Votre question

virus dans services.exe

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
31 Mars 2008 14:08:14

Bonjour, depuis 15 jours je suis infecte par je ne sais quel virus.
Symptome: je suis equipe de BitDefender Total Security 2008
des que j autorise le fichier SERVICES.EXE (udp-tcp)
des mails sortant sont analyse par le courrier sortant de BitDefender
a une vitesse de plus en plus elevee et bloque ma connextion ADSL.
J ai essaye tous les antivirus (AVAST, AVIRA, AVG, KAPERSKY, F-PROT, etc...) ils ont trouve des virus et les ont elimines.
Mais rien a faire le probleme perdure.
J ai ensuite essaye SDfix, Elibagle, smitfraud etc.....
Rien a faire ce probleme recurant reste.
J ai installe avg rootkit aui detecte chaque fois un root different a chaque demarrage. ( save mode ou normal) HELP HELP HELP.
Ci joint deux dernier rapport

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rsvp.exe
D:\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
D:\BD\vsserv.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\BD\bdagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\maafacka\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\BD\IEToolbar.dll
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "D:\BD\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "D:\BD\bdagent.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pioupiouvivi.spaces.live.com/PhotoUpload/MsnPUpl...
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" (file missing)
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - (no file)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: ?????? ?? USN Journal Reader ?? ????????? ?? ????? ? Messenger (usnjsvc) - Unknown owner - -"C:\Program Files\Windows Live\Messenger\usnsvc.exe" (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - D:\BD\vsserv.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

*************************************************************************


SDFix: Version 1.164

Run by maafacka on 31.03.2008 ?. at 10:34

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\maafacka\Desktop\SDFix

Checking Services :

Name:
aiqpbter

Path:
\??\C:\WINDOWS\Help\aiqpbter.chm

aiqpbter - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\comsa32.sys - Deleted
C:\WINDOWS\system32\winpfz37.sys - Deleted
C:\WINDOWS\Temp\bca4e2da.$$$ - Deleted
C:\WINDOWS\Temp\fa56d7ec.$$$ - Deleted
C:\WINDOWS\help\aiqpbter.chm - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 10:39:08
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:8e,89,58,c5,ef,e5,43,81,1f,7c,05,5d,bf,0b,a1,5f,59,00,75,3d,ae,..
"p0"="D:\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3d,58,78,a9,1d,24,64,47,8b,d0,fe,87,67,b2,2c,30,6a,41,09,5b,f3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:8e,89,58,c5,ef,e5,43,81,1f,7c,05,5d,bf,0b,a1,5f,59,00,75,3d,ae,..
"p0"="D:\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3d,58,78,a9,1d,24,64,47,8b,d0,fe,87,67,b2,2c,30,6a,41,09,5b,f3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:8e,89,58,c5,ef,e5,43,81,1f,7c,05,5d,bf,0b,a1,5f,59,00,75,3d,ae,..
"p0"="D:\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3d,58,78,a9,1d,24,64,47,8b,d0,fe,87,67,b2,2c,30,6a,41,09,5b,f3,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{14757FDD-132C-75BB-8EB4-16A894B61305}]
"abgmpplocbpbaiemddghpfahjjnficpbhf"=hex:61,61,00,00
"bbgmpplocbpbaiemddfhaccihlhjdbejhklj"=hex:61,61,00,00

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3


Remaining Services :


Files associated with the MBR Rootkit found, use GMER to scan for Rootkits!

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\DMV\\MaxTV\\MaxTV.exe"="C:\\Program Files\\DMV\\MaxTV\\MaxTV.exe:*:Enabled:MaxTV"
"C:\\Program Files\\DMV\\MaxTV\\recorder.exe"="C:\\Program Files\\DMV\\MaxTV\\recorder.exe:*:Enabled:recorder"
"D:\\Programs Files\\Games\\SWAT4\\Content\\System\\Swat4.exe"="D:\\Programs Files\\Games\\SWAT4\\Content\\System\\Swat4.exe:*:Enabled:SWAT 4"
"C:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\network diagnostic\\xpnetdiag.exe:*:Enabled:Network Diagnostic for Windows XP"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\DOCUME~1\maafacka\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :


Finished!

Autres pages sur : virus services exe

31 Mars 2008 15:31:12

c est le premier rapport que je poste dans ma question
Contenus similaires
31 Mars 2008 15:39:56

je vien d en refaire un Merillym

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:36:37, on 31.3.2008 ?.
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
D:\BD\vsserv.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\BD\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\BD\IEToolbar.dll
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "D:\BD\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "D:\BD\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pioupiouvivi.spaces.live.com/PhotoUpload/MsnPUpl...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" (file missing)
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - (no file)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: ?????? ?? USN Journal Reader ?? ????????? ?? ????? ? Messenger (usnjsvc) - Unknown owner - -"C:\Program Files\Windows Live\Messenger\usnsvc.exe" (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - D:\BD\vsserv.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6554 bytes
31 Mars 2008 15:45:45

Re,

D'une le rapport était incomplet, de deux vu qu'il a visiblement été fait après le sdfix ( d'après l'ordre dans lequel tu les as mis ), j'en redemande un nouveau pour partir sur de bonnes bases.

Quel est ton OS : windows 2000 ? Il n'est pas à jour. Est-il cracké ? Ton rapport est propre. Cela dit si c'est un rootkit, hijackthis peut ne pas le voir. J'ai besoin de savoir quel est ton OS pour continuer :) 

31 Mars 2008 16:04:38

Mon OS etait windows XP sp2 pro non cracke j ai fait une mise a jour vers sp3 par le site microsoft update. j utilise internet explorer 8.0 beta je te poste mon os

le rapport que j ai poste plus haut est le rapport fait il y a 10 minuttes apres sdfix fait ce matin

Property Value
Name Windows XP Professional Service Pack 3, v.3311
Terminal Services in Remote Admin Mode
Uniprocessor Free
Running on the console.
Activation Status Activated
Checked Build No
Boot Device \Device\HarddiskVolume1
System Device \Device\HarddiskVolume1
Kernel Version 5.1.2600.3311
Security 128 bits
Build Lab 2600.xpsp.080212-0005
Windows Update's version number 7.0.6000.381
Machine GUID 0efbc8ee-2bd4-4637-81f6-6291bef71177

je te joint une copie de mon fichier services.exe avec SIW

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This file contains port numbers for well-known services defined by IANA
#
# Format:
#
# <service name> <port number>/<protocol> [aliases...] [#<comment>]
#

echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users #Active users
systat 11/tcp users #Active users
daytime 13/tcp
daytime 13/udp
qotd 17/tcp quote #Quote of the day
qotd 17/udp quote #Quote of the day
chargen 19/tcp ttytst source #Character generator
chargen 19/udp ttytst source #Character generator
ftp-data 20/tcp #FTP, data
ftp 21/tcp #FTP. control
telnet 23/tcp
smtp 25/tcp mail #Simple Mail Transfer Protocol
time 37/tcp timserver
time 37/udp timserver
rlp 39/udp resource #Resource Location Protocol
nameserver 42/tcp name #Host Name Server
nameserver 42/udp name #Host Name Server
nicname 43/tcp whois
domain 53/tcp #Domain Name Server
domain 53/udp #Domain Name Server
bootps 67/udp dhcps #Bootstrap Protocol Server
bootpc 68/udp dhcpc #Bootstrap Protocol Client
tftp 69/udp #Trivial File Transfer
gopher 70/tcp
finger 79/tcp
http 80/tcp www www-http #World Wide Web
kerberos 88/tcp krb5 kerberos-sec #Kerberos
kerberos 88/udp krb5 kerberos-sec #Kerberos
hostname 101/tcp hostnames #NIC Host Name Server
iso-tsap 102/tcp #ISO-TSAP Class 0
rtelnet 107/tcp #Remote Telnet Service
pop2 109/tcp postoffice #Post Office Protocol - Version 2
pop3 110/tcp #Post Office Protocol - Version 3
sunrpc 111/tcp rpcbind portmap #SUN Remote Procedure Call
sunrpc 111/udp rpcbind portmap #SUN Remote Procedure Call
auth 113/tcp ident tap #Identification Protocol
uucp-path 117/tcp
nntp 119/tcp usenet #Network News Transfer Protocol
ntp 123/udp #Network Time Protocol
epmap 135/tcp loc-srv #DCE endpoint resolution
epmap 135/udp loc-srv #DCE endpoint resolution
netbios-ns 137/tcp nbname #NETBIOS Name Service
netbios-ns 137/udp nbname #NETBIOS Name Service
netbios-dgm 138/udp nbdatagram #NETBIOS Datagram Service
netbios-ssn 139/tcp nbsession #NETBIOS Session Service
imap 143/tcp imap4 #Internet Message Access Protocol
pcmail-srv 158/tcp #PCMail Server
snmp 161/udp #SNMP
snmptrap 162/udp snmp-trap #SNMP trap
print-srv 170/tcp #Network PostScript
bgp 179/tcp #Border Gateway Protocol
irc 194/tcp #Internet Relay Chat Protocol
ipx 213/udp #IPX over IP
ldap 389/tcp #Lightweight Directory Access Protocol
https 443/tcp MCom
https 443/udp MCom
microsoft-ds 445/tcp
microsoft-ds 445/udp
kpasswd 464/tcp # Kerberos (v5)
kpasswd 464/udp # Kerberos (v5)
isakmp 500/udp ike #Internet Key Exchange
exec 512/tcp #Remote Process Execution
biff 512/udp comsat
login 513/tcp #Remote Login
who 513/udp whod
cmd 514/tcp shell
syslog 514/udp
printer 515/tcp spooler
talk 517/udp
ntalk 518/udp
efs 520/tcp #Extended File Name Server
router 520/udp route routed
timed 525/udp timeserver
tempo 526/tcp newdate
courier 530/tcp rpc
conference 531/tcp chat
netnews 532/tcp readnews
netwall 533/udp #For emergency broadcasts
uucp 540/tcp uucpd
klogin 543/tcp #Kerberos login
kshell 544/tcp krcmd #Kerberos remote shell
new-rwho 550/udp new-who
remotefs 556/tcp rfs rfs_server
rmonitor 560/udp rmonitord
monitor 561/udp
ldaps 636/tcp sldap #LDAP over TLS/SSL
doom 666/tcp #Doom Id Software
doom 666/udp #Doom Id Software
kerberos-adm 749/tcp #Kerberos administration
kerberos-adm 749/udp #Kerberos administration
kerberos-iv 750/udp #Kerberos version IV
kpop 1109/tcp #Kerberos POP
phone 1167/udp #Conference calling
ms-sql-s 1433/tcp #Microsoft-SQL-Server
ms-sql-s 1433/udp #Microsoft-SQL-Server
ms-sql-m 1434/tcp #Microsoft-SQL-Monitor
ms-sql-m 1434/udp #Microsoft-SQL-Monitor
wins 1512/tcp #Microsoft Windows Internet Name Service
wins 1512/udp #Microsoft Windows Internet Name Service
ingreslock 1524/tcp ingres
l2tp 1701/udp #Layer Two Tunneling Protocol
pptp 1723/tcp #Point-to-point tunnelling protocol
radius 1812/udp #RADIUS authentication protocol
radacct 1813/udp #RADIUS accounting protocol
nfsd 2049/udp nfs #NFS server
knetd 2053/tcp #Kerberos de-multiplexor
man 9535/tcp #Remote Man Server

31 Mars 2008 16:23:15

copy de mes ports

Protocol Program [PID] State Local Address Port Remote Address Remote Port Path and File Description
[TCP] svchost.exe [1288] Listening 0.0.0.0 (MAA-PC) 135 epmap 0.0.0.0 0 C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
[TCP] System [4] Listening 0.0.0.0 (MAA-PC) 445 microsoft-ds 0.0.0.0 0 <file not found>
[TCP] services.exe [1012] Listening 0.0.0.0 (MAA-PC) 3106 0.0.0.0 0 C:\WINDOWS\system32\services.exe Services and Controller app / Microsoft® Windows® Operating System
[TCP] services.exe [1012] Listening 0.0.0.0 (MAA-PC) 3109 0.0.0.0 0 C:\WINDOWS\system32\services.exe Services and Controller app / Microsoft® Windows® Operating System
[TCP] StarWindServiceAE.exe [568] Listening 0.0.0.0 (MAA-PC) 3260 0.0.0.0 0 D:\Alcohol 120\StarWind\StarWindServiceAE.exe StarWind iSCSI Target (Alcohol Edition) / StarWind Alcohol Edition
[TCP] StarWindServiceAE.exe [568] Listening 0.0.0.0 (MAA-PC) 3261 0.0.0.0 0 D:\Alcohol 120\StarWind\StarWindServiceAE.exe StarWind iSCSI Target (Alcohol Edition) / StarWind Alcohol Edition
[TCP] alg.exe [2232] Listening 127.0.0.1 (localhost) 1026 0.0.0.0 0 C:\WINDOWS\system32\alg.exe Application Layer Gateway Service / Microsoft® Windows® Operating System
[TCP] firefox.exe [3732] Established 127.0.0.1 (localhost) 1440 127.0.0.1 (localhost) 1441 C:\Program Files\Mozilla Firefox\firefox.exe Firefox
[TCP] firefox.exe [3732] Established 127.0.0.1 (localhost) 1441 127.0.0.1 (localhost) 1440 C:\Program Files\Mozilla Firefox\firefox.exe Firefox
[TCP] firefox.exe [3732] Established 127.0.0.1 (localhost) 1445 127.0.0.1 (localhost) 1446 C:\Program Files\Mozilla Firefox\firefox.exe Firefox
[TCP] firefox.exe [3732] Established 127.0.0.1 (localhost) 1446 127.0.0.1 (localhost) 1445 C:\Program Files\Mozilla Firefox\firefox.exe Firefox
[TCP] System [4] Listening 192.168.1.2 (maa-pc.adsl) 139 netbios-ssn 0.0.0.0 0 <file not found>
[UDP] System [4] 0.0.0.0 (MAA-PC) 445 microsoft-ds 0.0.0.0 0 <file not found>
[UDP] svchost.exe [1704] 0.0.0.0 (MAA-PC) 1027 0.0.0.0 0 C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
[UDP] svchost.exe [1704] 0.0.0.0 (MAA-PC) 1143 0.0.0.0 0 C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
[UDP] svchost.exe [1420] 127.0.0.1 (localhost) 123 ntp 0.0.0.0 0 C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
[UDP] svchost.exe [1420] 192.168.1.2 (maa-pc.adsl) 123 ntp 0.0.0.0 0 C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
[UDP] System [4] 192.168.1.2 (maa-pc.adsl) 137 netbios-ns 0.0.0.0 0 <file not found>
[UDP] System [4] 192.168.1.2 (maa-pc.adsl) 138 netbios-dgm 0.0.0.0 0 <file not found>
copie
31 Mars 2008 16:25:45

ce qui est bizard c est que mon os est xp et dans applications software environement c est NT
Help HELP HELP
31 Mars 2008 16:46:44

Re,

Oki ^^

Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.
  • ferme toutes les applications et fenêtres
  • double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
    Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
  • s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
  • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
    Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
  • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
    main.txt <- ouvert en premier plan et en plein écran
    extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
    S'il s'agit d'une utilisation supplémentaire de DSS :
  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :
    main.txt <- ouvert en premier plan et en plein écran

  • copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
  • copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
  • n'oublie pas de réactiver les protections si elles ont été stoppées.



    Ce que fait DSS :
  • crée un point de restauration dans Windows XP et Vista
  • nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  • vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

    2) Télécharge Gmer.
    Dézippe le dans un dossier ou sur ton bureau.

    Déconnecte toi d'Internet puis et ferme tous les programmes.
    Double-clique sur Gmer.exe.

    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

    Clique sur l'onglet rootkit.
    A droite, coche Files et Services.
    Clique maintenant sur Scan.

    Lorsque le scan est terminé, clique sur Copy.

    Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
    Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

    ;) 
    1 Avril 2008 08:25:44

    Rapport DSS (main.txt et extra.txt)

    MAIN.TXT

    Deckard's System Scanner v20071014.68
    Run by maafacka on 2008-04-01 08:26:02
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 2 Restore Point(s) --
    2: 2008-04-01 05:26:06 UTC - RP185 - Deckard's System Scanner Restore Point
    1: 2008-03-31 08:50:07 UTC - RP184 - AntiVir PersonalEdition Classic - 31.3.2008 ?. 11:50


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as maafacka.exe) --------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:26:50, on 01.4.2008 ?.
    Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    D:\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    D:\BD\vsserv.exe
    C:\WINDOWS\VM305_STI.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\BD\bdagent.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\maafacka\Desktop\dss.exe
    C:\PROGRA~1\Trend Micro\HijackThis\maafacka.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\BD\IEToolbar.dll
    O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "D:\BD\IEShow.exe"
    O4 - HKLM\..\Run: [BDAgent] "D:\BD\bdagent.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pioupiouvivi.spaces.live.com/PhotoUpload/MsnPUpl...
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" (file missing)
    O23 - Service: Windows CardSpace (idsvc) - Unknown owner - (no file)
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: ?????? ?? USN Journal Reader ?? ????????? ?? ????? ? Messenger (usnjsvc) - Unknown owner - -"C:\Program Files\Windows Live\Messenger\usnsvc.exe" (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - D:\BD\vsserv.exe
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 6599 bytes

    -- File Associations -----------------------------------------------------------

    .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
    .ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 papycpu2 - c:\windows\system32\drivers\papycpu2.sys
    R1 papyjoy - c:\windows\system32\drivers\papyjoy.sys
    R3 BDSelfPr - d:\bd\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>
    R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
    R3 ZSMC0305 (CANYON CN-WCAM23 PC-Camera) - c:\windows\system32\drivers\usbvm305.sys <Not Verified; Vimicro Corporation; >

    S1 SASKUTIL - d:\programs files\superantispyware pro4.0.1126(with life time subscription)\saskutil.sys (file missing)
    S3 {FBE1D620-5418-4aae-A0F0-316D590663A1} - c:\windows\system32\{fbe1d620-5418-4aae-a0f0-316d590663a1} (file missing)
    S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing)
    S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys (file missing)
    S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - c:\windows\system32\drivers\alcxwdm.sys (file missing)
    S3 catchme - c:\docume~1\maafacka\locals~1\temp\catchme.sys (file missing)
    S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
    S3 sea1bus (Sony Ericsson Device 0A1 driver (WDM)) - c:\windows\system32\drivers\sea1bus.sys <Not Verified; MCCI; Sony Ericsson Device 0A1>
    S3 sea1mdfl (Sony Ericsson Device 0A1 USB WMC Modem Filter) - c:\windows\system32\drivers\sea1mdfl.sys <Not Verified; MCCI; Sony Ericsson Device 0A1 USB WMC Modem Filter Driver>
    S3 sea1mdm (Sony Ericsson Device 0A1 USB WMC Modem Driver) - c:\windows\system32\drivers\sea1mdm.sys <Not Verified; MCCI; Sony Ericsson Device 0A1 USB WMC Data Modem>
    S3 sea1mgmt (Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\sea1mgmt.sys <Not Verified; MCCI; Sony Ericsson Device 0A1 USB WMC Device Management>
    S3 sea1nd5 (Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS)) - c:\windows\system32\drivers\sea1nd5.sys <Not Verified; MCCI; Sony Ericsson Device 0A1 USB Ethernet Emulation>
    S3 sea1obex (Sony Ericsson Device 0A1 USB WMC OBEX Interface) - c:\windows\system32\drivers\sea1obex.sys <Not Verified; MCCI; Sony Ericsson Device 0A1 USB WMC OBEX Interface>
    S3 sea1unic (Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM)) - c:\windows\system32\drivers\sea1unic.sys <Not Verified; MCCI; Sony Ericsson Device 0A1 USB Ethernet Emulation>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 StarWindServiceAE (StarWind AE Service) - d:\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

    S3 gusvc (Google Updater Service) - -"c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)
    S3 IDriverT (InstallDriver Table Manager) - -"c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe" (file missing)
    S3 NMIndexingService -
    S3 usnjsvc (?????? ?? USN Journal Reader ?? ????????? ?? ????? ? Messenger) - -"c:\program files\windows live\messenger\usnsvc.exe" (file missing)
    S3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - -"c:\program files\windows media player\wmpnetwk.exe" (file missing)


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: NVIDIA nForce Networking Controller
    Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&11B5D411&0&01
    Manufacturer: NVIDIA
    Name: NVIDIA nForce Networking Controller
    PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&11B5D411&0&01
    Service: NVENETFD

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Hamachi Network Interface
    Device ID: ROOT\NET\0000
    Manufacturer: LogMeIn, Inc.
    Name: Hamachi Network Interface
    PNP Device ID: ROOT\NET\0000
    Service: hamachi

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ROOT\SW_BDFNDISFMP\0006
    Manufacturer: BitDefender
    Name: BitDefender Firewall NDIS Filter Miniport #16
    PNP Device ID: ROOT\SW_BDFNDISFMP\0006
    Service:


    -- Scheduled Tasks -------------------------------------------------------------

    2008-03-24 12:11:17 376 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


    -- Files created between 2008-03-01 and 2008-04-01 -----------------------------

    2008-03-31 16:33:35 0 d-------- C:\Program Files\Trend Micro
    2008-03-31 15:18:09 0 d-------- C:\Documents and Settings\maafacka\Application Data\Grisoft
    2008-03-31 15:18:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-31 15:14:58 0 d-------- C:\Documents and Settings\maafacka\Application Data\DivX
    2008-03-30 19:37:52 0 d-------- C:\Documents and Settings\maafacka\Application Data\Ulead Systems
    2008-03-30 11:08:29 0 d-------- C:\Documents and Settings\maafacka\Application Data\Ashampoo
    2008-03-29 09:41:00 0 d-------- C:\Documents and Settings\maafacka\Application Data\BitDefender
    2008-03-29 09:39:48 0 d-------- C:\Program Files\BitDefender
    2008-03-29 09:39:16 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
    2008-03-29 09:38:52 9699328 --a------ C:\Documents and Settings\maafacka\ntuser.dat
    2008-03-29 09:34:11 0 d-------- C:\Program Files\Common Files\BitDefender
    2008-03-28 10:32:27 0 d-------- C:\Documents and Settings\maafacka\Application Data\Real
    2008-03-27 13:38:25 4897 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-03-27 09:58:07 91492 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2008-03-27 09:58:06 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2008-03-27 09:11:25 8224 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-03-27 09:11:25 779552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-03-26 10:27:00 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
    2008-03-25 17:42:06 0 d-------- C:\WINDOWS\l2schemas
    2008-03-25 17:42:05 0 d-------- C:\WINDOWS\system32\en
    2008-03-25 17:42:05 0 d-------- C:\WINDOWS\system32\bits
    2008-03-25 16:11:56 0 d-------- C:\Program Files\PicLensIE
    2008-03-24 16:49:23 0 d-------- C:\Program Files\QuickTime
    2008-03-24 14:05:07 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2008-03-24 09:59:17 0 d-------- C:\WINDOWS\system32\Lang
    2008-03-22 12:26:23 113596 --a------ C:\WINDOWS\system32\dneinobj.dll <Not Verified; Deterministic Networks, Inc.; >
    2008-03-22 10:44:45 0 d-------- C:\Documents and Settings\maafacka\Application Data\SoftMaker
    2008-03-21 19:01:45 0 d-------- C:\Program Files\Java
    2008-03-21 19:01:35 0 d-------- C:\Program Files\Common Files\Java
    2008-03-21 16:47:40 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
    2008-03-21 16:46:02 0 d-------- C:\Documents and Settings\maafacka\Application Data\InstallShield
    2008-03-21 16:19:34 0 d-------- C:\Documents and Settings\maafacka\Application Data\Help
    2008-03-21 16:17:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
    2008-03-21 16:17:01 294912 --a------ C:\WINDOWS\system32\msxbse35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2008-03-21 16:17:01 166672 --a------ C:\WINDOWS\system32\mstext35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2008-03-21 16:17:01 344064 --a------ C:\WINDOWS\system32\msexch35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2008-03-21 16:17:01 215040 --a------ C:\WINDOWS\system32\HDK3CTNT.DLL <Not Verified; Virtual Media Technology P/L; HDK>
    2008-03-21 16:17:01 232448 --a------ C:\WINDOWS\system32\HDK3CT32.DLL <Not Verified; Virtual Media Technology Pty Ltd; HDK3>
    2008-03-21 16:17:00 368912 --a------ C:\WINDOWS\system32\VBAR332.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
    2008-03-21 16:17:00 44304 --a------ C:\WINDOWS\system32\msrpfs35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2008-03-21 16:17:00 250128 --a------ C:\WINDOWS\system32\mspdox35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2008-03-21 16:17:00 168720 --a------ C:\WINDOWS\system32\msltus35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2008-03-21 16:17:00 1238288 --a------ C:\WINDOWS\system32\msjt4jlt.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2008-03-21 16:17:00 252688 --a------ C:\WINDOWS\system32\msexcl35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
    2008-03-21 16:17:00 39424 --a------ C:\WINDOWS\system32\JETCOMP.exe <Not Verified; Microsoft Corporation; Microsoft® Database Compact Utility>
    2008-03-21 16:16:58 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
    2008-03-21 12:42:22 0 d-------- C:\WINDOWS\system32\ebay
    2008-03-20 20:16:09 475136 --a------ C:\WINDOWS\system32\SkinCrafter2.dll <Not Verified; DMSoft Technologies; SkinCrafter Module>
    2008-03-20 20:13:31 0 d-------- C:\WINDOWS\Sun
    2008-03-20 19:52:43 86016 --a------ C:\WINDOWS\system32\sliprt.dll <Not Verified; SlipStream Data Inc.; SlipStream Engine>
    2008-03-20 16:24:54 0 d--hs---- C:\Documents and Settings\maafacka\Recent
    2008-03-20 09:48:07 0 dr-hs---- C:\_Backup.RC
    2008-03-19 11:48:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-03-19 10:32:36 0 d-------- C:\Program Files\Common Files\TechSmith Shared
    2008-03-18 13:26:21 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-03-18 13:22:05 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-03-18 12:21:05 2984 --a------ C:\WINDOWS\system32\tmp.reg
    2008-03-18 12:20:38 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-18 12:20:38 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2008-03-18 12:20:38 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
    2008-03-18 12:20:38 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2008-03-18 12:20:38 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
    2008-03-18 12:20:38 51200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-18 11:42:40 2855 --a------ C:\WINDOWS\system32\mscdexnt.PIF
    2008-03-17 18:00:55 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2008-03-17 11:12:44 0 d-------- C:\WINDOWS\OPTIONS
    2008-03-16 19:13:41 0 d-------- C:\Documents and Settings\All Users\Local Settings
    2008-03-12 08:13:05 144384 --a------ C:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
    2008-03-12 08:13:05 39936 --a------ C:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
    2008-03-04 12:42:46 1856 --a------ C:\WINDOWS\system32\drivers\papyjoy.sys
    2008-03-04 12:42:46 1984 --a------ C:\WINDOWS\system32\drivers\papycpu2.sys
    2008-03-03 19:39:13 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
    2008-03-03 19:28:43 0 d-------- C:\Program Files\Eidos


    -- Find3M Report ---------------------------------------------------------------

    2008-03-31 08:56:50 0 d-------- C:\Documents and Settings\maafacka\Application Data\uTorrent
    2008-03-29 17:37:45 0 d-------- C:\Documents and Settings\maafacka\Application Data\Skype
    2008-03-29 14:03:42 0 d-------- C:\Documents and Settings\maafacka\Application Data\Hamachi
    2008-03-28 17:40:58 0 d-------- C:\Program Files\Common Files
    2008-03-27 13:40:52 40117 --a----c- C:\WINDOWS\BricoPackUninst.cmd
    2008-03-27 13:40:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2008-03-27 12:44:09 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-03-25 17:42:32 0 d-------- C:\Program Files\Messenger
    2008-03-25 17:42:05 0 d-------- C:\Program Files\Movie Maker
    2008-03-22 10:52:25 0 d-------- C:\Documents and Settings\maafacka\Application Data\Adobe
    2008-03-20 20:19:18 0 d-------- C:\Documents and Settings\maafacka\Application Data\Ventrilo
    2008-03-20 20:19:16 0 d-------- C:\Documents and Settings\maafacka\Application Data\IDM
    2008-03-18 20:47:01 0 d-------- C:\Documents and Settings\maafacka\Application Data\Camfrog
    2008-03-18 17:13:21 0 d-------- C:\Program Files\Google
    2008-03-18 13:25:41 0 d-------- C:\Program Files\Windows Live
    2008-03-17 16:36:07 0 d-------- C:\Program Files\Windows NT
    2008-03-15 09:28:01 0 d-------- C:\Program Files\MSBuild
    2008-03-12 08:13:01 0 d-------- C:\Program Files\K-Lite Codec Pack
    2008-02-28 20:03:06 0 d-------- C:\Program Files\uTorrent
    2008-02-27 22:35:25 0 d-------- C:\Program Files\Common Files\DirectX
    2008-02-25 16:44:33 0 d-------- C:\Documents and Settings\maafacka\Application Data\Macromedia
    2008-02-22 09:34:53 0 d-------- C:\Program Files\Windows Installer Clean Up
    2008-02-22 09:34:46 0 d-------- C:\Program Files\MSECache
    2008-02-21 19:59:21 1487 --a------ C:\WINDOWS\mozver.dat
    2008-02-21 17:09:23 0 d-------- C:\Program Files\DMV
    2008-02-19 10:53:53 0 d-------- C:\Program Files\Samsung
    2008-02-16 10:15:51 0 d-------- C:\Documents and Settings\maafacka\Application Data\Teleca
    2008-02-16 10:15:46 0 d-------- C:\Program Files\Common Files\Teleca Shared
    2008-02-07 12:43:24 0 d-------- C:\Program Files\Common Files\Ulead Systems
    2008-02-06 11:19:53 0 d-------- C:\Program Files\Common Files\Adobe
    2008-02-06 10:40:40 0 d-------- C:\Program Files\Windows Media Components
    2008-02-01 12:17:40 587264 --a----c- C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Galerie de photos Windows Live>
    2008-01-14 10:16:13 50688 --a----c- C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
    2008-01-10 14:16:20 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2008-01-10 14:15:30 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
    2008-01-09 16:01:48 53248 --a----c- C:\WINDOWS\bdoscandel.exe
    2008-01-04 12:59:35 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
    10.03.2008 ?. 21:21 1662976 --a------ C:\Program Files\PicLensIE\PicLens.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BigDog305"="C:\WINDOWS\VM305_STI.exe" [05.08.2005 ?. 15:15]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05.12.2007 ?. 02:41]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 ?. 05:25]
    "nwiz"="nwiz.exe" [05.12.2007 ?. 02:41 C:\WINDOWS\system32\nwiz.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [24.03.2008 ?. 16:49]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05.12.2007 ?. 02:41]
    "BitDefender Antiphishing Helper"="D:\BD\IEShow.exe" [09.10.2007 ?. 16:46]
    "BDAgent"="D:\BD\bdagent.exe" [16.02.2008 ?. 18:45]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11.06.2007 ?. 12:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12.02.2008 ?. 15:59]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "NoDispCPL"=0 (0x0)
    "NoDispBackgroundPage"=0 (0x0)
    "NoDispSettingsPage"=0 (0x0)
    "NoDispScrSavPage"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoLowDiskSpaceChecks"=0 (0x0)
    "NoResolveTrack"=1 (0x1)
    "NoPropertiesMyComputer"=0 (0x0)
    "NoFileAssociate"=0 (0x0)
    "StartMenuLogoff"=0 (0x0)
    "NoSMHelp"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsHistory"=0 (0x0)
    "ClearRecentDocsOnExit"=0 (0x0)
    "HideClock"=0 (0x0)
    "NoTrayItemsDisplay"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    C:\WINDOWS\System32\dimsntfy.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\mllmk.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    eapsvcs eaphost
    dot3svc dot3svc
    bdx scan

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    napagent
    hkmsvc


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C51550E6-BEE1-DC64-9DC1-1168E64FFA74}]
    C:\WINDOWS\system32\Windowsupdates\Windupdate.exe s



    -- End of Deckard's System Scanner: finished at 2008-04-01 08:29:20 ------------
    *******************************************************

    EXTRA.TXT

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Professional (build 2600) SP 3.0
    Architecture: X86; Language: English

    CPU 0: AMD Athlon(tm) 64 Processor 2800+
    Percentage of Memory in Use: 20%
    Physical Memory (total/avail): 2047.48 MiB / 1621.48 MiB
    Pagefile Memory (total/avail): 3939.84 MiB / 3559.8 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1809.14 MiB

    C: is Fixed (NTFS) - 8.33 GiB total, 1.36 GiB free.
    D: is Fixed (NTFS) - 68.36 GiB total, 14.53 GiB free.
    E: is CDROM (No Media)
    F: is CDROM (No Media)
    G: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - HDS722580VLAT20 - 76.69 GiB - 2 partitions
    \PARTITION0 (bootable) - Installable File System - 8.33 GiB - C:
    \PARTITION1 - Extended w/Extended Int 13 - 68.36 GiB - D:



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\maafacka\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=MAA-PC
    ComSpec=C:\WINDOWS\system32\cmd.exe
    DEFAULT_CA_NR=CA8
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\maafacka
    LOGONSERVER=\\MAA-PC
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Smart Projects\IsoBuster
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 8, AuthenticAMD
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0408
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\maafacka\LOCALS~1\Temp
    TMP=C:\DOCUME~1\maafacka\LOCALS~1\Temp
    USERDOMAIN=MAA-PC
    USERNAME=maafacka
    USERPROFILE=C:\Documents and Settings\maafacka
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    maafacka (admin)
    (new local, guest)


    -- Add/Remove Programs ---------------------------------------------------------

    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Ashampoo Burning Studio 7.21 --> "D:\Programs Files\Ashampoo Burning Studio 7\unins000.exe"
    Ashampoo Office 2008 (D:\Programs Files\Office 2008) --> C:\Documents and Settings\maafacka\Application Data\SoftMaker\smun3250.exe sm-un1.u32
    Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    BitDefender Total Security 2008 --> MsiExec.exe /I{92098E58-00AD-4F78-AD6E-807BDB323478}
    Camfrog Video Chat 4.1 (remove only) --> "D:\Programs Files\Camfrog Video Chat\uninstall.exe"
    Camtasia Studio 5 --> MsiExec.exe /I{784E6B0F-00EC-4950-95A2-BBA64F44EC48}
    eMule --> "D:\Programs Files\eMule\Uninstall.exe"
    F1 Challenge 2007 v3.0 --> MsiExec.exe /I{793F53C5-763E-4E2B-A70A-3AE081FE591E}
    Galerie de photos Windows Live --> MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
    Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
    Hamachi 1.0.2.2 --> C:\Program Files\Hamachi\uninstall.exe
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    K-Lite Mega Codec Pack 3.7.5 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
    MaxTV --> "C:\WINDOWS\MaxTV\uninstall_maxtv.exe" "/U:C:\Program Files\DMV\MaxTV\Uninstall\MaxTV\uninstall_maxtv.xml"
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
    Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
    PicLens for Internet Explorer --> MsiExec.exe /X{3873781D-EEF0-4A3C-B774-34010FEB3C16}
    SA Dictionary 2005 T2 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\SA Dictionary 2005 T2\DeIsL1.isu" -c"C:\Program Files\SA Dictionary 2005 T2\_ISREG32.DLL"
    Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    SWAT 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8} uninstall
    Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
    VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
    Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
    Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
    Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
    Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Mail --> MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
    Windows Live Messenger --> MsiExec.exe /X{BACEDB6C-D282-4201-9BD4-97425B8A91B7}
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
    XML Paper Specification Shared Components Pack 1.0 -->


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type6541 / Error
    Event Submitted/Written: 03/31/2008 11:04:46 AM
    Event ID/Source: 4112 / H+BEDV AntiVir
    Event Description:
    ListenThread10022

    Event Record #/Type6500 / Warning
    Event Submitted/Written: 03/29/2008 05:31:57 PM
    Event ID/Source: 1001 / MsiInstaller
    Event Description:
    Detection of product '{C514C594-23AA-4F13-A070-DB8BDB27594F}', feature 'WinMailFeat' failed during request for component '{5B7A884B-05AC-4645-8CC6-FFA1063BE62F}'

    Event Record #/Type6493 / Error
    Event Submitted/Written: 03/29/2008 04:36:24 PM
    Event ID/Source: 1 / nview_info
    Event Description:
    NVIEW : Explorer: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

    Event Record #/Type6458 / Warning
    Event Submitted/Written: 03/29/2008 09:59:35 AM
    Event ID/Source: 1001 / MsiInstaller
    Event Description:
    Detection of product '{C514C594-23AA-4F13-A070-DB8BDB27594F}', feature 'WinMailFeat' failed during request for component '{5B7A884B-05AC-4645-8CC6-FFA1063BE62F}'

    Event Record #/Type6457 / Warning
    Event Submitted/Written: 03/29/2008 09:30:16 AM
    Event ID/Source: 1524 / Userenv
    Event Description:
    Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type26294 / Error
    Event Submitted/Written: 04/01/2008 07:24:27 AM
    Event ID/Source: 7026 / Service Control Manager
    Event Description:
    The following boot-start or system-start driver(s) failed to load:
    SASKUTIL

    Event Record #/Type26293 / Error
    Event Submitted/Written: 04/01/2008 07:24:21 AM
    Event ID/Source: 7023 / Service Control Manager
    Event Description:
    The IPSEC Services service terminated with the following error:
    %%1747

    Event Record #/Type26292 / Error
    Event Submitted/Written: 04/01/2008 07:24:21 AM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    The hwmdr service failed to start due to the following error:
    %%2

    Event Record #/Type26291 / Error
    Event Submitted/Written: 04/01/2008 07:24:21 AM
    Event ID/Source: 7001 / Service Control Manager
    Event Description:
    The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error:
    %%1058

    Event Record #/Type26285 / Warning
    Event Submitted/Written: 04/01/2008 07:23:40 AM
    Event ID/Source: 1003 / Dhcp
    Event Description:
    Your computer was not able to renew its address from the network (from the
    DHCP Server) for the Network Card with network address 0050FCA723C0. The following
    error occurred:
    %%1223.
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.



    -- End of Deckard's System Scanner: finished at 2008-04-01 08:29:20 ------------
    *******************************************************

    Pour GMER, quand je coche services et fichier il ne me donne pas de rapport il me dit qu il ne trouve pas de fichier modifier dans le system.
    J en ai fait un avec les 11 options cochees pour rootkit

    GMER 1.0.14.14205 - http://www.gmer.net
    Rootkit scan 2008-04-01 09:02:54
    Windows 5.1.2600 Service Pack 3, v.3311


    ---- System - GMER 1.0.14 ----

    SSDT spwf.sys ZwCreateKey [0xBA6AB0E0]
    SSDT spwf.sys ZwEnumerateKey [0xBA6C8CA2]
    SSDT spwf.sys ZwEnumerateValueKey [0xBA6C9030]
    SSDT spwf.sys ZwOpenKey [0xBA6AB0C0]
    SSDT \??\D:\BD\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xB65CFB4C]
    SSDT \??\D:\BD\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xB65CFC3A]
    SSDT spwf.sys ZwQueryKey [0xBA6C9108]
    SSDT spwf.sys ZwQueryValueKey [0xBA6C8F88]
    SSDT spwf.sys ZwSetValueKey [0xBA6C919A]
    SSDT \??\D:\BD\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xB65CFAB0]

    ---- Kernel code sections - GMER 1.0.14 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 254C 80501D74 2 Bytes [ 4C, FB ]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2564 80501D8C 2 Bytes [ 3A, FC ]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2768 80501F90 2 Bytes [ B0, FA ]
    ? spwf.sys The system cannot find the file specified. !
    PAGE CLASSPNP.SYS!ClassInitialize + F4 BA8EF42C 4 Bytes [ F2, D7, 54, 88 ]
    PAGE CLASSPNP.SYS!ClassInitialize + FF BA8EF437 4 Bytes [ 2A, 84, 54, 88 ]
    PAGE CLASSPNP.SYS!ClassInitialize + 10A BA8EF442 4 Bytes [ 04, D8, 54, 88 ]
    PAGE CLASSPNP.SYS!ClassInitialize + 111 BA8EF449 4 Bytes [ F8, D7, 54, 88 ]
    PAGE CLASSPNP.SYS!ClassInitialize + 118 BA8EF450 4 Bytes [ FE, D7, 54, 88 ]
    PAGE ...
    .text USBPORT.SYS!DllUnload BA4558AC 5 Bytes JMP 8A5084E0
    .text am1tkxhh.SYS B9B24384 1 Byte [ 20 ]
    .text am1tkxhh.SYS B9B24386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]
    .text am1tkxhh.SYS B9B243AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]
    .text am1tkxhh.SYS B9B243C4 3 Bytes [ 00, 00, 00 ]
    .text am1tkxhh.SYS B9B243C9 1 Byte [ 00 ]
    .text ...

    ---- User code sections - GMER 1.0.14 ----

    .text C:\WINDOWS\explorer.exe[2992] ADVAPI32.dll!CryptDestroyKey 77DE9E9C 7 Bytes JMP 00EE2B9A
    .text C:\WINDOWS\explorer.exe[2992] ADVAPI32.dll!CryptDecrypt 77DEA109 7 Bytes JMP 00EE2B57
    .text C:\WINDOWS\explorer.exe[2992] ADVAPI32.dll!CryptEncrypt 77DEE340 7 Bytes JMP 00EE2B1B
    .text C:\WINDOWS\explorer.exe[2992] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EE2B00
    .text C:\WINDOWS\explorer.exe[2992] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EE298C
    .text C:\WINDOWS\explorer.exe[2992] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00EE2A7E
    .text C:\WINDOWS\explorer.exe[2992] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00EE29C4
    .text C:\WINDOWS\explorer.exe[2992] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00EE29FC

    ---- Kernel IAT/EAT - GMER 1.0.14 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6AC040] spwf.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6AC13C] spwf.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6AC0BE] spwf.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6AC7FC] spwf.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6AC6D2] spwf.sys
    IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!KfAcquireSpinLock] 00000034
    IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!READ_PORT_UCHAR] 0000008E
    IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!KeGetCurrentIrql] 00000043
    IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!KfRaiseIrql] 00000044
    IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!KfLowerIrql] 000000C4
    IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!HalGetInterruptVector] 000000DE
    IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!HalTranslateBusAddress] 000000E9
    IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!KeStallExecutionProcessor] 000000CB
    IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!KfReleaseSpinLock] 00000054
    IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0000007B
    IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!READ_PORT_USHORT] 00000094
    IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000032
    IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!WRITE_PORT_UCHAR] 000000A6
    IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[WMILIB.SYS!WmiSystemControl] 00000023
    IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[WMILIB.SYS!WmiCompleteRequest] 0000003D
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6BBD92] spwf.sys

    ---- Devices - GMER 1.0.14 ----

    Device \FileSystem\Ntfs \Ntfs 8A5601F8

    AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)

    Device \Driver\usbohci \Device\USBPDO-0 8A4D41F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5CE1F8
    Device \Driver\dmio \Device\DmControl\DmConfig 8A5CE1F8
    Device \Driver\dmio \Device\DmControl\DmPnP 8A5CE1F8
    Device \Driver\dmio \Device\DmControl\DmInfo 8A5CE1F8
    Device \Driver\usbehci \Device\USBPDO-1 8A4D31F8
    Device \Driver\PCI_PNP1196 \Device\00000060 spwf.sys

    AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)

    Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5631F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5631F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 894BD1F8
    Device \Driver\NetBT \Device\NetbiosSmb 894BD1F8
    Device \Driver\sptd \Device\395632446 spwf.sys

    AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)

    Device \Driver\Disk \Device\Harddisk0\DR0 8854D7F2

    AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)

    Device \Driver\usbohci \Device\USBFDO-0 8A4D41F8
    Device \Driver\usbehci \Device\USBFDO-1 8A4D31F8
    Device \Driver\nvata \Device\NvAta1 8A5611F8
    Device \Driver\nvata \Device\NvAta2 8A5611F8
    Device \Driver\Ftdisk \Device\FtControl 8A5631F8
    Device \Driver\am1tkxhh \Device\Scsi\am1tkxhh1 8A3EB1F8
    Device \Driver\am1tkxhh \Device\Scsi\am1tkxhh1Port3Path0Target0Lun0 8A3EB1F8
    Device \FileSystem\Cdfs \Cdfs 886651F8

    ---- Threads - GMER 1.0.14 ----

    Thread 4:956 8854DB6A
    Thread 4:992 8854F8FA
    Thread 4:996 88547E5E
    Thread 4:1000 8854DE8C
    Thread 4:1004 88580040
    Thread 4:1008 8856D140
    Thread 4:1012 885B5D70
    Thread 4:1016 885591C0
    Thread 4:1028 8854DC96
    Thread 4:1164 88547886
    Thread 4:1168 88547886

    ---- Registry - GMER 1.0.14 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x89 0x58 0xC5 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFA 0x4D 0x39 0xDC ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDB 0xE1 0x44 0x2A ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3D 0x58 0x78 0xA9 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x89 0x58 0xC5 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFA 0x4D 0x39 0xDC ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDB 0xE1 0x44 0x2A ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3D 0x58 0x78 0xA9 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x89 0x58 0xC5 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFA 0x4D 0x39 0xDC ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDB 0xE1 0x44 0x2A ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3D 0x58 0x78 0xA9 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{14757FDD-132C-75BB-8EB4-16A894B61305}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{14757FDD-132C-75BB-8EB4-16A894B61305}@abgmpplocbpbaiemddghpfahjjnficpbhf 0x61 0x61 0x00 0x00
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{14757FDD-132C-75BB-8EB4-16A894B61305}@bbgmpplocbpbaiemddfhaccihlhjdbejhklj 0x61 0x61 0x00 0x00

    ---- EOF - GMER 1.0.14 ----

    Je t en ai fait aussi un avec uniquement les 2 options cochees services et fichiers mais avec l option "Show All" cochee

    GMER 1.0.14.14205 - http://www.gmer.net
    Rootkit scan 2008-04-01 08:41:31
    Windows 5.1.2600 Service Pack 3, v.3311


    ---- Services - GMER 1.0.14 ----

    Service .NET CLR Data
    Service .NET CLR Networking
    Service .NET Data Provider for Oracle
    Service .NET Data Provider for SqlServer
    Service .NETFramework
    Service [DISABLED] Abiosdsk
    Service [DISABLED] abp480n5
    Service C:\WINDOWS\system32\DRIVERS\ACPI.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
    Service (ACPI Embedded Controller Driver/Microsoft Corporation) [DISABLED] ACPIEC
    Service C:\WINDOWS\system32\drivers\NSDriver.sys [MANUAL] Ad-Watch Connect Filter
    Service C:\WINDOWS\system32\drivers\AWRTPD.sys [MANUAL] Ad-Watch Real-Time Scanner
    Service [DISABLED] adpu160m
    Service C:\WINDOWS\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec
    Service C:\WINDOWS\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
    Service [DISABLED] Aha154x
    Service [DISABLED] aic78u2
    Service [DISABLED] aic78xx
    Service system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM
    Service
    1 Avril 2008 11:27:25

    1 Avril 2008 17:41:26

    :hello: 

    Il mène où le lien de ton dernier message ? ( je ne clique pas sur un lien sans savoir où il mène :)  ). Peut-être est-ce le rapport de Gmer ?

    As-tu un CD de windows ?

    ;) 
    1 Avril 2008 21:17:36

    non c est une photo (pas un virus)
    pour info j ai fait ce que tu as dit
    apres j ai active services.exe
    plus rien
    apres j ai enlever bitdefender
    et j ai installer antivir
    depuis plus de message sortant
    mais Windows affiche un message qu il coupe "explorer.exe"
    pour la securite du systeme
    puis le bureaux coupe et revien
    1 Avril 2008 21:24:55

    pour info je n ai pas de cd de windows c est la becanne de ma copine bulgare
    je rentre en france vendredi ou la j ai deux pc un quadricore portable et un ancien pentium 4 je revient ici en bulgarie dans 10 jours avec mon quadricore
    et mon matos je crois que je vais lui formater son disque c (trops petit) et lui installer vista sp1.
    de plus c est son fils informaticien ici en bulgarie qui lui a fait la config du pc et je ne comprend pas tout
    merci pour ton aide
    et mon lien est une photo d une porshe de la police bulgare a sofia pas un virus
    1 Avril 2008 21:28:30

    Re,

    Oki pour le lien :p 

    Donc si tu va formater, plus besoin d'aide alors ?

    1 Avril 2008 21:49:29

    non de plus tout est ok maintenant
    je te remercie merillym
    pare contre je te posterai un rapport d un acer portable que j ai en france que j ai achete il y a 8 mois 1300 euros et
    que mon pere a utilise pendant mon absence
    pentium dualcore
    sous vista premium
    avec sortie tv etc....
    connecte a une neufbox
    qui a aussi des soucis d apres mon pere de virus "pub"
    je crois qu il a beaucoups joue avec
    et vu tes competences si tu a le temps de m aiguiller en prenant connaissance de ma config pour bien me proteger pour me retour ici sur le reseau Bulgare
    etant donne que je suis un client de mininova et ht33
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS