connection Sharing (ICS) Start Mode: Boot Start Name: LocalSystem Description: Provides network address translation, addressing, name resolution and/or intrusion prevention ... Service Type: Share Process Path: \systemroot\c:\windows\system32\svchost.exe -k netsvcs State: Stopped Process ID: 0 Started: False Exit Code: 1077 Accept Pause: False Accept Stop: False Unknown Service #13 Service Name: SwPrv Display Name: MS Software Shadow Copy Provider Start Mode: Manual Start Name: LocalSystem Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this ... Service Type: Own Process Path: c:\windows\system32\dllhost.exe /processid:{d3929568-4e58-465d-b900-b66295f9b15f} State: Stopped Process ID: 0 Started: False Exit Code: 1077 Accept Pause: False Accept Stop: False Unknown Service # 14 Service Name: usnjsvc Display Name: Service Messenger Sharing Folders USN Journal Reader Start Mode: Manual Start Name: LocalSystem Description: Service installé par Messenger pour permettre les opérations de ... Service Type: Own Process Path: "c:\program files\msn messenger\usnsvc.exe" State: Stopped Process ID: 0 Started: False Exit Code: 1077 Accept Pause: False Accept Stop: False ---> End Service Listing <--- There are 96 Win32 services on this machine. 14 were unrecognized. Script Execution Time: 2,113281 seconds. Bon alors j'attend les prochaines instruction

HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h????? ?s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????>?????w???w?????? ??\???\???????????U??w???w\???\???????x?`??????C@?\???\??????s????\??????s\????= ??A??s?=???C@?x???`|?w\?????@ Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X????????????? ??????E?@?D?tecteur de disque? ?A???????B?e!@???@???@?? C?????E?@?????????@?B??? A????? ?A???????B???@?????P?????@?@??????????w??????????@???????????????????B??? ??????????????????????????????r?B scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Error: could not create zip file. Error code: 0 ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\kqsasykt ******************* Script file located at: \??\C:\WINDOWS\cejerrbc.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKLM\SYSTEM\CurrentControlSet\Services\PerfNetk not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\PerfNetk failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\PerfNetk Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\PerfOSt not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\PerfOSt failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\PerfOSt Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\pfcfProc not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pfcfProc failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\pfcfProc Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\poofcyAgent not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\poofcyAgent failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\poofcyAgent Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\Processorort not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Processorort failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\Processorort Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\PSchedtedStorage not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\PSchedtedStorage failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\PSchedtedStorage Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\ql108020 not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\ql108020 failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\ql108020 Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\ql12400 not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\ql12400 failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\ql12400 Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\RasManp not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\RasManp failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\RasManp Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\Rasptioe not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Rasptioe failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\Rasptioe Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\Rdbssi not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Rdbssi failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\Rdbssi Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\RDPDDD not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\RDPDDD failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\RDPDDD Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\redbookgr not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\redbookgr failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\redbookgr Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\RpcLocatorstry not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\RpcLocatorstry failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\RpcLocatorstry Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\RpcSscator not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\RpcSscator failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\RpcSscator Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\RSVPs not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\RSVPs failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\RSVPs Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\SCDEmuvr not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\SCDEmuvr failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\SCDEmuvr Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\sdcplhrt not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\sdcplhrt failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\sdcplhrt Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\SENSogon not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\SENSogon failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\SENSogon Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\Serialm not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Serialm failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\Serialm Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\SimbadWDetection not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\SimbadWDetection failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\SimbadWDetection Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\sisagp2 not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\sisagp2 failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\sisagp2 Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\Spoolerr not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Spoolerr failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\Spoolerr Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\sptdler not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\sptdler failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\sptdler Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\srtd not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\srtd failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\srtd Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\Srvervice not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Srvervice failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\Srvervice Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\stisvcV not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\stisvcV failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\stisvcV Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\SwPrvi not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\SwPrvi failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\SwPrvi Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\swwdv not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\swwdv failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\swwdv Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\sym_hix not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\sym_hix failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\sym_hix Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\TapiSrvog not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\TapiSrvog failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\TapiSrvog Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\Tcpiprv not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Tcpiprv failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\Tcpiprv Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\TDTCPE not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\TDTCPE failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\TDTCPE Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\Themesrvice not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Themesrvice failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\Themesrvice Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\TosIder not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\TosIder failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\TosIder Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\TSDDDs not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\TSDDDs failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\TSDDDs Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\UdfsD not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\UdfsD failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\UdfsD Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\UPSphost not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\UPSphost failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\UPSphost Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\USBSTORt not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\USBSTORt failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\USBSTORt Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\VgaSavev not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\VgaSavev failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\VgaSavev Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\ViaIdee not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\ViaIdee failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\ViaIdee Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\VSSSnap not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\VSSSnap failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\VSSSnap Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\W3SVCme not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\W3SVCme failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\W3SVCme Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\WDICAw not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\WDICAw failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\WDICAw Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\winmgmtnt not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\winmgmtnt failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\winmgmtnt Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSNP Service not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSNP Service failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSNP Service Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\WmimPmSN not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\WmimPmSN failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\WmimPmSN Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\WpdUsbrv not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\WpdUsbrv failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\WpdUsbrv Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\wscsvcL not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\wscsvcL failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\wscsvcL Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\WZCSVCrv not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\WZCSVCrv failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\WZCSVCrv Status: 0xc0000034 Registry key HKLM\SYSTEM\CurrentControlSet\Services\ad1i93ck4-255F-4F3F-9FE5-2C6DDD5F8333} not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\ad1i93ck4-255F-4F3F-9FE5-2C6DDD5F8333} failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\ad1i93ck4-255F-4F3F-9FE5-2C6DDD5F8333} Status: 0xc0000034 File C:\WINDOWS\tasks\AF62DA2791F94F9F.job deleted successfully. File C:\WINDOWS\system32\camacttiv.exe deleted successfully. File C:\WINDOWS\system32\del32.bat deleted successfully. File C:\WINDOWS\system32\ntflotau.ini2 deleted successfully. File C:\yuhijrhc.bat deleted successfully. Error: C:\FOUND.035 is a folder, not a file! Deletion of file C:\FOUND.035 failed! Could not process line: C:\FOUND.035 Status: 0xc00000ba Error: C:\FOUND.034 is a folder, not a file! Deletion of file C:\FOUND.034 failed! Could not process line: C:\FOUND.034 Status: 0xc00000ba File C:\WINDOWS\system32\drivers\ybqgbavg.sys deleted successfully. File C:\WINDOWS\system32\tstss.tmp deleted successfully. File C:\WINDOWS\system32\ntflotau.tmp deleted successfully. File C:\WINDOWS\Web\avjadrha.tmp deleted successfully. File C:\WINDOWS\Registration\vsrddv.tmp deleted successfully. File C:\WINDOWS\system32\desktop.exe not found! Deletion of file C:\WINDOWS\system32\desktop.exe failed! Could not process line: C:\WINDOWS\system32\desktop.exe Status: 0xc0000034 File C:\WINDOWS\Downloaded Program Files\USYP_0001_N76M2004NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\USYP_0001_N76M1005NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\UERSV_0001_N68M0602NetInstaller.exe deleted successfully. File C:\WINDOWS\System32\docqqpoq.ini deleted successfully. File C:\WINDOWS\System32\feiumdcv.ini deleted successfully. File C:\WINDOWS\System32\xgcmndql.ini deleted successfully. File C:\WINDOWS\System32\mcrh.tmp deleted successfully. File C:\WINDOWS\System32\spgnufsi.ini deleted successfully. File C:\WINDOWS\System32\yieblrdg.ini deleted successfully. File C:\WINDOWS\System32\kyvxraop.ini deleted successfully. File C:\WINDOWS\System32\qifexufw.ini deleted successfully. File C:\WINDOWS\System32\ilvulngr.ini deleted successfully. File C:\WINDOWS\System32\5ZI4VzBqtz.ini deleted successfully. File C:\WINDOWS\System32\sokiuecw.ini deleted successfully. File C:\WINDOWS\CSC�000001 not found! Deletion of file C:\WINDOWS\CSC�000001 failed! Could not process line: C:\WINDOWS\CSC�000001 Status: 0xc0000034 File C:\WINDOWS\CSC�000002 not found! Deletion of file C:\WINDOWS\CSC�000002 failed! Could not process line: C:\WINDOWS\CSC�000002 Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices|desktop not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices|desktop failed! Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices|Generic Host Process not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices|Generic Host Process failed! Status: 0xc0000034 Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Generic Host Process not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Generic Host Process failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Logfile of HijackThis v1.99.1 Scan saved at 10:29:29, on 2007-05-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Diskeeper\DkService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Creative\ShareDLL\CtNotify.exe F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\ShareDLL\MediaDet.exe F:\Programe\Firefox\firefox.exe F:\Programe\Hijackthis\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.hotmail.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F3 - REG:win.ini: load=C:\WINDOWS\system32\camacttiv.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Programe\BitComet\tools\BitCometBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] F:\Programe\avgcc.exe /STARTUP O4 - HKLM\..\Run: [avast!] F:\Programe\Avast\ashDisp.exe O4 - HKLM\..\Run: [desktop] C:\WINDOWS\system32\desktop.exe O4 - HKLM\..\Run: [uaafn] C:\Program Files\Jhigk\Agyuq.exe O4 - HKLM\..\Run: [Opgbqy] C:\Program Files\Yrheswr\Pzln.exe O4 - HKLM\..\Run: [Puibx] C:\Program Files\Fdfnh\Oabl.exe O4 - HKLM\..\Run: [btqoq] C:\Program Files\Iletgu\Cbokkfy.exe O4 - HKLM\..\Run: [Fvujhs] C:\Program Files\Klwzyp\Esrjerg.exe O4 - HKLM\..\Run: [Ftlamr] C:\Program Files\Lvbfft\Wxcgel.exe O4 - HKLM\..\Run: [Exovhigi] C:\Program Files\Ndsleo\Yxffhw.exe O4 - HKLM\..\Run: [Ylvssvrk] C:\Program Files\Zyapzod\Wxqq.exe O4 - HKLM\..\Run: [Hocyfdn] C:\Program Files\Ejiijb\Eeqefzy.exe O4 - HKLM\..\Run: [Prifpf] C:\Program Files\Qlmzjo\Isbvfnu.exe O4 - HKLM\..\Run: [Cgtulag] C:\Program Files\Stmeijs\Reti.exe O4 - HKLM\..\Run: [Ykvtxfn] C:\Program Files\Ygmnvft\Ogyn.exe O4 - HKLM\..\Run: [iwqarbfu] C:\Program Files\Ksus\Goyn.exe O4 - HKLM\..\Run: [bmatvzs] C:\Program Files\Hwdbrlv\Oqrjo.exe O4 - HKLM\..\Run: [Leosofks] C:\Program Files\Awhq\Bnnqu.exe O4 - HKLM\..\Run: [Qimjhgtf] C:\Program Files\Mrpcq\Agpuyu.exe O4 - HKLM\..\Run: [Vuvvn] C:\Program Files\Rtltq\Wccfoun.exe O4 - HKLM\..\Run: [Zisury] C:\Program Files\Tgtu\Qhhkjgu.exe O4 - HKLM\..\Run: [uyvva] C:\Program Files\Yixl\Ddcxu.exe O4 - HKLM\..\Run: [Jqiil] C:\Program Files\Cjcj\Qzglfnb.exe O4 - HKLM\..\Run: [Lyngyk] C:\Program Files\Uierojs\Lqcsb.exe O4 - HKLM\..\Run: [Xudmbyb] C:\Program Files\Gbbxki\Aainsw.exe O4 - HKLM\..\Run: [Kcpsirdb] C:\Program Files\Kdfvcv\Dnteas.exe O4 - HKLM\..\Run: [bnvuwgvx] C:\Program Files\Bnmdh\Szqnd.exe O4 - HKLM\..\Run: [biciu] C:\Program Files\Fprbh\Oudgup.exe O4 - HKLM\..\Run: [Zybwdgdo] C:\Program Files\Pptncg\Ngqm.exe O4 - HKLM\..\Run: [Lxptn] C:\Program Files\Arwlddx\Lrbt.exe O4 - HKLM\..\Run: [bosvr] C:\Program Files\Crvruyi\Kuzw.exe O4 - HKLM\..\Run: [Pjahxv] C:\Program Files\Gtaiule\Xfqw.exe O4 - HKLM\..\Run: [Dvrubhab] C:\Program Files\Lqwlmp\Yslqn.exe O4 - HKLM\..\Run: [Qxkxggf] c:\Program Files\Kdilgsr\Ysauw.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe O4 - HKLM\..\RunServices: [desktop] C:\WINDOWS\system32\desktop.exe O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe O4 - HKCU\..\Run: [AWMON] "F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Download all links using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://F:\Programe\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: fccyy - fccyy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - F:\Programe\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - F:\Programe\avgupsvc.exe (file missing) O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - F:\Programe\avgemc.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Common Files\SC Test Branding 1 Shared\Service\SCTestService1.exe

Tout ce que ca a fais quand j'ai fini de restarter c un message Windows cannot find 'C:/WINDOWS/System32/camacttiv.exe'.Make sure you typed the name correctly , and then try again to searsh for a file,click the start button,and then click searsch ... En passant chaque fois que je redémare mon pc il faut que je fasse REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 0 /f de nouveaux

Désoler ,nvm le dossier cétais loger sur l'autre disk dure >.<

StartupList report, 2007-05-12, 23:05:13 StartupList version: 1.52.2 Started from : F:\Programe\Hijackthis\VERSION TRADUITE ORIGINALE.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Diskeeper\DkService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Creative\ShareDLL\CtNotify.exe F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\Creative\ShareDLL\MediaDet.exe C:\WINDOWS\System32\svchost.exe F:\Programe\Firefox\firefox.exe F:\Programe\Hijackthis\VERSION TRADUITE ORIGINALE.EXE -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run UpdReg = C:\WINDOWS\UpdReg.EXE ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe REGSHAVE = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd WINDVDPatch = CTHELPER.EXE Jet Detection = "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices desktop = C:\WINDOWS\system32\desktop.exe Generic Host Process = C:\WINDOWS\system32\camacttiv.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Steam = AWMON = "F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe" ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load=C:\WINDOWS\system32\camacttiv.exe HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} BitComet ClickCapture - F:\Programe\BitComet\tools\BitCometBHO.dll - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (no name) - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -------------------------------------------------- Enumerating Task Scheduler jobs: AF62DA2791F94F9F.job AppleSoftwareUpdate.job -------------------------------------------------- Enumerating Download Program Files: [MSN Photo Upload Tool] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll CODEBASE = http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0 [shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 6 209 bytes Report generated in 0,030 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only ca c'est la cinquième étape

SDFix: Version 1.83 Run by Scan - 2007-05-12 - 22:53:36,95 Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOCUME~1\Scan\Desktop\sdfix\SDFix Safe Mode: Checking Services: Name: MsaSvc ImagePath: C:\WINDOWS\system32\msasvc.exe MsaSvc - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\WINDOWS\SYSTEM32\7FE0BM~1.HTM - Deleted C:\WINDOWS\system32\ckl009.dat - Deleted C:\WINDOWS\system32\msasvc.exe - Deleted C:\WINDOWS\system32\wsock32.sys - Deleted Removing Temp Files ADS Check: Checking if ADS is attached to system32 Folder C:\WINDOWS\system32 No streams found. Checking if ADS is attached to svchost.exe C:\WINDOWS\system32\svchost.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- Backups Folder: - C:\DOCUME~1\Scan\Desktop\sdfix\SDFix\backups\backups.zip SdFix raport: Checking For Files with Hidden Attributes: C:\WINDOWS\system32\camacttiv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Outlook Express\msimn.exe C:\WINDOWS\system32\tstss.tmp C:\WINDOWS\system32\ntflotau.tmp C:\WINDOWS\system32\config\SECURITY.tmp.LOG C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG C:\WINDOWS\system32\config\SYSTEM.tmp.LOG C:\WINDOWS\system32\config\DEFAULT.tmp.LOG C:\WINDOWS\system32\config\SAM.tmp.LOG C:\WINDOWS\Web\avjadrha.tmp C:\WINDOWS\Registration\vsrddv.tmp Finished HijackThis raport: Logfile of HijackThis v1.99.1 Scan saved at 22:59:49, on 2007-05-12 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Diskeeper\DkService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Creative\ShareDLL\CtNotify.exe F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\Creative\ShareDLL\MediaDet.exe C:\WINDOWS\System32\svchost.exe F:\Programe\Hijackthis\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.hotmail.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F3 - REG:win.ini: load=C:\WINDOWS\system32\camacttiv.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Programe\BitComet\tools\BitCometBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] F:\Programe\avgcc.exe /STARTUP O4 - HKLM\..\Run: [avast!] F:\Programe\Avast\ashDisp.exe O4 - HKLM\..\Run: [desktop] C:\WINDOWS\system32\desktop.exe O4 - HKLM\..\Run: [uaafn] C:\Program Files\Jhigk\Agyuq.exe O4 - HKLM\..\Run: [Opgbqy] C:\Program Files\Yrheswr\Pzln.exe O4 - HKLM\..\Run: [Puibx] C:\Program Files\Fdfnh\Oabl.exe O4 - HKLM\..\Run: [btqoq] C:\Program Files\Iletgu\Cbokkfy.exe O4 - HKLM\..\Run: [Fvujhs] C:\Program Files\Klwzyp\Esrjerg.exe O4 - HKLM\..\Run: [Ftlamr] C:\Program Files\Lvbfft\Wxcgel.exe O4 - HKLM\..\Run: [Exovhigi] C:\Program Files\Ndsleo\Yxffhw.exe O4 - HKLM\..\Run: [Ylvssvrk] C:\Program Files\Zyapzod\Wxqq.exe O4 - HKLM\..\Run: [Hocyfdn] C:\Program Files\Ejiijb\Eeqefzy.exe O4 - HKLM\..\Run: [Prifpf] C:\Program Files\Qlmzjo\Isbvfnu.exe O4 - HKLM\..\Run: [Cgtulag] C:\Program Files\Stmeijs\Reti.exe O4 - HKLM\..\Run: [Ykvtxfn] C:\Program Files\Ygmnvft\Ogyn.exe O4 - HKLM\..\Run: [iwqarbfu] C:\Program Files\Ksus\Goyn.exe O4 - HKLM\..\Run: [bmatvzs] C:\Program Files\Hwdbrlv\Oqrjo.exe O4 - HKLM\..\Run: [Leosofks] C:\Program Files\Awhq\Bnnqu.exe O4 - HKLM\..\Run: [Qimjhgtf] C:\Program Files\Mrpcq\Agpuyu.exe O4 - HKLM\..\Run: [Vuvvn] C:\Program Files\Rtltq\Wccfoun.exe O4 - HKLM\..\Run: [Zisury] C:\Program Files\Tgtu\Qhhkjgu.exe O4 - HKLM\..\Run: [uyvva] C:\Program Files\Yixl\Ddcxu.exe O4 - HKLM\..\Run: [Jqiil] C:\Program Files\Cjcj\Qzglfnb.exe O4 - HKLM\..\Run: [Lyngyk] C:\Program Files\Uierojs\Lqcsb.exe O4 - HKLM\..\Run: [Xudmbyb] C:\Program Files\Gbbxki\Aainsw.exe O4 - HKLM\..\Run: [Kcpsirdb] C:\Program Files\Kdfvcv\Dnteas.exe O4 - HKLM\..\Run: [bnvuwgvx] C:\Program Files\Bnmdh\Szqnd.exe O4 - HKLM\..\Run: [biciu] C:\Program Files\Fprbh\Oudgup.exe O4 - HKLM\..\Run: [Zybwdgdo] C:\Program Files\Pptncg\Ngqm.exe O4 - HKLM\..\Run: [Lxptn] C:\Program Files\Arwlddx\Lrbt.exe O4 - HKLM\..\Run: [bosvr] C:\Program Files\Crvruyi\Kuzw.exe O4 - HKLM\..\Run: [Pjahxv] C:\Program Files\Gtaiule\Xfqw.exe O4 - HKLM\..\Run: [Dvrubhab] C:\Program Files\Lqwlmp\Yslqn.exe O4 - HKLM\..\Run: [Qxkxggf] c:\Program Files\Kdilgsr\Ysauw.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe O4 - HKLM\..\RunServices: [desktop] C:\WINDOWS\system32\desktop.exe O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe O4 - HKCU\..\Run: [AWMON] "F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Download all links using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://F:\Programe\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: fccyy - fccyy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - F:\Programe\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - F:\Programe\avgupsvc.exe (file missing) O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - F:\Programe\avgemc.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Common Files\SC Test Branding 1 Shared\Service\SCTestService1.exe En passant mon Ad-Aware a trouver 40 events qui n'avaient jamais été la avant tk lol

-PS- je vien de reboot mon pc et ca a pris 30 min et ad-aware a trouver plein de tracking

Bon ... Je vais revenir plus tard , je ne peux pas dire d'heures précris désoler :S mais j'ai penser que tu aimerais peut-être avoir un autre raport hijackthis en même temps Logfile of HijackThis v1.99.1 Scan saved at 17:15:18, on 2007-05-12 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Diskeeper\DkService.exe C:\WINDOWS\system32\msasvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Creative\ShareDLL\MediaDet.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe F:\Programe\Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe F:\Programe\Hijackthis\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {248AEE7B-BA53-47C1-BC59-4520A9D7C9F3} - C:\WINDOWS\Web\ahrdajva.dll (file missing) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Programe\BitComet\tools\BitCometBHO.dll O2 - BHO: (no name) - {669F1F99-1244-4872-B690-DFC5CB4ADECb} - C:\WINDOWS\system32\hpwrrvuv.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: (no name) - {ADA2AEC6-C2A3-4C1E-833F-0BB49DDDBA85} - C:\WINDOWS\system32\hpwrrvuv.dll (file missing) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [uaafn] C:\Program Files\Jhigk\Agyuq.exe O4 - HKLM\..\Run: [Opgbqy] C:\Program Files\Yrheswr\Pzln.exe O4 - HKLM\..\Run: [Puibx] C:\Program Files\Fdfnh\Oabl.exe O4 - HKLM\..\Run: [btqoq] C:\Program Files\Iletgu\Cbokkfy.exe O4 - HKLM\..\Run: [Fvujhs] C:\Program Files\Klwzyp\Esrjerg.exe O4 - HKLM\..\Run: [Ftlamr] C:\Program Files\Lvbfft\Wxcgel.exe O4 - HKLM\..\Run: [Exovhigi] C:\Program Files\Ndsleo\Yxffhw.exe O4 - HKLM\..\Run: [Ylvssvrk] C:\Program Files\Zyapzod\Wxqq.exe O4 - HKLM\..\Run: [Hocyfdn] C:\Program Files\Ejiijb\Eeqefzy.exe O4 - HKLM\..\Run: [Prifpf] C:\Program Files\Qlmzjo\Isbvfnu.exe O4 - HKLM\..\Run: [Cgtulag] C:\Program Files\Stmeijs\Reti.exe O4 - HKLM\..\Run: [Ykvtxfn] C:\Program Files\Ygmnvft\Ogyn.exe O4 - HKLM\..\Run: [iwqarbfu] C:\Program Files\Ksus\Goyn.exe O4 - HKLM\..\Run: [bmatvzs] C:\Program Files\Hwdbrlv\Oqrjo.exe O4 - HKLM\..\Run: [Leosofks] C:\Program Files\Awhq\Bnnqu.exe O4 - HKLM\..\Run: [Qimjhgtf] C:\Program Files\Mrpcq\Agpuyu.exe O4 - HKLM\..\Run: [Vuvvn] C:\Program Files\Rtltq\Wccfoun.exe O4 - HKLM\..\Run: [Zisury] C:\Program Files\Tgtu\Qhhkjgu.exe O4 - HKLM\..\Run: [uyvva] C:\Program Files\Yixl\Ddcxu.exe O4 - HKLM\..\Run: [Jqiil] C:\Program Files\Cjcj\Qzglfnb.exe O4 - HKLM\..\Run: [Lyngyk] C:\Program Files\Uierojs\Lqcsb.exe O4 - HKLM\..\Run: [Xudmbyb] C:\Program Files\Gbbxki\Aainsw.exe O4 - HKLM\..\Run: [Kcpsirdb] C:\Program Files\Kdfvcv\Dnteas.exe O4 - HKLM\..\Run: [bnvuwgvx] C:\Program Files\Bnmdh\Szqnd.exe O4 - HKLM\..\Run: [biciu] C:\Program Files\Fprbh\Oudgup.exe O4 - HKLM\..\Run: [Zybwdgdo] C:\Program Files\Pptncg\Ngqm.exe O4 - HKLM\..\Run: [Lxptn] C:\Program Files\Arwlddx\Lrbt.exe O4 - HKLM\..\Run: [bosvr] C:\Program Files\Crvruyi\Kuzw.exe O4 - HKLM\..\Run: [Pjahxv] C:\Program Files\Gtaiule\Xfqw.exe O4 - HKLM\..\Run: [Dvrubhab] C:\Program Files\Lqwlmp\Yslqn.exe O4 - HKLM\..\Run: [Qxkxggf] c:\Program Files\Kdilgsr\Ysauw.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] F:\Programe\avgcc.exe /STARTUP O4 - HKLM\..\Run: [avast!] F:\Programe\Avast\ashDisp.exe O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe O4 - HKLM\..\RunServices: [desktop] C:\WINDOWS\system32\desktop.exe O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AWMON] "F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe" O8 - Extra context menu item: Download all links using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://F:\Programe\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {750A64D8-DFAA-485B-A335-F7093333FBB7} - (no file) (HKCU) O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: fccyy - fccyy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - F:\Programe\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - F:\Programe\avgupsvc.exe (file missing) O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - F:\Programe\avgemc.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Common Files\SC Test Branding 1 Shared\Service\SCTestService1.exe

En passant esque quelqun peux me dire quesque des fichiers [.bat]

"Scan" - 2007-05-12 16:15:38 Service Pack 2 ComboFix 07-05.09.V - Running from: "F:\User\Gab\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-12 )))))))))))))))))))))))))))))))))) 2007-05-11 21:24 96 --a------ C:\avexport.bat 2007-05-11 21:24 60,416 --a------ C:\WINDOWS\system32\drivers\ybqgbavg.sys 2007-05-11 21:24 336 --a------ C:\reboot.bat 2007-05-11 21:24 19,814 --a------ C:\reboot.exe 2007-05-11 21:24 126,976 --a------ C:\zip.exe 2007-05-11 21:24 1,080 --a------ C:\yuhijrhc.bat 2007-05-11 21:24 <DIR> d-------- C:\Avenger 2007-05-11 20:11 <DIR> d-------- C:\VundoFix Backups 2007-04-28 17:49 <DIR> d-------- C:\DOCUME~1\Scan\Contacts 2007-04-28 17:48 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE 2007-04-21 10:48 <DIR> d--hs---- C:\FOUND.035 2007-04-18 17:13 <DIR> d--hs---- C:\FOUND.034 2007-04-12 21:00 1,633,289 ---hs---- C:\WINDOWS\system32\ntflotau.ini2 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-12 20:11:02 163,328 ----a-w C:\WINDOWS\system32\wsock32.sys 2007-05-12 02:21:18 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000F-00001102-00000004-005A1102}.dat 2007-05-12 02:21:18 24 ----a-w C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000F-00001102-00000004-005A1102}.dat 2007-05-08 23:02:28 3,939 ----a-w C:\WINDOWS\mozver.dat 2007-04-14 20:08:22 184,521 --sh--r C:\WINDOWS\system32\camacttiv.exe 2007-03-18 01:15:30 -------- d-----w C:\DOCUME~1\Scan\APPLIC~1\Ventrilo 2007-03-13 15:46:52 1,536,041 ----a-w C:\WINDOWS\system32\ckl009.dat 2007-02-07 22:13:54 122 ----a-w C:\WINDOWS\system32\del32.bat 2007-02-07 21:12:52 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" "{248AEE7B-BA53-47C1-BC59-4520A9D7C9F3}"="C:\WINDOWS\Web\ahrdajva.dll" [x] "{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"="F:\Programe\BitComet\tools\BitCometBHO.dll" "{669F1F99-1244-4872-B690-DFC5CB4ADECb}"="C:\WINDOWS\system32\hpwrrvuv.dll" [x] "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" "{9394EDE7-C8B5-483E-8773-474BF36AF6E4}"="C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll" "{ADA2AEC6-C2A3-4C1E-833F-0BB49DDDBA85}"="C:\WINDOWS\system32\hpwrrvuv.dll" [x] "{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"="C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "UpdReg"="C:\\WINDOWS\\UpdReg.EXE" "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "WINDVDPatch"="CTHELPER.EXE" "Jet Detection"="\"C:\\Program Files\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe\"" "CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run" "Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe" "RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "Uaafn"="C:\\Program Files\\Jhigk\\Agyuq.exe" "Opgbqy"="C:\\Program Files\\Yrheswr\\Pzln.exe" "Puibx"="C:\\Program Files\\Fdfnh\\Oabl.exe" "Btqoq"="C:\\Program Files\\Iletgu\\Cbokkfy.exe" "Fvujhs"="C:\\Program Files\\Klwzyp\\Esrjerg.exe" "Ftlamr"="C:\\Program Files\\Lvbfft\\Wxcgel.exe" "Exovhigi"="C:\\Program Files\\Ndsleo\\Yxffhw.exe" "Ylvssvrk"="C:\\Program Files\\Zyapzod\\Wxqq.exe" "Hocyfdn"="C:\\Program Files\\Ejiijb\\Eeqefzy.exe" "Prifpf"="C:\\Program Files\\Qlmzjo\\Isbvfnu.exe" "Cgtulag"="C:\\Program Files\\Stmeijs\\Reti.exe" "Ykvtxfn"="C:\\Program Files\\Ygmnvft\\Ogyn.exe" "Iwqarbfu"="C:\\Program Files\\Ksus\\Goyn.exe" "Bmatvzs"="C:\\Program Files\\Hwdbrlv\\Oqrjo.exe" "Leosofks"="C:\\Program Files\\Awhq\\Bnnqu.exe" "Qimjhgtf"="C:\\Program Files\\Mrpcq\\Agpuyu.exe" "Vuvvn"="C:\\Program Files\\Rtltq\\Wccfoun.exe" "Zisury"="C:\\Program Files\\Tgtu\\Qhhkjgu.exe" "Uyvva"="C:\\Program Files\\Yixl\\Ddcxu.exe" "Jqiil"="C:\\Program Files\\Cjcj\\Qzglfnb.exe" "Lyngyk"="C:\\Program Files\\Uierojs\\Lqcsb.exe" "Xudmbyb"="C:\\Program Files\\Gbbxki\\Aainsw.exe" "Kcpsirdb"="C:\\Program Files\\Kdfvcv\\Dnteas.exe" "Bnvuwgvx"="C:\\Program Files\\Bnmdh\\Szqnd.exe" "Biciu"="C:\\Program Files\\Fprbh\\Oudgup.exe" "Zybwdgdo"="C:\\Program Files\\Pptncg\\Ngqm.exe" "Lxptn"="C:\\Program Files\\Arwlddx\\Lrbt.exe" "Bosvr"="C:\\Program Files\\Crvruyi\\Kuzw.exe" "Pjahxv"="C:\\Program Files\\Gtaiule\\Xfqw.exe" "Dvrubhab"="C:\\Program Files\\Lqwlmp\\Yslqn.exe" "Qxkxggf"="c:\\Program Files\\Kdilgsr\\Ysauw.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "AVG7_CC"="F:\\Programe\\avgcc.exe /STARTUP" "avast!"="F:\\Programe\\Avast\\ashDisp.exe" "Generic Host Process"="C:\\WINDOWS\\system32\\camacttiv.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Steam"="" "AWMON"="\"F:\\Programe\\Ad-Aware SE Professional\\Ad-Watch.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup] "CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "desktop"="C:\\WINDOWS\\system32\\desktop.exe" "Generic Host Process"="C:\\WINDOWS\\system32\\camacttiv.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="F:\\Programe\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] "Generic Host Process"="C:\\WINDOWS\\system32\\camacttiv.exe" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyy HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0nwprovau\ Security Packages kerberosmsv1_0schannelwdigest\ Notification Packages scecli\ [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService DnsCache\ rpcss RpcSs\ imgsvc StiSvc\ termsvcs TermService\ HTTPFilter HTTPFilter\ DcomLaunch DcomLaunchTermService\ HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L] Shell\AutoRun\command L:\autorun.exe Shell\directx\command L:\DirectX9\dxsetup.exe Shell\setup\command L:\setup.exe Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AF62DA2791F94F9F.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-12 16:19:13 Windows 5.1.2600 Service Pack 2 FAT scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????=?????w???w????????\???\???????????U??w???w\???\?????????`??????C@?\???\??????s????\??????s\????=??A??s?=???C@?x???`|?w\?????@ Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?D?tecteur de disque? ?A???????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?p?????B???@?????P?????@? ??????????w??????????@???????????????????B?????|???????????????????????????r?B scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-12 16:19:27 C:\ComboFix-quarantined-files.txt ... 2007-05-12 16"Scan" - 2007-05-12 16:15:38 Service Pack 2 ComboFix 07-05.09.V - Running from: "F:\User\Gab\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-12 )))))))))))))))))))))))))))))))))) 2007-05-11 21:24 96 --a------ C:\avexport.bat 2007-05-11 21:24 60,416 --a------ C:\WINDOWS\system32\drivers\ybqgbavg.sys 2007-05-11 21:24 336 --a------ C:\reboot.bat 2007-05-11 21:24 19,814 --a------ C:\reboot.exe 2007-05-11 21:24 126,976 --a------ C:\zip.exe 2007-05-11 21:24 1,080 --a------ C:\yuhijrhc.bat 2007-05-11 21:24 <DIR> d-------- C:\Avenger 2007-05-11 20:11 <DIR> d-------- C:\VundoFix Backups 2007-04-28 17:49 <DIR> d-------- C:\DOCUME~1\Scan\Contacts 2007-04-28 17:48 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE 2007-04-21 10:48 <DIR> d--hs---- C:\FOUND.035 2007-04-18 17:13 <DIR> d--hs---- C:\FOUND.034 2007-04-12 21:00 1,633,289 ---hs---- C:\WINDOWS\system32\ntflotau.ini2 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-12 20:11:02 163,328 ----a-w C:\WINDOWS\system32\wsock32.sys 2007-05-12 02:21:18 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000F-00001102-00000004-005A1102}.dat 2007-05-12 02:21:18 24 ----a-w C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000F-00001102-00000004-005A1102}.dat 2007-05-08 23:02:28 3,939 ----a-w C:\WINDOWS\mozver.dat 2007-04-14 20:08:22 184,521 --sh--r C:\WINDOWS\system32\camacttiv.exe 2007-03-18 01:15:30 -------- d-----w C:\DOCUME~1\Scan\APPLIC~1\Ventrilo 2007-03-13 15:46:52 1,536,041 ----a-w C:\WINDOWS\system32\ckl009.dat 2007-02-07 22:13:54 122 ----a-w C:\WINDOWS\system32\del32.bat 2007-02-07 21:12:52 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" "{248AEE7B-BA53-47C1-BC59-4520A9D7C9F3}"="C:\WINDOWS\Web\ahrdajva.dll" [x] "{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"="F:\Programe\BitComet\tools\BitCometBHO.dll" "{669F1F99-1244-4872-B690-DFC5CB4ADECb}"="C:\WINDOWS\system32\hpwrrvuv.dll" [x] "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" "{9394EDE7-C8B5-483E-8773-474BF36AF6E4}"="C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll" "{ADA2AEC6-C2A3-4C1E-833F-0BB49DDDBA85}"="C:\WINDOWS\system32\hpwrrvuv.dll" [x] "{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"="C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "UpdReg"="C:\\WINDOWS\\UpdReg.EXE" "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "WINDVDPatch"="CTHELPER.EXE" "Jet Detection"="\"C:\\Program Files\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe\"" "CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run" "Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe" "RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "Uaafn"="C:\\Program Files\\Jhigk\\Agyuq.exe" "Opgbqy"="C:\\Program Files\\Yrheswr\\Pzln.exe" "Puibx"="C:\\Program Files\\Fdfnh\\Oabl.exe" "Btqoq"="C:\\Program Files\\Iletgu\\Cbokkfy.exe" "Fvujhs"="C:\\Program Files\\Klwzyp\\Esrjerg.exe" "Ftlamr"="C:\\Program Files\\Lvbfft\\Wxcgel.exe" "Exovhigi"="C:\\Program Files\\Ndsleo\\Yxffhw.exe" "Ylvssvrk"="C:\\Program Files\\Zyapzod\\Wxqq.exe" "Hocyfdn"="C:\\Program Files\\Ejiijb\\Eeqefzy.exe" "Prifpf"="C:\\Program Files\\Qlmzjo\\Isbvfnu.exe" "Cgtulag"="C:\\Program Files\\Stmeijs\\Reti.exe" "Ykvtxfn"="C:\\Program Files\\Ygmnvft\\Ogyn.exe" "Iwqarbfu"="C:\\Program Files\\Ksus\\Goyn.exe" "Bmatvzs"="C:\\Program Files\\Hwdbrlv\\Oqrjo.exe" "Leosofks"="C:\\Program Files\\Awhq\\Bnnqu.exe" "Qimjhgtf"="C:\\Program Files\\Mrpcq\\Agpuyu.exe" "Vuvvn"="C:\\Program Files\\Rtltq\\Wccfoun.exe" "Zisury"="C:\\Program Files\\Tgtu\\Qhhkjgu.exe" "Uyvva"="C:\\Program Files\\Yixl\\Ddcxu.exe" "Jqiil"="C:\\Program Files\\Cjcj\\Qzglfnb.exe" "Lyngyk"="C:\\Program Files\\Uierojs\\Lqcsb.exe" "Xudmbyb"="C:\\Program Files\\Gbbxki\\Aainsw.exe" "Kcpsirdb"="C:\\Program Files\\Kdfvcv\\Dnteas.exe" "Bnvuwgvx"="C:\\Program Files\\Bnmdh\\Szqnd.exe" "Biciu"="C:\\Program Files\\Fprbh\\Oudgup.exe" "Zybwdgdo"="C:\\Program Files\\Pptncg\\Ngqm.exe" "Lxptn"="C:\\Program Files\\Arwlddx\\Lrbt.exe" "Bosvr"="C:\\Program Files\\Crvruyi\\Kuzw.exe" "Pjahxv"="C:\\Program Files\\Gtaiule\\Xfqw.exe" "Dvrubhab"="C:\\Program Files\\Lqwlmp\\Yslqn.exe" "Qxkxggf"="c:\\Program Files\\Kdilgsr\\Ysauw.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "AVG7_CC"="F:\\Programe\\avgcc.exe /STARTUP" "avast!"="F:\\Programe\\Avast\\ashDisp.exe" "Generic Host Process"="C:\\WINDOWS\\system32\\camacttiv.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Steam"="" "AWMON"="\"F:\\Programe\\Ad-Aware SE Professional\\Ad-Watch.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup] "CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "desktop"="C:\\WINDOWS\\system32\\desktop.exe" "Generic Host Process"="C:\\WINDOWS\\system32\\camacttiv.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="F:\\Programe\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] "Generic Host Process"="C:\\WINDOWS\\system32\\camacttiv.exe" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyy HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0nwprovau\ Security Packages kerberosmsv1_0schannelwdigest\ Notification Packages scecli\ [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService DnsCache\ rpcss RpcSs\ imgsvc StiSvc\ termsvcs TermService\ HTTPFilter HTTPFilter\ DcomLaunch DcomLaunchTermService\ HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L] Shell\AutoRun\command L:\autorun.exe Shell\directx\command L:\DirectX9\dxsetup.exe Shell\setup\command L:\setup.exe Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AF62DA2791F94F9F.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-12 16:19:13 Windows 5.1.2600 Service Pack 2 FAT scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????=?????w???w????????\???\???????????U??w???w\???\?????????`??????C@?\???\??????s????\??????s\????=??A??s?=???C@?x???`|?w\?????@ Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?D?tecteur de disque? ?A???????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?p?????B???@?????P?????@? ??????????w??????????@???????????????????B?????|???????????????????????????r?B scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-12 16:19:27 C:\ComboFix-quarantined-files.txt ... 2007-05-12

Re Bonjours ! Bon je viens d'arriver il n'y a pas de fichier .txt mais je refais le scan au azard...

Ok hey ca vien d'arriver lol Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\vxednkth ******************* Script file located at: \??\C:\Program Files\ecm^kxoy.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key \Registry\Machine\System\CurrentControlSet\Services\PE386 not found! Unload of driver PE386 failed! Could not process line: PE386 Status: 0xc0000034 pi aussi en passant l'ordi a restarter 9 fois et un disk check de plusieurs minutes Bonne nuit et en passant je devrais être la mais plus tard dans l'apres midi moi :S

Ca va prendre presque 10 mins

Nvm dsler finalement le lien marche c juste que ca m'a pris 30 fois apeux pres

Boran Remover by Deckard :: 2007-03-10 :: 34 ---------------------------------------------------------------- Run by Scan :: 2007-05-11 @ 21:50:42,08 Infection not active/found.

Les fichiers que je connais pas qui se sont ajoutés récements sont (avexport.bat/reboot.bat/reboot.exe/yuhijrhc.bat/zip.exe) Esque c'est normal ? C/PROGRAMEFILES j'ai un fichier .txt qui s'apelle ecm^kxoy.txt Et qui dit Drivers to unload: PE386 Programs to launch on reboot: F:\Rustbfix\2run.bat

J'ai un dossier avenger mais vide et pour l'autre rien du tout (wtf) :S parcontre plusieurs (.exe),(.bat) qui n'étaient pas la avant le reboot .

Logfile of HijackThis v1.99.1 Scan saved at 21:31:07, on 2007-05-11 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Diskeeper\DkService.exe C:\WINDOWS\system32\msasvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Creative\ShareDLL\MediaDet.exe C:\WINDOWS\system32\ctfmon.exe F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\internet explorer\iexplore.exe F:\Programe\Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe F:\Programe\Hijackthis\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.hotmail.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F3 - REG:win.ini: load=C:\WINDOWS\system32\camacttiv.exe O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {248AEE7B-BA53-47C1-BC59-4520A9D7C9F3} - C:\WINDOWS\Web\ahrdajva.dll (file missing) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Programe\BitComet\tools\BitCometBHO.dll O2 - BHO: (no name) - {669F1F99-1244-4872-B690-DFC5CB4ADECb} - C:\WINDOWS\system32\hpwrrvuv.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: (no name) - {ADA2AEC6-C2A3-4C1E-833F-0BB49DDDBA85} - C:\WINDOWS\system32\hpwrrvuv.dll (file missing) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [uaafn] C:\Program Files\Jhigk\Agyuq.exe O4 - HKLM\..\Run: [Opgbqy] C:\Program Files\Yrheswr\Pzln.exe O4 - HKLM\..\Run: [Puibx] C:\Program Files\Fdfnh\Oabl.exe O4 - HKLM\..\Run: [btqoq] C:\Program Files\Iletgu\Cbokkfy.exe O4 - HKLM\..\Run: [Fvujhs] C:\Program Files\Klwzyp\Esrjerg.exe O4 - HKLM\..\Run: [Ftlamr] C:\Program Files\Lvbfft\Wxcgel.exe O4 - HKLM\..\Run: [Exovhigi] C:\Program Files\Ndsleo\Yxffhw.exe O4 - HKLM\..\Run: [Ylvssvrk] C:\Program Files\Zyapzod\Wxqq.exe O4 - HKLM\..\Run: [Hocyfdn] C:\Program Files\Ejiijb\Eeqefzy.exe O4 - HKLM\..\Run: [Prifpf] C:\Program Files\Qlmzjo\Isbvfnu.exe O4 - HKLM\..\Run: [Cgtulag] C:\Program Files\Stmeijs\Reti.exe O4 - HKLM\..\Run: [Ykvtxfn] C:\Program Files\Ygmnvft\Ogyn.exe O4 - HKLM\..\Run: [iwqarbfu] C:\Program Files\Ksus\Goyn.exe O4 - HKLM\..\Run: [bmatvzs] C:\Program Files\Hwdbrlv\Oqrjo.exe O4 - HKLM\..\Run: [Leosofks] C:\Program Files\Awhq\Bnnqu.exe O4 - HKLM\..\Run: [Qimjhgtf] C:\Program Files\Mrpcq\Agpuyu.exe O4 - HKLM\..\Run: [Vuvvn] C:\Program Files\Rtltq\Wccfoun.exe O4 - HKLM\..\Run: [Zisury] C:\Program Files\Tgtu\Qhhkjgu.exe O4 - HKLM\..\Run: [uyvva] C:\Program Files\Yixl\Ddcxu.exe O4 - HKLM\..\Run: [Jqiil] C:\Program Files\Cjcj\Qzglfnb.exe O4 - HKLM\..\Run: [Lyngyk] C:\Program Files\Uierojs\Lqcsb.exe O4 - HKLM\..\Run: [Xudmbyb] C:\Program Files\Gbbxki\Aainsw.exe O4 - HKLM\..\Run: [Kcpsirdb] C:\Program Files\Kdfvcv\Dnteas.exe O4 - HKLM\..\Run: [bnvuwgvx] C:\Program Files\Bnmdh\Szqnd.exe O4 - HKLM\..\Run: [biciu] C:\Program Files\Fprbh\Oudgup.exe O4 - HKLM\..\Run: [Zybwdgdo] C:\Program Files\Pptncg\Ngqm.exe O4 - HKLM\..\Run: [Lxptn] C:\Program Files\Arwlddx\Lrbt.exe O4 - HKLM\..\Run: [bosvr] C:\Program Files\Crvruyi\Kuzw.exe O4 - HKLM\..\Run: [Pjahxv] C:\Program Files\Gtaiule\Xfqw.exe O4 - HKLM\..\Run: [Dvrubhab] C:\Program Files\Lqwlmp\Yslqn.exe O4 - HKLM\..\Run: [Qxkxggf] c:\Program Files\Kdilgsr\Ysauw.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] F:\Programe\avgcc.exe /STARTUP O4 - HKLM\..\Run: [avast!] F:\Programe\Avast\ashDisp.exe O4 - HKLM\..\Run: [desktop] C:\WINDOWS\system32\desktop.exe O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe O4 - HKLM\..\RunServices: [desktop] C:\WINDOWS\system32\desktop.exe O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AWMON] "F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe" O8 - Extra context menu item: Download all links using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://F:\Programe\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {750A64D8-DFAA-485B-A335-F7093333FBB7} - (no file) (HKCU) O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: fccyy - fccyy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - F:\Programe\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - F:\Programe\avgupsvc.exe (file missing) O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - F:\Programe\avgemc.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Common Files\SC Test Branding 1 Shared\Service\SCTestService1.exe O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing) Pas de avenger . txt / et pas de pelog.txt