aide pour hijachthis....

[romnath]

voici nouveau rapport hijackthis au redemarrage:

Logfile of random's system information tool 1.05 (written by random/random)

Run by nathalie at 2009-01-10 21:03:15

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 65 GB (44%) free of 149 GB

Total RAM: 1023 MB (41% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:03:45, on 10/01/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AGI\common\win32\PythonService.exe

C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE

C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe

C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe

C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE

C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe

C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AntivirusFirewall\Common\FCH32.EXE

C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe

C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE

C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\AntivirusFirewall\Common\FSM32.EXE

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\VM305_STI.EXE

C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe

C:\Program Files\IncrediMail\bin\IMApp.exe

C:\Documents and Settings\nathalie\Bureau\RSIT.exe

C:\Program Files\trend micro\nathalie.exe

C:\Program Files\Mozilla Firefox\firefox.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

O4 - HKLM\..\Run: [NetAnalyse] C:\Program Files\NetAnalyse\NetAnalyse.exe

O4 - HKLM\..\Run: [Anniversaires] C:\Anuman Interactive\Le journal de votre naissance\anniv.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: NetAnalyse.lnk = C:\Program Files\NetAnalyse\NetAnalyse.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Wireless LAN Utility.lnk = ?

O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?bc611d11bab3496a82a04ef96140a3a9

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?bc611d11bab3496a82a04ef96140a3a9

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-20283c53200f4686.spaces.live.co...ad/MsnPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A436BD83-2F05-4783-B218-BB51F96D727A}: NameServer = 192.168.1.1

O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

 

--

End of file - 12078 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\EasyShare Registration Task.job

C:\WINDOWS\tasks\Scheduled scanning task.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]

AGSearchHook Class - C:\Program Files\AGI\common\agcutils.dll [2009-01-10 43520]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 656696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio"=RunDll32 cmicnfg.cpl []

"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-19 999424]

"WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480]

"WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\GestMaj.exe [2004-10-14 32768]

"F-Secure Manager"=C:\Program Files\AntivirusFirewall\Common\FSM32.EXE [2005-10-26 122929]

"F-Secure TNB"=C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe [2005-07-18 700416]

"F-Secure Startup Wizard"=C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE [2005-10-18 372736]

"News Service"=C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe [2005-05-31 356352]

"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]

"OPSE reminder"=C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe [2003-07-07 729088]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"BigDog305"=C:\WINDOWS\VM305_STI.EXE [2005-08-05 61440]

"NetAnalyse"=C:\Program Files\NetAnalyse\NetAnalyse.exe []

"Anniversaires"=C:\Anuman Interactive\Le journal de votre naissance\anniv.exe [2007-12-22 765952]

"QuickTime Task"=C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe [2008-09-06 282624]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"WOOKIT"=C:\PROGRA~1\Wanadoo\Shell.exe [2004-08-23 122880]

"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-07-24 243072]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

"ares"=C:\Program Files\Ares\Ares.exe -h []

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-05-06 202088]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anniversaires]

C:\Anuman Interactive\Le journal de votre naissance\anniv.exe [2007-12-22 765952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

C:\Program Files\Ares\Ares.exe -h []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrangePlayer]

c:\program files\orange\player orange\Orange Player.exe /systray []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-12-30 270336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo Scheduler server.lnk]

C:\PROGRA~1\INTERV~1\DVD5R\SchSvr.exe [2005-01-05 147456]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]

C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2004-12-30 270336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk]

C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-13 16423]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]

C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2007-06-21 282624]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Antivirus Firewall.lnk - C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe

Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

Wireless LAN Utility.lnk - C:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe

 

C:\Documents and Settings\nathalie\Menu Démarrer\Programmes\Démarrage

NetAnalyse.lnk - C:\Program Files\NetAnalyse\NetAnalyse.exe

PowerReg Scheduler V3.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2006-01-05 61440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=95000000

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe"="C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe:*:Enabled:Antivirus Firewall"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImLc.exe"="C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Documents and Settings\nathalie\Bureau\mule\eMule\emule.exe"="C:\Documents and Settings\nathalie\Bureau\mule\eMule\emule.exe:*:Enabled:eMule"

"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"

"C:\Program Files\Morpheus\Morpheus.exe"="C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus"

"C:\Program Files\eMule\eMule0.48a\emule.exe"="C:\Program Files\eMule\eMule0.48a\emule.exe:*:Enabled:eMule"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\KAZAA LITE TOOLS K++\KazaaLite.kpp"="C:\Program Files\KAZAA LITE TOOLS K++\KazaaLite.kpp:*:Enabled:KazaaLite"

"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"

"C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp"="C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp:*:Enabled:kazaalite"

"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"

"C:\Program Files\Global Star Software\Airport Tycoon 3\at3.exe"="C:\Program Files\Global Star Software\Airport Tycoon 3\at3.exe:*:Enabled:at3"

"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"

"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Program Files\GOA\Gunbound\GunBound.gme"="C:\Program Files\GOA\Gunbound\GunBound.gme:*:Enabled:GunBound"

"C:\Program Files\Lphant\eLePhantClient.exe"="C:\Program Files\Lphant\eLePhantClient.exe:*:Enabled:lphant Client"

"C:\Documents and Settings\nathalie\Bureau\mwodownloader.exe"="C:\Documents and Settings\nathalie\Bureau\mwodownloader.exe:*:Enabled:BitCometLite"

"C:\Documents and Settings\nathalie\Bureau\freezer.exe"="C:\Documents and Settings\nathalie\Bureau\freezer.exe:*:Enabled:freezer"

"C:\Program Files\MultiProxy\mproxy.exe"="C:\Program Files\MultiProxy\mproxy.exe:*:Enabled:MultiProxy personal proxy server"

"C:\Program Files\Atari\Deer Hunter 2005\DH2005.exe"="C:\Program Files\Atari\Deer Hunter 2005\DH2005.exe:*:Enabled:DH2005"

"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"

"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe"="C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe:*:Enabled:Antivirus Firewall"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c6434bb-6128-11dc-a847-0013d3a014e0}]

shell\AutoRun\command - F:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24d7c524-9817-11dc-a8a1-0013d3a014e0}]

shell\AutoRun\command - F:\setupSNK.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88961462-ba09-11dc-a8cf-0013d3a014e0}]

shell\AutoRun\command - F:\AutoTransfer.exe

 

 

======List of files/folders created in the last 1 months======

 

2009-01-10 20:39:02 ----D---- C:\_OTMoveIt

2009-01-10 20:25:05 ----A---- C:\cleannavi.txt

2009-01-10 20:20:00 ----D---- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar

2009-01-10 20:15:51 ----A---- C:\WINDOWS\hglnblou.txt

2009-01-10 19:56:11 ----A---- C:\fixnavi.txt

2009-01-10 19:55:22 ----D---- C:\Program Files\Navilog1

2009-01-10 19:43:34 ----A---- C:\TB.txt

2009-01-10 19:42:55 ----D---- C:\ToolBar SD

2009-01-10 19:30:42 ----D---- C:\Documents and Settings\nathalie\Application Data\Malwarebytes

2009-01-10 19:30:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-01-10 19:30:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-01-10 13:30:33 ----D---- C:\Program Files\trend micro

2009-01-10 13:30:26 ----D---- C:\rsit

2009-01-09 21:30:44 ----D---- C:\Program Files\Panda Security

2009-01-08 19:56:10 ----D---- C:\Program Files\JaliyaV4

2009-01-08 19:55:47 ----D---- C:\Program Files\Zylom Games

2009-01-08 19:55:47 ----D---- C:\Program Files\Warcraft III

2009-01-08 19:55:47 ----D---- C:\Program Files\Samsung

2009-01-08 19:55:45 ----D---- C:\Program Files\SAGEM

2009-01-08 19:55:45 ----D---- C:\Program Files\Project64 1.6

2009-01-08 19:55:45 ----D---- C:\Program Files\NRJ

2009-01-08 19:55:45 ----D---- C:\Program Files\MorpheusBar

2009-01-08 19:55:45 ----D---- C:\Program Files\Morpheus

2009-01-08 19:55:41 ----D---- C:\Program Files\MaCuisineLapeyrePrima

2009-01-08 19:55:41 ----D---- C:\Program Files\LimeWire

2009-01-08 19:55:41 ----D---- C:\Program Files\Kazaa Lite Resurrection

2009-01-08 19:55:40 ----D---- C:\Program Files\Infogrames

2009-01-08 19:55:40 ----D---- C:\Program Files\IKEA HomePlanner

2009-01-08 19:55:40 ----D---- C:\Program Files\GOA

2009-01-08 19:55:40 ----D---- C:\Program Files\GIMP-2.0

2009-01-08 19:55:38 ----D---- C:\Program Files\GameSpy Arcade

2009-01-08 19:55:38 ----D---- C:\Program Files\EoRezo

2009-01-08 19:55:38 ----D---- C:\Program Files\EA Games

2009-01-08 19:55:38 ----D---- C:\Program Files\d-lusion

2009-01-08 19:55:27 ----D---- C:\Program Files\BoontyGames

2009-01-08 19:55:26 ----D---- C:\Program Files\Boonty

2009-01-08 19:55:25 ----D---- C:\Program Files\Azureus

2009-01-08 19:55:24 ----D---- C:\totalcmd

2009-01-08 19:55:24 ----D---- C:\Team17

2009-01-08 19:55:24 ----D---- C:\Sierra

2009-01-08 19:55:24 ----D---- C:\Program Files\AviSynth 2.5

2009-01-08 19:55:24 ----D---- C:\eJay

2009-01-06 09:41:26 ----D---- C:\Program Files\Microsoft Silverlight

2008-12-27 13:00:08 ----A---- C:\WINDOWS\msnfix.txt

2008-12-26 13:43:50 ----A---- C:\WINDOWS\system32\MSCMCDE.DLL

2008-12-26 13:43:50 ----A---- C:\WINDOWS\system32\MSCC2DE.DLL

2008-12-26 13:43:50 ----A---- C:\WINDOWS\system32\CMDLGDE.DLL

2008-12-26 13:43:49 ----A---- C:\WINDOWS\system32\VB6DE.DLL

2008-12-22 21:37:05 ----D---- C:\WINDOWS\Minidump

2008-12-16 09:56:18 ----A---- C:\WINDOWS\wininit.ini

2008-12-11 22:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2008-12-11 22:45:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2008-12-11 22:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2008-12-11 22:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

 

======List of files/folders modified in the last 1 months======

 

2009-01-10 21:03:42 ----D---- C:\WINDOWS\Temp

2009-01-10 21:03:29 ----D---- C:\Program Files\Mozilla Firefox

2009-01-10 21:03:05 ----D---- C:\Program Files\Wanadoo

2009-01-10 21:02:31 ----A---- C:\WINDOWS\RTacDbg.txt

2009-01-10 21:02:29 ----D---- C:\WINDOWS

2009-01-10 21:01:37 ----D---- C:\WINDOWS\Prefetch

2009-01-10 20:58:05 ----D---- C:\WINDOWS\system32\CatRoot2

2009-01-10 20:56:13 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-01-10 20:39:02 ----D---- C:\Program Files

2009-01-10 20:33:12 ----D---- C:\WINDOWS\system32

2009-01-10 20:15:51 ----D---- C:\WINDOWS\system32\drivers

2009-01-09 21:31:41 ----HD---- C:\WINDOWS\inf

2009-01-08 19:58:54 ----D---- C:\WINDOWS\system32\config

2009-01-08 19:58:25 ----D---- C:\WINDOWS\system32\wbem

2009-01-08 19:58:24 ----D---- C:\WINDOWS\Registration

2009-01-08 19:57:37 ----D---- C:\Downloads

2009-01-08 19:56:43 ----SHD---- C:\Config.Msi

2009-01-08 19:56:11 ----SHD---- C:\WINDOWS\Installer

2009-01-08 19:55:09 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-01-08 19:55:04 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-01-07 21:59:28 ----AD---- C:\Program Files\Paint Shop Pro 6

2009-01-04 17:44:54 ----HD---- C:\Program Files\InstallShield Installation Information

2008-12-22 22:10:34 ----SD---- C:\Documents and Settings\nathalie\Application Data\Microsoft

2008-12-19 19:47:50 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-12-19 19:44:28 ----HD---- C:\WINDOWS\$hf_mig$

2008-12-13 07:37:56 ----A---- C:\WINDOWS\system32\mshtml.dll

2008-12-11 22:48:35 ----A---- C:\WINDOWS\imsins.BAK

2008-12-11 22:48:08 ----D---- C:\Program Files\Internet Explorer

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-08 21035]

R2 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys []

R2 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys []

R2 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys []

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]

R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-05 1420288]

R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]

R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-08-13 65280]

R3 RTLWUSB;802.11g USB 2.0 Wireless LAN Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-09-06 187392]

R3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys []

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 catchme;catchme; \??\C:\DOCUME~1\nathalie\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []

S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]

S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2004-10-29 32000]

S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []

S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-06 80272]

S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-06 10864]

S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-06 137884]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 ZSMC0305;VIMICRO USB PC Camera V; C:\WINDOWS\System32\Drivers\usbVM305.sys [2005-11-30 392316]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AGWinService;AG Windows Service; C:\Program Files\AGI\common\win32\PythonService.exe [2008-10-05 10240]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-05 405504]

R2 BackWeb Plug-in - 6588780;Antivirus Firewall; C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2007-06-02 32807]

R2 fsbwsys;fsbwsys; C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe [2007-06-02 278581]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe [2005-07-13 36947]

R2 FSMA;F-Secure Management Agent; C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE [2005-10-26 61490]

R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]

R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe [2005-11-18 204863]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-06-12 69120]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2004-10-29 86016]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

 

-----------------EOF-----------------

[Apollo]

Re,

 

L'infection est toujours présente.

 

Tu vas relancer l'outil toolbar S&D mais en mode sans échec avec l'option 2.

 

Pour faire des analyses en mode sans echec faire comme suit:

 

Au démarrage ou redémarrage du pc tapoter la touche F8 jusqu'à avoir un écran noir et blanc avec plusieurs options.

 

A l'aide des flèches de direction du clavier, choisir:mode sans echec et presser la touche ENTER.

 

Le système sera plus lent et l'écran bizarre, c'est normal.

 

Faire les analyses avec l'antivirus et les anti spywares mais une à la fois.

 

Après ces analyses, redémarrer le pc normalement.

 

*** Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".

 

--> Sous VISTA: clic droit Exécuter en temps qu'administrateur.

Ne ferme pas la fenêtre lors de la suppression !

Un rapport sera généré, poste son contenu dans ta réponse.

 

Poste un log Hijackthis tout frais après le reboot du pc stp.

 

 

 

@+

[romnath]

[ok je fais ca et je re...

[romnath]

voici le nouveau rapport:

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by nathalie at 2009-01-10 21:35:15

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 65 GB (44%) free of 149 GB

Total RAM: 1023 MB (48% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:36:10, on 10/01/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AGI\common\win32\PythonService.exe

C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE

C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe

C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe

C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE

C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe

C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AntivirusFirewall\Common\FCH32.EXE

C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE

C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe

C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe

C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe

C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\AntivirusFirewall\Common\FSM32.EXE

C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe

C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe

C:\WINDOWS\VM305_STI.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe

C:\Program Files\IncrediMail\bin\IMApp.exe

C:\Documents and Settings\nathalie\Bureau\RSIT.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\trend micro\nathalie.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

O4 - HKLM\..\Run: [NetAnalyse] C:\Program Files\NetAnalyse\NetAnalyse.exe

O4 - HKLM\..\Run: [Anniversaires] C:\Anuman Interactive\Le journal de votre naissance\anniv.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: NetAnalyse.lnk = C:\Program Files\NetAnalyse\NetAnalyse.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Wireless LAN Utility.lnk = ?

O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?bc611d11bab3496a82a04ef96140a3a9

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?bc611d11bab3496a82a04ef96140a3a9

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-20283c53200f4686.spaces.live.co...ad/MsnPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A436BD83-2F05-4783-B218-BB51F96D727A}: NameServer = 192.168.1.1

O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

 

--

End of file - 12078 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\EasyShare Registration Task.job

C:\WINDOWS\tasks\Scheduled scanning task.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]

AGSearchHook Class - C:\Program Files\AGI\common\agcutils.dll [2009-01-10 43520]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 656696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio"=RunDll32 cmicnfg.cpl []

"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-19 999424]

"WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480]

"WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\GestMaj.exe [2004-10-14 32768]

"F-Secure Manager"=C:\Program Files\AntivirusFirewall\Common\FSM32.EXE [2005-10-26 122929]

"F-Secure TNB"=C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe [2005-07-18 700416]

"F-Secure Startup Wizard"=C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE [2005-10-18 372736]

"News Service"=C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe [2005-05-31 356352]

"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]

"OPSE reminder"=C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe [2003-07-07 729088]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"BigDog305"=C:\WINDOWS\VM305_STI.EXE [2005-08-05 61440]

"NetAnalyse"=C:\Program Files\NetAnalyse\NetAnalyse.exe []

"Anniversaires"=C:\Anuman Interactive\Le journal de votre naissance\anniv.exe [2007-12-22 765952]

"QuickTime Task"=C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe [2008-09-06 282624]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"WOOKIT"=C:\PROGRA~1\Wanadoo\Shell.exe [2004-08-23 122880]

"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-07-24 243072]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

"ares"=C:\Program Files\Ares\Ares.exe -h []

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-05-06 202088]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anniversaires]

C:\Anuman Interactive\Le journal de votre naissance\anniv.exe [2007-12-22 765952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

C:\Program Files\Ares\Ares.exe -h []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrangePlayer]

c:\program files\orange\player orange\Orange Player.exe /systray []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-12-30 270336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo Scheduler server.lnk]

C:\PROGRA~1\INTERV~1\DVD5R\SchSvr.exe [2005-01-05 147456]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]

C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2004-12-30 270336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk]

C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-13 16423]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]

C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2007-06-21 282624]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Antivirus Firewall.lnk - C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe

Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

Wireless LAN Utility.lnk - C:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe

 

C:\Documents and Settings\nathalie\Menu Démarrer\Programmes\Démarrage

NetAnalyse.lnk - C:\Program Files\NetAnalyse\NetAnalyse.exe

PowerReg Scheduler V3.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2006-01-05 61440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=95000000

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe"="C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe:*:Enabled:Antivirus Firewall"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImLc.exe"="C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Documents and Settings\nathalie\Bureau\mule\eMule\emule.exe"="C:\Documents and Settings\nathalie\Bureau\mule\eMule\emule.exe:*:Enabled:eMule"

"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"

"C:\Program Files\Morpheus\Morpheus.exe"="C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus"

"C:\Program Files\eMule\eMule0.48a\emule.exe"="C:\Program Files\eMule\eMule0.48a\emule.exe:*:Enabled:eMule"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\KAZAA LITE TOOLS K++\KazaaLite.kpp"="C:\Program Files\KAZAA LITE TOOLS K++\KazaaLite.kpp:*:Enabled:KazaaLite"

"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"

"C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp"="C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp:*:Enabled:kazaalite"

"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"

"C:\Program Files\Global Star Software\Airport Tycoon 3\at3.exe"="C:\Program Files\Global Star Software\Airport Tycoon 3\at3.exe:*:Enabled:at3"

"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"

"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Program Files\GOA\Gunbound\GunBound.gme"="C:\Program Files\GOA\Gunbound\GunBound.gme:*:Enabled:GunBound"

"C:\Program Files\Lphant\eLePhantClient.exe"="C:\Program Files\Lphant\eLePhantClient.exe:*:Enabled:lphant Client"

"C:\Documents and Settings\nathalie\Bureau\mwodownloader.exe"="C:\Documents and Settings\nathalie\Bureau\mwodownloader.exe:*:Enabled:BitCometLite"

"C:\Documents and Settings\nathalie\Bureau\freezer.exe"="C:\Documents and Settings\nathalie\Bureau\freezer.exe:*:Enabled:freezer"

"C:\Program Files\MultiProxy\mproxy.exe"="C:\Program Files\MultiProxy\mproxy.exe:*:Enabled:MultiProxy personal proxy server"

"C:\Program Files\Atari\Deer Hunter 2005\DH2005.exe"="C:\Program Files\Atari\Deer Hunter 2005\DH2005.exe:*:Enabled:DH2005"

"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"

"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe"="C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe:*:Enabled:Antivirus Firewall"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c6434bb-6128-11dc-a847-0013d3a014e0}]

shell\AutoRun\command - F:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24d7c524-9817-11dc-a8a1-0013d3a014e0}]

shell\AutoRun\command - F:\setupSNK.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88961462-ba09-11dc-a8cf-0013d3a014e0}]

shell\AutoRun\command - F:\AutoTransfer.exe

 

 

======List of files/folders created in the last 1 months======

 

2009-01-10 21:17:51 ----A---- C:\WINDOWS\ntbtlog.txt

2009-01-10 20:39:02 ----D---- C:\_OTMoveIt

2009-01-10 20:25:05 ----A---- C:\cleannavi.txt

2009-01-10 20:20:00 ----D---- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar

2009-01-10 20:15:51 ----A---- C:\WINDOWS\hglnblou.txt

2009-01-10 19:56:11 ----A---- C:\fixnavi.txt

2009-01-10 19:55:22 ----D---- C:\Program Files\Navilog1

2009-01-10 19:43:34 ----A---- C:\TB.txt

2009-01-10 19:42:55 ----D---- C:\ToolBar SD

2009-01-10 19:30:42 ----D---- C:\Documents and Settings\nathalie\Application Data\Malwarebytes

2009-01-10 19:30:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-01-10 19:30:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-01-10 13:30:33 ----D---- C:\Program Files\trend micro

2009-01-10 13:30:26 ----D---- C:\rsit

2009-01-09 21:30:44 ----D---- C:\Program Files\Panda Security

2009-01-08 19:56:10 ----D---- C:\Program Files\JaliyaV4

2009-01-08 19:55:47 ----D---- C:\Program Files\Zylom Games

2009-01-08 19:55:47 ----D---- C:\Program Files\Warcraft III

2009-01-08 19:55:47 ----D---- C:\Program Files\Samsung

2009-01-08 19:55:45 ----D---- C:\Program Files\SAGEM

2009-01-08 19:55:45 ----D---- C:\Program Files\Project64 1.6

2009-01-08 19:55:45 ----D---- C:\Program Files\NRJ

2009-01-08 19:55:45 ----D---- C:\Program Files\MorpheusBar

2009-01-08 19:55:45 ----D---- C:\Program Files\Morpheus

2009-01-08 19:55:41 ----D---- C:\Program Files\MaCuisineLapeyrePrima

2009-01-08 19:55:41 ----D---- C:\Program Files\LimeWire

2009-01-08 19:55:41 ----D---- C:\Program Files\Kazaa Lite Resurrection

2009-01-08 19:55:40 ----D---- C:\Program Files\Infogrames

2009-01-08 19:55:40 ----D---- C:\Program Files\IKEA HomePlanner

2009-01-08 19:55:40 ----D---- C:\Program Files\GOA

2009-01-08 19:55:40 ----D---- C:\Program Files\GIMP-2.0

2009-01-08 19:55:38 ----D---- C:\Program Files\GameSpy Arcade

2009-01-08 19:55:38 ----D---- C:\Program Files\EoRezo

2009-01-08 19:55:38 ----D---- C:\Program Files\EA Games

2009-01-08 19:55:38 ----D---- C:\Program Files\d-lusion

2009-01-08 19:55:27 ----D---- C:\Program Files\BoontyGames

2009-01-08 19:55:26 ----D---- C:\Program Files\Boonty

2009-01-08 19:55:25 ----D---- C:\Program Files\Azureus

2009-01-08 19:55:24 ----D---- C:\totalcmd

2009-01-08 19:55:24 ----D---- C:\Team17

2009-01-08 19:55:24 ----D---- C:\Sierra

2009-01-08 19:55:24 ----D---- C:\Program Files\AviSynth 2.5

2009-01-08 19:55:24 ----D---- C:\eJay

2009-01-06 09:41:26 ----D---- C:\Program Files\Microsoft Silverlight

2008-12-27 13:00:08 ----A---- C:\WINDOWS\msnfix.txt

2008-12-26 13:43:50 ----A---- C:\WINDOWS\system32\MSCMCDE.DLL

2008-12-26 13:43:50 ----A---- C:\WINDOWS\system32\MSCC2DE.DLL

2008-12-26 13:43:50 ----A---- C:\WINDOWS\system32\CMDLGDE.DLL

2008-12-26 13:43:49 ----A---- C:\WINDOWS\system32\VB6DE.DLL

2008-12-22 21:37:05 ----D---- C:\WINDOWS\Minidump

2008-12-16 09:56:18 ----A---- C:\WINDOWS\wininit.ini

2008-12-11 22:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2008-12-11 22:45:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2008-12-11 22:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2008-12-11 22:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

 

======List of files/folders modified in the last 1 months======

 

2009-01-10 21:36:04 ----D---- C:\WINDOWS\Temp

2009-01-10 21:35:35 ----D---- C:\WINDOWS\Prefetch

2009-01-10 21:35:32 ----D---- C:\Program Files\Mozilla Firefox

2009-01-10 21:35:02 ----D---- C:\Program Files\Wanadoo

2009-01-10 21:33:44 ----A---- C:\WINDOWS\RTacDbg.txt

2009-01-10 21:33:41 ----D---- C:\WINDOWS

2009-01-10 21:31:10 ----D---- C:\WINDOWS\system32\CatRoot2

2009-01-10 21:16:00 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-01-10 20:39:02 ----D---- C:\Program Files

2009-01-10 20:33:12 ----D---- C:\WINDOWS\system32

2009-01-10 20:15:51 ----D---- C:\WINDOWS\system32\drivers

2009-01-09 21:31:41 ----HD---- C:\WINDOWS\inf

2009-01-08 19:58:54 ----D---- C:\WINDOWS\system32\config

2009-01-08 19:58:25 ----D---- C:\WINDOWS\system32\wbem

2009-01-08 19:58:24 ----D---- C:\WINDOWS\Registration

2009-01-08 19:57:37 ----D---- C:\Downloads

2009-01-08 19:56:43 ----SHD---- C:\Config.Msi

2009-01-08 19:56:11 ----SHD---- C:\WINDOWS\Installer

2009-01-08 19:55:09 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-01-08 19:55:04 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-01-07 21:59:28 ----AD---- C:\Program Files\Paint Shop Pro 6

2009-01-04 17:44:54 ----HD---- C:\Program Files\InstallShield Installation Information

2008-12-22 22:10:34 ----SD---- C:\Documents and Settings\nathalie\Application Data\Microsoft

2008-12-19 19:47:50 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-12-19 19:44:28 ----HD---- C:\WINDOWS\$hf_mig$

2008-12-13 07:37:56 ----A---- C:\WINDOWS\system32\mshtml.dll

2008-12-11 22:48:35 ----A---- C:\WINDOWS\imsins.BAK

2008-12-11 22:48:08 ----D---- C:\Program Files\Internet Explorer

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-08 21035]

R2 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys []

R2 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys []

R2 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys []

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]

R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-05 1420288]

R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]

R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-08-13 65280]

R3 RTLWUSB;802.11g USB 2.0 Wireless LAN Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-09-06 187392]

R3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys []

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 catchme;catchme; \??\C:\DOCUME~1\nathalie\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []

S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]

S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2004-10-29 32000]

S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []

S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-06 80272]

S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-06 10864]

S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-06 137884]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 ZSMC0305;VIMICRO USB PC Camera V; C:\WINDOWS\System32\Drivers\usbVM305.sys [2005-11-30 392316]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AGWinService;AG Windows Service; C:\Program Files\AGI\common\win32\PythonService.exe [2008-10-05 10240]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-05 405504]

R2 BackWeb Plug-in - 6588780;Antivirus Firewall; C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2007-06-02 32807]

R2 fsbwsys;fsbwsys; C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe [2007-06-02 278581]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe [2005-07-13 36947]

R2 FSMA;F-Secure Management Agent; C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE [2005-10-26 61490]

R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]

R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe [2005-11-18 204863]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-06-12 69120]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2004-10-29 86016]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

 

mais je n'ai plus d'antivirus le mien est bloqué...

[Apollo]

Ok on va s'y prendre autrement:

 

Ton antivirus, c'est celui proposé par ton fournisseur Internet ou tu as une licence séparée?

 

 

Relance Hijackthis avec Do a system scan only et coche les cases devant les lignes suivantes: SOUS VISTA: Clic droit sur Hijackthis/exécuter en temps qu'administrateur!

 

R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll

O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll

O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe

 

Ferme toutes les applications ouvertes et les navigateurs et clique sur Fix Checked

 

Redémarre le pc et poste un nouveau log Hijackthis stp.

 

@++

 

PS: débarrasse-toi de ton logiciel P2P:

 

PEER-TO-PEER

 

Je note que tu disposes d'un logiciel de peer-to-peer.

 

Jette un oeil à la petite synthèse sur les dangers sécuritaires du peer-to-peer en cliquant sur cette bannière:

 

 

J'espère que tu changeras d'avis à propos du téléchargement peer-to-peer: va faire un tour sur le forum de désinfection: le peer-to-peer est l'un des principaux vecteurs de virus via les cracks, keygens, fakes...

 

Article créé par oGu, conseiller en sécurité

[romnath]

ok je fais ca...

pour mon antivirus c'est celui d'orange mais mes mise a jours sont bloquées depuis 1 semaine ainsi que mon parefeu...ca fait 1 semaine que mon ordi merde...

[Apollo]

Tu dois les contacter: Par ici et leur demander de te donner une solution rapide sous peine de renonciation; tu as parfaitement le droit.

 

Si tu le souhaites, on peut installer autre-chose en attendant cette solution car tu ne dois pas rester sans protection!

 

Pour désinstaller securitoo, voir ici: http://www.securitoo.com/fra/pages/faqs_av_fw.php

 

Je te donne un antivirus gratuit aussitôt que tu auras répondu.

[romnath]

voici nouveau rapport :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:03:09, on 10/01/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AGI\common\win32\PythonService.exe

C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE

C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe

C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe

C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE

C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe

C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AntivirusFirewall\Common\FCH32.EXE

C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe

C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE

C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\AntivirusFirewall\Common\FSM32.EXE

C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\VM305_STI.EXE

C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe

C:\Anuman Interactive\Le journal de votre naissance\anniv.exe

C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe

C:\Program Files\IncrediMail\bin\IMApp.exe

C:\Documents and Settings\nathalie\Bureau\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

O4 - HKLM\..\Run: [NetAnalyse] C:\Program Files\NetAnalyse\NetAnalyse.exe

O4 - HKLM\..\Run: [Anniversaires] C:\Anuman Interactive\Le journal de votre naissance\anniv.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: NetAnalyse.lnk = C:\Program Files\NetAnalyse\NetAnalyse.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Wireless LAN Utility.lnk = ?

O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?bc611d11bab3496a82a04ef96140a3a9

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?bc611d11bab3496a82a04ef96140a3a9

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-20283c53200f4686.spaces.live.co...ad/MsnPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A436BD83-2F05-4783-B218-BB51F96D727A}: NameServer = 192.168.1.1

O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

 

--

End of file - 12014 bytes

[Apollo]

Tu as oublié de fixer une ligne.

 

Relance Hijackthis avec do a system scan only et coche la case devant cette ligne:

 

O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe

 

Ferme toutes les applications et le navigateur puis clique sur Fix checked.

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Ce logiciel est à garder, il rendra encore de grands services!

 

Connecter les supports amovibles (clés usb etc.) avant de lancer l'analyse.

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen complet"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

Si MBAM demande à être redémarré, redémarre le pc.

 

Poste un nouveau log Hijackthis après le redémarrage de la machine stp.

 

@+ tard.

[romnath]

ok je fais tout ca...

je te post ca demain ok ?

car c'est tres long et il commence a ce faire tard pour moi...

tu seras la demain , j'aurais une reponse de toi ?