romnath
-
Compteur de contenus
21 -
Inscription
-
Dernière visite
romnath's Achievements
Member (4/12)
0
Réputation sur la communauté
-
aide pour hijachthis....
romnath a répondu à un(e) sujet de romnath dans Analyses et éradication malwares
en fait je ne peux pas recuperer IE car apparement je ne suis plus administrateur de mon ordinateur...!!! -
aide pour hijachthis....
romnath a répondu à un(e) sujet de romnath dans Analyses et éradication malwares
je suis en train de sauvegarder sur dvd ce qui est important et je vais faire un formatage, c'est radical mais je pense que ca ira mieux apres non ? -
aide pour hijachthis....
romnath a répondu à un(e) sujet de romnath dans Analyses et éradication malwares
bonjour, je viens de redemarrer mon ordi avec bcp de mal... plus de souris, j'ai du en retrouver une vieille avec un fil.., donc non je n'ai pas du internet explorer la fenetre s'ouvre puis se ferme de suite.... je crois que c'est de pire en pire que faire...??? -
aide pour hijachthis....
romnath a répondu à un(e) sujet de romnath dans Analyses et éradication malwares
pour installer anitivir j'ai un soucis car quand je le lance il me dit qu'il faut etre connecte pour lancer l'installation... alors que je usis en ligne sur mozilla car IE ne marche pas... tu sais pourquoi ? -
aide pour hijachthis....
romnath a répondu à un(e) sujet de romnath dans Analyses et éradication malwares
voici mon dernier rapport : Malwarebytes' Anti-Malware 1.32 Version de la base de données: 1638 Windows 5.1.2600 Service Pack 3 10/01/2009 23:52:40 mbam-log-2009-01-10 (23-52-40).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 140674 Temps écoulé: 1 hour(s), 29 minute(s), 58 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) et le dernier hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:54:54, on 10/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AGI\common\win32\PythonService.exe C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\VM305_STI.EXE C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\AntivirusFirewall\Common\FSLAUNCH.EXE C:\Program Files\IncrediMail\bin\IncMail.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\IncrediMail\bin\IncMail.exe C:\Documents and Settings\nathalie\Bureau\antivirus\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM\..\Run: [NetAnalyse] C:\Program Files\NetAnalyse\NetAnalyse.exe O4 - HKLM\..\Run: [Anniversaires] C:\Anuman Interactive\Le journal de votre naissance\anniv.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: NetAnalyse.lnk = C:\Program Files\NetAnalyse\NetAnalyse.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Wireless LAN Utility.lnk = ? O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?bc611d11bab3496a82a04ef96140a3a9 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?bc611d11bab3496a82a04ef96140a3a9 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-20283c53200f4686.spaces.live.co...ad/MsnPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A436BD83-2F05-4783-B218-BB51F96D727A}: NameServer = 192.168.1.1 O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 10079 bytes -
aide pour hijachthis....
romnath a répondu à un(e) sujet de romnath dans Analyses et éradication malwares
ok je fais tout ca... je te post ca demain ok ? car c'est tres long et il commence a ce faire tard pour moi... tu seras la demain , j'aurais une reponse de toi ? -
aide pour hijachthis....
romnath a répondu à un(e) sujet de romnath dans Analyses et éradication malwares
voici nouveau rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:03:09, on 10/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AGI\common\win32\PythonService.exe C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AntivirusFirewall\Common\FCH32.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\AntivirusFirewall\Common\FSM32.EXE C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\VM305_STI.EXE C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe C:\Anuman Interactive\Le journal de votre naissance\anniv.exe C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\Documents and Settings\nathalie\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM\..\Run: [NetAnalyse] C:\Program Files\NetAnalyse\NetAnalyse.exe O4 - HKLM\..\Run: [Anniversaires] C:\Anuman Interactive\Le journal de votre naissance\anniv.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: NetAnalyse.lnk = C:\Program Files\NetAnalyse\NetAnalyse.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Wireless LAN Utility.lnk = ? O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?bc611d11bab3496a82a04ef96140a3a9 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?bc611d11bab3496a82a04ef96140a3a9 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-20283c53200f4686.spaces.live.co...ad/MsnPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A436BD83-2F05-4783-B218-BB51F96D727A}: NameServer = 192.168.1.1 O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 12014 bytes -
aide pour hijachthis....
romnath a répondu à un(e) sujet de romnath dans Analyses et éradication malwares
ok je fais ca... pour mon antivirus c'est celui d'orange mais mes mise a jours sont bloquées depuis 1 semaine ainsi que mon parefeu...ca fait 1 semaine que mon ordi merde... -
aide pour hijachthis....
romnath a répondu à un(e) sujet de romnath dans Analyses et éradication malwares
voici le nouveau rapport: Logfile of random's system information tool 1.05 (written by random/random) Run by nathalie at 2009-01-10 21:35:15 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 65 GB (44%) free of 149 GB Total RAM: 1023 MB (48% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:36:10, on 10/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AGI\common\win32\PythonService.exe C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AntivirusFirewall\Common\FCH32.EXE C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\AntivirusFirewall\Common\FSM32.EXE C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe C:\WINDOWS\VM305_STI.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\Documents and Settings\nathalie\Bureau\RSIT.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\trend micro\nathalie.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM\..\Run: [NetAnalyse] C:\Program Files\NetAnalyse\NetAnalyse.exe O4 - HKLM\..\Run: [Anniversaires] C:\Anuman Interactive\Le journal de votre naissance\anniv.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: NetAnalyse.lnk = C:\Program Files\NetAnalyse\NetAnalyse.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Wireless LAN Utility.lnk = ? O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?bc611d11bab3496a82a04ef96140a3a9 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?bc611d11bab3496a82a04ef96140a3a9 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-20283c53200f4686.spaces.live.co...ad/MsnPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A436BD83-2F05-4783-B218-BB51F96D727A}: NameServer = 192.168.1.1 O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 12078 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\EasyShare Registration Task.job C:\WINDOWS\tasks\Scheduled scanning task.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}] AGSearchHook Class - C:\Program Files\AGI\common\agcutils.dll [2009-01-10 43520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 656696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"=RunDll32 cmicnfg.cpl [] "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-19 999424] "WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480] "WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\GestMaj.exe [2004-10-14 32768] "F-Secure Manager"=C:\Program Files\AntivirusFirewall\Common\FSM32.EXE [2005-10-26 122929] "F-Secure TNB"=C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe [2005-07-18 700416] "F-Secure Startup Wizard"=C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE [2005-10-18 372736] "News Service"=C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe [2005-05-31 356352] "OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152] "OPSE reminder"=C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe [2003-07-07 729088] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "BigDog305"=C:\WINDOWS\VM305_STI.EXE [2005-08-05 61440] "NetAnalyse"=C:\Program Files\NetAnalyse\NetAnalyse.exe [] "Anniversaires"=C:\Anuman Interactive\Le journal de votre naissance\anniv.exe [2007-12-22 765952] "QuickTime Task"=C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe [2008-09-06 282624] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"=C:\PROGRA~1\Wanadoo\Shell.exe [2004-08-23 122880] "IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-07-24 243072] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "ares"=C:\Program Files\Ares\Ares.exe -h [] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-05-06 202088] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anniversaires] C:\Anuman Interactive\Le journal de votre naissance\anniv.exe [2007-12-22 765952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Program Files\Ares\Ares.exe -h [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe /background [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR] C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-12-30 270336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo Scheduler server.lnk] C:\PROGRA~1\INTERV~1\DVD5R\SchSvr.exe [2005-01-05 147456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk] C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2004-12-30 270336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk] C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-13 16423] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk] C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2007-06-21 282624] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Antivirus Firewall.lnk - C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE Wireless LAN Utility.lnk - C:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe C:\Documents and Settings\nathalie\Menu Démarrer\Programmes\Démarrage NetAnalyse.lnk - C:\Program Files\NetAnalyse\NetAnalyse.exe PowerReg Scheduler V3.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-01-05 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=95000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe"="C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe:*:Enabled:Antivirus Firewall" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImLc.exe"="C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\Documents and Settings\nathalie\Bureau\mule\eMule\emule.exe"="C:\Documents and Settings\nathalie\Bureau\mule\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows" "C:\Program Files\Morpheus\Morpheus.exe"="C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus" "C:\Program Files\eMule\eMule0.48a\emule.exe"="C:\Program Files\eMule\eMule0.48a\emule.exe:*:Enabled:eMule" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\KAZAA LITE TOOLS K++\KazaaLite.kpp"="C:\Program Files\KAZAA LITE TOOLS K++\KazaaLite.kpp:*:Enabled:KazaaLite" "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater" "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare" "C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp"="C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp:*:Enabled:kazaalite" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus" "C:\Program Files\Global Star Software\Airport Tycoon 3\at3.exe"="C:\Program Files\Global Star Software\Airport Tycoon 3\at3.exe:*:Enabled:at3" "C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\GOA\Gunbound\GunBound.gme"="C:\Program Files\GOA\Gunbound\GunBound.gme:*:Enabled:GunBound" "C:\Program Files\Lphant\eLePhantClient.exe"="C:\Program Files\Lphant\eLePhantClient.exe:*:Enabled:lphant Client" "C:\Documents and Settings\nathalie\Bureau\mwodownloader.exe"="C:\Documents and Settings\nathalie\Bureau\mwodownloader.exe:*:Enabled:BitCometLite" "C:\Documents and Settings\nathalie\Bureau\freezer.exe"="C:\Documents and Settings\nathalie\Bureau\freezer.exe:*:Enabled:freezer" "C:\Program Files\MultiProxy\mproxy.exe"="C:\Program Files\MultiProxy\mproxy.exe:*:Enabled:MultiProxy personal proxy server" "C:\Program Files\Atari\Deer Hunter 2005\DH2005.exe"="C:\Program Files\Atari\Deer Hunter 2005\DH2005.exe:*:Enabled:DH2005" "C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade" "C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe"="C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe:*:Enabled:Antivirus Firewall" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c6434bb-6128-11dc-a847-0013d3a014e0}] shell\AutoRun\command - F:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24d7c524-9817-11dc-a8a1-0013d3a014e0}] shell\AutoRun\command - F:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88961462-ba09-11dc-a8cf-0013d3a014e0}] shell\AutoRun\command - F:\AutoTransfer.exe ======List of files/folders created in the last 1 months====== 2009-01-10 21:17:51 ----A---- C:\WINDOWS\ntbtlog.txt 2009-01-10 20:39:02 ----D---- C:\_OTMoveIt 2009-01-10 20:25:05 ----A---- C:\cleannavi.txt 2009-01-10 20:20:00 ----D---- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar 2009-01-10 20:15:51 ----A---- C:\WINDOWS\hglnblou.txt 2009-01-10 19:56:11 ----A---- C:\fixnavi.txt 2009-01-10 19:55:22 ----D---- C:\Program Files\Navilog1 2009-01-10 19:43:34 ----A---- C:\TB.txt 2009-01-10 19:42:55 ----D---- C:\ToolBar SD 2009-01-10 19:30:42 ----D---- C:\Documents and Settings\nathalie\Application Data\Malwarebytes 2009-01-10 19:30:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-01-10 19:30:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-01-10 13:30:33 ----D---- C:\Program Files\trend micro 2009-01-10 13:30:26 ----D---- C:\rsit 2009-01-09 21:30:44 ----D---- C:\Program Files\Panda Security 2009-01-08 19:56:10 ----D---- C:\Program Files\JaliyaV4 2009-01-08 19:55:47 ----D---- C:\Program Files\Zylom Games 2009-01-08 19:55:47 ----D---- C:\Program Files\Warcraft III 2009-01-08 19:55:47 ----D---- C:\Program Files\Samsung 2009-01-08 19:55:45 ----D---- C:\Program Files\SAGEM 2009-01-08 19:55:45 ----D---- C:\Program Files\Project64 1.6 2009-01-08 19:55:45 ----D---- C:\Program Files\NRJ 2009-01-08 19:55:45 ----D---- C:\Program Files\MorpheusBar 2009-01-08 19:55:45 ----D---- C:\Program Files\Morpheus 2009-01-08 19:55:41 ----D---- C:\Program Files\MaCuisineLapeyrePrima 2009-01-08 19:55:41 ----D---- C:\Program Files\LimeWire 2009-01-08 19:55:41 ----D---- C:\Program Files\Kazaa Lite Resurrection 2009-01-08 19:55:40 ----D---- C:\Program Files\Infogrames 2009-01-08 19:55:40 ----D---- C:\Program Files\IKEA HomePlanner 2009-01-08 19:55:40 ----D---- C:\Program Files\GOA 2009-01-08 19:55:40 ----D---- C:\Program Files\GIMP-2.0 2009-01-08 19:55:38 ----D---- C:\Program Files\GameSpy Arcade 2009-01-08 19:55:38 ----D---- C:\Program Files\EoRezo 2009-01-08 19:55:38 ----D---- C:\Program Files\EA Games 2009-01-08 19:55:38 ----D---- C:\Program Files\d-lusion 2009-01-08 19:55:27 ----D---- C:\Program Files\BoontyGames 2009-01-08 19:55:26 ----D---- C:\Program Files\Boonty 2009-01-08 19:55:25 ----D---- C:\Program Files\Azureus 2009-01-08 19:55:24 ----D---- C:\totalcmd 2009-01-08 19:55:24 ----D---- C:\Team17 2009-01-08 19:55:24 ----D---- C:\Sierra 2009-01-08 19:55:24 ----D---- C:\Program Files\AviSynth 2.5 2009-01-08 19:55:24 ----D---- C:\eJay 2009-01-06 09:41:26 ----D---- C:\Program Files\Microsoft Silverlight 2008-12-27 13:00:08 ----A---- C:\WINDOWS\msnfix.txt 2008-12-26 13:43:50 ----A---- C:\WINDOWS\system32\MSCMCDE.DLL 2008-12-26 13:43:50 ----A---- C:\WINDOWS\system32\MSCC2DE.DLL 2008-12-26 13:43:50 ----A---- C:\WINDOWS\system32\CMDLGDE.DLL 2008-12-26 13:43:49 ----A---- C:\WINDOWS\system32\VB6DE.DLL 2008-12-22 21:37:05 ----D---- C:\WINDOWS\Minidump 2008-12-16 09:56:18 ----A---- C:\WINDOWS\wininit.ini 2008-12-11 22:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2008-12-11 22:45:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2008-12-11 22:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2008-12-11 22:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ ======List of files/folders modified in the last 1 months====== 2009-01-10 21:36:04 ----D---- C:\WINDOWS\Temp 2009-01-10 21:35:35 ----D---- C:\WINDOWS\Prefetch 2009-01-10 21:35:32 ----D---- C:\Program Files\Mozilla Firefox 2009-01-10 21:35:02 ----D---- C:\Program Files\Wanadoo 2009-01-10 21:33:44 ----A---- C:\WINDOWS\RTacDbg.txt 2009-01-10 21:33:41 ----D---- C:\WINDOWS 2009-01-10 21:31:10 ----D---- C:\WINDOWS\system32\CatRoot2 2009-01-10 21:16:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-01-10 20:39:02 ----D---- C:\Program Files 2009-01-10 20:33:12 ----D---- C:\WINDOWS\system32 2009-01-10 20:15:51 ----D---- C:\WINDOWS\system32\drivers 2009-01-09 21:31:41 ----HD---- C:\WINDOWS\inf 2009-01-08 19:58:54 ----D---- C:\WINDOWS\system32\config 2009-01-08 19:58:25 ----D---- C:\WINDOWS\system32\wbem 2009-01-08 19:58:24 ----D---- C:\WINDOWS\Registration 2009-01-08 19:57:37 ----D---- C:\Downloads 2009-01-08 19:56:43 ----SHD---- C:\Config.Msi 2009-01-08 19:56:11 ----SHD---- C:\WINDOWS\Installer 2009-01-08 19:55:09 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-01-08 19:55:04 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-07 21:59:28 ----AD---- C:\Program Files\Paint Shop Pro 6 2009-01-04 17:44:54 ----HD---- C:\Program Files\InstallShield Installation Information 2008-12-22 22:10:34 ----SD---- C:\Documents and Settings\nathalie\Application Data\Microsoft 2008-12-19 19:47:50 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-12-19 19:44:28 ----HD---- C:\WINDOWS\$hf_mig$ 2008-12-13 07:37:56 ----A---- C:\WINDOWS\system32\mshtml.dll 2008-12-11 22:48:35 ----A---- C:\WINDOWS\imsins.BAK 2008-12-11 22:48:08 ----D---- C:\Program Files\Internet Explorer ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-08 21035] R2 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [] R2 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [] R2 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-05 1420288] R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368] R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-08-13 65280] R3 RTLWUSB;802.11g USB 2.0 Wireless LAN Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-09-06 187392] R3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 catchme;catchme; \??\C:\DOCUME~1\nathalie\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536] S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2004-10-29 32000] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-06 80272] S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-06 10864] S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-06 137884] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 ZSMC0305;VIMICRO USB PC Camera V; C:\WINDOWS\System32\Drivers\usbVM305.sys [2005-11-30 392316] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AGWinService;AG Windows Service; C:\Program Files\AGI\common\win32\PythonService.exe [2008-10-05 10240] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-05 405504] R2 BackWeb Plug-in - 6588780;Antivirus Firewall; C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2007-06-02 32807] R2 fsbwsys;fsbwsys; C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe [2007-06-02 278581] R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe [2005-07-13 36947] R2 FSMA;F-Secure Management Agent; C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE [2005-10-26 61490] R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960] R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe [2005-11-18 204863] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-06-12 69120] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2004-10-29 86016] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] mais je n'ai plus d'antivirus le mien est bloqué... -
aide pour hijachthis....
romnath a répondu à un(e) sujet de romnath dans Analyses et éradication malwares
[ok je fais ca et je re... -
aide pour hijachthis....
romnath a répondu à un(e) sujet de romnath dans Analyses et éradication malwares
voici nouveau rapport hijackthis au redemarrage: Logfile of random's system information tool 1.05 (written by random/random) Run by nathalie at 2009-01-10 21:03:15 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 65 GB (44%) free of 149 GB Total RAM: 1023 MB (41% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:03:45, on 10/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AGI\common\win32\PythonService.exe C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AntivirusFirewall\Common\FCH32.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\AntivirusFirewall\Common\FSM32.EXE C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\VM305_STI.EXE C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\Documents and Settings\nathalie\Bureau\RSIT.exe C:\Program Files\trend micro\nathalie.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM\..\Run: [NetAnalyse] C:\Program Files\NetAnalyse\NetAnalyse.exe O4 - HKLM\..\Run: [Anniversaires] C:\Anuman Interactive\Le journal de votre naissance\anniv.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: NetAnalyse.lnk = C:\Program Files\NetAnalyse\NetAnalyse.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Wireless LAN Utility.lnk = ? O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?bc611d11bab3496a82a04ef96140a3a9 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?bc611d11bab3496a82a04ef96140a3a9 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-20283c53200f4686.spaces.live.co...ad/MsnPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A436BD83-2F05-4783-B218-BB51F96D727A}: NameServer = 192.168.1.1 O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 12078 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\EasyShare Registration Task.job C:\WINDOWS\tasks\Scheduled scanning task.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}] AGSearchHook Class - C:\Program Files\AGI\common\agcutils.dll [2009-01-10 43520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 656696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"=RunDll32 cmicnfg.cpl [] "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-19 999424] "WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480] "WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\GestMaj.exe [2004-10-14 32768] "F-Secure Manager"=C:\Program Files\AntivirusFirewall\Common\FSM32.EXE [2005-10-26 122929] "F-Secure TNB"=C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe [2005-07-18 700416] "F-Secure Startup Wizard"=C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE [2005-10-18 372736] "News Service"=C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe [2005-05-31 356352] "OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152] "OPSE reminder"=C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe [2003-07-07 729088] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "BigDog305"=C:\WINDOWS\VM305_STI.EXE [2005-08-05 61440] "NetAnalyse"=C:\Program Files\NetAnalyse\NetAnalyse.exe [] "Anniversaires"=C:\Anuman Interactive\Le journal de votre naissance\anniv.exe [2007-12-22 765952] "QuickTime Task"=C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe [2008-09-06 282624] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"=C:\PROGRA~1\Wanadoo\Shell.exe [2004-08-23 122880] "IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-07-24 243072] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "ares"=C:\Program Files\Ares\Ares.exe -h [] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-05-06 202088] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anniversaires] C:\Anuman Interactive\Le journal de votre naissance\anniv.exe [2007-12-22 765952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Program Files\Ares\Ares.exe -h [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe /background [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR] C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-12-30 270336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo Scheduler server.lnk] C:\PROGRA~1\INTERV~1\DVD5R\SchSvr.exe [2005-01-05 147456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk] C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2004-12-30 270336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk] C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-13 16423] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk] C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2007-06-21 282624] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Antivirus Firewall.lnk - C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE Wireless LAN Utility.lnk - C:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe C:\Documents and Settings\nathalie\Menu Démarrer\Programmes\Démarrage NetAnalyse.lnk - C:\Program Files\NetAnalyse\NetAnalyse.exe PowerReg Scheduler V3.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-01-05 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=95000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe"="C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe:*:Enabled:Antivirus Firewall" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImLc.exe"="C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\Documents and Settings\nathalie\Bureau\mule\eMule\emule.exe"="C:\Documents and Settings\nathalie\Bureau\mule\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows" "C:\Program Files\Morpheus\Morpheus.exe"="C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus" "C:\Program Files\eMule\eMule0.48a\emule.exe"="C:\Program Files\eMule\eMule0.48a\emule.exe:*:Enabled:eMule" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\KAZAA LITE TOOLS K++\KazaaLite.kpp"="C:\Program Files\KAZAA LITE TOOLS K++\KazaaLite.kpp:*:Enabled:KazaaLite" "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater" "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare" "C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp"="C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp:*:Enabled:kazaalite" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus" "C:\Program Files\Global Star Software\Airport Tycoon 3\at3.exe"="C:\Program Files\Global Star Software\Airport Tycoon 3\at3.exe:*:Enabled:at3" "C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\GOA\Gunbound\GunBound.gme"="C:\Program Files\GOA\Gunbound\GunBound.gme:*:Enabled:GunBound" "C:\Program Files\Lphant\eLePhantClient.exe"="C:\Program Files\Lphant\eLePhantClient.exe:*:Enabled:lphant Client" "C:\Documents and Settings\nathalie\Bureau\mwodownloader.exe"="C:\Documents and Settings\nathalie\Bureau\mwodownloader.exe:*:Enabled:BitCometLite" "C:\Documents and Settings\nathalie\Bureau\freezer.exe"="C:\Documents and Settings\nathalie\Bureau\freezer.exe:*:Enabled:freezer" "C:\Program Files\MultiProxy\mproxy.exe"="C:\Program Files\MultiProxy\mproxy.exe:*:Enabled:MultiProxy personal proxy server" "C:\Program Files\Atari\Deer Hunter 2005\DH2005.exe"="C:\Program Files\Atari\Deer Hunter 2005\DH2005.exe:*:Enabled:DH2005" "C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade" "C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe"="C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe:*:Enabled:Antivirus Firewall" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c6434bb-6128-11dc-a847-0013d3a014e0}] shell\AutoRun\command - F:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24d7c524-9817-11dc-a8a1-0013d3a014e0}] shell\AutoRun\command - F:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88961462-ba09-11dc-a8cf-0013d3a014e0}] shell\AutoRun\command - F:\AutoTransfer.exe ======List of files/folders created in the last 1 months====== 2009-01-10 20:39:02 ----D---- C:\_OTMoveIt 2009-01-10 20:25:05 ----A---- C:\cleannavi.txt 2009-01-10 20:20:00 ----D---- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar 2009-01-10 20:15:51 ----A---- C:\WINDOWS\hglnblou.txt 2009-01-10 19:56:11 ----A---- C:\fixnavi.txt 2009-01-10 19:55:22 ----D---- C:\Program Files\Navilog1 2009-01-10 19:43:34 ----A---- C:\TB.txt 2009-01-10 19:42:55 ----D---- C:\ToolBar SD 2009-01-10 19:30:42 ----D---- C:\Documents and Settings\nathalie\Application Data\Malwarebytes 2009-01-10 19:30:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-01-10 19:30:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-01-10 13:30:33 ----D---- C:\Program Files\trend micro 2009-01-10 13:30:26 ----D---- C:\rsit 2009-01-09 21:30:44 ----D---- C:\Program Files\Panda Security 2009-01-08 19:56:10 ----D---- C:\Program Files\JaliyaV4 2009-01-08 19:55:47 ----D---- C:\Program Files\Zylom Games 2009-01-08 19:55:47 ----D---- C:\Program Files\Warcraft III 2009-01-08 19:55:47 ----D---- C:\Program Files\Samsung 2009-01-08 19:55:45 ----D---- C:\Program Files\SAGEM 2009-01-08 19:55:45 ----D---- C:\Program Files\Project64 1.6 2009-01-08 19:55:45 ----D---- C:\Program Files\NRJ 2009-01-08 19:55:45 ----D---- C:\Program Files\MorpheusBar 2009-01-08 19:55:45 ----D---- C:\Program Files\Morpheus 2009-01-08 19:55:41 ----D---- C:\Program Files\MaCuisineLapeyrePrima 2009-01-08 19:55:41 ----D---- C:\Program Files\LimeWire 2009-01-08 19:55:41 ----D---- C:\Program Files\Kazaa Lite Resurrection 2009-01-08 19:55:40 ----D---- C:\Program Files\Infogrames 2009-01-08 19:55:40 ----D---- C:\Program Files\IKEA HomePlanner 2009-01-08 19:55:40 ----D---- C:\Program Files\GOA 2009-01-08 19:55:40 ----D---- C:\Program Files\GIMP-2.0 2009-01-08 19:55:38 ----D---- C:\Program Files\GameSpy Arcade 2009-01-08 19:55:38 ----D---- C:\Program Files\EoRezo 2009-01-08 19:55:38 ----D---- C:\Program Files\EA Games 2009-01-08 19:55:38 ----D---- C:\Program Files\d-lusion 2009-01-08 19:55:27 ----D---- C:\Program Files\BoontyGames 2009-01-08 19:55:26 ----D---- C:\Program Files\Boonty 2009-01-08 19:55:25 ----D---- C:\Program Files\Azureus 2009-01-08 19:55:24 ----D---- C:\totalcmd 2009-01-08 19:55:24 ----D---- C:\Team17 2009-01-08 19:55:24 ----D---- C:\Sierra 2009-01-08 19:55:24 ----D---- C:\Program Files\AviSynth 2.5 2009-01-08 19:55:24 ----D---- C:\eJay 2009-01-06 09:41:26 ----D---- C:\Program Files\Microsoft Silverlight 2008-12-27 13:00:08 ----A---- C:\WINDOWS\msnfix.txt 2008-12-26 13:43:50 ----A---- C:\WINDOWS\system32\MSCMCDE.DLL 2008-12-26 13:43:50 ----A---- C:\WINDOWS\system32\MSCC2DE.DLL 2008-12-26 13:43:50 ----A---- C:\WINDOWS\system32\CMDLGDE.DLL 2008-12-26 13:43:49 ----A---- C:\WINDOWS\system32\VB6DE.DLL 2008-12-22 21:37:05 ----D---- C:\WINDOWS\Minidump 2008-12-16 09:56:18 ----A---- C:\WINDOWS\wininit.ini 2008-12-11 22:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2008-12-11 22:45:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2008-12-11 22:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2008-12-11 22:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ ======List of files/folders modified in the last 1 months====== 2009-01-10 21:03:42 ----D---- C:\WINDOWS\Temp 2009-01-10 21:03:29 ----D---- C:\Program Files\Mozilla Firefox 2009-01-10 21:03:05 ----D---- C:\Program Files\Wanadoo 2009-01-10 21:02:31 ----A---- C:\WINDOWS\RTacDbg.txt 2009-01-10 21:02:29 ----D---- C:\WINDOWS 2009-01-10 21:01:37 ----D---- C:\WINDOWS\Prefetch 2009-01-10 20:58:05 ----D---- C:\WINDOWS\system32\CatRoot2 2009-01-10 20:56:13 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-01-10 20:39:02 ----D---- C:\Program Files 2009-01-10 20:33:12 ----D---- C:\WINDOWS\system32 2009-01-10 20:15:51 ----D---- C:\WINDOWS\system32\drivers 2009-01-09 21:31:41 ----HD---- C:\WINDOWS\inf 2009-01-08 19:58:54 ----D---- C:\WINDOWS\system32\config 2009-01-08 19:58:25 ----D---- C:\WINDOWS\system32\wbem 2009-01-08 19:58:24 ----D---- C:\WINDOWS\Registration 2009-01-08 19:57:37 ----D---- C:\Downloads 2009-01-08 19:56:43 ----SHD---- C:\Config.Msi 2009-01-08 19:56:11 ----SHD---- C:\WINDOWS\Installer 2009-01-08 19:55:09 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-01-08 19:55:04 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-07 21:59:28 ----AD---- C:\Program Files\Paint Shop Pro 6 2009-01-04 17:44:54 ----HD---- C:\Program Files\InstallShield Installation Information 2008-12-22 22:10:34 ----SD---- C:\Documents and Settings\nathalie\Application Data\Microsoft 2008-12-19 19:47:50 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-12-19 19:44:28 ----HD---- C:\WINDOWS\$hf_mig$ 2008-12-13 07:37:56 ----A---- C:\WINDOWS\system32\mshtml.dll 2008-12-11 22:48:35 ----A---- C:\WINDOWS\imsins.BAK 2008-12-11 22:48:08 ----D---- C:\Program Files\Internet Explorer ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-08 21035] R2 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [] R2 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [] R2 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-05 1420288] R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368] R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-08-13 65280] R3 RTLWUSB;802.11g USB 2.0 Wireless LAN Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-09-06 187392] R3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 catchme;catchme; \??\C:\DOCUME~1\nathalie\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536] S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2004-10-29 32000] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-06 80272] S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-06 10864] S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-06 137884] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 ZSMC0305;VIMICRO USB PC Camera V; C:\WINDOWS\System32\Drivers\usbVM305.sys [2005-11-30 392316] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AGWinService;AG Windows Service; C:\Program Files\AGI\common\win32\PythonService.exe [2008-10-05 10240] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-05 405504] R2 BackWeb Plug-in - 6588780;Antivirus Firewall; C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2007-06-02 32807] R2 fsbwsys;fsbwsys; C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe [2007-06-02 278581] R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe [2005-07-13 36947] R2 FSMA;F-Secure Management Agent; C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE [2005-10-26 61490] R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960] R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe [2005-11-18 204863] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-06-12 69120] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2004-10-29 86016] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF----------------- -
aide pour hijachthis....
romnath a répondu à un(e) sujet de romnath dans Analyses et éradication malwares
voici l'autre: Error: Unable to interpret <First> in the current context! ========== FILES ========== C:\Program Files\Kiwee Toolbar\2.8.167 moved successfully. C:\Program Files\Kiwee Toolbar moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\nathalie\LOCALS~1\Temp\etilqs_R8QRnsgIgjfLfq94NUYb scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\nathalie\LOCALS~1\Temp\etilqs_sINhvVZrEQ9CH3ovbw7W scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\nathalie\LOCALS~1\Temp\etilqs_sINhvVZrEQ9CH3ovbw7W-journal scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\nathalie\Local Settings\Application Data\Mozilla\Firefox\Profiles\dn43lin3.default\OfflineCache\index.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\nathalie\Local Settings\Application Data\Mozilla\Firefox\Profiles\dn43lin3.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\nathalie\Local Settings\Application Data\Mozilla\Firefox\Profiles\dn43lin3.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\nathalie\Local Settings\Application Data\Mozilla\Firefox\Profiles\dn43lin3.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\nathalie\Local Settings\Application Data\Mozilla\Firefox\Profiles\dn43lin3.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\nathalie\Local Settings\Application Data\Mozilla\Firefox\Profiles\dn43lin3.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\nathalie\Local Settings\Application Data\Mozilla\Firefox\Profiles\dn43lin3.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01102009_203902 je ne peux plus fermer OTmoveit... -
aide pour hijachthis....
romnath a répondu à un(e) sujet de romnath dans Analyses et éradication malwares
voici le rapport cleanavi apres redemarrage automatique de l'ordi: Clean Navipromo version 3.7.1 commencé le 10/01/2009 à 20:25:05,20 Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.20GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : nathalie ( Administrator ) BOOT : Normal boot Antivirus : AntiVirus Firewall 6.15 6.15 (Activated) Firewall : AntiVirus Firewall 6.15 6.15 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:145 Go (Free:63 Go) D:\ (CD or DVD) E:\ (CD or DVD) Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\WINDOWS\System32" * koqdclyu.exe trouvé ! Copie koqdclyu.exe réalisée avec succès ! koqdclyu.exe supprimé ! koqdclyu.dat trouvé ! Copie koqdclyu.dat réalisée avec succès ! koqdclyu.dat supprimé ! rkumyn.exe trouvé ! Copie rkumyn.exe réalisée avec succès ! rkumyn.exe supprimé ! rkumyn.dat trouvé ! Copie rkumyn.dat réalisée avec succès ! rkumyn.dat supprimé ! * Suppression dans "C:\Documents and Settings\nathalie\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\nathalie\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\nathalie\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\nathalie\menudm~1\progra~1" *** ...\InternetGamebox ...suppression... ...\InternetGamebox supprimé ! *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" *** *** Suppression fichiers *** C:\WINDOWS\pack.epk supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\nathalie\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\WINDOWS\system32" * acdmwvsi_navfx.dat trouvé ! Copie acdmwvsi_navfx.dat réalisée avec succès ! acdmwvsi_navfx.dat supprimé ! * Dans "C:\Documents and Settings\nathalie\locals~1\applic~1" * * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup supprimé ! Certificat Electronic-Group supprimé ! Certificat Montorgueil absent ! Certificat OOO-Favorit supprimé ! Certificat Sunny-Day-Design-Ltdt absent ! *** Recherche autres dossiers et fichiers connus *** *** Nettoyage terminé le 10/01/2009 à 20:33:12,62 *** je lance l'autre de suite -
aide pour hijachthis....
romnath a répondu à un(e) sujet de romnath dans Analyses et éradication malwares
voici le second: Search Navipromo version 3.7.1 commencé le 10/01/2009 à 19:56:11,75 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.20GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : nathalie ( Administrator ) BOOT : Normal boot Antivirus : AntiVirus Firewall 6.15 6.15 (Activated) Firewall : AntiVirus Firewall 6.15 6.15 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:145 Go (Free:63 Go) D:\ (CD or DVD) E:\ (CD or DVD) Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\nathalie\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\nathalie\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\nathalie\menudm~1\progra~1" *** ...\InternetGameBox trouvé ! *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * Fichiers trouvés : koqdclyu.exe trouvé ! koqdclyu.dat trouvé ! koqdclyu_nav.dat trouvé ! koqdclyu_navps.dat trouvé ! rkumyn.exe trouvé ! rkumyn.dat trouvé ! rkumyn_nav.dat trouvé ! rkumyn_navps.dat trouvé ! * Recherche dans "C:\Documents and Settings\nathalie\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * *** Recherche fichiers *** C:\WINDOWS\pack.epk trouvé ! *** Recherche clés spécifiques dans le Registre *** !! Les clés trouvées ne sont pas forcément infectées !! HKEY_CURRENT_USER\Software\Lanconfig *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : -
aide pour hijachthis....
romnath a répondu à un(e) sujet de romnath dans Analyses et éradication malwares
voici le 1er rapport: -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.20GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : nathalie ( Administrator ) BOOT : Normal boot Antivirus : AntiVirus Firewall 6.15 6.15 (Activated) Firewall : AntiVirus Firewall 6.15 6.15 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:145 Go (Free:63 Go) D:\ (CD or DVD) E:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 10/01/2009|19:50 ) -----------\\ SUPPRESSION Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167 Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\AGTBCore.dll Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeCommonCtrls.dll Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeContentHost.dll Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeTBCore.dll Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\mfc80u.dll Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\MsnIMToolbar.dll Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\Riched20.dll Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Kiwee Toolbar Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar Echec ! - C:\Program Files\Kiwee Toolbar -----------\\ DEUXIEME PASSAGE Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167 Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\AGTBCore.dll Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeCommonCtrls.dll Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeContentHost.dll Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeTBCore.dll Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\mfc80u.dll Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\MsnIMToolbar.dll Echec ! - C:\Program Files\Kiwee Toolbar\2.8.167\Riched20.dll Echec ! - C:\Program Files\Kiwee Toolbar -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\Kiwee Toolbar C:\Program Files\Kiwee Toolbar\2.8.167 C:\Program Files\Kiwee Toolbar\2.8.167\AGTBCore.dll C:\Program Files\Kiwee Toolbar\2.8.167\KiweeCommonCtrls.dll C:\Program Files\Kiwee Toolbar\2.8.167\KiweeContentHost.dll C:\Program Files\Kiwee Toolbar\2.8.167\KiweeTBCore.dll C:\Program Files\Kiwee Toolbar\2.8.167\mfc80u.dll C:\Program Files\Kiwee Toolbar\2.8.167\MsnIMToolbar.dll C:\Program Files\Kiwee Toolbar\2.8.167\Riched20.dll \...\{2bae58c2-79f9-45d1-a286-81f911301c3a} - (p2p_energy) -----------\\ Extensions (nathalie) - {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} => flashgot (nathalie) - {2bae58c2-79f9-45d1-a286-81f911301c3a} => p2p_energy (nathalie) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.orange.fr" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home" --------------------\\ Recherche d'autres infections C:\WINDOWS\Pack.epk C:\WINDOWS\System32\acdmwvsi_navfx.dat C:\WINDOWS\System32\koqdclyu.dat C:\WINDOWS\System32\koqdclyu.exe C:\WINDOWS\System32\koqdclyu_nav.dat C:\WINDOWS\System32\koqdclyu_navps.dat C:\WINDOWS\System32\rkumyn.dat C:\WINDOWS\System32\rkumyn.exe C:\WINDOWS\System32\rkumyn_nav.dat C:\WINDOWS\System32\rkumyn_navps.dat ==> EGDACCESS <== 1 - "C:\ToolBar SD\TB_1.txt" - 10/01/2009|19:45 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 10/01/2009|19:53 - Option : [2] -----------\\ Fin du rapport a 19:53:00,39 je lance le secaond de suite