Dokiato
-
Compteur de contenus
85 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Messages posté(e)s par Dokiato
-
-
Ok
, en passant si j'ai dis brb à 6heures c parce que je pencais ne pas pouvoirs revenir avant 6 heures se soir mais j'ai trouver une échapatoir . Daccord j'attend
-
En passant depuis que j'ai effectuer les 4 étapes de hier je n'ai plus de sound :'( quelqun peux m'aider pour se prob aussi ? ? ?
-
-
En passant,je n'ai pas pu fair la 1ere étape parce que je n'ai pas trouver le fichier,j'ai essayer start/search ,mais rien du tout
.Et aussi j'ai eu de la difficulté avec certain fichier avec le scan de AVG ,en particulier avec les dossiers de sdfix.
-
Combofix:
"Scan" - 2007-05-14 11:39:13 Service Pack 2
ComboFix 07-05.09.V - Running from: "F:\User\Gab\"
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-14 ))))))))))))))))))))))))))))))))))
2007-05-14 00:12 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-13 10:30 <DIR> d-------- C:\Servicefilter
2007-05-13 10:19 853 --a------ C:\reboot.cmd
2007-05-13 10:19 68,096 --a------ C:\diff.exe
2007-05-13 10:19 103,424 --a------ C:\grep.exe
2007-05-13 10:03 1,080 --a------ C:\phqqysic.bat
2007-05-13 10:02 60,416 --a------ C:\WINDOWS\system32\drivers\mqxmfvki.sys
2007-05-13 09:44 8,599 --a------ C:\WINDOWS\system32\ckl009.dat
2007-05-12 16:19 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-11 21:24 5,600 --a------ C:\avexport.bat
2007-05-11 21:24 336 --a------ C:\reboot.bat
2007-05-11 21:24 19,814 --a------ C:\reboot.exe
2007-05-11 21:24 126,976 --a------ C:\zip.exe
2007-05-11 21:24 <DIR> d-------- C:\Avenger
2007-05-11 20:11 <DIR> d-------- C:\VundoFix Backups
2007-04-28 17:49 <DIR> d-------- C:\DOCUME~1\Scan\Contacts
2007-04-28 17:48 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2007-04-21 10:48 <DIR> d--hs---- C:\FOUND.035
2007-04-18 17:13 <DIR> d--hs---- C:\FOUND.034
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-14 15:42:20 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000F-00001102-00000004-005A1102}.dat
2007-05-14 15:42:20 24 ----a-w C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000F-00001102-00000004-005A1102}.dat
2007-05-08 23:02:28 3,939 ----a-w C:\WINDOWS\mozver.dat
2007-03-18 01:15:30 -------- d-----w C:\DOCUME~1\Scan\APPLIC~1\Ventrilo
2007-02-07 21:12:52 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx"
"{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"="F:\Programe\BitComet\tools\BitCometBHO.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9394EDE7-C8B5-483E-8773-474BF36AF6E4}"="C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll"
"{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"="C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"WINDVDPatch"="CTHELPER.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe\""
"CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run"
"Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVG7_CC"="F:\\Programe\\avgcc.exe /STARTUP"
"Uaafn"="C:\\Program Files\\Jhigk\\Agyuq.exe"
"nwiz"="nwiz.exe /install"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"=""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="F:\\Programe\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"Generic Host Process"="C:\\WINDOWS\\system32\\camacttiv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0nwprovau\
Security Packages kerberosmsv1_0schannelwdigest\
Notification Packages scecli\
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService DnsCache\
rpcss RpcSs\
imgsvc StiSvc\
termsvcs TermService\
HTTPFilter HTTPFilter\
DcomLaunch DcomLaunchTermService\
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L]
Shell\AutoRun\command L:\autorun.exe
Shell\directx\command L:\DirectX9\dxsetup.exe
Shell\setup\command L:\setup.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-14 11:45:26
Windows 5.1.2600 Service Pack 2 FAT
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????>?????w???w????????\???\???????????U??w???w\???\???????0?a??????C@?\???\??????s????\??????s\????=??A??s?=???C@?x???`|?w\?????@
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?D?tecteur de disque? ?A???????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A???????B???@?????P?????@?@??????????w??????????@???????????????????B?????????????????????????????????r?B
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-05-14 11:45:55 - machine was rebooted
C:\ComboFix2.txt ... 2007-05-12 16:19
C:\ComboFix-quarantined-files.txt ... 2007-05-14 11:45
Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:37:34, on 2007-05-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Diskeeper\DkService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
F:\Programe\Hijackthis\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.hotmail.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Programe\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] F:\Programe\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [uaafn] C:\Program Files\Jhigk\Agyuq.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all links using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://F:\Programe\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - F:\Programe\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - F:\Programe\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - F:\Programe\avgemc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Common Files\SC Test Branding 1 Shared\Service\SCTestService1.exe
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 11:32:49 2007-05-14
+ Résultat de l'analyse:
C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall6_38.exe.vir -> Adware.NewDotNet : Nettoyé et sauvegardé (mise en quarantaine).
C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall7_48.exe.vir -> Adware.NewDotNet : Nettoyé et sauvegardé (mise en quarantaine).
F:\Programe\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\hkiujrkb.exe.bad -> Adware.Searchcolor : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\ylkjvxav.exe.bad -> Adware.Searchcolor : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\dycigcpx.exe -> Adware.Searchcolor : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\qcmfgqeo.exe -> Adware.Searchcolor : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473} -> Adware.SysProtect : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Nettoyé et sauvegardé (mise en quarantaine).
C:\QooBox\Quarantine\C\WINDOWS\system32\baqanpxs.dll.vir -> Adware.Winfixer : Nettoyé et sauvegardé (mise en quarantaine).
C:\QooBox\Quarantine\C\WINDOWS\system32\cpqwptnb.dll.vir -> Adware.Winfixer : Nettoyé et sauvegardé (mise en quarantaine).
C:\QooBox\Quarantine\C\WINDOWS\system32\dorvjtgi.dll.vir -> Adware.Winfixer : Nettoyé et sauvegardé (mise en quarantaine).
C:\QooBox\Quarantine\C\WINDOWS\system32\irjemvhh.dll.vir -> Adware.Winfixer : Nettoyé et sauvegardé (mise en quarantaine).
C:\QooBox\Quarantine\C\WINDOWS\system32\svtxbjec.dll.vir -> Adware.Winfixer : Nettoyé et sauvegardé (mise en quarantaine).
C:\Avenger\5ZI4VzBqtz.ini -> Backdoor.Ciadoor.13 : Nettoyé et sauvegardé (mise en quarantaine).
C:\Avenger\camacttiv.exe -> Backdoor.Ciadoor.13 : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Scan\Desktop\sdfix\SDFix\backups\backups.zip/backups/wsock32.sys -> Backdoor.Ciadoor.13 : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\wsock32.sys -> Backdoor.Ciadoor.13 : Nettoyé et sauvegardé (mise en quarantaine).
C:\QooBox\Quarantine\C\WINDOWS\system32\maxd641.exe.vir -> Dialer.GBDialer.i : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Scan\Local Settings\Application Data\hrcopul.dll -> Downloader.Busky : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\nweipeg.dll.bad -> Downloader.Busky : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\hrcopul.dll -> Downloader.Busky.az : Nettoyé et sauvegardé (mise en quarantaine).
C:\Avenger\USYP_0001_N76M1005NetInstaller.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\Avenger\USYP_0001_N76M2004NetInstaller.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\QooBox\Quarantine\C\WINDOWS\system32\kernels1118.exe.vir -> Downloader.Small.dgk : Nettoyé et sauvegardé (mise en quarantaine).
C:\QooBox\Quarantine\C\WINDOWS\system32\dqnxrtdq.dll.vir -> Logger.Agent.ps : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\brehddkr.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\cnksefse.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\fjcugnle.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\ftppyfdu.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\gmjldhlo.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\jjvcbsup.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\jmsatpae.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\ndwtrutu.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\tvicyfgi.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\uecswfvu.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\xtxbdoxk.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\ycsahxoi.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\yfcbdkjo.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\yjwhafgy.dll.bad -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine).
C:\FOUND.017\FILE0003.CHK -> Not-A-Virus.Downloader.Win32.WinFixer.b : Nettoyé et sauvegardé (mise en quarantaine).
C:\FOUND.017\FILE0004.CHK -> Not-A-Virus.Downloader.Win32.WinFixer.b : Nettoyé et sauvegardé (mise en quarantaine).
C:\Avenger\UERSV_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\bhtffxlh.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\pbcsvntf.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\whastyes.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\wiwcgiow.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\bbhvwqqc.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\bmnhjddd.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\bwpyvkhw.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\eieskwbp.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\fbqprvil.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\hwhmidji.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\jxtvkcfr.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\npcykfnq.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\rkydrsea.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\whnojvpo.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.82:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.83:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.84:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.85:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.86:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.87:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.88:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.118:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.298:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.43:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.44:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.45:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.46:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.47:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.48:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.49:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.50:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.51:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.52:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.53:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.211:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.212:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.191:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Adserver : Nettoyé.
:mozilla.228:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.229:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.274:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.275:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.40:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.81:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.22:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Bridgetrack : Nettoyé.
:mozilla.23:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Bridgetrack : Nettoyé.
:mozilla.24:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Bridgetrack : Nettoyé.
:mozilla.193:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé.
:mozilla.194:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé.
:mozilla.133:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.173:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Com : Nettoyé.
:mozilla.34:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.284:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.19:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.20:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.21:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.18:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Findwhat : Nettoyé.
:mozilla.65:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.145:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.147:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.165:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.168:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.297:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.64:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Hitslink : Nettoyé.
:mozilla.296:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.234:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Information : Nettoyé.
:mozilla.35:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.184:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.185:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.202:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
:mozilla.203:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
:mozilla.10:C:\FOUND.017\FILE0001.CHK -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.11:C:\FOUND.017\FILE0001.CHK -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.7:C:\FOUND.017\FILE0001.CHK -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.8:C:\FOUND.017\FILE0001.CHK -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.9:C:\FOUND.017\FILE0001.CHK -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.233:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.170:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.175:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.195:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.196:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.197:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.198:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.199:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.136:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.137:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.277:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.164:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.166:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.167:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.217:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé.
:mozilla.218:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé.
:mozilla.219:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé.
:mozilla.220:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé.
:mozilla.224:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé.
:mozilla.225:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé.
:mozilla.226:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé.
:mozilla.157:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.158:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.299:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.209:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.210:C:\Documents and Settings\Famille.SNOOPY\Application Data\Mozilla\Firefox\Profiles\pkkmrpfa.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\WINDOWS\system32\out.dll -> Trojan.Agent.adl : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\lxfwlaay.exe -> Trojan.Agent.ny : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\tlwcuepc.exe -> Trojan.Agent.ny : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\awlgmhpv.dll.bad -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\yxaskoyr.dll.bad -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C} -> Trojan.Ciadoor.m : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-1417001333-706699826-1060284298-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E14DCE67-8FB7-4721-8149-179BAA4D792C} -> Trojan.Ciadoor.m : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Scan\Desktop\sdfix\SDFix\backups\backups.zip/backups/msasvc.exe -> Trojan.Sinowal.bh : Nettoyé et sauvegardé (mise en quarantaine).
C:\QooBox\Quarantine\C\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll.vir -> Trojan.Sinowal.bh : Nettoyé et sauvegardé (mise en quarantaine).
C:\QooBox\Quarantine\C\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll.vir -> Trojan.Sinowal.br : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\futhtwnh.exe.bad -> Trojan.Small.ju : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\leuphjgk.exe.bad -> Trojan.Small.ju : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\ntpraaxp.exe.bad -> Trojan.Small.ju : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\rimgygab.exe.bad -> Trojan.Small.ju : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\xhimjrts.exe.bad -> Trojan.Small.ju : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
-
Charles , je devrais être present à 18heurs.
-
The script did not recognize the services listed below.
This does not mean that they are a problem.
To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"
########################################
ServiceFilter 1.1
by rand1038
Microsoft Windows XP Professional
Version: 5.1.2600 Service Pack 2
mai 13, 2007 10:31:54
===> Begin Service Listing <===
Unknown Service #1
Service Name: Avg7Alrt
Display Name: AVG7 Alert Manager Server
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: f:\programe\avgamsvr.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 0
Accept Pause: False
Accept Stop: False
Unknown Service #2
Service Name: Avg7UpdSvc
Display Name: AVG7 Update Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: f:\programe\avgupsvc.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 0
Accept Pause: False
Accept Stop: False
Unknown Service # 3
Service Name: AVGEMS
Display Name: AVG E-mail Scanner
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: f:\programe\avgemc.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 0
Accept Pause: False
Accept Stop: False
Unknown Service #4
Service Name: Diskeeper
Display Name: Diskeeper
Start Mode: Auto
Start Name: LocalSystem
Description: Controls the Windows Diskeeper ...
Service Type: Own Process
Path: c:\program files\diskeeper\dkservice.exe
State: Running
Process ID: 1940
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True
Unknown Service # 5
Service Name: IDriverT
Display Name: InstallDriver Table Manager
Start Mode: Manual
Start Name: LocalSystem
Description: Provides support for the Running Object Table for InstallShield ...
Service Type: Own Process
Path: "c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe"
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 6
Service Name: NBService
Display Name: NBService
Start Mode: Manual
Start Name: LocalSystem
Description: Nero BackItUp Service is responsible to control all jobs created using Nero BackItUp. These jobs ...
Service Type: Own Process
Path: c:\program files\nero\nero 7\nero backitup\nbservice.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service #7
Service Name: Nla
Display Name: Network Location Awareness (NLA)
Start Mode: Boot
Start Name: LocalSystem
Description: Collects and stores network configuration and location information, and notifies applications when ...
Service Type: Share Process
Path: \systemroot\c:\windows\system32\svchost.exe -k netsvcs
State: Running
Process ID: 1008
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True
Unknown Service #8
Service Name: NVSvc
Display Name: NVIDIA Display Driver Service
Start Mode: Boot
Start Name: LocalSystem
Description: Provides system and desktop level support to the NVIDIA display ...
Service Type: Own Process
Path: \systemroot\c:\windows\system32\nvsvc32.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 9
Service Name: NWCWorkstation
Display Name: Client Service for NetWare
Start Mode: Auto
Start Name: LocalSystem
Description: Provides access to file and print resources on NetWare ...
Service Type: Share Process
Path: c:\windows\system32\svchost.exe -k netsvcs
State: Running
Process ID: 1008
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True
Unknown Service # 10
Service Name: SC Test Branding Service 1
Display Name: SC Test Branding Service 1
Start Mode: Manual
Start Name: LocalSystem
Description: License Service features ...
Service Type: Own Process
Path: "c:\program files\common files\sc test branding 1 shared\service\sctestservice1.exe"
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service #11
Service Name: SENS
Display Name: System Event Notification
Start Mode: Boot
Start Name: LocalSystem
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System ...
Service Type: Share Process
Path: \systemroot\c:\windows\system32\svchost.exe -k netsvcs
State: Running
Process ID: 1008
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True
Unknown Service #12
Service Name: SharedAccess
Display Name: Windows Firewall/Internet Connection Sharing (ICS)
Start Mode: Boot
Start Name: LocalSystem
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention ...
Service Type: Share Process
Path: \systemroot\c:\windows\system32\svchost.exe -k netsvcs
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service #13
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{d3929568-4e58-465d-b900-b66295f9b15f}
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 14
Service Name: usnjsvc
Display Name: Service Messenger Sharing Folders USN Journal Reader
Start Mode: Manual
Start Name: LocalSystem
Description: Service installé par Messenger pour permettre les opérations de ...
Service Type: Own Process
Path: "c:\program files\msn messenger\usnsvc.exe"
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
---> End Service Listing <---
There are 96 Win32 services on this machine.
14 were unrecognized.
Script Execution Time: 2,113281 seconds.
Bon alors j'attend les prochaines instruction
-
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h?????
?s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????>?????w???w??????
??\???\???????????U??w???w\???\???????x?`??????C@?\???\??????s????\??????s\????=
??A??s?=???C@?x???`|?w\?????@
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X?????????????
??????E?@?D?tecteur de disque? ?A???????B?e!@???@???@?? C?????E?@?????????@?B???
A????? ?A???????B???@?????P?????@?@??????????w??????????@???????????????????B???
??????????????????????????????r?B
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Error: could not create zip file.
Error code: 0
//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kqsasykt
*******************
Script file located at: \??\C:\WINDOWS\cejerrbc.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Registry key HKLM\SYSTEM\CurrentControlSet\Services\PerfNetk not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\PerfNetk failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\PerfNetk
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\PerfOSt not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\PerfOSt failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\PerfOSt
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\pfcfProc not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pfcfProc failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pfcfProc
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\poofcyAgent not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\poofcyAgent failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\poofcyAgent
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\Processorort not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Processorort failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\Processorort
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\PSchedtedStorage not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\PSchedtedStorage failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\PSchedtedStorage
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\ql108020 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\ql108020 failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\ql108020
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\ql12400 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\ql12400 failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\ql12400
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\RasManp not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\RasManp failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\RasManp
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\Rasptioe not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Rasptioe failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\Rasptioe
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\Rdbssi not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Rdbssi failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\Rdbssi
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\RDPDDD not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\RDPDDD failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\RDPDDD
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\redbookgr not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\redbookgr failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\redbookgr
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\RpcLocatorstry not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\RpcLocatorstry failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\RpcLocatorstry
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\RpcSscator not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\RpcSscator failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\RpcSscator
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\RSVPs not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\RSVPs failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\RSVPs
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\SCDEmuvr not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\SCDEmuvr failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\SCDEmuvr
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\sdcplhrt not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\sdcplhrt failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\sdcplhrt
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\SENSogon not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\SENSogon failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\SENSogon
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\Serialm not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Serialm failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\Serialm
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\SimbadWDetection not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\SimbadWDetection failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\SimbadWDetection
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\sisagp2 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\sisagp2 failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\sisagp2
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\Spoolerr not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Spoolerr failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\Spoolerr
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\sptdler not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\sptdler failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\sptdler
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srtd not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\srtd failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\srtd
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\Srvervice not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Srvervice failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\Srvervice
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\stisvcV not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\stisvcV failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\stisvcV
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\SwPrvi not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\SwPrvi failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\SwPrvi
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\swwdv not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\swwdv failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\swwdv
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\sym_hix not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\sym_hix failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\sym_hix
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\TapiSrvog not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\TapiSrvog failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\TapiSrvog
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\Tcpiprv not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Tcpiprv failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\Tcpiprv
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\TDTCPE not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\TDTCPE failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\TDTCPE
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\Themesrvice not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Themesrvice failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\Themesrvice
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\TosIder not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\TosIder failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\TosIder
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\TSDDDs not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\TSDDDs failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\TSDDDs
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\UdfsD not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\UdfsD failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\UdfsD
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\UPSphost not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\UPSphost failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\UPSphost
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\USBSTORt not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\USBSTORt failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\USBSTORt
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\VgaSavev not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\VgaSavev failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\VgaSavev
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\ViaIdee not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\ViaIdee failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\ViaIdee
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\VSSSnap not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\VSSSnap failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\VSSSnap
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\W3SVCme not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\W3SVCme failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\W3SVCme
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\WDICAw not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\WDICAw failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\WDICAw
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\winmgmtnt not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\winmgmtnt failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\winmgmtnt
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSNP Service not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSNP Service failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSNP Service
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\WmimPmSN not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\WmimPmSN failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\WmimPmSN
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\WpdUsbrv not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\WpdUsbrv failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\WpdUsbrv
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\wscsvcL not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\wscsvcL failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\wscsvcL
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\WZCSVCrv not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\WZCSVCrv failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\WZCSVCrv
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\ad1i93ck4-255F-4F3F-9FE5-2C6DDD5F8333} not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\ad1i93ck4-255F-4F3F-9FE5-2C6DDD5F8333} failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\ad1i93ck4-255F-4F3F-9FE5-2C6DDD5F8333}
Status: 0xc0000034
File C:\WINDOWS\tasks\AF62DA2791F94F9F.job deleted successfully.
File C:\WINDOWS\system32\camacttiv.exe deleted successfully.
File C:\WINDOWS\system32\del32.bat deleted successfully.
File C:\WINDOWS\system32\ntflotau.ini2 deleted successfully.
File C:\yuhijrhc.bat deleted successfully.
Error: C:\FOUND.035 is a folder, not a file!
Deletion of file C:\FOUND.035 failed!
Could not process line:
C:\FOUND.035
Status: 0xc00000ba
Error: C:\FOUND.034 is a folder, not a file!
Deletion of file C:\FOUND.034 failed!
Could not process line:
C:\FOUND.034
Status: 0xc00000ba
File C:\WINDOWS\system32\drivers\ybqgbavg.sys deleted successfully.
File C:\WINDOWS\system32\tstss.tmp deleted successfully.
File C:\WINDOWS\system32\ntflotau.tmp deleted successfully.
File C:\WINDOWS\Web\avjadrha.tmp deleted successfully.
File C:\WINDOWS\Registration\vsrddv.tmp deleted successfully.
File C:\WINDOWS\system32\desktop.exe not found!
Deletion of file C:\WINDOWS\system32\desktop.exe failed!
Could not process line:
C:\WINDOWS\system32\desktop.exe
Status: 0xc0000034
File C:\WINDOWS\Downloaded Program Files\USYP_0001_N76M2004NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\USYP_0001_N76M1005NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\UERSV_0001_N68M0602NetInstaller.exe deleted successfully.
File C:\WINDOWS\System32\docqqpoq.ini deleted successfully.
File C:\WINDOWS\System32\feiumdcv.ini deleted successfully.
File C:\WINDOWS\System32\xgcmndql.ini deleted successfully.
File C:\WINDOWS\System32\mcrh.tmp deleted successfully.
File C:\WINDOWS\System32\spgnufsi.ini deleted successfully.
File C:\WINDOWS\System32\yieblrdg.ini deleted successfully.
File C:\WINDOWS\System32\kyvxraop.ini deleted successfully.
File C:\WINDOWS\System32\qifexufw.ini deleted successfully.
File C:\WINDOWS\System32\ilvulngr.ini deleted successfully.
File C:\WINDOWS\System32\5ZI4VzBqtz.ini deleted successfully.
File C:\WINDOWS\System32\sokiuecw.ini deleted successfully.
File C:\WINDOWS\CSC�000001 not found!
Deletion of file C:\WINDOWS\CSC�000001 failed!
Could not process line:
C:\WINDOWS\CSC�000001
Status: 0xc0000034
File C:\WINDOWS\CSC�000002 not found!
Deletion of file C:\WINDOWS\CSC�000002 failed!
Could not process line:
C:\WINDOWS\CSC�000002
Status: 0xc0000034
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices|desktop not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices|desktop failed!
Status: 0xc0000034
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices|Generic Host Process not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices|Generic Host Process failed!
Status: 0xc0000034
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Generic Host Process not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Generic Host Process failed!
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Logfile of HijackThis v1.99.1
Scan saved at 10:29:29, on 2007-05-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
F:\Programe\Firefox\firefox.exe
F:\Programe\Hijackthis\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.hotmail.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\WINDOWS\system32\camacttiv.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Programe\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] F:\Programe\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] F:\Programe\Avast\ashDisp.exe
O4 - HKLM\..\Run: [desktop] C:\WINDOWS\system32\desktop.exe
O4 - HKLM\..\Run: [uaafn] C:\Program Files\Jhigk\Agyuq.exe
O4 - HKLM\..\Run: [Opgbqy] C:\Program Files\Yrheswr\Pzln.exe
O4 - HKLM\..\Run: [Puibx] C:\Program Files\Fdfnh\Oabl.exe
O4 - HKLM\..\Run: [btqoq] C:\Program Files\Iletgu\Cbokkfy.exe
O4 - HKLM\..\Run: [Fvujhs] C:\Program Files\Klwzyp\Esrjerg.exe
O4 - HKLM\..\Run: [Ftlamr] C:\Program Files\Lvbfft\Wxcgel.exe
O4 - HKLM\..\Run: [Exovhigi] C:\Program Files\Ndsleo\Yxffhw.exe
O4 - HKLM\..\Run: [Ylvssvrk] C:\Program Files\Zyapzod\Wxqq.exe
O4 - HKLM\..\Run: [Hocyfdn] C:\Program Files\Ejiijb\Eeqefzy.exe
O4 - HKLM\..\Run: [Prifpf] C:\Program Files\Qlmzjo\Isbvfnu.exe
O4 - HKLM\..\Run: [Cgtulag] C:\Program Files\Stmeijs\Reti.exe
O4 - HKLM\..\Run: [Ykvtxfn] C:\Program Files\Ygmnvft\Ogyn.exe
O4 - HKLM\..\Run: [iwqarbfu] C:\Program Files\Ksus\Goyn.exe
O4 - HKLM\..\Run: [bmatvzs] C:\Program Files\Hwdbrlv\Oqrjo.exe
O4 - HKLM\..\Run: [Leosofks] C:\Program Files\Awhq\Bnnqu.exe
O4 - HKLM\..\Run: [Qimjhgtf] C:\Program Files\Mrpcq\Agpuyu.exe
O4 - HKLM\..\Run: [Vuvvn] C:\Program Files\Rtltq\Wccfoun.exe
O4 - HKLM\..\Run: [Zisury] C:\Program Files\Tgtu\Qhhkjgu.exe
O4 - HKLM\..\Run: [uyvva] C:\Program Files\Yixl\Ddcxu.exe
O4 - HKLM\..\Run: [Jqiil] C:\Program Files\Cjcj\Qzglfnb.exe
O4 - HKLM\..\Run: [Lyngyk] C:\Program Files\Uierojs\Lqcsb.exe
O4 - HKLM\..\Run: [Xudmbyb] C:\Program Files\Gbbxki\Aainsw.exe
O4 - HKLM\..\Run: [Kcpsirdb] C:\Program Files\Kdfvcv\Dnteas.exe
O4 - HKLM\..\Run: [bnvuwgvx] C:\Program Files\Bnmdh\Szqnd.exe
O4 - HKLM\..\Run: [biciu] C:\Program Files\Fprbh\Oudgup.exe
O4 - HKLM\..\Run: [Zybwdgdo] C:\Program Files\Pptncg\Ngqm.exe
O4 - HKLM\..\Run: [Lxptn] C:\Program Files\Arwlddx\Lrbt.exe
O4 - HKLM\..\Run: [bosvr] C:\Program Files\Crvruyi\Kuzw.exe
O4 - HKLM\..\Run: [Pjahxv] C:\Program Files\Gtaiule\Xfqw.exe
O4 - HKLM\..\Run: [Dvrubhab] C:\Program Files\Lqwlmp\Yslqn.exe
O4 - HKLM\..\Run: [Qxkxggf] c:\Program Files\Kdilgsr\Ysauw.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe
O4 - HKLM\..\RunServices: [desktop] C:\WINDOWS\system32\desktop.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe
O4 - HKCU\..\Run: [AWMON] "F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all links using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://F:\Programe\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: fccyy - fccyy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - F:\Programe\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - F:\Programe\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - F:\Programe\avgemc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Common Files\SC Test Branding 1 Shared\Service\SCTestService1.exe
-
Tout ce que ca a fais quand j'ai fini de restarter c un message Windows cannot find 'C:/WINDOWS/System32/camacttiv.exe'.Make sure you typed the name correctly , and then try again to searsh for a file,click the start button,and then click searsch ...
En passant chaque fois que je redémare mon pc il faut que je fasse
REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 0 /f
de nouveaux
-
Désoler ,nvm le dossier cétais loger sur l'autre disk dure >.<
-
StartupList report, 2007-05-12, 23:05:13
StartupList version: 1.52.2
Started from : F:\Programe\Hijackthis\VERSION TRADUITE ORIGINALE.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\WINDOWS\System32\svchost.exe
F:\Programe\Firefox\firefox.exe
F:\Programe\Hijackthis\VERSION TRADUITE ORIGINALE.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UpdReg = C:\WINDOWS\UpdReg.EXE
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
REGSHAVE = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
WINDVDPatch = CTHELPER.EXE
Jet Detection = "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
desktop = C:\WINDOWS\system32\desktop.exe
Generic Host Process = C:\WINDOWS\system32\camacttiv.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Steam =
AWMON = "F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe"
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=C:\WINDOWS\system32\camacttiv.exe
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BitComet ClickCapture - F:\Programe\BitComet\tools\BitCometBHO.dll - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
(no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
(no name) - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
--------------------------------------------------
Enumerating Task Scheduler jobs:
AF62DA2791F94F9F.job
AppleSoftwareUpdate.job
--------------------------------------------------
Enumerating Download Program Files:
[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
[shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 6 209 bytes
Report generated in 0,030 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
ca c'est la cinquième étape
-
SDFix: Version 1.83
Run by Scan - 2007-05-12 - 22:53:36,95
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Scan\Desktop\sdfix\SDFix
Safe Mode:
Checking Services:
Name:
MsaSvc
ImagePath:
C:\WINDOWS\system32\msasvc.exe
MsaSvc - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\SYSTEM32\7FE0BM~1.HTM - Deleted
C:\WINDOWS\system32\ckl009.dat - Deleted
C:\WINDOWS\system32\msasvc.exe - Deleted
C:\WINDOWS\system32\wsock32.sys - Deleted
Removing Temp Files
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\Scan\Desktop\sdfix\SDFix\backups\backups.zip
SdFix raport:
Checking For Files with Hidden Attributes:
C:\WINDOWS\system32\camacttiv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\tstss.tmp
C:\WINDOWS\system32\ntflotau.tmp
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG
C:\WINDOWS\system32\config\SYSTEM.tmp.LOG
C:\WINDOWS\system32\config\DEFAULT.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\Web\avjadrha.tmp
C:\WINDOWS\Registration\vsrddv.tmp
Finished
HijackThis raport:
Logfile of HijackThis v1.99.1
Scan saved at 22:59:49, on 2007-05-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\WINDOWS\System32\svchost.exe
F:\Programe\Hijackthis\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.hotmail.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\WINDOWS\system32\camacttiv.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Programe\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] F:\Programe\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] F:\Programe\Avast\ashDisp.exe
O4 - HKLM\..\Run: [desktop] C:\WINDOWS\system32\desktop.exe
O4 - HKLM\..\Run: [uaafn] C:\Program Files\Jhigk\Agyuq.exe
O4 - HKLM\..\Run: [Opgbqy] C:\Program Files\Yrheswr\Pzln.exe
O4 - HKLM\..\Run: [Puibx] C:\Program Files\Fdfnh\Oabl.exe
O4 - HKLM\..\Run: [btqoq] C:\Program Files\Iletgu\Cbokkfy.exe
O4 - HKLM\..\Run: [Fvujhs] C:\Program Files\Klwzyp\Esrjerg.exe
O4 - HKLM\..\Run: [Ftlamr] C:\Program Files\Lvbfft\Wxcgel.exe
O4 - HKLM\..\Run: [Exovhigi] C:\Program Files\Ndsleo\Yxffhw.exe
O4 - HKLM\..\Run: [Ylvssvrk] C:\Program Files\Zyapzod\Wxqq.exe
O4 - HKLM\..\Run: [Hocyfdn] C:\Program Files\Ejiijb\Eeqefzy.exe
O4 - HKLM\..\Run: [Prifpf] C:\Program Files\Qlmzjo\Isbvfnu.exe
O4 - HKLM\..\Run: [Cgtulag] C:\Program Files\Stmeijs\Reti.exe
O4 - HKLM\..\Run: [Ykvtxfn] C:\Program Files\Ygmnvft\Ogyn.exe
O4 - HKLM\..\Run: [iwqarbfu] C:\Program Files\Ksus\Goyn.exe
O4 - HKLM\..\Run: [bmatvzs] C:\Program Files\Hwdbrlv\Oqrjo.exe
O4 - HKLM\..\Run: [Leosofks] C:\Program Files\Awhq\Bnnqu.exe
O4 - HKLM\..\Run: [Qimjhgtf] C:\Program Files\Mrpcq\Agpuyu.exe
O4 - HKLM\..\Run: [Vuvvn] C:\Program Files\Rtltq\Wccfoun.exe
O4 - HKLM\..\Run: [Zisury] C:\Program Files\Tgtu\Qhhkjgu.exe
O4 - HKLM\..\Run: [uyvva] C:\Program Files\Yixl\Ddcxu.exe
O4 - HKLM\..\Run: [Jqiil] C:\Program Files\Cjcj\Qzglfnb.exe
O4 - HKLM\..\Run: [Lyngyk] C:\Program Files\Uierojs\Lqcsb.exe
O4 - HKLM\..\Run: [Xudmbyb] C:\Program Files\Gbbxki\Aainsw.exe
O4 - HKLM\..\Run: [Kcpsirdb] C:\Program Files\Kdfvcv\Dnteas.exe
O4 - HKLM\..\Run: [bnvuwgvx] C:\Program Files\Bnmdh\Szqnd.exe
O4 - HKLM\..\Run: [biciu] C:\Program Files\Fprbh\Oudgup.exe
O4 - HKLM\..\Run: [Zybwdgdo] C:\Program Files\Pptncg\Ngqm.exe
O4 - HKLM\..\Run: [Lxptn] C:\Program Files\Arwlddx\Lrbt.exe
O4 - HKLM\..\Run: [bosvr] C:\Program Files\Crvruyi\Kuzw.exe
O4 - HKLM\..\Run: [Pjahxv] C:\Program Files\Gtaiule\Xfqw.exe
O4 - HKLM\..\Run: [Dvrubhab] C:\Program Files\Lqwlmp\Yslqn.exe
O4 - HKLM\..\Run: [Qxkxggf] c:\Program Files\Kdilgsr\Ysauw.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe
O4 - HKLM\..\RunServices: [desktop] C:\WINDOWS\system32\desktop.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe
O4 - HKCU\..\Run: [AWMON] "F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all links using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://F:\Programe\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: fccyy - fccyy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - F:\Programe\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - F:\Programe\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - F:\Programe\avgemc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Common Files\SC Test Branding 1 Shared\Service\SCTestService1.exe
En passant mon Ad-Aware a trouver 40 events qui n'avaient jamais été la avant tk lol
-
-PS- je vien de reboot mon pc et ca a pris 30 min et ad-aware a trouver plein de tracking
-
Bon ... Je vais revenir plus tard , je ne peux pas dire d'heures précris désoler :S mais j'ai penser que tu aimerais peut-être avoir un autre raport hijackthis en même temps
Logfile of HijackThis v1.99.1
Scan saved at 17:15:18, on 2007-05-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Diskeeper\DkService.exe
C:\WINDOWS\system32\msasvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
F:\Programe\Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
F:\Programe\Hijackthis\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {248AEE7B-BA53-47C1-BC59-4520A9D7C9F3} - C:\WINDOWS\Web\ahrdajva.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Programe\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {669F1F99-1244-4872-B690-DFC5CB4ADECb} - C:\WINDOWS\system32\hpwrrvuv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {ADA2AEC6-C2A3-4C1E-833F-0BB49DDDBA85} - C:\WINDOWS\system32\hpwrrvuv.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [uaafn] C:\Program Files\Jhigk\Agyuq.exe
O4 - HKLM\..\Run: [Opgbqy] C:\Program Files\Yrheswr\Pzln.exe
O4 - HKLM\..\Run: [Puibx] C:\Program Files\Fdfnh\Oabl.exe
O4 - HKLM\..\Run: [btqoq] C:\Program Files\Iletgu\Cbokkfy.exe
O4 - HKLM\..\Run: [Fvujhs] C:\Program Files\Klwzyp\Esrjerg.exe
O4 - HKLM\..\Run: [Ftlamr] C:\Program Files\Lvbfft\Wxcgel.exe
O4 - HKLM\..\Run: [Exovhigi] C:\Program Files\Ndsleo\Yxffhw.exe
O4 - HKLM\..\Run: [Ylvssvrk] C:\Program Files\Zyapzod\Wxqq.exe
O4 - HKLM\..\Run: [Hocyfdn] C:\Program Files\Ejiijb\Eeqefzy.exe
O4 - HKLM\..\Run: [Prifpf] C:\Program Files\Qlmzjo\Isbvfnu.exe
O4 - HKLM\..\Run: [Cgtulag] C:\Program Files\Stmeijs\Reti.exe
O4 - HKLM\..\Run: [Ykvtxfn] C:\Program Files\Ygmnvft\Ogyn.exe
O4 - HKLM\..\Run: [iwqarbfu] C:\Program Files\Ksus\Goyn.exe
O4 - HKLM\..\Run: [bmatvzs] C:\Program Files\Hwdbrlv\Oqrjo.exe
O4 - HKLM\..\Run: [Leosofks] C:\Program Files\Awhq\Bnnqu.exe
O4 - HKLM\..\Run: [Qimjhgtf] C:\Program Files\Mrpcq\Agpuyu.exe
O4 - HKLM\..\Run: [Vuvvn] C:\Program Files\Rtltq\Wccfoun.exe
O4 - HKLM\..\Run: [Zisury] C:\Program Files\Tgtu\Qhhkjgu.exe
O4 - HKLM\..\Run: [uyvva] C:\Program Files\Yixl\Ddcxu.exe
O4 - HKLM\..\Run: [Jqiil] C:\Program Files\Cjcj\Qzglfnb.exe
O4 - HKLM\..\Run: [Lyngyk] C:\Program Files\Uierojs\Lqcsb.exe
O4 - HKLM\..\Run: [Xudmbyb] C:\Program Files\Gbbxki\Aainsw.exe
O4 - HKLM\..\Run: [Kcpsirdb] C:\Program Files\Kdfvcv\Dnteas.exe
O4 - HKLM\..\Run: [bnvuwgvx] C:\Program Files\Bnmdh\Szqnd.exe
O4 - HKLM\..\Run: [biciu] C:\Program Files\Fprbh\Oudgup.exe
O4 - HKLM\..\Run: [Zybwdgdo] C:\Program Files\Pptncg\Ngqm.exe
O4 - HKLM\..\Run: [Lxptn] C:\Program Files\Arwlddx\Lrbt.exe
O4 - HKLM\..\Run: [bosvr] C:\Program Files\Crvruyi\Kuzw.exe
O4 - HKLM\..\Run: [Pjahxv] C:\Program Files\Gtaiule\Xfqw.exe
O4 - HKLM\..\Run: [Dvrubhab] C:\Program Files\Lqwlmp\Yslqn.exe
O4 - HKLM\..\Run: [Qxkxggf] c:\Program Files\Kdilgsr\Ysauw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] F:\Programe\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] F:\Programe\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe
O4 - HKLM\..\RunServices: [desktop] C:\WINDOWS\system32\desktop.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe"
O8 - Extra context menu item: Download all links using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://F:\Programe\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {750A64D8-DFAA-485B-A335-F7093333FBB7} - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: fccyy - fccyy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - F:\Programe\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - F:\Programe\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - F:\Programe\avgemc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Common Files\SC Test Branding 1 Shared\Service\SCTestService1.exe
-
En passant esque quelqun peux me dire quesque des fichiers [.bat]
-
"Scan" - 2007-05-12 16:15:38 Service Pack 2
ComboFix 07-05.09.V - Running from: "F:\User\Gab\"
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-12 ))))))))))))))))))))))))))))))))))
2007-05-11 21:24 96 --a------ C:\avexport.bat
2007-05-11 21:24 60,416 --a------ C:\WINDOWS\system32\drivers\ybqgbavg.sys
2007-05-11 21:24 336 --a------ C:\reboot.bat
2007-05-11 21:24 19,814 --a------ C:\reboot.exe
2007-05-11 21:24 126,976 --a------ C:\zip.exe
2007-05-11 21:24 1,080 --a------ C:\yuhijrhc.bat
2007-05-11 21:24 <DIR> d-------- C:\Avenger
2007-05-11 20:11 <DIR> d-------- C:\VundoFix Backups
2007-04-28 17:49 <DIR> d-------- C:\DOCUME~1\Scan\Contacts
2007-04-28 17:48 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2007-04-21 10:48 <DIR> d--hs---- C:\FOUND.035
2007-04-18 17:13 <DIR> d--hs---- C:\FOUND.034
2007-04-12 21:00 1,633,289 ---hs---- C:\WINDOWS\system32\ntflotau.ini2
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-12 20:11:02 163,328 ----a-w C:\WINDOWS\system32\wsock32.sys
2007-05-12 02:21:18 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000F-00001102-00000004-005A1102}.dat
2007-05-12 02:21:18 24 ----a-w C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000F-00001102-00000004-005A1102}.dat
2007-05-08 23:02:28 3,939 ----a-w C:\WINDOWS\mozver.dat
2007-04-14 20:08:22 184,521 --sh--r C:\WINDOWS\system32\camacttiv.exe
2007-03-18 01:15:30 -------- d-----w C:\DOCUME~1\Scan\APPLIC~1\Ventrilo
2007-03-13 15:46:52 1,536,041 ----a-w C:\WINDOWS\system32\ckl009.dat
2007-02-07 22:13:54 122 ----a-w C:\WINDOWS\system32\del32.bat
2007-02-07 21:12:52 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx"
"{248AEE7B-BA53-47C1-BC59-4520A9D7C9F3}"="C:\WINDOWS\Web\ahrdajva.dll" [x]
"{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"="F:\Programe\BitComet\tools\BitCometBHO.dll"
"{669F1F99-1244-4872-B690-DFC5CB4ADECb}"="C:\WINDOWS\system32\hpwrrvuv.dll" [x]
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9394EDE7-C8B5-483E-8773-474BF36AF6E4}"="C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll"
"{ADA2AEC6-C2A3-4C1E-833F-0BB49DDDBA85}"="C:\WINDOWS\system32\hpwrrvuv.dll" [x]
"{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"="C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"WINDVDPatch"="CTHELPER.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe\""
"CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run"
"Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"Uaafn"="C:\\Program Files\\Jhigk\\Agyuq.exe"
"Opgbqy"="C:\\Program Files\\Yrheswr\\Pzln.exe"
"Puibx"="C:\\Program Files\\Fdfnh\\Oabl.exe"
"Btqoq"="C:\\Program Files\\Iletgu\\Cbokkfy.exe"
"Fvujhs"="C:\\Program Files\\Klwzyp\\Esrjerg.exe"
"Ftlamr"="C:\\Program Files\\Lvbfft\\Wxcgel.exe"
"Exovhigi"="C:\\Program Files\\Ndsleo\\Yxffhw.exe"
"Ylvssvrk"="C:\\Program Files\\Zyapzod\\Wxqq.exe"
"Hocyfdn"="C:\\Program Files\\Ejiijb\\Eeqefzy.exe"
"Prifpf"="C:\\Program Files\\Qlmzjo\\Isbvfnu.exe"
"Cgtulag"="C:\\Program Files\\Stmeijs\\Reti.exe"
"Ykvtxfn"="C:\\Program Files\\Ygmnvft\\Ogyn.exe"
"Iwqarbfu"="C:\\Program Files\\Ksus\\Goyn.exe"
"Bmatvzs"="C:\\Program Files\\Hwdbrlv\\Oqrjo.exe"
"Leosofks"="C:\\Program Files\\Awhq\\Bnnqu.exe"
"Qimjhgtf"="C:\\Program Files\\Mrpcq\\Agpuyu.exe"
"Vuvvn"="C:\\Program Files\\Rtltq\\Wccfoun.exe"
"Zisury"="C:\\Program Files\\Tgtu\\Qhhkjgu.exe"
"Uyvva"="C:\\Program Files\\Yixl\\Ddcxu.exe"
"Jqiil"="C:\\Program Files\\Cjcj\\Qzglfnb.exe"
"Lyngyk"="C:\\Program Files\\Uierojs\\Lqcsb.exe"
"Xudmbyb"="C:\\Program Files\\Gbbxki\\Aainsw.exe"
"Kcpsirdb"="C:\\Program Files\\Kdfvcv\\Dnteas.exe"
"Bnvuwgvx"="C:\\Program Files\\Bnmdh\\Szqnd.exe"
"Biciu"="C:\\Program Files\\Fprbh\\Oudgup.exe"
"Zybwdgdo"="C:\\Program Files\\Pptncg\\Ngqm.exe"
"Lxptn"="C:\\Program Files\\Arwlddx\\Lrbt.exe"
"Bosvr"="C:\\Program Files\\Crvruyi\\Kuzw.exe"
"Pjahxv"="C:\\Program Files\\Gtaiule\\Xfqw.exe"
"Dvrubhab"="C:\\Program Files\\Lqwlmp\\Yslqn.exe"
"Qxkxggf"="c:\\Program Files\\Kdilgsr\\Ysauw.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVG7_CC"="F:\\Programe\\avgcc.exe /STARTUP"
"avast!"="F:\\Programe\\Avast\\ashDisp.exe"
"Generic Host Process"="C:\\WINDOWS\\system32\\camacttiv.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Steam"=""
"AWMON"="\"F:\\Programe\\Ad-Aware SE Professional\\Ad-Watch.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"desktop"="C:\\WINDOWS\\system32\\desktop.exe"
"Generic Host Process"="C:\\WINDOWS\\system32\\camacttiv.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="F:\\Programe\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"Generic Host Process"="C:\\WINDOWS\\system32\\camacttiv.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyy
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0nwprovau\
Security Packages kerberosmsv1_0schannelwdigest\
Notification Packages scecli\
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService DnsCache\
rpcss RpcSs\
imgsvc StiSvc\
termsvcs TermService\
HTTPFilter HTTPFilter\
DcomLaunch DcomLaunchTermService\
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L]
Shell\AutoRun\command L:\autorun.exe
Shell\directx\command L:\DirectX9\dxsetup.exe
Shell\setup\command L:\setup.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AF62DA2791F94F9F.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-12 16:19:13
Windows 5.1.2600 Service Pack 2 FAT
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????=?????w???w????????\???\???????????U??w???w\???\?????????`??????C@?\???\??????s????\??????s\????=??A??s?=???C@?x???`|?w\?????@
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?D?tecteur de disque? ?A???????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?p?????B???@?????P?????@? ??????????w??????????@???????????????????B?????|???????????????????????????r?B
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-05-12 16:19:27
C:\ComboFix-quarantined-files.txt ... 2007-05-12 16"Scan" - 2007-05-12 16:15:38 Service Pack 2
ComboFix 07-05.09.V - Running from: "F:\User\Gab\"
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-12 ))))))))))))))))))))))))))))))))))
2007-05-11 21:24 96 --a------ C:\avexport.bat
2007-05-11 21:24 60,416 --a------ C:\WINDOWS\system32\drivers\ybqgbavg.sys
2007-05-11 21:24 336 --a------ C:\reboot.bat
2007-05-11 21:24 19,814 --a------ C:\reboot.exe
2007-05-11 21:24 126,976 --a------ C:\zip.exe
2007-05-11 21:24 1,080 --a------ C:\yuhijrhc.bat
2007-05-11 21:24 <DIR> d-------- C:\Avenger
2007-05-11 20:11 <DIR> d-------- C:\VundoFix Backups
2007-04-28 17:49 <DIR> d-------- C:\DOCUME~1\Scan\Contacts
2007-04-28 17:48 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2007-04-21 10:48 <DIR> d--hs---- C:\FOUND.035
2007-04-18 17:13 <DIR> d--hs---- C:\FOUND.034
2007-04-12 21:00 1,633,289 ---hs---- C:\WINDOWS\system32\ntflotau.ini2
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-12 20:11:02 163,328 ----a-w C:\WINDOWS\system32\wsock32.sys
2007-05-12 02:21:18 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000F-00001102-00000004-005A1102}.dat
2007-05-12 02:21:18 24 ----a-w C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000F-00001102-00000004-005A1102}.dat
2007-05-08 23:02:28 3,939 ----a-w C:\WINDOWS\mozver.dat
2007-04-14 20:08:22 184,521 --sh--r C:\WINDOWS\system32\camacttiv.exe
2007-03-18 01:15:30 -------- d-----w C:\DOCUME~1\Scan\APPLIC~1\Ventrilo
2007-03-13 15:46:52 1,536,041 ----a-w C:\WINDOWS\system32\ckl009.dat
2007-02-07 22:13:54 122 ----a-w C:\WINDOWS\system32\del32.bat
2007-02-07 21:12:52 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx"
"{248AEE7B-BA53-47C1-BC59-4520A9D7C9F3}"="C:\WINDOWS\Web\ahrdajva.dll" [x]
"{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"="F:\Programe\BitComet\tools\BitCometBHO.dll"
"{669F1F99-1244-4872-B690-DFC5CB4ADECb}"="C:\WINDOWS\system32\hpwrrvuv.dll" [x]
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9394EDE7-C8B5-483E-8773-474BF36AF6E4}"="C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll"
"{ADA2AEC6-C2A3-4C1E-833F-0BB49DDDBA85}"="C:\WINDOWS\system32\hpwrrvuv.dll" [x]
"{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"="C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"WINDVDPatch"="CTHELPER.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe\""
"CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run"
"Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"Uaafn"="C:\\Program Files\\Jhigk\\Agyuq.exe"
"Opgbqy"="C:\\Program Files\\Yrheswr\\Pzln.exe"
"Puibx"="C:\\Program Files\\Fdfnh\\Oabl.exe"
"Btqoq"="C:\\Program Files\\Iletgu\\Cbokkfy.exe"
"Fvujhs"="C:\\Program Files\\Klwzyp\\Esrjerg.exe"
"Ftlamr"="C:\\Program Files\\Lvbfft\\Wxcgel.exe"
"Exovhigi"="C:\\Program Files\\Ndsleo\\Yxffhw.exe"
"Ylvssvrk"="C:\\Program Files\\Zyapzod\\Wxqq.exe"
"Hocyfdn"="C:\\Program Files\\Ejiijb\\Eeqefzy.exe"
"Prifpf"="C:\\Program Files\\Qlmzjo\\Isbvfnu.exe"
"Cgtulag"="C:\\Program Files\\Stmeijs\\Reti.exe"
"Ykvtxfn"="C:\\Program Files\\Ygmnvft\\Ogyn.exe"
"Iwqarbfu"="C:\\Program Files\\Ksus\\Goyn.exe"
"Bmatvzs"="C:\\Program Files\\Hwdbrlv\\Oqrjo.exe"
"Leosofks"="C:\\Program Files\\Awhq\\Bnnqu.exe"
"Qimjhgtf"="C:\\Program Files\\Mrpcq\\Agpuyu.exe"
"Vuvvn"="C:\\Program Files\\Rtltq\\Wccfoun.exe"
"Zisury"="C:\\Program Files\\Tgtu\\Qhhkjgu.exe"
"Uyvva"="C:\\Program Files\\Yixl\\Ddcxu.exe"
"Jqiil"="C:\\Program Files\\Cjcj\\Qzglfnb.exe"
"Lyngyk"="C:\\Program Files\\Uierojs\\Lqcsb.exe"
"Xudmbyb"="C:\\Program Files\\Gbbxki\\Aainsw.exe"
"Kcpsirdb"="C:\\Program Files\\Kdfvcv\\Dnteas.exe"
"Bnvuwgvx"="C:\\Program Files\\Bnmdh\\Szqnd.exe"
"Biciu"="C:\\Program Files\\Fprbh\\Oudgup.exe"
"Zybwdgdo"="C:\\Program Files\\Pptncg\\Ngqm.exe"
"Lxptn"="C:\\Program Files\\Arwlddx\\Lrbt.exe"
"Bosvr"="C:\\Program Files\\Crvruyi\\Kuzw.exe"
"Pjahxv"="C:\\Program Files\\Gtaiule\\Xfqw.exe"
"Dvrubhab"="C:\\Program Files\\Lqwlmp\\Yslqn.exe"
"Qxkxggf"="c:\\Program Files\\Kdilgsr\\Ysauw.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVG7_CC"="F:\\Programe\\avgcc.exe /STARTUP"
"avast!"="F:\\Programe\\Avast\\ashDisp.exe"
"Generic Host Process"="C:\\WINDOWS\\system32\\camacttiv.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Steam"=""
"AWMON"="\"F:\\Programe\\Ad-Aware SE Professional\\Ad-Watch.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"desktop"="C:\\WINDOWS\\system32\\desktop.exe"
"Generic Host Process"="C:\\WINDOWS\\system32\\camacttiv.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="F:\\Programe\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"Generic Host Process"="C:\\WINDOWS\\system32\\camacttiv.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyy
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0nwprovau\
Security Packages kerberosmsv1_0schannelwdigest\
Notification Packages scecli\
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService DnsCache\
rpcss RpcSs\
imgsvc StiSvc\
termsvcs TermService\
HTTPFilter HTTPFilter\
DcomLaunch DcomLaunchTermService\
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L]
Shell\AutoRun\command L:\autorun.exe
Shell\directx\command L:\DirectX9\dxsetup.exe
Shell\setup\command L:\setup.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AF62DA2791F94F9F.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-12 16:19:13
Windows 5.1.2600 Service Pack 2 FAT
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????=?????w???w????????\???\???????????U??w???w\???\?????????`??????C@?\???\??????s????\??????s\????=??A??s?=???C@?x???`|?w\?????@
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?D?tecteur de disque? ?A???????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?p?????B???@?????P?????@? ??????????w??????????@???????????????????B?????|???????????????????????????r?B
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-05-12 16:19:27
C:\ComboFix-quarantined-files.txt ... 2007-05-12
-
Re Bonjours ! Bon je viens d'arriver il n'y a pas de fichier .txt mais je refais le scan au azard...
-
Ok hey ca vien d'arriver lol
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vxednkth
*******************
Script file located at: \??\C:\Program Files\ecm^kxoy.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Registry key \Registry\Machine\System\CurrentControlSet\Services\PE386 not found!
Unload of driver PE386 failed!
Could not process line:
PE386
Status: 0xc0000034
pi aussi en passant l'ordi a restarter 9 fois et un disk check de plusieurs minutes
Bonne nuit
et en passant je devrais être la mais plus tard dans l'apres midi moi :S
-
Ca va prendre presque 10 mins
-
Nvm dsler finalement le lien marche c juste que ca m'a pris 30 fois apeux pres
-
Boran Remover by Deckard :: 2007-03-10 :: 34
----------------------------------------------------------------
Run by Scan :: 2007-05-11 @ 21:50:42,08
Infection not active/found.
-
Les fichiers que je connais pas qui se sont ajoutés récements sont (avexport.bat/reboot.bat/reboot.exe/yuhijrhc.bat/zip.exe)
Esque c'est normal ? C/PROGRAMEFILES j'ai un fichier .txt qui s'apelle ecm^kxoy.txt
Et qui dit Drivers to unload:
PE386
Programs to launch on reboot:
F:\Rustbfix\2run.bat
-
J'ai un dossier avenger mais vide et pour l'autre rien du tout (wtf) :S
parcontre plusieurs (.exe),(.bat) qui n'étaient pas la avant le reboot .
-
Logfile of HijackThis v1.99.1
Scan saved at 21:31:07, on 2007-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Diskeeper\DkService.exe
C:\WINDOWS\system32\msasvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\internet explorer\iexplore.exe
F:\Programe\Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Programe\Hijackthis\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.hotmail.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\WINDOWS\system32\camacttiv.exe
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {248AEE7B-BA53-47C1-BC59-4520A9D7C9F3} - C:\WINDOWS\Web\ahrdajva.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Programe\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {669F1F99-1244-4872-B690-DFC5CB4ADECb} - C:\WINDOWS\system32\hpwrrvuv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {ADA2AEC6-C2A3-4C1E-833F-0BB49DDDBA85} - C:\WINDOWS\system32\hpwrrvuv.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [uaafn] C:\Program Files\Jhigk\Agyuq.exe
O4 - HKLM\..\Run: [Opgbqy] C:\Program Files\Yrheswr\Pzln.exe
O4 - HKLM\..\Run: [Puibx] C:\Program Files\Fdfnh\Oabl.exe
O4 - HKLM\..\Run: [btqoq] C:\Program Files\Iletgu\Cbokkfy.exe
O4 - HKLM\..\Run: [Fvujhs] C:\Program Files\Klwzyp\Esrjerg.exe
O4 - HKLM\..\Run: [Ftlamr] C:\Program Files\Lvbfft\Wxcgel.exe
O4 - HKLM\..\Run: [Exovhigi] C:\Program Files\Ndsleo\Yxffhw.exe
O4 - HKLM\..\Run: [Ylvssvrk] C:\Program Files\Zyapzod\Wxqq.exe
O4 - HKLM\..\Run: [Hocyfdn] C:\Program Files\Ejiijb\Eeqefzy.exe
O4 - HKLM\..\Run: [Prifpf] C:\Program Files\Qlmzjo\Isbvfnu.exe
O4 - HKLM\..\Run: [Cgtulag] C:\Program Files\Stmeijs\Reti.exe
O4 - HKLM\..\Run: [Ykvtxfn] C:\Program Files\Ygmnvft\Ogyn.exe
O4 - HKLM\..\Run: [iwqarbfu] C:\Program Files\Ksus\Goyn.exe
O4 - HKLM\..\Run: [bmatvzs] C:\Program Files\Hwdbrlv\Oqrjo.exe
O4 - HKLM\..\Run: [Leosofks] C:\Program Files\Awhq\Bnnqu.exe
O4 - HKLM\..\Run: [Qimjhgtf] C:\Program Files\Mrpcq\Agpuyu.exe
O4 - HKLM\..\Run: [Vuvvn] C:\Program Files\Rtltq\Wccfoun.exe
O4 - HKLM\..\Run: [Zisury] C:\Program Files\Tgtu\Qhhkjgu.exe
O4 - HKLM\..\Run: [uyvva] C:\Program Files\Yixl\Ddcxu.exe
O4 - HKLM\..\Run: [Jqiil] C:\Program Files\Cjcj\Qzglfnb.exe
O4 - HKLM\..\Run: [Lyngyk] C:\Program Files\Uierojs\Lqcsb.exe
O4 - HKLM\..\Run: [Xudmbyb] C:\Program Files\Gbbxki\Aainsw.exe
O4 - HKLM\..\Run: [Kcpsirdb] C:\Program Files\Kdfvcv\Dnteas.exe
O4 - HKLM\..\Run: [bnvuwgvx] C:\Program Files\Bnmdh\Szqnd.exe
O4 - HKLM\..\Run: [biciu] C:\Program Files\Fprbh\Oudgup.exe
O4 - HKLM\..\Run: [Zybwdgdo] C:\Program Files\Pptncg\Ngqm.exe
O4 - HKLM\..\Run: [Lxptn] C:\Program Files\Arwlddx\Lrbt.exe
O4 - HKLM\..\Run: [bosvr] C:\Program Files\Crvruyi\Kuzw.exe
O4 - HKLM\..\Run: [Pjahxv] C:\Program Files\Gtaiule\Xfqw.exe
O4 - HKLM\..\Run: [Dvrubhab] C:\Program Files\Lqwlmp\Yslqn.exe
O4 - HKLM\..\Run: [Qxkxggf] c:\Program Files\Kdilgsr\Ysauw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] F:\Programe\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] F:\Programe\Avast\ashDisp.exe
O4 - HKLM\..\Run: [desktop] C:\WINDOWS\system32\desktop.exe
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe
O4 - HKLM\..\RunServices: [desktop] C:\WINDOWS\system32\desktop.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe"
O8 - Extra context menu item: Download all links using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://F:\Programe\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {750A64D8-DFAA-485B-A335-F7093333FBB7} - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: fccyy - fccyy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - F:\Programe\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - F:\Programe\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - F:\Programe\avgemc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Common Files\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)
Pas de avenger . txt / et pas de pelog.txt
Rapport Hijachkthis
dans Analyses et éradication malwares
Posté(e)
#1: Je suis désoler auccun fichier ne correspond à se nom
#2,3: Je suis encore plus désoler ...
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Error: could not create zip file.
Error code: 0
Error: could not create reboot file.
Error code: 0
Error: could not create reboot batch.
Error code: 0
Et oui j'ai de la misère avec avast/adawar et plein d'autres anti virus :S mais bon il y a des details qu'il faudrait p-t que je t'en parle en privée