Rapport Hijachkthis

Dokiato · le 12 mai 2007

Tout ce que ca a fais quand j'ai fini de restarter c un message Windows cannot find 'C:/WINDOWS/System32/camacttiv.exe'.Make sure you typed the name correctly , and then try again to searsh for a file,click the start button,and then click searsch ...

En passant chaque fois que je redémare mon pc il faut que je fasse

REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 0 /f

de nouveaux

Dokiato · le 12 mai 2007

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h?????

?s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????>?????w???w??????

??\???\???????????U??w???w\???\???????x?`??????C@?\???\??????s????\??????s\????=

??A??s?=???C@?x???`|?w\?????@

Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X?????????????

??????E?@?D?tecteur de disque? ?A???????B?e!@???@???@?? C?????E?@?????????@?B???

A????? ?A???????B???@?????P?????@?@??????????w??????????@???????????????????B???

??????????????????????????????r?B

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

Error: could not create zip file.

Error code: 0

//////////////////////////////////////////

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\kqsasykt

*******************

Script file located at: \??\C:\WINDOWS\cejerrbc.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\PerfNetk not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\PerfNetk failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\PerfNetk

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\PerfOSt not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\PerfOSt failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\PerfOSt

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\pfcfProc not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pfcfProc failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\pfcfProc

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\poofcyAgent not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\poofcyAgent failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\poofcyAgent

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\Processorort not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Processorort failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\Processorort

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\PSchedtedStorage not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\PSchedtedStorage failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\PSchedtedStorage

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\ql108020 not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\ql108020 failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\ql108020

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\ql12400 not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\ql12400 failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\ql12400

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\RasManp not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\RasManp failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\RasManp

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\Rasptioe not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Rasptioe failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\Rasptioe

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\Rdbssi not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Rdbssi failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\Rdbssi

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\RDPDDD not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\RDPDDD failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\RDPDDD

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\redbookgr not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\redbookgr failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\redbookgr

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\RpcLocatorstry not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\RpcLocatorstry failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\RpcLocatorstry

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\RpcSscator not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\RpcSscator failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\RpcSscator

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\RSVPs not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\RSVPs failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\RSVPs

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\SCDEmuvr not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\SCDEmuvr failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\SCDEmuvr

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\sdcplhrt not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\sdcplhrt failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\sdcplhrt

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\SENSogon not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\SENSogon failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\SENSogon

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\Serialm not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Serialm failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\Serialm

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\SimbadWDetection not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\SimbadWDetection failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\SimbadWDetection

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\sisagp2 not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\sisagp2 failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\sisagp2

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\Spoolerr not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Spoolerr failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\Spoolerr

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\sptdler not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\sptdler failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\sptdler

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\srtd not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\srtd failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\srtd

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\Srvervice not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Srvervice failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\Srvervice

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\stisvcV not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\stisvcV failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\stisvcV

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\SwPrvi not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\SwPrvi failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\SwPrvi

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\swwdv not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\swwdv failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\swwdv

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\sym_hix not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\sym_hix failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\sym_hix

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\TapiSrvog not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\TapiSrvog failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\TapiSrvog

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\Tcpiprv not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Tcpiprv failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\Tcpiprv

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\TDTCPE not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\TDTCPE failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\TDTCPE

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\Themesrvice not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Themesrvice failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\Themesrvice

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\TosIder not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\TosIder failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\TosIder

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\TSDDDs not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\TSDDDs failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\TSDDDs

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\UdfsD not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\UdfsD failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\UdfsD

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\UPSphost not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\UPSphost failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\UPSphost

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\USBSTORt not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\USBSTORt failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\USBSTORt

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\VgaSavev not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\VgaSavev failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\VgaSavev

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\ViaIdee not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\ViaIdee failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\ViaIdee

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\VSSSnap not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\VSSSnap failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\VSSSnap

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\W3SVCme not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\W3SVCme failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\W3SVCme

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\WDICAw not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\WDICAw failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\WDICAw

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\winmgmtnt not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\winmgmtnt failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\winmgmtnt

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSNP Service not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSNP Service failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSNP Service

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\WmimPmSN not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\WmimPmSN failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\WmimPmSN

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\WpdUsbrv not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\WpdUsbrv failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\WpdUsbrv

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\wscsvcL not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\wscsvcL failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\wscsvcL

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\WZCSVCrv not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\WZCSVCrv failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\WZCSVCrv

Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\ad1i93ck4-255F-4F3F-9FE5-2C6DDD5F8333} not found!

Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\ad1i93ck4-255F-4F3F-9FE5-2C6DDD5F8333} failed!

Could not process line:

HKLM\SYSTEM\CurrentControlSet\Services\ad1i93ck4-255F-4F3F-9FE5-2C6DDD5F8333}

Status: 0xc0000034

File C:\WINDOWS\tasks\AF62DA2791F94F9F.job deleted successfully.

File C:\WINDOWS\system32\camacttiv.exe deleted successfully.

File C:\WINDOWS\system32\del32.bat deleted successfully.

File C:\WINDOWS\system32\ntflotau.ini2 deleted successfully.

File C:\yuhijrhc.bat deleted successfully.

Error: C:\FOUND.035 is a folder, not a file!

Deletion of file C:\FOUND.035 failed!

Could not process line:

C:\FOUND.035

Status: 0xc00000ba

Error: C:\FOUND.034 is a folder, not a file!

Deletion of file C:\FOUND.034 failed!

Could not process line:

C:\FOUND.034

Status: 0xc00000ba

File C:\WINDOWS\system32\drivers\ybqgbavg.sys deleted successfully.

File C:\WINDOWS\system32\tstss.tmp deleted successfully.

File C:\WINDOWS\system32\ntflotau.tmp deleted successfully.

File C:\WINDOWS\Web\avjadrha.tmp deleted successfully.

File C:\WINDOWS\Registration\vsrddv.tmp deleted successfully.

File C:\WINDOWS\system32\desktop.exe not found!

Deletion of file C:\WINDOWS\system32\desktop.exe failed!

Could not process line:

C:\WINDOWS\system32\desktop.exe

Status: 0xc0000034

File C:\WINDOWS\Downloaded Program Files\USYP_0001_N76M2004NetInstaller.exe deleted successfully.

File C:\WINDOWS\Downloaded Program Files\USYP_0001_N76M1005NetInstaller.exe deleted successfully.

File C:\WINDOWS\Downloaded Program Files\UERSV_0001_N68M0602NetInstaller.exe deleted successfully.

File C:\WINDOWS\System32\docqqpoq.ini deleted successfully.

File C:\WINDOWS\System32\feiumdcv.ini deleted successfully.

File C:\WINDOWS\System32\xgcmndql.ini deleted successfully.

File C:\WINDOWS\System32\mcrh.tmp deleted successfully.

File C:\WINDOWS\System32\spgnufsi.ini deleted successfully.

File C:\WINDOWS\System32\yieblrdg.ini deleted successfully.

File C:\WINDOWS\System32\kyvxraop.ini deleted successfully.

File C:\WINDOWS\System32\qifexufw.ini deleted successfully.

File C:\WINDOWS\System32\ilvulngr.ini deleted successfully.

File C:\WINDOWS\System32\5ZI4VzBqtz.ini deleted successfully.

File C:\WINDOWS\System32\sokiuecw.ini deleted successfully.

File C:\WINDOWS\CSCï¿½000001 not found!

Deletion of file C:\WINDOWS\CSCï¿½000001 failed!

Could not process line:

C:\WINDOWS\CSCï¿½000001

Status: 0xc0000034

File C:\WINDOWS\CSCï¿½000002 not found!

Deletion of file C:\WINDOWS\CSCï¿½000002 failed!

Could not process line:

C:\WINDOWS\CSCï¿½000002

Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices|desktop not found!

Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices|desktop failed!

Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices|Generic Host Process not found!

Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices|Generic Host Process failed!

Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Generic Host Process not found!

Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Generic Host Process failed!

Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

Logfile of HijackThis v1.99.1

Scan saved at 10:29:29, on 2007-05-13

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Diskeeper\DkService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Creative\ShareDLL\CtNotify.exe

F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\ShareDLL\MediaDet.exe

F:\Programe\Firefox\firefox.exe

F:\Programe\Hijackthis\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.hotmail.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F3 - REG:win.ini: load=C:\WINDOWS\system32\camacttiv.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Programe\BitComet\tools\BitCometBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] F:\Programe\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [avast!] F:\Programe\Avast\ashDisp.exe

O4 - HKLM\..\Run: [desktop] C:\WINDOWS\system32\desktop.exe

O4 - HKLM\..\Run: [uaafn] C:\Program Files\Jhigk\Agyuq.exe

O4 - HKLM\..\Run: [Opgbqy] C:\Program Files\Yrheswr\Pzln.exe

O4 - HKLM\..\Run: [Puibx] C:\Program Files\Fdfnh\Oabl.exe

O4 - HKLM\..\Run: [btqoq] C:\Program Files\Iletgu\Cbokkfy.exe

O4 - HKLM\..\Run: [Fvujhs] C:\Program Files\Klwzyp\Esrjerg.exe

O4 - HKLM\..\Run: [Ftlamr] C:\Program Files\Lvbfft\Wxcgel.exe

O4 - HKLM\..\Run: [Exovhigi] C:\Program Files\Ndsleo\Yxffhw.exe

O4 - HKLM\..\Run: [Ylvssvrk] C:\Program Files\Zyapzod\Wxqq.exe

O4 - HKLM\..\Run: [Hocyfdn] C:\Program Files\Ejiijb\Eeqefzy.exe

O4 - HKLM\..\Run: [Prifpf] C:\Program Files\Qlmzjo\Isbvfnu.exe

O4 - HKLM\..\Run: [Cgtulag] C:\Program Files\Stmeijs\Reti.exe

O4 - HKLM\..\Run: [Ykvtxfn] C:\Program Files\Ygmnvft\Ogyn.exe

O4 - HKLM\..\Run: [iwqarbfu] C:\Program Files\Ksus\Goyn.exe

O4 - HKLM\..\Run: [bmatvzs] C:\Program Files\Hwdbrlv\Oqrjo.exe

O4 - HKLM\..\Run: [Leosofks] C:\Program Files\Awhq\Bnnqu.exe

O4 - HKLM\..\Run: [Qimjhgtf] C:\Program Files\Mrpcq\Agpuyu.exe

O4 - HKLM\..\Run: [Vuvvn] C:\Program Files\Rtltq\Wccfoun.exe

O4 - HKLM\..\Run: [Zisury] C:\Program Files\Tgtu\Qhhkjgu.exe

O4 - HKLM\..\Run: [uyvva] C:\Program Files\Yixl\Ddcxu.exe

O4 - HKLM\..\Run: [Jqiil] C:\Program Files\Cjcj\Qzglfnb.exe

O4 - HKLM\..\Run: [Lyngyk] C:\Program Files\Uierojs\Lqcsb.exe

O4 - HKLM\..\Run: [Xudmbyb] C:\Program Files\Gbbxki\Aainsw.exe

O4 - HKLM\..\Run: [Kcpsirdb] C:\Program Files\Kdfvcv\Dnteas.exe

O4 - HKLM\..\Run: [bnvuwgvx] C:\Program Files\Bnmdh\Szqnd.exe

O4 - HKLM\..\Run: [biciu] C:\Program Files\Fprbh\Oudgup.exe

O4 - HKLM\..\Run: [Zybwdgdo] C:\Program Files\Pptncg\Ngqm.exe

O4 - HKLM\..\Run: [Lxptn] C:\Program Files\Arwlddx\Lrbt.exe

O4 - HKLM\..\Run: [bosvr] C:\Program Files\Crvruyi\Kuzw.exe

O4 - HKLM\..\Run: [Pjahxv] C:\Program Files\Gtaiule\Xfqw.exe

O4 - HKLM\..\Run: [Dvrubhab] C:\Program Files\Lqwlmp\Yslqn.exe

O4 - HKLM\..\Run: [Qxkxggf] c:\Program Files\Kdilgsr\Ysauw.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe

O4 - HKLM\..\RunServices: [desktop] C:\WINDOWS\system32\desktop.exe

O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe

O4 - HKCU\..\Run: [AWMON] "F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Download all links using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://F:\Programe\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://F:\Programe\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: fccyy - fccyy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - F:\Programe\avgamsvr.exe (file missing)

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - F:\Programe\avgupsvc.exe (file missing)

O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - F:\Programe\avgemc.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Common Files\SC Test Branding 1 Shared\Service\SCTestService1.exe

Dokiato · le 12 mai 2007

The script did not recognize the services listed below.

This does not mean that they are a problem.

To copy the entire contents of this document for posting:

At the top of this window click "Edit" then "Select All"

Next click "Edit" again then "Copy"

Now right click in the forum post box then click "Paste"

########################################

ServiceFilter 1.1

by rand1038

Microsoft Windows XP Professional

Version: 5.1.2600 Service Pack 2

mai 13, 2007 10:31:54

===> Begin Service Listing <===

Unknown Service #1

Service Name: Avg7Alrt

Display Name: AVG7 Alert Manager Server

Start Mode: Auto

Start Name: LocalSystem

Description: ...

Service Type: Own Process

Path: f:\programe\avgamsvr.exe

State: Stopped

Process ID: 0

Started: False

Exit Code: 0

Accept Pause: False

Accept Stop: False

Unknown Service #2

Service Name: Avg7UpdSvc

Display Name: AVG7 Update Service

Start Mode: Auto

Start Name: LocalSystem

Description: ...

Service Type: Own Process

Path: f:\programe\avgupsvc.exe

State: Stopped

Process ID: 0

Started: False

Exit Code: 0

Accept Pause: False

Accept Stop: False

Unknown Service # 3

Service Name: AVGEMS

Display Name: AVG E-mail Scanner

Start Mode: Auto

Start Name: LocalSystem

Description: ...

Service Type: Own Process

Path: f:\programe\avgemc.exe

State: Stopped

Process ID: 0

Started: False

Exit Code: 0

Accept Pause: False

Accept Stop: False

Unknown Service #4

Service Name: Diskeeper

Display Name: Diskeeper

Start Mode: Auto

Start Name: LocalSystem

Description: Controls the Windows Diskeeper ...

Service Type: Own Process

Path: c:\program files\diskeeper\dkservice.exe

State: Running

Process ID: 1940

Started: True

Exit Code: 0

Accept Pause: False

Accept Stop: True

Unknown Service # 5

Service Name: IDriverT

Display Name: InstallDriver Table Manager

Start Mode: Manual

Start Name: LocalSystem

Description: Provides support for the Running Object Table for InstallShield ...

Service Type: Own Process

Path: "c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe"

State: Stopped

Process ID: 0

Started: False

Exit Code: 1077

Accept Pause: False

Accept Stop: False

Unknown Service # 6

Service Name: NBService

Display Name: NBService

Start Mode: Manual

Start Name: LocalSystem

Description: Nero BackItUp Service is responsible to control all jobs created using Nero BackItUp. These jobs ...

Service Type: Own Process

Path: c:\program files\nero\nero 7\nero backitup\nbservice.exe

State: Stopped

Process ID: 0

Started: False

Exit Code: 1077

Accept Pause: False

Accept Stop: False

Unknown Service #7

Service Name: Nla

Display Name: Network Location Awareness (NLA)

Start Mode: Boot

Start Name: LocalSystem

Description: Collects and stores network configuration and location information, and notifies applications when ...

Service Type: Share Process

Path: \systemroot\c:\windows\system32\svchost.exe -k netsvcs

State: Running

Process ID: 1008

Started: True

Exit Code: 0

Accept Pause: False

Accept Stop: True

Unknown Service #8

Service Name: NVSvc

Display Name: NVIDIA Display Driver Service

Start Mode: Boot

Start Name: LocalSystem

Description: Provides system and desktop level support to the NVIDIA display ...

Service Type: Own Process

Path: \systemroot\c:\windows\system32\nvsvc32.exe

State: Stopped

Process ID: 0

Started: False

Exit Code: 1077

Accept Pause: False

Accept Stop: False

Unknown Service # 9

Service Name: NWCWorkstation

Display Name: Client Service for NetWare

Start Mode: Auto

Start Name: LocalSystem

Description: Provides access to file and print resources on NetWare ...

Service Type: Share Process

Path: c:\windows\system32\svchost.exe -k netsvcs

State: Running

Process ID: 1008

Started: True

Exit Code: 0

Accept Pause: False

Accept Stop: True

Unknown Service # 10

Service Name: SC Test Branding Service 1

Display Name: SC Test Branding Service 1

Start Mode: Manual

Start Name: LocalSystem

Description: License Service features ...

Service Type: Own Process

Path: "c:\program files\common files\sc test branding 1 shared\service\sctestservice1.exe"

State: Stopped

Process ID: 0

Started: False

Exit Code: 1077

Accept Pause: False

Accept Stop: False

Unknown Service #11

Service Name: SENS

Display Name: System Event Notification

Start Mode: Boot

Start Name: LocalSystem

Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System ...

Service Type: Share Process

Path: \systemroot\c:\windows\system32\svchost.exe -k netsvcs

State: Running

Process ID: 1008

Started: True

Exit Code: 0

Accept Pause: False

Accept Stop: True

Unknown Service #12

Service Name: SharedAccess

Display Name: Windows Firewall/Internet Connection Sharing (ICS)

Start Mode: Boot

Start Name: LocalSystem

Description: Provides network address translation, addressing, name resolution and/or intrusion prevention ...

Service Type: Share Process

Path: \systemroot\c:\windows\system32\svchost.exe -k netsvcs

State: Stopped

Process ID: 0

Started: False

Exit Code: 1077

Accept Pause: False

Accept Stop: False

Unknown Service #13

Service Name: SwPrv

Display Name: MS Software Shadow Copy Provider

Start Mode: Manual

Start Name: LocalSystem

Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this ...

Service Type: Own Process

Path: c:\windows\system32\dllhost.exe /processid:{d3929568-4e58-465d-b900-b66295f9b15f}

State: Stopped

Process ID: 0

Started: False

Exit Code: 1077

Accept Pause: False

Accept Stop: False

Unknown Service # 14

Service Name: usnjsvc

Display Name: Service Messenger Sharing Folders USN Journal Reader

Start Mode: Manual

Start Name: LocalSystem

Description: Service installé par Messenger pour permettre les opérations de ...

Service Type: Own Process

Path: "c:\program files\msn messenger\usnsvc.exe"

State: Stopped

Process ID: 0

Started: False

Exit Code: 1077

Accept Pause: False

Accept Stop: False

---> End Service Listing <---

There are 96 Win32 services on this machine.

14 were unrecognized.

Script Execution Time: 2,113281 seconds.

Bon alors j'attend les prochaines instruction

Dokiato · le 12 mai 2007

Charles , je devrais être present à 18heurs.

Thanos · le 12 mai 2007

salut

J'aimerai stp que tu expédies un fichier comme ceci pour analyse (c'est rapide!!)>

-1- clique sur http://www.thespykiller.co.uk/index.php?PH...8&board=1.0 pour aller sur le forum TheSpyKiller.co.uk

- clique sur le bouton "New Topic" en haut à droite

- tu vois un écran semblable à celui ci-dessous

-2- écris ton pseudo dans "Name:"

Il n'est pas nécessaire d'être membre de ce forum pour poster et y déposer un fichier

-3- mets ton adresse de messagerie dans "Email:" (c'est sans risque!)

-4- "Subject:", indique dans cette zone, l'objet de ton message: copie/colle ceci:> sample for AndyManchesta > camacttiv.exe

-5- dans la zone de message, écris :

Hello everybody,

I was asked to upload this file in a discussion of my usual forum.

- forum: Zebulon

- topic: http://forum.zebulon.fr/index.php?showtopi...p;#entry1003532

Kindest regards,

Dokiato

-6- clique sur le bouton "Parcourir..."ou Browse, navigue dans les dossiers et clique sur C:\avenger\backup.zip

- vérifie que le nom du fichier est indiqué dans la zone "Attach:"

-7- si tu le veux, clique sur "Preview" pour avoir un aperçu de ton message

- clique sur "Post".

NB : Si tu as plus d'un fichier (moins de 10), dépose les fichiers un par un

Si tu as plus de 10 fichiers, crée une archive.

merci d'avance!

--------------------------------------------------------------------

La suite des festivités >

Tu as deux possiblités pour consulter les instructions qui suivent:

-Soit tu copie/colles le contenu de la procédure dans un fichier texte(que tu met sur le bureau) pour pouvoir le consulter en mode sans échec(tu n'auras pas accès à internet!).

-Tu peux également enregistrer la page web complète, sur laquelle se trouve la procédure,

en le faisant à partir de ton navigateur :

-Aller en haut de page et cliquer sur le menu"Fichier" : une liste apparait=>

-Choisis "Enregistrer sous" et choisis "Bureau".

-Ensuite cliquer sur le bouton "Enregistrer" à droite du champs "nom du fichier".

Pour lire la procédure en mode sans échec, tu n'auras qu'à double cliquer sur le fichier rapport HijackThis (avec l'icone de ton navigateur) situé sur le bureau.(tu noteras qu'un nouveau dossier va se créer sur le bureau en plus du fichier : c'est normal!) De cette manière, tu conserveras toutes les mises en formes et les couleurs de la procédure, et cela permettra de t'y retrouver.

--------------------------------------------------------------------------------------------------------------------------

La procédure:

-Télécharge ATF Cleaner by Atribune sur ton bureau.

-Télécharge AVG anti-spyware et sauvegarde le sur ton bureau.

Une fois AVG Anti-Spyware téléchargé,repère son icône sur le bureau et double clique dessus pour lancer l'installation.
Une fois l'installation terminée, AVG Anti-Spyware va se lancer: il faut mettre le programme à jour.
Sur l'écran principal sélectionne le menu "Mise à jour", puis clique sur le bouton "Commencer la mise à jour" sous "Mise à jour manuelle".
La mise à jour va commencer(il est possible que tu reçoives une alerte de ton parefeu: accepte la connexion au serveur).
Une fois la mise à jour faite, sélectionne le menu "Analyse" puis clique sur l'onglet "Paramètres".
Sous "Comment réagir", choisis "Quarantaine"
Sous "Rapports" clique sur "Générer un rapport après chaque analyse".
décoche la case "Uniquement en cas de menace".
Ferme AVG Anti-Spyware et ne lance pas de scan maintenant!

Étape 1:

*Redémarre le PC, impérativement en mode sans échec,(au démarrage, tapoter immédiatement la touche F8,puis apparaitra un écran avec choix de démarrages : choisir "Mode sans échec" avec les flèches du clavier, puis valider avec "Entrée".

Choisir le compte usuel (et non Administrateur).

(n'ayant pas accès à Internet, tu as préalablement copié ces instructions dans un fichier texte)

Étape 2:

* Démarre Hijackthis et clique sur la case "Do a system scan only",puis coche les lignes suivantes :

F3 - REG:win.ini: load=C:\WINDOWS\system32\camacttiv.exe

O4 - HKLM\..\Run: [avast!] F:\Programe\Avast\ashDisp.exe

O4 - HKLM\..\Run: [desktop] C:\WINDOWS\system32\desktop.exe

O4 - HKLM\..\Run: [uaafn] C:\Program Files\Jhigk\Agyuq.exe

O4 - HKLM\..\Run: [Opgbqy] C:\Program Files\Yrheswr\Pzln.exe

O4 - HKLM\..\Run: [Puibx] C:\Program Files\Fdfnh\Oabl.exe

O4 - HKLM\..\Run: [btqoq] C:\Program Files\Iletgu\Cbokkfy.exe

O4 - HKLM\..\Run: [Fvujhs] C:\Program Files\Klwzyp\Esrjerg.exe

O4 - HKLM\..\Run: [Ftlamr] C:\Program Files\Lvbfft\Wxcgel.exe

O4 - HKLM\..\Run: [Exovhigi] C:\Program Files\Ndsleo\Yxffhw.exe

O4 - HKLM\..\Run: [Ylvssvrk] C:\Program Files\Zyapzod\Wxqq.exe

O4 - HKLM\..\Run: [Hocyfdn] C:\Program Files\Ejiijb\Eeqefzy.exe

O4 - HKLM\..\Run: [Prifpf] C:\Program Files\Qlmzjo\Isbvfnu.exe

O4 - HKLM\..\Run: [Cgtulag] C:\Program Files\Stmeijs\Reti.exe

O4 - HKLM\..\Run: [Ykvtxfn] C:\Program Files\Ygmnvft\Ogyn.exe

O4 - HKLM\..\Run: [iwqarbfu] C:\Program Files\Ksus\Goyn.exe

O4 - HKLM\..\Run: [bmatvzs] C:\Program Files\Hwdbrlv\Oqrjo.exe

O4 - HKLM\..\Run: [Leosofks] C:\Program Files\Awhq\Bnnqu.exe

O4 - HKLM\..\Run: [Qimjhgtf] C:\Program Files\Mrpcq\Agpuyu.exe

O4 - HKLM\..\Run: [Vuvvn] C:\Program Files\Rtltq\Wccfoun.exe

O4 - HKLM\..\Run: [Zisury] C:\Program Files\Tgtu\Qhhkjgu.exe

O4 - HKLM\..\Run: [uyvva] C:\Program Files\Yixl\Ddcxu.exe

O4 - HKLM\..\Run: [Jqiil] C:\Program Files\Cjcj\Qzglfnb.exe

O4 - HKLM\..\Run: [Lyngyk] C:\Program Files\Uierojs\Lqcsb.exe

O4 - HKLM\..\Run: [Xudmbyb] C:\Program Files\Gbbxki\Aainsw.exe

O4 - HKLM\..\Run: [Kcpsirdb] C:\Program Files\Kdfvcv\Dnteas.exe

O4 - HKLM\..\Run: [bnvuwgvx] C:\Program Files\Bnmdh\Szqnd.exe

O4 - HKLM\..\Run: [biciu] C:\Program Files\Fprbh\Oudgup.exe

O4 - HKLM\..\Run: [Zybwdgdo] C:\Program Files\Pptncg\Ngqm.exe

O4 - HKLM\..\Run: [Lxptn] C:\Program Files\Arwlddx\Lrbt.exe

O4 - HKLM\..\Run: [bosvr] C:\Program Files\Crvruyi\Kuzw.exe

O4 - HKLM\..\Run: [Pjahxv] C:\Program Files\Gtaiule\Xfqw.exe

O4 - HKLM\..\Run: [Dvrubhab] C:\Program Files\Lqwlmp\Yslqn.exe

O4 - HKLM\..\Run: [Qxkxggf] c:\Program Files\Kdilgsr\Ysauw.exe

O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe

O4 - HKLM\..\RunServices: [desktop] C:\WINDOWS\system32\desktop.exe

O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\camacttiv.exe

O4 - HKCU\..\Run: [AWMON] "F:\Programe\Ad-Aware SE Professional\Ad-Watch.exe" *

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O20 - Winlogon Notify: fccyy - fccyy.dll (file missing)

-Ferme tous les programmes et clique sur "Fix Checked"

*NOTE: je te fais désactiver Ad-Aware SE pour le moment car on va utiliser AVG AS qui a sensiblement la même fonction! Il ne faut pas que deux antispywares fonctionnent en même temps!

Étape 3:

Double-clique ATF Cleaner afin de lancer le programme.

Sous l'onglet Main, choisis : Select All
Clique sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :
Clique Firefox au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :
Clique Opera au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

* Si l'onglet "Firefox" est grisé dans ATF,nettoie le cache et les cookies dans Firefox comme ceci :

Ouvre Firefox et clique sur Outils=> Options
Clique sur l'onglet Vie Privée
clique sur le bouton Vider le cache dans l'onglet "Historique"
clique sur le bouton Supprimer les cookies dans l'onglet "Cookies"
clique sur le bouton Vider le cache dans l'onglet "Cache"
clique sur le bouton Ok pour fermer la fenêtre des options et valider tes choix.

Étape 4:

Lance AVG Anti-Spyware en double-cliquant sur son icône.

IMPORTANT:ne lance aucun autre programme pendant qu' AVG Anti-Spyware scanne le pc.

Sélectionne le menu "Analyse" puis sous l'onglet "Analyser", choisis "Analyse complête du système".
AVG Anti-Spyware va scanner ton (tes) disque dur(s).Le scan prendra un certain temps, donc sois patient.
Une fois le scan terminé,en bas de page, assure toi de voir "Quarantaine" 'à droite de "Configurer tous les", sinon fais ce choix manuellement. (c'est important!)
Clique sur le bouton "Appliquer toutes les actions".
Maintenant clique sur "Enregistrer le rapport" puis "Enregistrer le rapport sous" et choisis le Bureau.
Ferme le programme et redémarre ton pc normalement.

Étape 5:

Redémarre normalement et stp poste :

- un nouveau rapport hijackthis

- le rapport de Avg AS

- relance ComboFix et poste stp le rapport

Courage!!

Dokiato · le 13 mai 2007

Combofix:

"Scan" - 2007-05-14 11:39:13 Service Pack 2

ComboFix 07-05.09.V - Running from: "F:\User\Gab\"

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-14 ))))))))))))))))))))))))))))))))))

2007-05-14 00:12 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-05-13 10:30 <DIR> d-------- C:\Servicefilter

2007-05-13 10:19 853 --a------ C:\reboot.cmd

2007-05-13 10:19 68,096 --a------ C:\diff.exe

2007-05-13 10:19 103,424 --a------ C:\grep.exe

2007-05-13 10:03 1,080 --a------ C:\phqqysic.bat

2007-05-13 10:02 60,416 --a------ C:\WINDOWS\system32\drivers\mqxmfvki.sys

2007-05-13 09:44 8,599 --a------ C:\WINDOWS\system32\ckl009.dat

2007-05-12 16:19 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-05-11 21:24 5,600 --a------ C:\avexport.bat

2007-05-11 21:24 336 --a------ C:\reboot.bat

2007-05-11 21:24 19,814 --a------ C:\reboot.exe

2007-05-11 21:24 126,976 --a------ C:\zip.exe

2007-05-11 21:24 <DIR> d-------- C:\Avenger

2007-05-11 20:11 <DIR> d-------- C:\VundoFix Backups

2007-04-28 17:49 <DIR> d-------- C:\DOCUME~1\Scan\Contacts

2007-04-28 17:48 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE

2007-04-21 10:48 <DIR> d--hs---- C:\FOUND.035

2007-04-18 17:13 <DIR> d--hs---- C:\FOUND.034

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-14 15:42:20 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000F-00001102-00000004-005A1102}.dat

2007-05-14 15:42:20 24 ----a-w C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000F-00001102-00000004-005A1102}.dat

2007-05-08 23:02:28 3,939 ----a-w C:\WINDOWS\mozver.dat

2007-03-18 01:15:30 -------- d-----w C:\DOCUME~1\Scan\APPLIC~1\Ventrilo

2007-02-07 21:12:52 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx"

"{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"="F:\Programe\BitComet\tools\BitCometBHO.dll"

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"

"{9394EDE7-C8B5-483E-8773-474BF36AF6E4}"="C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll"

"{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"="C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"

"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"

"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"

"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"

"WINDVDPatch"="CTHELPER.EXE"

"Jet Detection"="\"C:\\Program Files\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe\""

"CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run"

"Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"

"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"AVG7_CC"="F:\\Programe\\avgcc.exe /STARTUP"

"Uaafn"="C:\\Program Files\\Jhigk\\Agyuq.exe"

"nwiz"="nwiz.exe /install"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Steam"=""

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup]

"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"AVG7_Run"="F:\\Programe\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

"Generic Host Process"="C:\\WINDOWS\\system32\\camacttiv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages msv1_0nwprovau\

Security Packages kerberosmsv1_0schannelwdigest\

Notification Packages scecli\

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\

NetworkService DnsCache\

rpcss RpcSs\

imgsvc StiSvc\

termsvcs TermService\

HTTPFilter HTTPFilter\

DcomLaunch DcomLaunchTermService\

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L]

Shell\AutoRun\command L:\autorun.exe

Shell\directx\command L:\DirectX9\dxsetup.exe

Shell\setup\command L:\setup.exe

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-05-14 11:45:26

Windows 5.1.2600 Service Pack 2 FAT

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????>?????w???w????????\???\???????????U??w???w\???\???????0?a??????C@?\???\??????s????\??????s\????=??A??s?=???C@?x???`|?w\?????@

Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?D?tecteur de disque? ?A???????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A???????B???@?????P?????@?@??????????w??????????@???????????????????B?????????????????????????????????r?B

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

********************************************************************

Completion time: 2007-05-14 11:45:55 - machine was rebooted

C:\ComboFix2.txt ... 2007-05-12 16:19

C:\ComboFix-quarantined-files.txt ... 2007-05-14 11:45

Hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 11:37:34, on 2007-05-14

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Diskeeper\DkService.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\ShareDLL\MediaDet.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE