help

[missmojorisin]

Sorry for my english guys And sorry because I dont know where to leave my coment and I'm maybe not in the good "location"
BUT I have a huuuuge problem with my computer. I can't really explain but every opening page doesnt "really" still open. My page still open but it's like a pop-up is opening and the page you were seeing still open but not really working; the problem is that there is no pop-up or new opening page ! Anyway, I'm not really understable BUT i really need some help!
I used hijackthis as PEDRO ask and there is the result :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:41:04, on 01/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\admin\Bureau\windows-kb890830-v2.6.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
c:\1faba1b8d8de8ce64cdd6dfc5e0108dc\mrtstub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\a-squared Free\a2free.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\6PEL59HZ\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [blah service] socksxt.exe
O4 - HKLM\..\Run: [dfix] kkix.exe
O4 - HKLM\..\Run: [Sygate Personals Firewalls] ccsrn.exe
O4 - HKLM\..\Run: [NvCplScan] msc32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [*windows update] wurauclt.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\RunServices: [blah service] socksxt.exe
O4 - HKLM\..\RunServices: [dfix] kkix.exe
O4 - HKLM\..\RunServices: [Sygate Personals Firewalls] ccsrn.exe
O4 - HKLM\..\RunServices: [*windows update] wurauclt.exe
O4 - HKCU\..\Run: [NvCplScan] msc32.exe
O4 - HKCU\..\Run: [*windows update] wurauclt.exe
O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [*windows update] wurauclt.exe
O4 - HKCU\..\Policies\Explorer\Run: [*windows update] wurauclt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [*windows update] wurauclt.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [dfix] kkix.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [*windows update] wurauclt.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [dfix] kkix.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [*windows update] wurauclt.exe (User 'Default user')
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: AMV convert tool grab multimedia file - C:\Program Files\MP3??????? 4.18\AMVConverter\grab.html
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadMa...od/DownMan.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NvCplScan (MsCplScan) - Unknown owner - C:\WINDOWS\System32\msc32.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 14677 bytes

[ken545]

Hello missmojorisin

Welcome to Safer Networking.

Please read Before You Post
That said, All advice given by anyone volunteering here, is taken at your own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.

Do this before we start, you need to disable the TeaTimer in Spybot as it will prevent fixes from taking, keep it disabled,

• Run Spybot-S&D in Advanced Mode.
• If it is not already set to do this Go to the Mode menu select "Advanced Mode"
• On the left hand side, Click on Tools
• Then click on the Resident Icon in the List
• Uncheck "Resident TeaTimer" and OK any prompts.
• Restart your computer.<--You need to do this for it to take effect

Please do not proceed until the TeaTimer is disabled






Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

[missmojorisin]

hum... my technical english is bad...
You said :
"Do this before we start, you need to disable the TeaTimer in Spybot as it will prevent fixes from taking, keep it disabled"

But how do I disable this TeaTimer - and where I find it ?

Do I need to remove the antivirus "Spybot - Search & Destroy" ?

thanks for your help my connection is so slow

[missmojorisin]

i found it sorry

[missmojorisin]

about combo :


ComboFix 09-01-21.04 - admin 2009-01-28 20:23:54.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.307 [GMT 1:00]
Lancé depuis: c:\documents and settings\admin\Bureau\ComboFix.exe
AV: F-Secure Anti-Virus 6.11 *On-access scanning disabled* (Updated)
.
ADS - svchost.exe: deleted 228 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\admin\Mes documents\My Documents.url
c:\program files\internet optimizer
c:\recycler\desktopA.sys
c:\windows\IE4 Error Log.txt
c:\windows\system32\components
c:\windows\system32\ftpupd.exe
c:\windows\system32\stera.log
c:\windows\system32\windupdates.exe
c:\windows\system32\winssv.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_VSPF
-------\Legacy_VSPF_HK


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-28 au 2009-01-28 ))))))))))))))))))))))))))))))))))))
.

2009-01-25 17:01 . 2009-01-25 17:01 244 --ah----- C:\sqmnoopt02.sqm
2009-01-25 17:01 . 2009-01-25 17:01 232 --ah----- C:\sqmdata02.sqm
2009-01-25 03:16 . 2009-01-25 03:16 244 --ah----- C:\sqmnoopt01.sqm
2009-01-25 03:16 . 2009-01-25 03:16 232 --ah----- C:\sqmdata01.sqm
2009-01-25 03:02 . 2009-01-25 03:02 <REP> d-------- C:\cygwin
2009-01-24 13:08 . 2009-01-25 17:05 <REP> d-------- c:\program files\Lavasoft
2009-01-24 13:08 . 2009-01-25 17:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-24 12:39 . 2009-01-24 12:40 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-24 12:39 . 2009-01-24 12:43 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-19 21:45 . 2009-01-19 21:45 <REP> d-------- c:\documents and settings\admin\Application Data\Roxio
2009-01-19 21:37 . 2009-01-19 21:38 77,824 --a------ c:\windows\system32\LYSLJ035.exe
2009-01-18 15:43 . 2009-01-18 15:43 <REP> d-------- c:\documents and settings\admin\Application Data\dBpoweramp
2009-01-18 15:39 . 2009-01-18 15:39 <REP> d-------- c:\documents and settings\admin\Application Data\AccurateRip
2009-01-18 15:39 . 2009-01-18 15:39 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2009-01-18 15:39 . 2009-01-18 15:40 13,783 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-01-17 02:11 . 2009-01-17 02:11 <REP> d-------- c:\program files\Veoh Networks
2009-01-10 15:33 . 2009-01-10 15:34 <REP> d-------- c:\program files\iTunes
2009-01-10 15:33 . 2009-01-10 15:33 <REP> d-------- c:\program files\iPod
2009-01-10 15:33 . 2009-01-10 15:34 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-10 15:27 . 2009-01-10 15:27 <REP> d-------- c:\program files\Conduit
2009-01-10 15:26 . 2009-01-10 15:26 <REP> d-------- c:\windows\Freecorder Toolbar
2009-01-10 15:26 . 2009-01-10 15:26 <REP> d-------- c:\program files\Freecorder Toolbar
2009-01-10 15:23 . 2009-01-10 15:23 <REP> d-------- c:\program files\Apple Software Update
2009-01-10 15:20 . 2009-01-10 15:33 <REP> d-------- c:\program files\Fichiers communs\Apple
2009-01-10 15:20 . 2009-01-10 15:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-10 15:11 . 2009-01-10 15:11 <REP> d-------- c:\documents and settings\admin\Application Data\GrabPro
2009-01-10 15:05 . 2009-01-14 22:41 <REP> d-------- c:\program files\Orbitdownloader
2009-01-10 15:05 . 2009-01-14 22:41 <REP> d-------- c:\documents and settings\admin\Application Data\Orbit
2009-01-10 14:52 . 2009-01-10 14:52 <REP> d-------- c:\program files\Flv Audio Extractor

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-25 15:57 --------- d-----w c:\program files\WebRebates4
2009-01-25 15:57 --------- d-----w c:\program files\TopSearch
2009-01-25 15:57 --------- d-----w c:\documents and settings\admin\Application Data\Registry Cleaner
2009-01-25 05:15 --------- d-----w c:\documents and settings\admin\Application Data\OpenOffice.org2
2009-01-19 22:08 --------- d-----w c:\documents and settings\admin\Application Data\Desktopicon
2009-01-10 20:28 --------- d-----w c:\program files\Unlocker
2009-01-10 14:30 --------- d-----w c:\program files\QuickTime
2009-01-10 14:29 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-10 14:14 --------- d-----w c:\program files\Free Music Zilla
2009-01-02 15:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 15:10 --------- d-----w c:\program files\Samsung
2008-12-20 18:13 --------- d-----w c:\documents and settings\admin\Application Data\Malwarebytes
2008-12-20 18:12 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-20 16:00 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-20 15:55 --------- d-----w c:\program files\Google
2008-12-20 15:48 --------- d-----w c:\program files\VirginMega
2008-12-19 14:04 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-07 00:32 --------- d-----w c:\program files\Fichiers communs\Real
2008-12-06 00:30 --------- d-----w c:\program files\SoftChris
2005-02-07 22:47 486 -c-h--w c:\documents and settings\admin\hpothb07.dat
.

------- Sigcheck -------

2004-08-20 00:10 14336 2979b03d5382a602623c0535b16ab9c0 c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-14 03:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\svchost.exe
2004-08-20 00:10 14336 2979b03d5382a602623c0535b16ab9c0 c:\windows\system32\svchost.exe

2004-08-20 00:09 82944 eed74b969b2ca1acc558ff60fb420e28 c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-14 03:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ws2_32.dll
2004-08-20 00:09 82944 eed74b969b2ca1acc558ff60fb420e28 c:\windows\system32\ws2_32.dll

2004-08-20 00:10 506368 123eea158f74d0f67a51dcdf065d1091 c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-14 03:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\winlogon.exe
2004-08-20 00:10 506368 123eea158f74d0f67a51dcdf065d1091 c:\windows\system32\winlogon.exe

2004-08-04 07:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ndis.sys
2004-08-04 07:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys
2004-08-04 07:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys

2004-08-04 07:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ip6fw.sys
2004-08-04 07:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\dllcache\ip6fw.sys
2004-08-04 07:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys

2004-08-20 00:10 108544 63dcde1a0d86eeb8924d6738ff616ead c:\windows\ServicePackFiles\i386\services.exe
2008-04-14 03:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\services.exe
2004-08-20 00:10 108544 63dcde1a0d86eeb8924d6738ff616ead c:\windows\system32\services.exe

2004-08-20 00:09 13312 259af82a0932eea4f316f92db94707b6 c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-14 03:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\lsass.exe
2004-08-20 00:09 13312 259af82a0932eea4f316f92db94707b6 c:\windows\system32\lsass.exe

2004-08-20 00:09 15360 64e41e8fee655b03e3f19ded21ba5118 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 03:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ctfmon.exe
2004-08-20 00:09 15360 64e41e8fee655b03e3f19ded21ba5118 c:\windows\system32\ctfmon.exe

2004-08-20 00:10 25088 84717891f0734c611721f56c60b5fbc3 c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 03:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\userinit.exe
2004-08-20 00:10 25088 84717891f0734c611721f56c60b5fbc3 c:\windows\system32\userinit.exe

2004-08-20 00:09 297984 78f90c3e230ad122bcb116abad5fefe9 c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-14 03:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\termsrv.dll
2004-08-20 00:09 297984 78f90c3e230ad122bcb116abad5fefe9 c:\windows\system32\termsrv.dll

2004-08-20 00:09 17408 29d5e58fb089c41898a81bd4c8970f22 c:\windows\ServicePackFiles\i386\powrprof.dll
2008-04-14 03:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\powrprof.dll
2004-08-20 00:09 17408 29d5e58fb089c41898a81bd4c8970f22 c:\windows\system32\powrprof.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Pando"="c:\program files\Pando Networks\Pando\pando.exe" [2007-11-02 5223752]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"%FP%Friendly fts.exe"="c:\program files\Friendly Technologies\BroadbandAccess\fts.exe" [2003-05-06 72192]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"F-Secure Manager"="c:\program files\F-Secure Internet Security\Common\FSM32.EXE" [2005-10-26 122929]
"F-Secure TNB"="c:\program files\F-Secure Internet Security\TNB\TNBUtil.exe" [2005-07-18 700416]
"F-Secure Startup Wizard"="c:\program files\F-Secure Internet Security\FSGUI\FSSW.EXE" [2005-10-18 372736]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NapsterShell"="c:\program files\Napster\napster.exe" [2008-05-29 323216]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Contr“leur de calendrier Ulead.lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2006-04-20 69632]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2002-09-30 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\FSfilter.sys [2006-04-02 48720]
R4 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsgk.sys [2006-04-02 46800]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\FSrec.sys [2006-04-02 16816]
S0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys --> c:\windows\system32\drivers\fsdfw.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
S4 3B49BFACBDE3CAFC;3B49BFACBDE3CAFC;\??\c:\documents and settings\admin\Bureau\3B49BFACBDE3CAFC\3B49BFACBDE3CAFC --> c:\documents and settings\admin\Bureau\3B49BFACBDE3CAFC\3B49BFACBDE3CAFC [?]
S4 BackWeb Plug-in - 4476822;F-Secure 2006;c:\progra~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE --> c:\progra~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE [?]
S4 MsCplScan;NvCplScan;"c:\windows\System32\msc32.exe" -netsvcs --> c:\windows\System32\msc32.exe [?]
.
Contenu du dossier 'Tâches planifiées'

2009-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-27 c:\windows\Tasks\At1.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At10.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At11.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At12.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At13.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At14.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At15.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At16.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At17.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At18.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At19.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At2.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At20.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-27 c:\windows\Tasks\At21.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-27 c:\windows\Tasks\At22.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-27 c:\windows\Tasks\At23.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-27 c:\windows\Tasks\At24.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-27 c:\windows\Tasks\At25.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At26.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At27.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At28.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At29.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At3.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At30.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At31.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At32.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At33.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At34.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At35.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At36.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At37.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At38.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At39.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At4.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At40.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At41.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At42.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At43.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At44.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-27 c:\windows\Tasks\At45.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-27 c:\windows\Tasks\At46.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-27 c:\windows\Tasks\At47.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-27 c:\windows\Tasks\At48.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-27 c:\windows\Tasks\At49.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At5.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At50.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At51.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At52.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At53.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At54.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At55.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At56.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At57.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At58.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At59.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At6.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At60.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At61.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At62.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At63.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At64.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At65.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At66.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At67.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At68.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-27 c:\windows\Tasks\At69.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At7.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-27 c:\windows\Tasks\At70.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-27 c:\windows\Tasks\At71.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-27 c:\windows\Tasks\At72.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-27 c:\windows\Tasks\At73.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At74.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At75.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At76.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At77.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At78.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At79.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At8.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At80.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At81.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At82.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At83.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At84.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At85.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At86.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At87.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At88.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At89.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At9.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At90.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At91.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-28 c:\windows\Tasks\At92.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-27 c:\windows\Tasks\At93.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-27 c:\windows\Tasks\At94.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-27 c:\windows\Tasks\At95.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2009-01-27 c:\windows\Tasks\At96.job
- c:\windows\system32\LYSLJ035.exe [2009-01-19 21:38]

2007-03-03 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1164565828.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]

2009-01-28 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} - (no file)
WebBrowser-{804DB5C7-31E6-4885-850A-F1941B58A4C7} - (no file)
HKCU-Run-BoontyBox - c:\program files\Boonty\BoontyBox\BoontyBox.exe
HKCU-Run-Registry Cleaner - c:\program files\TPT Registry_Cleaner (Trial)\regclean.exe
HKLM-Run-ProfileWatcher - c:\program files\ProfileWatcher\profilewatcher.exe
HKLM-Run-dfix - kkix.exe
HKLM-Run-Sygate Personals Firewalls - ccsrn.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-RunServices-dfix - kkix.exe
HKLM-RunServices-Sygate Personals Firewalls - ccsrn.exe
HKU-Default-Run-dfix - kkix.exe
HKU-Default-Run-Sygate Personals Firewalls - ccsrn.exe
HKU-Default-Run-*windows update - wurauclt.exe
HKU-Default-RunServices-dfix - kkix.exe
HKLM-Explorer_Run-*windows update - wurauclt.exe
HKCU-Explorer_Run-*windows update - wurauclt.exe
HKU-Default-Explorer_Run-*windows update - wurauclt.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mSearch Bar = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Bloquer cette fenêtre publicitaire - c:\program files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: AMV convert tool grab multimedia file - c:\program files\MP3??????? 4.18\AMVConverter\grab.html
IE: Web Rebates. - file://c:\program files\WebRebates4\websrebates\webtrebates\toprC0.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\euik4xwn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - component: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\euik4xwn.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 20:32:44
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\3B49BFACBDE3CAFC]
"ImagePath"="\??\c:\documents and settings\admin\Bureau\3B49BFACBDE3CAFC\3B49BFACBDE3CAFC"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1757981266-2139871995-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DAE85C9-D3D4-637A-36A3-D69804F8FC97}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nagbkbddaeghioelgkckmelinfbb"=hex:69,61,6c,6b,70,6f,6a,67,65,68,61,61,63,61,
6a,66,69,66,00,00
"mamcadcdjelplfkeoadppidicp"=hex:6b,61,6b,6b,6c,6f,61,63,6c,66,61,6a,67,67,6e,
6b,62,6f,68,6e,65,64,00,00
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WgaTray.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
c:\program files\F-Secure Internet Security\Common\FSMA32.EXE
c:\program files\F-Secure Internet Security\Anti-Virus\fssm32.exe
c:\program files\F-Secure Internet Security\Common\FSMB32.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\F-Secure Internet Security\Common\FCH32.EXE
c:\windows\system32\MsPMSPSv.exe
c:\program files\F-Secure Internet Security\Anti-Virus\fsqh.exe
c:\program files\F-Secure Internet Security\Common\FAMEH32.EXE
c:\program files\F-Secure Internet Security\Anti-Virus\FSRW.exe
c:\windows\system32\wscntfy.exe
c:\program files\F-Secure Internet Security\Anti-Virus\FSAV32.exe
c:\program files\F-Secure Internet Security\FSGUI\fsguidll.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2009-01-28 20:36:56 - La machine a redémarré [admin]
ComboFix-quarantined-files.txt 2009-01-28 19:36:19

Avant-CF: 1,576,636,416 octets libres
Après-CF: 2,426,187,776 octets libres

456 --- E O F --- 2009-01-15 02:01:26

[missmojorisin]

hijackthis :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:50, on 01/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\admin\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'Default user')
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: AMV convert tool grab multimedia file - C:\Program Files\MP3??????? 4.18\AMVConverter\grab.html
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadMa...od/DownMan.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NvCplScan (MsCplScan) - Unknown owner - C:\WINDOWS\System32\msc32.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 11821 bytes

[ken545]

Hi,

Your doing well but you still have not disabled the TeaTimer, it needs to be disabled and keep it disabled.

• Run Spybot-S&D in Advanced Mode.
• If it is not already set to do this Go to the Mode menu select "Advanced Mode"
• On the left hand side, Click on Tools
• Then click on the Resident Icon in the List
• Uncheck "Resident TeaTimer" and OK any prompts.
• Restart your computer.<--You need to do this for it to take effect

Make sure you reboot your computer so it will take effect.




Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

Code:

File::
c:\windows\system32\LYSLJ035.exe 
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At49.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At50.job
c:\windows\Tasks\At51.job
c:\windows\Tasks\At52.job
c:\windows\Tasks\At53.job
c:\windows\Tasks\At54.job
c:\windows\Tasks\At55.job
c:\windows\Tasks\At56.job
c:\windows\Tasks\At57.job
c:\windows\Tasks\At58.job
c:\windows\Tasks\At59.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At60.job
c:\windows\Tasks\At61.job
c:\windows\Tasks\At62.job
c:\windows\Tasks\At63.job
c:\windows\Tasks\At64.job
c:\windows\Tasks\At65.job
c:\windows\Tasks\At66.job
c:\windows\Tasks\At67.job
c:\windows\Tasks\At68.job
c:\windows\Tasks\At69.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At70.job
c:\windows\Tasks\At71.job
c:\windows\Tasks\At72.job
c:\windows\Tasks\At73.job
c:\windows\Tasks\At74.job
c:\windows\Tasks\At75.job
c:\windows\Tasks\At76.job
c:\windows\Tasks\At77.job
c:\windows\Tasks\At78.job
c:\windows\Tasks\At79.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At80.job
c:\windows\Tasks\At81.job
c:\windows\Tasks\At82.job
c:\windows\Tasks\At83.job
c:\windows\Tasks\At84.job
c:\windows\Tasks\At85.job
c:\windows\Tasks\At86.job
c:\windows\Tasks\At87.job
c:\windows\Tasks\At88.job
c:\windows\Tasks\At89.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\At90.job
c:\windows\Tasks\At91.job
c:\windows\Tasks\At92.job
c:\windows\Tasks\At93.job
c:\windows\Tasks\At94.job
c:\windows\Tasks\At95.job
c:\windows\Tasks\At96.job

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

[missmojorisin]

combo :


ComboFix 09-01-21.04 - admin 2009-01-28 22:38:34.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.220 [GMT 1:00]
Lancé depuis: c:\documents and settings\admin\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\admin\Bureau\CFScript
AV: F-Secure Anti-Virus 6.11 *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\LYSLJ035.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At49.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At50.job
c:\windows\Tasks\At51.job
c:\windows\Tasks\At52.job
c:\windows\Tasks\At53.job
c:\windows\Tasks\At54.job
c:\windows\Tasks\At55.job
c:\windows\Tasks\At56.job
c:\windows\Tasks\At57.job
c:\windows\Tasks\At58.job
c:\windows\Tasks\At59.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At60.job
c:\windows\Tasks\At61.job
c:\windows\Tasks\At62.job
c:\windows\Tasks\At63.job
c:\windows\Tasks\At64.job
c:\windows\Tasks\At65.job
c:\windows\Tasks\At66.job
c:\windows\Tasks\At67.job
c:\windows\Tasks\At68.job
c:\windows\Tasks\At69.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At70.job
c:\windows\Tasks\At71.job
c:\windows\Tasks\At72.job
c:\windows\Tasks\At73.job
c:\windows\Tasks\At74.job
c:\windows\Tasks\At75.job
c:\windows\Tasks\At76.job
c:\windows\Tasks\At77.job
c:\windows\Tasks\At78.job
c:\windows\Tasks\At79.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At80.job
c:\windows\Tasks\At81.job
c:\windows\Tasks\At82.job
c:\windows\Tasks\At83.job
c:\windows\Tasks\At84.job
c:\windows\Tasks\At85.job
c:\windows\Tasks\At86.job
c:\windows\Tasks\At87.job
c:\windows\Tasks\At88.job
c:\windows\Tasks\At89.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\At90.job
c:\windows\Tasks\At91.job
c:\windows\Tasks\At92.job
c:\windows\Tasks\At93.job
c:\windows\Tasks\At94.job
c:\windows\Tasks\At95.job
c:\windows\Tasks\At96.jobSave this as CFScript to your desktop.
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\LYSLJ035.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At49.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At50.job
c:\windows\Tasks\At51.job
c:\windows\Tasks\At52.job
c:\windows\Tasks\At53.job
c:\windows\Tasks\At54.job
c:\windows\Tasks\At55.job
c:\windows\Tasks\At56.job
c:\windows\Tasks\At57.job
c:\windows\Tasks\At58.job
c:\windows\Tasks\At59.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At60.job
c:\windows\Tasks\At61.job
c:\windows\Tasks\At62.job
c:\windows\Tasks\At63.job
c:\windows\Tasks\At64.job
c:\windows\Tasks\At65.job
c:\windows\Tasks\At66.job
c:\windows\Tasks\At67.job
c:\windows\Tasks\At68.job
c:\windows\Tasks\At69.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At70.job
c:\windows\Tasks\At71.job
c:\windows\Tasks\At72.job
c:\windows\Tasks\At73.job
c:\windows\Tasks\At74.job
c:\windows\Tasks\At75.job
c:\windows\Tasks\At76.job
c:\windows\Tasks\At77.job
c:\windows\Tasks\At78.job
c:\windows\Tasks\At79.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At80.job
c:\windows\Tasks\At81.job
c:\windows\Tasks\At82.job
c:\windows\Tasks\At83.job
c:\windows\Tasks\At84.job
c:\windows\Tasks\At85.job
c:\windows\Tasks\At86.job
c:\windows\Tasks\At87.job
c:\windows\Tasks\At88.job
c:\windows\Tasks\At89.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\At90.job
c:\windows\Tasks\At91.job
c:\windows\Tasks\At92.job
c:\windows\Tasks\At93.job
c:\windows\Tasks\At94.job
c:\windows\Tasks\At95.job
c:\windows\Tasks\At96.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-28 au 2009-01-28 ))))))))))))))))))))))))))))))))))))
.

2009-01-28 22:35 . 2009-01-28 22:35 <REP> d-------- c:\program files\Notepad++
2009-01-28 22:35 . 2009-01-28 22:35 <REP> d-------- c:\documents and settings\admin\Application Data\Notepad++
2009-01-25 17:01 . 2009-01-25 17:01 244 --ah----- C:\sqmnoopt02.sqm
2009-01-25 17:01 . 2009-01-25 17:01 232 --ah----- C:\sqmdata02.sqm
2009-01-25 03:16 . 2009-01-25 03:16 244 --ah----- C:\sqmnoopt01.sqm
2009-01-25 03:16 . 2009-01-25 03:16 232 --ah----- C:\sqmdata01.sqm
2009-01-25 03:02 . 2009-01-25 03:02 <REP> d-------- C:\cygwin
2009-01-24 13:08 . 2009-01-25 17:05 <REP> d-------- c:\program files\Lavasoft
2009-01-24 13:08 . 2009-01-25 17:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-24 12:39 . 2009-01-28 22:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-19 21:45 . 2009-01-19 21:45 <REP> d-------- c:\documents and settings\admin\Application Data\Roxio
2009-01-18 15:43 . 2009-01-18 15:43 <REP> d-------- c:\documents and settings\admin\Application Data\dBpoweramp
2009-01-18 15:39 . 2009-01-18 15:39 <REP> d-------- c:\documents and settings\admin\Application Data\AccurateRip
2009-01-18 15:39 . 2009-01-18 15:39 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2009-01-18 15:39 . 2009-01-18 15:40 13,783 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-01-17 02:11 . 2009-01-17 02:11 <REP> d-------- c:\program files\Veoh Networks
2009-01-10 15:33 . 2009-01-10 15:34 <REP> d-------- c:\program files\iTunes
2009-01-10 15:33 . 2009-01-10 15:33 <REP> d-------- c:\program files\iPod
2009-01-10 15:33 . 2009-01-10 15:34 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-10 15:27 . 2009-01-10 15:27 <REP> d-------- c:\program files\Conduit
2009-01-10 15:26 . 2009-01-10 15:26 <REP> d-------- c:\windows\Freecorder Toolbar
2009-01-10 15:26 . 2009-01-10 15:26 <REP> d-------- c:\program files\Freecorder Toolbar
2009-01-10 15:23 . 2009-01-10 15:23 <REP> d-------- c:\program files\Apple Software Update
2009-01-10 15:20 . 2009-01-10 15:33 <REP> d-------- c:\program files\Fichiers communs\Apple
2009-01-10 15:20 . 2009-01-10 15:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-10 15:11 . 2009-01-10 15:11 <REP> d-------- c:\documents and settings\admin\Application Data\GrabPro
2009-01-10 15:05 . 2009-01-14 22:41 <REP> d-------- c:\program files\Orbitdownloader
2009-01-10 15:05 . 2009-01-14 22:41 <REP> d-------- c:\documents and settings\admin\Application Data\Orbit
2009-01-10 14:52 . 2009-01-10 14:52 <REP> d-------- c:\program files\Flv Audio Extractor

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-25 15:57 --------- d-----w c:\program files\WebRebates4
2009-01-25 15:57 --------- d-----w c:\program files\TopSearch
2009-01-25 15:57 --------- d-----w c:\documents and settings\admin\Application Data\Registry Cleaner
2009-01-25 05:15 --------- d-----w c:\documents and settings\admin\Application Data\OpenOffice.org2
2009-01-19 22:08 --------- d-----w c:\documents and settings\admin\Application Data\Desktopicon
2009-01-18 14:38 5,052,280 -c--a-w c:\windows\system32\SpoonUninstall.exe
2009-01-10 20:28 --------- d-----w c:\program files\Unlocker
2009-01-10 14:30 --------- d-----w c:\program files\QuickTime
2009-01-10 14:29 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-10 14:14 --------- d-----w c:\program files\Free Music Zilla
2009-01-02 15:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 15:10 --------- d-----w c:\program files\Samsung
2008-12-20 18:13 56,726 ----a-w c:\windows\system32\vvrbgyhfepm.dll-uninst.exe
2008-12-20 18:13 --------- d-----w c:\documents and settings\admin\Application Data\Malwarebytes
2008-12-20 18:12 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-20 16:00 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-20 15:55 --------- d-----w c:\program files\Google
2008-12-20 15:48 --------- d-----w c:\program files\VirginMega
2008-12-19 14:04 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-07 00:32 --------- d-----w c:\program files\Fichiers communs\Real
2008-12-06 00:30 --------- d-----w c:\program files\SoftChris
2006-05-21 12:21 712,704 -c--a-w c:\windows\inf\OTHER\AUDIO3D.DLL
2005-02-07 22:47 486 -c-h--w c:\documents and settings\admin\hpothb07.dat
.

------- Sigcheck -------

2004-08-20 00:10 14336 2979b03d5382a602623c0535b16ab9c0 c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-14 03:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\svchost.exe
2004-08-20 00:10 14336 2979b03d5382a602623c0535b16ab9c0 c:\windows\system32\svchost.exe

2004-08-20 00:09 82944 eed74b969b2ca1acc558ff60fb420e28 c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-14 03:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ws2_32.dll
2004-08-20 00:09 82944 eed74b969b2ca1acc558ff60fb420e28 c:\windows\system32\ws2_32.dll

2004-08-20 00:10 506368 123eea158f74d0f67a51dcdf065d1091 c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-14 03:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\winlogon.exe
2004-08-20 00:10 506368 123eea158f74d0f67a51dcdf065d1091 c:\windows\system32\winlogon.exe

2004-08-04 07:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ndis.sys
2004-08-04 07:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys
2004-08-04 07:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys

2004-08-04 07:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ip6fw.sys
2004-08-04 07:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\dllcache\ip6fw.sys
2004-08-04 07:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys

2004-08-20 00:10 108544 63dcde1a0d86eeb8924d6738ff616ead c:\windows\ServicePackFiles\i386\services.exe
2008-04-14 03:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\services.exe
2004-08-20 00:10 108544 63dcde1a0d86eeb8924d6738ff616ead c:\windows\system32\services.exe

2004-08-20 00:09 13312 259af82a0932eea4f316f92db94707b6 c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-14 03:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\lsass.exe
2004-08-20 00:09 13312 259af82a0932eea4f316f92db94707b6 c:\windows\system32\lsass.exe

2004-08-20 00:09 15360 64e41e8fee655b03e3f19ded21ba5118 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 03:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ctfmon.exe
2004-08-20 00:09 15360 64e41e8fee655b03e3f19ded21ba5118 c:\windows\system32\ctfmon.exe

2004-08-20 00:10 25088 84717891f0734c611721f56c60b5fbc3 c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 03:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\userinit.exe
2004-08-20 00:10 25088 84717891f0734c611721f56c60b5fbc3 c:\windows\system32\userinit.exe

2004-08-20 00:09 297984 78f90c3e230ad122bcb116abad5fefe9 c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-14 03:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\termsrv.dll
2004-08-20 00:09 297984 78f90c3e230ad122bcb116abad5fefe9 c:\windows\system32\termsrv.dll

2004-08-20 00:09 17408 29d5e58fb089c41898a81bd4c8970f22 c:\windows\ServicePackFiles\i386\powrprof.dll
2008-04-14 03:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\powrprof.dll
2004-08-20 00:09 17408 29d5e58fb089c41898a81bd4c8970f22 c:\windows\system32\powrprof.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Pando"="c:\program files\Pando Networks\Pando\pando.exe" [2007-11-02 5223752]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"Registry Cleaner"="c:\program files\TPT Registry_Cleaner (Trial)\regclean.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"%FP%Friendly fts.exe"="c:\program files\Friendly Technologies\BroadbandAccess\fts.exe" [2003-05-06 72192]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"F-Secure Manager"="c:\program files\F-Secure Internet Security\Common\FSM32.EXE" [2005-10-26 122929]
"F-Secure TNB"="c:\program files\F-Secure Internet Security\TNB\TNBUtil.exe" [2005-07-18 700416]
"F-Secure Startup Wizard"="c:\program files\F-Secure Internet Security\FSGUI\FSSW.EXE" [2005-10-18 372736]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NapsterShell"="c:\program files\Napster\napster.exe" [2008-05-29 323216]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ProfileWatcher"="c:\program files\ProfileWatcher\profilewatcher.exe" [BU]
"Cmaudio"="cmicnfg.cpl" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Contr“leur de calendrier Ulead.lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2006-04-20 69632]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2002-09-30 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\FSfilter.sys [2006-04-02 48720]
R4 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsgk.sys [2006-04-02 46800]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\FSrec.sys [2006-04-02 16816]
S0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys --> c:\windows\system32\drivers\fsdfw.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
S4 3B49BFACBDE3CAFC;3B49BFACBDE3CAFC;\??\c:\documents and settings\admin\Bureau\3B49BFACBDE3CAFC\3B49BFACBDE3CAFC --> c:\documents and settings\admin\Bureau\3B49BFACBDE3CAFC\3B49BFACBDE3CAFC [?]
S4 BackWeb Plug-in - 4476822;F-Secure 2006;c:\progra~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE --> c:\progra~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE [?]
S4 MsCplScan;NvCplScan;"c:\windows\System32\msc32.exe" -netsvcs --> c:\windows\System32\msc32.exe [?]
.
Contenu du dossier 'Tâches planifiées'

2009-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2007-03-03 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1164565828.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]

2009-01-28 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
HKLM-Run-ClamWin - c:\program files\ClamWin\bin\ClamTray.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mSearch Bar = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Bloquer cette fenêtre publicitaire - c:\program files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: AMV convert tool grab multimedia file - c:\program files\MP3??????? 4.18\AMVConverter\grab.html
IE: Web Rebates. - file://c:\program files\WebRebates4\websrebates\webtrebates\toprC0.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\euik4xwn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - component: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\euik4xwn.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 22:41:38
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\3B49BFACBDE3CAFC]
"ImagePath"="\??\c:\documents and settings\admin\Bureau\3B49BFACBDE3CAFC\3B49BFACBDE3CAFC"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1757981266-2139871995-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DAE85C9-D3D4-637A-36A3-D69804F8FC97}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nagbkbddaeghioelgkckmelinfbb"=hex:69,61,6c,6b,70,6f,6a,67,65,68,61,61,63,61,
6a,66,69,66,00,00
"mamcadcdjelplfkeoadppidicp"=hex:6b,61,6b,6b,6c,6f,61,63,6c,66,61,6a,67,67,6e,
6b,62,6f,68,6e,65,64,00,00
.
Heure de fin: 2009-01-28 22:44:31
ComboFix-quarantined-files.txt 2009-01-28 21:43:41
ComboFix2.txt 2009-01-28 19:36:57

Avant-CF: 2*270*433*280 octets libres
Après-CF: 2,398,584,832 octets libres

409 --- E O F --- 2009-01-15 02:01:26

[missmojorisin]

hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:49:42, on 01/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\admin\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (User 'Default user')
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: AMV convert tool grab multimedia file - C:\Program Files\MP3??????? 4.18\AMVConverter\grab.html
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadMa...od/DownMan.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NvCplScan (MsCplScan) - Unknown owner - C:\WINDOWS\System32\msc32.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 11400 bytes

[ken545]

Hello,

Doing well again

C:\Program Files\TPT Registry_Cleaner <--A word of warning about Registry Cleaners, if the Windows Registry is damaged it could disable your system and a reinstall of windows will be needed. All Reg Cleaners should be avoided, if they remove the wrong entry or entries ( and they sometimes do ) it could disable your system, if it removes a bunch of not needed entries, you will see no difference in system performance, unless you know what your doing you should not use any of these types of programs.




Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) and click on About and make sure its Version 6 Update 11, if not then click on the Update tab and update it, then you can remove previous versions via the Add Remove Programs. Outdated versions of Java sometimes lets this garbage in.



Your logs look fine, but lets run this quick program, its one of the best and its the free version and yours to keep. Don't be alarmed if it finds anything, they will all be left over entries and files.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.<-- Don't forget this
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply along with a New Hijackthis log.

Also let me know how your system is running now???