Bonjour,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

je vien d en refaire un Merillym

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:36:37, on 31.3.2008 ?.
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
D:\BD\vsserv.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\BD\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\BD\IEToolbar.dll
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "D:\BD\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "D:\BD\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuit [...] plugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pioupiouvivi.spaces.live.co [...] nPUpld.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" (file missing)
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - (no file)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: ?????? ?? USN Journal Reader ?? ????????? ?? ????? ? Messenger (usnjsvc) - Unknown owner - -"C:\Program Files\Windows Live\Messenger\usnsvc.exe" (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - D:\BD\vsserv.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6554 bytes

Mon OS etait windows XP sp2 pro non cracke j ai fait une mise a jour vers sp3 par le site microsoft update. j utilise internet explorer 8.0 beta je te poste mon os

le rapport que j ai poste plus haut est le rapport fait il y a 10 minuttes apres sdfix fait ce matin

Property Value
Name Windows XP Professional Service Pack 3, v.3311
Terminal Services in Remote Admin Mode
Uniprocessor Free
Running on the console.
Activation Status Activated
Checked Build No
Boot Device \Device\HarddiskVolume1
System Device \Device\HarddiskVolume1
Kernel Version 5.1.2600.3311
Security 128 bits
Build Lab 2600.xpsp.080212-0005
Windows Update's version number 7.0.6000.381
Machine GUID 0efbc8ee-2bd4-4637-81f6-6291bef71177

je te joint une copie de mon fichier services.exe avec SIW

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This file contains port numbers for well-known services defined by IANA
#
# Format:
#
# <service name> <port number>/<protocol> [aliases...] [#<comment>]
#

echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users #Active users
systat 11/tcp users #Active users
daytime 13/tcp
daytime 13/udp
qotd 17/tcp quote #Quote of the day
qotd 17/udp quote #Quote of the day
chargen 19/tcp ttytst source #Character generator
chargen 19/udp ttytst source #Character generator
ftp-data 20/tcp #FTP, data
ftp 21/tcp #FTP. control
telnet 23/tcp
smtp 25/tcp mail #Simple Mail Transfer Protocol
time 37/tcp timserver
time 37/udp timserver
rlp 39/udp resource #Resource Location Protocol
nameserver 42/tcp name #Host Name Server
nameserver 42/udp name #Host Name Server
nicname 43/tcp whois
domain 53/tcp #Domain Name Server
domain 53/udp #Domain Name Server
bootps 67/udp dhcps #Bootstrap Protocol Server
bootpc 68/udp dhcpc #Bootstrap Protocol Client
tftp 69/udp #Trivial File Transfer
gopher 70/tcp
finger 79/tcp
http 80/tcp www www-http #World Wide Web
kerberos 88/tcp krb5 kerberos-sec #Kerberos
kerberos 88/udp krb5 kerberos-sec #Kerberos
hostname 101/tcp hostnames #NIC Host Name Server
iso-tsap 102/tcp #ISO-TSAP Class 0
rtelnet 107/tcp #Remote Telnet Service
pop2 109/tcp postoffice #Post Office Protocol - Version 2
pop3 110/tcp #Post Office Protocol - Version 3
sunrpc 111/tcp rpcbind portmap #SUN Remote Procedure Call
sunrpc 111/udp rpcbind portmap #SUN Remote Procedure Call
auth 113/tcp ident tap #Identification Protocol
uucp-path 117/tcp
nntp 119/tcp usenet #Network News Transfer Protocol
ntp 123/udp #Network Time Protocol
epmap 135/tcp loc-srv #DCE endpoint resolution
epmap 135/udp loc-srv #DCE endpoint resolution
netbios-ns 137/tcp nbname #NETBIOS Name Service
netbios-ns 137/udp nbname #NETBIOS Name Service
netbios-dgm 138/udp nbdatagram #NETBIOS Datagram Service
netbios-ssn 139/tcp nbsession #NETBIOS Session Service
imap 143/tcp imap4 #Internet Message Access Protocol
pcmail-srv 158/tcp #PCMail Server
snmp 161/udp #SNMP
snmptrap 162/udp snmp-trap #SNMP trap
print-srv 170/tcp #Network PostScript
bgp 179/tcp #Border Gateway Protocol
irc 194/tcp #Internet Relay Chat Protocol
ipx 213/udp #IPX over IP
ldap 389/tcp #Lightweight Directory Access Protocol
https 443/tcp MCom
https 443/udp MCom
microsoft-ds 445/tcp
microsoft-ds 445/udp
kpasswd 464/tcp # Kerberos (v5)
kpasswd 464/udp # Kerberos (v5)
isakmp 500/udp ike #Internet Key Exchange
exec 512/tcp #Remote Process Execution
biff 512/udp comsat
login 513/tcp #Remote Login
who 513/udp whod
cmd 514/tcp shell
syslog 514/udp
printer 515/tcp spooler
talk 517/udp
ntalk 518/udp
efs 520/tcp #Extended File Name Server
router 520/udp route routed
timed 525/udp timeserver
tempo 526/tcp newdate
courier 530/tcp rpc
conference 531/tcp chat
netnews 532/tcp readnews
netwall 533/udp #For emergency broadcasts
uucp 540/tcp uucpd
klogin 543/tcp #Kerberos login
kshell 544/tcp krcmd #Kerberos remote shell
new-rwho 550/udp new-who
remotefs 556/tcp rfs rfs_server
rmonitor 560/udp rmonitord
monitor 561/udp
ldaps 636/tcp sldap #LDAP over TLS/SSL
doom 666/tcp #Doom Id Software
doom 666/udp #Doom Id Software
kerberos-adm 749/tcp #Kerberos administration
kerberos-adm 749/udp #Kerberos administration
kerberos-iv 750/udp #Kerberos version IV
kpop 1109/tcp #Kerberos POP
phone 1167/udp #Conference calling
ms-sql-s 1433/tcp #Microsoft-SQL-Server
ms-sql-s 1433/udp #Microsoft-SQL-Server
ms-sql-m 1434/tcp #Microsoft-SQL-Monitor
ms-sql-m 1434/udp #Microsoft-SQL-Monitor
wins 1512/tcp #Microsoft Windows Internet Name Service
wins 1512/udp #Microsoft Windows Internet Name Service
ingreslock 1524/tcp ingres
l2tp 1701/udp #Layer Two Tunneling Protocol
pptp 1723/tcp #Point-to-point tunnelling protocol
radius 1812/udp #RADIUS authentication protocol
radacct 1813/udp #RADIUS accounting protocol
nfsd 2049/udp nfs #NFS server
knetd 2053/tcp #Kerberos de-multiplexor
man 9535/tcp #Remote Man Server

ce qui est bizard c est que mon os est xp et dans applications software environement c est NT
Help HELP HELP

Rapport DSS (main.txt et extra.txt)

MAIN.TXT

Deckard's System Scanner v20071014.68
Run by maafacka on 2008-04-01 08:26:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-04-01 05:26:06 UTC - RP185 - Deckard's System Scanner Restore Point
1: 2008-03-31 08:50:07 UTC - RP184 - AntiVir PersonalEdition Classic - 31.3.2008 ?. 11:50


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as maafacka.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:26:50, on 01.4.2008 ?.
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
D:\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
D:\BD\vsserv.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\BD\bdagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\maafacka\Desktop\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\maafacka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\BD\IEToolbar.dll
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "D:\BD\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "D:\BD\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuit [...] plugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pioupiouvivi.spaces.live.co [...] nPUpld.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" (file missing)
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - (no file)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: ?????? ?? USN Journal Reader ?? ????????? ?? ????? ? Messenger (usnjsvc) - Unknown owner - -"C:\Program Files\Windows Live\Messenger\usnsvc.exe" (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - D:\BD\vsserv.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6599 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]
[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]
[COLOR=red].ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 papycpu2 - c:\windows\system32\drivers\papycpu2.sys
R1 papyjoy - c:\windows\system32\drivers\papyjoy.sys
R3 BDSelfPr - d:\bd\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 ZSMC0305 (CANYON CN-WCAM23 PC-Camera) - c:\windows\system32\drivers\usbvm305.sys <Not Verified; Vimicro Corporation; >

S1 SASKUTIL - d:\programs files\superantispyware pro4.0.1126(with life time subscription)\saskutil.sys (file missing)
S3 {FBE1D620-5418-4aae-A0F0-316D590663A1} - c:\windows\system32\{fbe1d620-5418-4aae-a0f0-316d590663a1} (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing)
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys (file missing)
S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - c:\windows\system32\drivers\alcxwdm.sys (file missing)
S3 catchme - c:\docume~1\maafacka\locals~1\temp\catchme.sys (file missing)
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 sea1bus (Sony Ericsson Device 0A1 driver (WDM)) - c:\windows\system32\drivers\sea1bus.sys <Not Verified; MCCI; Sony Ericsson Device 0A1>
S3 sea1mdfl (Sony Ericsson Device 0A1 USB WMC Modem Filter) - c:\windows\system32\drivers\sea1mdfl.sys <Not Verified; MCCI; Sony Ericsson Device 0A1 USB WMC Modem Filter Driver>
S3 sea1mdm (Sony Ericsson Device 0A1 USB WMC Modem Driver) - c:\windows\system32\drivers\sea1mdm.sys <Not Verified; MCCI; Sony Ericsson Device 0A1 USB WMC Data Modem>
S3 sea1mgmt (Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\sea1mgmt.sys <Not Verified; MCCI; Sony Ericsson Device 0A1 USB WMC Device Management>
S3 sea1nd5 (Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS)) - c:\windows\system32\drivers\sea1nd5.sys <Not Verified; MCCI; Sony Ericsson Device 0A1 USB Ethernet Emulation>
S3 sea1obex (Sony Ericsson Device 0A1 USB WMC OBEX Interface) - c:\windows\system32\drivers\sea1obex.sys <Not Verified; MCCI; Sony Ericsson Device 0A1 USB WMC OBEX Interface>
S3 sea1unic (Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM)) - c:\windows\system32\drivers\sea1unic.sys <Not Verified; MCCI; Sony Ericsson Device 0A1 USB Ethernet Emulation>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 StarWindServiceAE (StarWind AE Service) - d:\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

S3 gusvc (Google Updater Service) - -"c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)
S3 IDriverT (InstallDriver Table Manager) - -"c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe" (file missing)
S3 NMIndexingService -
S3 usnjsvc (?????? ?? USN Journal Reader ?? ????????? ?? ????? ? Messenger) - -"c:\program files\windows live\messenger\usnsvc.exe" (file missing)
S3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - -"c:\program files\windows media player\wmpnetwk.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&11B5D411&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&11B5D411&0&01
Service: NVENETFD

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\SW_BDFNDISFMP\0006
Manufacturer: BitDefender
Name: BitDefender Firewall NDIS Filter Miniport #16
PNP Device ID: ROOT\SW_BDFNDISFMP\0006
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-03-24 12:11:17 376 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-03-01 and 2008-04-01 -----------------------------

2008-03-31 16:33:35 0 d-------- C:\Program Files\Trend Micro
2008-03-31 15:18:09 0 d-------- C:\Documents and Settings\maafacka\Application Data\Grisoft
2008-03-31 15:18:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-31 15:14:58 0 d-------- C:\Documents and Settings\maafacka\Application Data\DivX
2008-03-30 19:37:52 0 d-------- C:\Documents and Settings\maafacka\Application Data\Ulead Systems
2008-03-30 11:08:29 0 d-------- C:\Documents and Settings\maafacka\Application Data\Ashampoo
2008-03-29 09:41:00 0 d-------- C:\Documents and Settings\maafacka\Application Data\BitDefender
2008-03-29 09:39:48 0 d-------- C:\Program Files\BitDefender
2008-03-29 09:39:16 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-29 09:38:52 9699328 --a------ C:\Documents and Settings\maafacka\ntuser.dat
2008-03-29 09:34:11 0 d-------- C:\Program Files\Common Files\BitDefender
2008-03-28 10:32:27 0 d-------- C:\Documents and Settings\maafacka\Application Data\Real
2008-03-27 13:38:25 4897 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-27 09:58:07 91492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-27 09:58:06 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-27 09:11:25 8224 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-27 09:11:25 779552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-26 10:27:00 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-03-25 17:42:06 0 d-------- C:\WINDOWS\l2schemas
2008-03-25 17:42:05 0 d-------- C:\WINDOWS\system32\en
2008-03-25 17:42:05 0 d-------- C:\WINDOWS\system32\bits
2008-03-25 16:11:56 0 d-------- C:\Program Files\PicLensIE
2008-03-24 16:49:23 0 d-------- C:\Program Files\QuickTime
2008-03-24 14:05:07 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-24 09:59:17 0 d-------- C:\WINDOWS\system32\Lang
2008-03-22 12:26:23 113596 --a------ C:\WINDOWS\system32\dneinobj.dll <Not Verified; Deterministic Networks, Inc.; >
2008-03-22 10:44:45 0 d-------- C:\Documents and Settings\maafacka\Application Data\SoftMaker
2008-03-21 19:01:45 0 d-------- C:\Program Files\Java
2008-03-21 19:01:35 0 d-------- C:\Program Files\Common Files\Java
2008-03-21 16:47:40 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-03-21 16:46:02 0 d-------- C:\Documents and Settings\maafacka\Application Data\InstallShield
2008-03-21 16:19:34 0 d-------- C:\Documents and Settings\maafacka\Application Data\Help
2008-03-21 16:17:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-03-21 16:17:01 294912 --a------ C:\WINDOWS\system32\msxbse35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-21 16:17:01 166672 --a------ C:\WINDOWS\system32\mstext35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-21 16:17:01 344064 --a------ C:\WINDOWS\system32\msexch35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-21 16:17:01 215040 --a------ C:\WINDOWS\system32\HDK3CTNT.DLL <Not Verified; Virtual Media Technology P/L; HDK>
2008-03-21 16:17:01 232448 --a------ C:\WINDOWS\system32\HDK3CT32.DLL <Not Verified; Virtual Media Technology Pty Ltd; HDK3>
2008-03-21 16:17:00 368912 --a------ C:\WINDOWS\system32\VBAR332.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-03-21 16:17:00 44304 --a------ C:\WINDOWS\system32\msrpfs35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-21 16:17:00 250128 --a------ C:\WINDOWS\system32\mspdox35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-21 16:17:00 168720 --a------ C:\WINDOWS\system32\msltus35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-21 16:17:00 1238288 --a------ C:\WINDOWS\system32\msjt4jlt.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-21 16:17:00 252688 --a------ C:\WINDOWS\system32\msexcl35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-21 16:17:00 39424 --a------ C:\WINDOWS\system32\JETCOMP.exe <Not Verified; Microsoft Corporation; Microsoft® Database Compact Utility>
2008-03-21 16:16:58 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-03-21 12:42:22 0 d-------- C:\WINDOWS\system32\ebay
2008-03-20 20:16:09 475136 --a------ C:\WINDOWS\system32\SkinCrafter2.dll <Not Verified; DMSoft Technologies; SkinCrafter Module>
2008-03-20 20:13:31 0 d-------- C:\WINDOWS\Sun
2008-03-20 19:52:43 86016 --a------ C:\WINDOWS\system32\sliprt.dll <Not Verified; SlipStream Data Inc.; SlipStream Engine>
2008-03-20 16:24:54 0 d--hs---- C:\Documents and Settings\maafacka\Recent
2008-03-20 09:48:07 0 dr-hs---- C:\_Backup.RC
2008-03-19 11:48:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-19 10:32:36 0 d-------- C:\Program Files\Common Files\TechSmith Shared
2008-03-18 13:26:21 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-18 13:22:05 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-18 12:21:05 2984 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-18 12:20:38 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-18 12:20:38 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-18 12:20:38 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-18 12:20:38 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-18 12:20:38 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-18 12:20:38 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-18 11:42:40 2855 --a------ C:\WINDOWS\system32\mscdexnt.PIF
2008-03-17 18:00:55 152064 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-17 11:12:44 0 d-------- C:\WINDOWS\OPTIONS
2008-03-16 19:13:41 0 d-------- C:\Documents and Settings\All Users\Local Settings
2008-03-12 08:13:05 144384 --a------ C:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2008-03-12 08:13:05 39936 --a------ C:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
2008-03-04 12:42:46 1856 --a------ C:\WINDOWS\system32\drivers\papyjoy.sys
2008-03-04 12:42:46 1984 --a------ C:\WINDOWS\system32\drivers\papycpu2.sys
2008-03-03 19:39:13 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-03-03 19:28:43 0 d-------- C:\Program Files\Eidos


-- Find3M Report ---------------------------------------------------------------

2008-03-31 08:56:50 0 d-------- C:\Documents and Settings\maafacka\Application Data\uTorrent
2008-03-29 17:37:45 0 d-------- C:\Documents and Settings\maafacka\Application Data\Skype
2008-03-29 14:03:42 0 d-------- C:\Documents and Settings\maafacka\Application Data\Hamachi
2008-03-28 17:40:58 0 d-------- C:\Program Files\Common Files
2008-03-27 13:40:52 40117 --a----c- C:\WINDOWS\BricoPackUninst.cmd
2008-03-27 13:40:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-27 12:44:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-25 17:42:32 0 d-------- C:\Program Files\Messenger
2008-03-25 17:42:05 0 d-------- C:\Program Files\Movie Maker
2008-03-22 10:52:25 0 d-------- C:\Documents and Settings\maafacka\Application Data\Adobe
2008-03-20 20:19:18 0 d-------- C:\Documents and Settings\maafacka\Application Data\Ventrilo
2008-03-20 20:19:16 0 d-------- C:\Documents and Settings\maafacka\Application Data\IDM
2008-03-18 20:47:01 0 d-------- C:\Documents and Settings\maafacka\Application Data\Camfrog
2008-03-18 17:13:21 0 d-------- C:\Program Files\Google
2008-03-18 13:25:41 0 d-------- C:\Program Files\Windows Live
2008-03-17 16:36:07 0 d-------- C:\Program Files\Windows NT
2008-03-15 09:28:01 0 d-------- C:\Program Files\MSBuild
2008-03-12 08:13:01 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-02-28 20:03:06 0 d-------- C:\Program Files\uTorrent
2008-02-27 22:35:25 0 d-------- C:\Program Files\Common Files\DirectX
2008-02-25 16:44:33 0 d-------- C:\Documents and Settings\maafacka\Application Data\Macromedia
2008-02-22 09:34:53 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-02-22 09:34:46 0 d-------- C:\Program Files\MSECache
2008-02-21 19:59:21 1487 --a------ C:\WINDOWS\mozver.dat
2008-02-21 17:09:23 0 d-------- C:\Program Files\DMV
2008-02-19 10:53:53 0 d-------- C:\Program Files\Samsung
2008-02-16 10:15:51 0 d-------- C:\Documents and Settings\maafacka\Application Data\Teleca
2008-02-16 10:15:46 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-02-07 12:43:24 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-02-06 11:19:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-06 10:40:40 0 d-------- C:\Program Files\Windows Media Components
2008-02-01 12:17:40 587264 --a----c- C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Galerie de photos Windows Live>
2008-01-14 10:16:13 50688 --a----c- C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-01-10 14:16:20 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 14:15:30 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-09 16:01:48 53248 --a----c- C:\WINDOWS\bdoscandel.exe
2008-01-04 12:59:35 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
10.03.2008 ?. 21:21 1662976 --a------ C:\Program Files\PicLensIE\PicLens.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [05.08.2005 ?. 15:15]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05.12.2007 ?. 02:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 ?. 05:25]
"nwiz"="nwiz.exe" [05.12.2007 ?. 02:41 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [24.03.2008 ?. 16:49]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05.12.2007 ?. 02:41]
"BitDefender Antiphishing Helper"="D:\BD\IEShow.exe" [09.10.2007 ?. 16:46]
"BDAgent"="D:\BD\bdagent.exe" [16.02.2008 ?. 18:45]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11.06.2007 ?. 12:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12.02.2008 ?. 15:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)
"NoResolveTrack"=1 (0x1)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"StartMenuLogoff"=0 (0x0)
"NoSMHelp"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"HideClock"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mllmk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
bdx scan

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C51550E6-BEE1-DC64-9DC1-1168E64FFA74}]
C:\WINDOWS\system32\Windowsupdates\Windupdate.exe s



-- End of Deckard's System Scanner: finished at 2008-04-01 08:29:20 ------------
*******************************************************

EXTRA.TXT

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 2800+
Percentage of Memory in Use: 20%
Physical Memory (total/avail): 2047.48 MiB / 1621.48 MiB
Pagefile Memory (total/avail): 3939.84 MiB / 3559.8 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1809.14 MiB

C: is Fixed (NTFS) - 8.33 GiB total, 1.36 GiB free.
D: is Fixed (NTFS) - 68.36 GiB total, 14.53 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HDS722580VLAT20 - 76.69 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 8.33 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 68.36 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\maafacka\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MAA-PC
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\maafacka
LOGONSERVER=\\MAA-PC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Smart Projects\IsoBuster
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 8, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0408
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\maafacka\LOCALS~1\Temp
TMP=C:\DOCUME~1\maafacka\LOCALS~1\Temp
USERDOMAIN=MAA-PC
USERNAME=maafacka
USERPROFILE=C:\Documents and Settings\maafacka
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

maafacka [I](admin)[/I]
[I](new local, guest)[/I]


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Ashampoo Burning Studio 7.21 --> "D:\Programs Files\Ashampoo Burning Studio 7\unins000.exe"
Ashampoo Office 2008 (D:\Programs Files\Office 2008) --> C:\Documents and Settings\maafacka\Application Data\SoftMaker\smun3250.exe sm-un1.u32
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitDefender Total Security 2008 --> MsiExec.exe /I{92098E58-00AD-4F78-AD6E-807BDB323478}
Camfrog Video Chat 4.1 (remove only) --> "D:\Programs Files\Camfrog Video Chat\uninstall.exe"
Camtasia Studio 5 --> MsiExec.exe /I{784E6B0F-00EC-4950-95A2-BBA64F44EC48}
eMule --> "D:\Programs Files\eMule\Uninstall.exe"
F1 Challenge 2007 v3.0 --> MsiExec.exe /I{793F53C5-763E-4E2B-A70A-3AE081FE591E}
Galerie de photos Windows Live --> MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hamachi 1.0.2.2 --> C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Mega Codec Pack 3.7.5 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
MaxTV --> "C:\WINDOWS\MaxTV\uninstall_maxtv.exe" "/U:C:\Program Files\DMV\MaxTV\Uninstall\MaxTV\uninstall_maxtv.xml"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PicLens for Internet Explorer --> MsiExec.exe /X{3873781D-EEF0-4A3C-B774-34010FEB3C16}
SA Dictionary 2005 T2 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\SA Dictionary 2005 T2\DeIsL1.isu" -c"C:\Program Files\SA Dictionary 2005 T2\_ISREG32.DLL"
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SWAT 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8} uninstall
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail --> MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger --> MsiExec.exe /X{BACEDB6C-D282-4201-9BD4-97425B8A91B7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type6541 / Error
Event Submitted/Written: 03/31/2008 11:04:46 AM
Event ID/Source: 4112 / H+BEDV AntiVir
Event Description:
ListenThread10022

Event Record #/Type6500 / Warning
Event Submitted/Written: 03/29/2008 05:31:57 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{C514C594-23AA-4F13-A070-DB8BDB27594F}', feature 'WinMailFeat' failed during request for component '{5B7A884B-05AC-4645-8CC6-FFA1063BE62F}'

Event Record #/Type6493 / Error
Event Submitted/Written: 03/29/2008 04:36:24 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : Explorer: WAIT_TIMEOUT, while waiting for a read to clear - resetting read event

Event Record #/Type6458 / Warning
Event Submitted/Written: 03/29/2008 09:59:35 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{C514C594-23AA-4F13-A070-DB8BDB27594F}', feature 'WinMailFeat' failed during request for component '{5B7A884B-05AC-4645-8CC6-FFA1063BE62F}'

Event Record #/Type6457 / Warning
Event Submitted/Written: 03/29/2008 09:30:16 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type26294 / Error
Event Submitted/Written: 04/01/2008 07:24:27 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Event Record #/Type26293 / Error
Event Submitted/Written: 04/01/2008 07:24:21 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The IPSEC Services service terminated with the following error:
%%1747

Event Record #/Type26292 / Error
Event Submitted/Written: 04/01/2008 07:24:21 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The hwmdr service failed to start due to the following error:
%%2

Event Record #/Type26291 / Error
Event Submitted/Written: 04/01/2008 07:24:21 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error:
%%1058

Event Record #/Type26285 / Warning
Event Submitted/Written: 04/01/2008 07:23:40 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0050FCA723C0. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-04-01 08:29:20 ------------
*******************************************************

Pour GMER, quand je coche services et fichier il ne me donne pas de rapport il me dit qu il ne trouve pas de fichier modifier dans le system.
J en ai fait un avec les 11 options cochees pour rootkit

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-04-01 09:02:54
Windows 5.1.2600 Service Pack 3, v.3311


---- System - GMER 1.0.14 ----

SSDT spwf.sys ZwCreateKey [0xBA6AB0E0]
SSDT spwf.sys ZwEnumerateKey [0xBA6C8CA2]
SSDT spwf.sys ZwEnumerateValueKey [0xBA6C9030]
SSDT spwf.sys ZwOpenKey [0xBA6AB0C0]
SSDT \??\D:\BD\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xB65CFB4C]
SSDT \??\D:\BD\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xB65CFC3A]
SSDT spwf.sys ZwQueryKey [0xBA6C9108]
SSDT spwf.sys ZwQueryValueKey [0xBA6C8F88]
SSDT spwf.sys ZwSetValueKey [0xBA6C919A]
SSDT \??\D:\BD\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xB65CFAB0]

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 254C 80501D74 2 Bytes [ 4C, FB ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2564 80501D8C 2 Bytes [ 3A, FC ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2768 80501F90 2 Bytes [ B0, FA ]
? spwf.sys The system cannot find the file specified. !
PAGE CLASSPNP.SYS!ClassInitialize + F4 BA8EF42C 4 Bytes [ F2, D7, 54, 88 ]
PAGE CLASSPNP.SYS!ClassInitialize + FF BA8EF437 4 Bytes [ 2A, 84, 54, 88 ]
PAGE CLASSPNP.SYS!ClassInitialize + 10A BA8EF442 4 Bytes [ 04, D8, 54, 88 ]
PAGE CLASSPNP.SYS!ClassInitialize + 111 BA8EF449 4 Bytes [ F8, D7, 54, 88 ]
PAGE CLASSPNP.SYS!ClassInitialize + 118 BA8EF450 4 Bytes [ FE, D7, 54, 88 ]
PAGE ...
.text USBPORT.SYS!DllUnload BA4558AC 5 Bytes JMP 8A5084E0
.text am1tkxhh.SYS B9B24384 1 Byte [ 20 ]
.text am1tkxhh.SYS B9B24386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]
.text am1tkxhh.SYS B9B243AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]
.text am1tkxhh.SYS B9B243C4 3 Bytes [ 00, 00, 00 ]
.text am1tkxhh.SYS B9B243C9 1 Byte [ 00 ]
.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\explorer.exe[2992] ADVAPI32.dll!CryptDestroyKey 77DE9E9C 7 Bytes JMP 00EE2B9A
.text C:\WINDOWS\explorer.exe[2992] ADVAPI32.dll!CryptDecrypt 77DEA109 7 Bytes JMP 00EE2B57
.text C:\WINDOWS\explorer.exe[2992] ADVAPI32.dll!CryptEncrypt 77DEE340 7 Bytes JMP 00EE2B1B
.text C:\WINDOWS\explorer.exe[2992] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EE2B00
.text C:\WINDOWS\explorer.exe[2992] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EE298C
.text C:\WINDOWS\explorer.exe[2992] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00EE2A7E
.text C:\WINDOWS\explorer.exe[2992] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00EE29C4
.text C:\WINDOWS\explorer.exe[2992] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00EE29FC

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6AC040] spwf.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6AC13C] spwf.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6AC0BE] spwf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6AC7FC] spwf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6AC6D2] spwf.sys
IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!KfAcquireSpinLock] 00000034
IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!READ_PORT_UCHAR] 0000008E
IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!KeGetCurrentIrql] 00000043
IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!KfRaiseIrql] 00000044
IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!KfLowerIrql] 000000C4
IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!HalGetInterruptVector] 000000DE
IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!HalTranslateBusAddress] 000000E9
IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!KeStallExecutionProcessor] 000000CB
IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!KfReleaseSpinLock] 00000054
IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0000007B
IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!READ_PORT_USHORT] 00000094
IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000032
IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[HAL.dll!WRITE_PORT_UCHAR] 000000A6
IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[WMILIB.SYS!WmiSystemControl] 00000023
IAT \SystemRoot\System32\Drivers\am1tkxhh.SYS[WMILIB.SYS!WmiCompleteRequest] 0000003D
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6BBD92] spwf.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A5601F8

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)

Device \Driver\usbohci \Device\USBPDO-0 8A4D41F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5CE1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A5CE1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A5CE1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A5CE1F8
Device \Driver\usbehci \Device\USBPDO-1 8A4D31F8
Device \Driver\PCI_PNP1196 \Device\00000060 spwf.sys

AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5631F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5631F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 894BD1F8
Device \Driver\NetBT \Device\NetbiosSmb 894BD1F8
Device \Driver\sptd \Device\395632446 spwf.sys

AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)

Device \Driver\Disk \Device\Harddisk0\DR0 8854D7F2

AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)

Device \Driver\usbohci \Device\USBFDO-0 8A4D41F8
Device \Driver\usbehci \Device\USBFDO-1 8A4D31F8
Device \Driver\nvata \Device\NvAta1 8A5611F8
Device \Driver\nvata \Device\NvAta2 8A5611F8
Device \Driver\Ftdisk \Device\FtControl 8A5631F8
Device \Driver\am1tkxhh \Device\Scsi\am1tkxhh1 8A3EB1F8
Device \Driver\am1tkxhh \Device\Scsi\am1tkxhh1Port3Path0Target0Lun0 8A3EB1F8
Device \FileSystem\Cdfs \Cdfs 886651F8

---- Threads - GMER 1.0.14 ----

Thread 4:956 8854DB6A
Thread 4:992 8854F8FA
Thread 4:996 88547E5E
Thread 4:1000 8854DE8C
Thread 4:1004 88580040
Thread 4:1008 8856D140
Thread 4:1012 885B5D70
Thread 4:1016 885591C0
Thread 4:1028 8854DC96
Thread 4:1164 88547886
Thread 4:1168 88547886

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x89 0x58 0xC5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFA 0x4D 0x39 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDB 0xE1 0x44 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3D 0x58 0x78 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x89 0x58 0xC5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFA 0x4D 0x39 0xDC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDB 0xE1 0x44 0x2A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3D 0x58 0x78 0xA9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0x89 0x58 0xC5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFA 0x4D 0x39 0xDC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDB 0xE1 0x44 0x2A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3D 0x58 0x78 0xA9 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{14757FDD-132C-75BB-8EB4-16A894B61305}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{14757FDD-132C-75BB-8EB4-16A894B61305}@abgmpplocbpbaiemddghpfahjjnficpbhf 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{14757FDD-132C-75BB-8EB4-16A894B61305}@bbgmpplocbpbaiemddfhaccihlhjdbejhklj 0x61 0x61 0x00 0x00

---- EOF - GMER 1.0.14 ----

Je t en ai fait aussi un avec uniquement les 2 options cochees services et fichiers mais avec l option "Show All" cochee

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-04-01 08:41:31
Windows 5.1.2600 Service Pack 3, v.3311


---- Services - GMER 1.0.14 ----

Service .NET CLR Data
Service .NET CLR Networking
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINDOWS\system32\DRIVERS\ACPI.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
Service (ACPI Embedded Controller Driver/Microsoft Corporation) [DISABLED] ACPIEC
Service C:\WINDOWS\system32\drivers\NSDriver.sys [MANUAL] Ad-Watch Connect Filter
Service C:\WINDOWS\system32\drivers\AWRTPD.sys [MANUAL] Ad-Watch Real-Time Scanner
Service [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM
Service

Il mène où le lien de ton dernier message ? ( je ne clique pas sur un lien sans savoir où il mène ). Peut-être est-ce le rapport de Gmer ?

As-tu un CD de windows ?

pour info je n ai pas de cd de windows c est la becanne de ma copine bulgare
je rentre en france vendredi ou la j ai deux pc un quadricore portable et un ancien pentium 4 je revient ici en bulgarie dans 10 jours avec mon quadricore
et mon matos je crois que je vais lui formater son disque c (trops petit) et lui installer vista sp1.
de plus c est son fils informaticien ici en bulgarie qui lui a fait la config du pc et je ne comprend pas tout
merci pour ton aide
et mon lien est une photo d une porshe de la police bulgare a sofia pas un virus

non de plus tout est ok maintenant
je te remercie merillym
pare contre je te posterai un rapport d un acer portable que j ai en france que j ai achete il y a 8 mois 1300 euros et
que mon pere a utilise pendant mon absence
pentium dualcore
sous vista premium
avec sortie tv etc....
connecte a une neufbox
qui a aussi des soucis d apres mon pere de virus "pub"
je crois qu il a beaucoups joue avec
et vu tes competences si tu a le temps de m aiguiller en prenant connaissance de ma config pour bien me proteger pour me retour ici sur le reseau Bulgare
etant donne que je suis un client de mininova et ht33