Sujet Précédent Sujet Suivant

Pc sous xp infection multiple - HELP

kohaku -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
suite à un clic sur un lien dans une conversation sur msn messenger mon fils a surement ouvert la porte aux virus.
l'analyse de mc afee a détecté : w32/spybot.worm.gen + FakeAlert_AB!htm + Generic.FakeAlert.htm.
Ensuite, j'ai exécuté l'analyse avec malware defender 2009. Il trouve : Trojan-spy.HTML.Combats.a + Backdoor.Netbus + Trojan-Downloader.Win32.Banload.dcd + Backdoor.Aqobot.qen + Virus.JS.Fortnight + Trojan-Clicker.BAT.Small.c + Email.Worm.WIN32.Eyeveq.q
Profil :
antivirus installé : Mc Afee
Système XP
actuellement, déconnecté d'internet pour éviter intrusion malveillante supplémentaire.
Historique :
1) suite à la lecture d'un post j'ai exécuté cc cleaner et fait nettoyer tout ce qu'il a trouvé jusqu'à ce qu'il ne trouve plus rien.
2) j'ai télécharger avg antivirus 8.5 sur mon pc sous vista et ai copié le fichier sur le bureau de mon pc sous xp.
Lorsque je clique dessus, rien ne se lance.

Quelqu'un peut il m'aider?
Merci d'avance.
A voir également:

19 réponses

Réponse 1 / 19
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt

malware defender 2009 est surement un rogue (un espion!!!)

_____________

lance rogue remover (et colle le rapport)

pour info :
http://www.libellules.ch/dotclear/index.php?2006/11/29/1518-rogue-remover

pour telecharger :
https://www.01net.com/telecharger/

_____________

smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php

2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
1
Réponse 2 / 19
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok smitfraudfix les a trouvés!

redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis lance smitfraudfix , sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée (colle le rapport dans ton prochain message)

________________

scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
1
Réponse 3 / 19
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok parfait

vire le dossier CA qui etait l'antivirus fourni avec ton ordi:

C:\Program Files\CA

____________________

pour malwarebyte tu avais oublié de le mettre a jour avant le scan! mets le a jour et colle un rapport après cette mise a jour

puis pour veirifer que c'est bon pour toi car ton antivirus mcafee est moyen:

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
1
Réponse 4 / 19
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 

utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
-----------------------

Pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_______________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

_________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\RECYCLER\S-1-5-21-2323214428-1704364020-1055816618-1008\D­c2.zip
C:\RECYCLER\S-1-5-21-2323214428-1704364020-1055816618-1008\D­c1.0_beta\scripter.exe
C:\WINDOWS\Downloaded Program Files\installer2.dll
C:\Program Files\Ripp-it_AM\Ripp-it_AM.exe

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

_______________________

mettre a jour internet explorer
pour XP
http://download.microsoft.com/...

__________________

mettre à jour adobe reader puis supprimer les anciennes version via le panneau de configuration
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

__________________

Mettre a jour java:
https://javara.fr.malavida.com/

Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
Clique sur Search For Updates.
Sélectionne Update Using jucheck.exe puis clique sur Search.
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
(c:\JavaRa.log)
Ferme l'application.

si cela ne fonctionne pas

https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

tu peux désinstaller les vieilles versions.

_______________________

encore des soucis?
1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
pour virer ce qui a été utilisé:

http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

________________

sinon en payant antivir ou G DATA ou BITDEFENDEr c'est mieux que macafee

ou en gratuit:

pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

ANTIVIR
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MALWAREBYTE ANTIMALWARE + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

--------
un pare feu :
(celui de Windows) ou mieux COMODO ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

http://www.clubic.com/telecharger-fiche11071-sunbelt-persona­l-firewall-e(...)
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.commentcamarche.net/telecharger/ 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf
1
Réponse 6 / 19
jpkohaku Messages postés 19 Statut Membre
 
Merci pour l'aide.
Puis je le telécharger de mon portable sous vista et puis placer le fichier sur le pc infecté pour l'exécuter sans être en ligne?
0
Réponse 7 / 19
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
oui
0
Réponse 8 / 19
jpkohaku Messages postés 19 Statut Membre
 
L'analyse de Rogue Remover ne relève rien. Tout est vert. Je n'ai pas trouvé de rapport.
Voici le rapport de smit fraud fix
SmitFraudFix v2.405

Rapport fait à 13:04:29,84, dim. 22/03/2009
Executé à partir de L:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Belgium Identity Card\beidsystemtray.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\JVVHPDYO.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system\service.exe
C:\WINDOWS\system32\ntdll64.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\svchos.exe
C:\Program Files\Malware Defender 2009\malwaredef.exe
C:\WINDOWS\system32\wcenter.exe
C:\WINDOWS\system32\ntdll64.exe
C:\WINDOWS\system32\ntdll64.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ntdll64.exe
C:\WINDOWS\system32\ntdll64.exe
C:\WINDOWS\system32\ntdll64.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\reged.exe PRESENT !
C:\WINDOWS\spoolsystem.exe PRESENT !
C:\WINDOWS\sys.com PRESENT !
C:\WINDOWS\syscert.exe PRESENT !
C:\WINDOWS\sysexplorer.exe PRESENT !
C:\WINDOWS\vmreg.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\svchosts.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jp

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\jp\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jp\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Malware Defender 2009\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS3\Services\Tcpip\..\{9E288FCD-5F0F-439F-88CF-89FA2A49B5A8}: DhcpNameServer=217.117.33.217 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=217.117.33.217 192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 9 / 19
jpkohaku Messages postés 19 Statut Membre
 
Bonsoir,
Merci pour l'aide. Le scan avec Malware vient de se terminer et voici les log demandés.
le rapport après intervention de smitfraudfix :

SmitFraudFix v2.405

Rapport fait à 14:12:21,09, dim. 22/03/2009
Executé à partir de C:\Documents and Settings\jp\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\reged.exe supprimé
C:\WINDOWS\spoolsystem.exe supprimé
C:\WINDOWS\sys.com supprimé
C:\WINDOWS\syscert.exe supprimé
C:\WINDOWS\sysexplorer.exe supprimé
C:\WINDOWS\vmreg.dll supprimé
C:\WINDOWS\system32\svchosts.exe supprimé
C:\DOCUME~1\jp\MESDOC~1\MENUDM~1\PROGRA~1\Malware Defender 2009 supprimé
C:\DOCUME~1\jp\Bureau\Malware Defender 2009.lnk supprimé
C:\Program Files\Malware Defender 2009\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS3\Services\Tcpip\..\{9E288FCD-5F0F-439F-88CF-89FA2A49B5A8}: DhcpNameServer=217.117.33.217 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=217.117.33.217 192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Et ici le rapport après nettoyage par Malwarebytes :
Le prog. m'a demandé de redémarré le pc, et Malware Defender 2009 est toujours là. Il est pire que le canard celui là... lol

D'abord celui juste après l'analyse , et ensuite celui après avoir viré ce qui l'avait repéré:
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1749
Windows 5.1.2600 Service Pack 3

22/03/2009 20:01:23
mbam-log-2009-03-22 (20-01-13).txt

Type de recherche: Examen complet (C:\|D:\|E:\|I:\|)
Eléments examinés: 313036
Temps écoulé: 2 hour(s), 40 minute(s), 43 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 8
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> No action taken.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\__c00986A2.dat (Trojan.Agent) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00986a2 (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> No action taken.
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c00986A2.dat (Trojan.Vundo) -> No action taken.
C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\jp\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> No action taken.

Et voici le rapport après nettoyage :

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1749
Windows 5.1.2600 Service Pack 3

22/03/2009 20:03:08
mbam-log-2009-03-22 (20-03-08).txt

Type de recherche: Examen complet (C:\|D:\|E:\|I:\|)
Eléments examinés: 313036
Temps écoulé: 2 hour(s), 40 minute(s), 43 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 8
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\__c00986A2.dat (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00986a2 (Trojan.Vundo) -> Delete on reboot.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c00986A2.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\jp\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
0
Réponse 10 / 19
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok fais RSIT
0
Réponse 11 / 19
jpkohaku Messages postés 19 Statut Membre
 
Les nouvelles semblent bonnes....
J'ai relancé malwarebytes une deuxième fois mais en mode analyse light. et il a encore trouvé 29 fichiers à problèmes, dont Malware defender, je lui ai demandé de me virer tout ça, et lors du reboot plus de malware defender... Youpie.
J'ai exécuter RSIT et voici le log.txt :
Logfile of random's system information tool 1.06 (written by random/random)
Run by jp at 2009-03-22 21:15:28
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 44 GB (37%) free of 119 GB
Total RAM: 1022 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:57, on 22/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Belgium Identity Card\beidsystemtray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Documents and Settings\jp\Bureau\RSIT.exe
C:\Program Files\trend micro\jp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [A00F20092.exe] C:\WINDOWS\TEMP\_A00F20092.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: WkCalRem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jpbarsi.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.mediapluspro.com/mediaplus65/Download/msrdp.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/FUploader/SpeedUploader.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 12 / 19
jpkohaku Messages postés 19 Statut Membre
 
BOnsoir jlp,

désolé pour le délai de réponse mais j'ai lancé cet après le scan avec panda, et il a tourné pendant très très longtemps, mais avant qu'il ait terminé, ma moitié a étient l'ordi sans faire attention. lol.
Donc rebelote depuis ce soir, et voilà qu'il termine.. Y en a des choses à analyser dis donc.
Voici le rapport de panda.
PS : je n'ai pu démarrer bitdefender.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-03-23 23:25:35
PROTECTIONS: 1
MALWARE: 80
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@trafficmp[2].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@atdmt[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@tradedoubler[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@tradedoubler[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@247realmedia[1].txt
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@bfast[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@mediaplex[1].txt
00147816 Cookie/Beweb TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@beweb[1].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@maxserving[1].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@belnk[1].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@belnk[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@revenue[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@revenue[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@revenue[1].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@findwhat[1].txt
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@dist.belnk[1].txt
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@dist.belnk[2].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@www.myaffiliateprogram[1].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@www.myaffiliateprogram[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@com[2].txt
00167657 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@ehg-ubisoft.hitbox[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\jp\Cookies\jp@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@xiti[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@fe.lea.lycos[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@fe.lea.lycos[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@fe.lea.lycos[1].txt
00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@ehg.hitbox[1].txt
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@gostats[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@azjmp[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@toplist[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@statcounter[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@statcounter[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\jp\Cookies\jp@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@bs.serving-sys[1].txt
00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@as1.falkag[2].txt
00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@as1.falkag[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@weborama[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@adtech[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@adtech[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@server.iad.liveperson[1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@stat.onestat[2].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@stat.onestat[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@fl01.ct2.comclick[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@fl01.ct2.comclick[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@fl01.ct2.comclick[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@media.adrevolver[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@media.adrevolver[3].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@adopt.hbmediapro[2].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@adopt.hbmediapro[2].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@adopt.hbmediapro[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@statse.webtrendslive[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@ads.pointroll[2].txt
00170535 Cookie/GoClick TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@c.goclick[1].txt
00170535 Cookie/GoClick TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@c.goclick[2].txt
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@hc2.humanclick[1].txt
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@hc2.humanclick[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@overture[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@overture[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@realmedia[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@cgi-bin[3].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@www5.addfreestats[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@zedo[1].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@metriweb[1].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@metriweb[2].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@metriweb[1].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\jp\Cookies\jp@metriweb[1].txt
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@phg.hitbox[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@adrevolver[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@adrevolver[2].txt
00186469 Cookie/Reliablestats TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@stats1.reliablestats[1].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@bravenet[1].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@bravenet[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@adultfriendfinder[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@go[1].txt
00199981 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@www48.seeq[1].txt
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@valueclick[1].txt
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@valueclick[2].txt
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@valueclick[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@searchportal.information[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@searchportal.information[2].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@adviva[2].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@adviva[1].txt
00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@www2.addfreestats[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@atwola[1].txt
00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@www.errorsafe[2].txt
00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@www.errorsafe[2].txt
00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@errorsafe[2].txt
00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@errorsafe[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@smartadserver[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\loic\Cookies\loic@smartadserver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@smartadserver[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@www3.addfreestats[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@www3.addfreestats[1].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@www6.addfreestats[1].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@www6.addfreestats[1].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@www1.addfreestats[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@ads.addynamix[1].txt
00296582 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@www.drivecleaner[2].txt
00296582 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@www.drivecleaner[1].txt
00296583 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@stats.drivecleaner[2].txt
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@drivecleaner[2].txt
00320978 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@winantivirus[2].txt
00329272 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@www.systemdoctor[1].txt
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\timi\Cookies\timi@systemdoctor[1].txt
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@systemdoctor[1].txt
00484705 Application/IEDefender HackTools No 0 Yes No C:\SmitfraudFix\IEDFix.C.exe
00484705 Application/IEDefender HackTools No 0 Yes No C:\Documents and Settings\jp\Bureau\SmitfraudFix\IEDFix.C.exe
00484705 Application/IEDefender HackTools No 0 Yes No C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP508\A0366099.exe
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\jeremy\Cookies\jeremy@adserver.easyad[2].txt
03446887 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\jeremy\Mes documents\gta\gta_mod_installer_v5.0_beta.zip[scripter.exe]
03446887 Generic Trojan Virus/Trojan No 0 Yes No C:\RECYCLER\S-1-5-21-2323214428-1704364020-1055816618-1008\Dc2.zip[scripter.exe]
03446887 Generic Trojan Virus/Trojan No 0 Yes No C:\RECYCLER\S-1-5-21-2323214428-1704364020-1055816618-1008\Dc1.0_beta\scripter.exe
03920828 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\Downloaded Program Files\installer2.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Program Files\Ripp-it_AM\Ripp-it_AM.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
0
Réponse 13 / 19
jpkohaku Messages postés 19 Statut Membre
 
Et voici le Malware byte, version light :
Cela semble plutôt sympa par rapport à ce que j'obtenais au début...
Merci pour ton aide en tout cas. Je suis ton obligé.

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1889
Windows 5.1.2600 Service Pack 3

23/03/2009 23:50:36
mbam-log-2009-03-23 (23-50-36).txt

Type de recherche: Examen rapide
Eléments examinés: 95592
Temps écoulé: 10 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 14 / 19
jpkohaku Messages postés 19 Statut Membre
 
Bonsoir,

Tes explications me semblent très complètes. Mais peux tu m'expliquer ce que tu entends par : Pour fusionner?
Et me dire ce que tu as vu dans les analyses ci dessus pour me conseiller toutes ces manipulations?
J'aimerais bien comprendre ceque je dois faire.
Merci pour l'aide.
0
Réponse 15 / 19
jpkohaku Messages postés 19 Statut Membre
 
oups je viens de cliquer sur le lien .
Laisse tomber l'explication pour fusionner.
j'ai compris...lol
0
Réponse 16 / 19
jpkohaku Messages postés 19 Statut Membre
 
Voici le rapport Combofix

ComboFix 09-03-23.01 - jp 2009-03-24 21:30:19.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.494 [GMT 1:00]
Lancé depuis: c:\documents and settings\jp\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\jp\Bureau\CFScript
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\jeremy\Application Data\HbTools
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\ads.cdf
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\btntrans.idx
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\btntrans1.dat
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\business_promo.htm
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\default.cdf
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz1.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz10.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz11.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz12.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz13.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz14.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz15.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz16.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz17.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz18.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz19.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz2.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz20.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz3.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz4.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz5.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz6.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz7.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz8.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz9.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemster.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsterie.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsteruk.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_jobsearch.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_reun.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\icons2.res
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\progress.res
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\sales_buttons.res
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\t2_bg.res
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\tsd_bg.res
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\country.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\default.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\progress.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\sales_buttons.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
c:\documents and settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip
c:\documents and settings\timi\Application Data\HbTools
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\1042745.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\1055531.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\1065003.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\1383771.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\1384133.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\1394575.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\1404291.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\1404879.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\1416861.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\1768558.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\1848289.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\2188060.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\2896152.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\3251993.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\333491.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\3732170.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\3743405.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\566217.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\600583.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\724360.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\812572.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\819382.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\965273.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\997827.sdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\11431
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13546
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13562
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1491
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16173
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17025
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17615
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20570
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\227849
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\22913
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\23901
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\251949
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\25509
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\258537
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26134
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26664
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27503
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\28147
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29425
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29479
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30301
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30455
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\306
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30710
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\31262
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32024
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32242
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33069
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33137
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33697
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33748
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33912
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34123
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34186
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34267
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34952
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\36079
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\36735
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\371665
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\39972
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41421
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44228
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44229
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44323
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44458
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44878
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45833
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\47484
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\5057
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52335
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\526389
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\527634
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52968
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\531510
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\54473
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\56113
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\574884
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\578081
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\578150
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\57973
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\592007
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\59234
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\59844
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\60709
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61167
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61837
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\623821
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\624121
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\63264
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\639392
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\652325
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\653927
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\6586
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\66044
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\66493
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\668004
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\66855
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\68055
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\68076
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\685568
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\6873
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\688162
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\68820
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\69940
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\703336
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\703600
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\704982
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705021
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705060
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705063
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705142
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705150
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705151
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705209
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705249
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705338
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705412
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\72010
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\7492
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\75296
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\7583
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\77555
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\77712
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\78788
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79257
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\80670
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\8091
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\81210
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\82011
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\82292
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\83137
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\8443
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\84560
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\86379
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\86470
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\8732
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\93654
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\94272
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\95645
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\97741
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\9805
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\9836
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\9875
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\99658
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\9974
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\99795
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\33dc.dat
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\ads.cdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\btntrans.idx
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\btntrans1.dat
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\business_promo.htm
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\buttondir.txt
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\components.cdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_1000.res
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_2000.res
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_3000.res
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bar.res
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bbar1.res
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_logos.res
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_other.res
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_weather.res
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\default.cdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_511745-514279.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz1.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz10.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz11.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz12.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz13.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz14.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz15.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz16.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz17.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz18.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz19.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz2.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz20.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz3.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz4.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz5.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz6.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz7.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz8.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz9.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_categorize.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_comparison.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_explorer-Mails.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_explorer-people.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_favorites.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_Games.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_Hide.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_hotbarcom.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_Hotmail.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_hsskin.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemster.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemsterie.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemsteruk.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_jobsearch.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_Mails.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_new.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_premium.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_reun.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_ringtones.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_SearchBoxTrapper.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_searchfor.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_searchgo.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_weather.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Default_yellowpages.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\email-def-511724-548964.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\email-def-511724-9595.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\email-t1-bg.res
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\hotbar-premium-hotbar-premium.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\hotbar-premium.cdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\hotbar_promo.htm
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\icons2.res
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\keywords.idx
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\keywords1.dat
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\layout.cdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\linkpathlegal.txt
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\progress.res
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\s_icons_buttons.res
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\sales_buttons.res
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\t2_bg.res
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\theweb.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\top7.cdf
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\Top7_theweb.mnu
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\2\tsd_bg.res
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\country.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\default.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\progress.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\sales_buttons.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
c:\documents and settings\timi\Application Data\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip
c:\windows\pack.epk
c:\windows\system32\test.ttt
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-24 au 2009-03-24 ))))))))))))))))))))))))))))))))))))
.

2009-03-23 13:30 . 2009-03-23 13:30 <REP> d-------- c:\program files\Panda Security
2009-03-23 13:30 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-03-23 13:23 . 2009-03-23 13:26 <REP> d-------- c:\windows\BDOSCAN8
2009-03-22 21:15 . 2009-03-22 21:16 <REP> d-------- C:\rsit
2009-03-22 21:15 . 2009-03-22 21:15 <REP> d-------- c:\program files\trend micro
2009-03-22 19:09 . 2009-03-22 19:09 552 --a------ c:\windows\system32\d3d8caps.dat
2009-03-22 17:12 . 2009-03-22 17:12 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-22 17:12 . 2009-03-22 17:12 <REP> d-------- c:\documents and settings\jp\Application Data\Malwarebytes
2009-03-22 17:12 . 2009-03-22 17:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-22 17:12 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-22 17:12 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-22 16:14 . 2009-03-22 16:14 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-22 15:30 . 2009-03-22 15:35 <REP> d-------- C:\Lop SD
2009-03-22 15:00 . 2009-03-22 15:00 <REP> d-------- C:\MSNFix
2009-03-22 14:01 . 2009-03-22 14:03 <REP> d-------- C:\SmitfraudFix
2009-03-22 14:01 . 2009-03-22 12:59 1,664,300 --a------ C:\SmitfraudFix.exe
2009-03-22 14:01 . 2009-03-22 13:59 862,965 --a------ C:\MSNFix.zip
2009-03-22 13:04 . 2009-03-22 14:12 0 --a------ c:\windows\system32\tmp.MSNFix
2009-03-22 11:13 . 2009-03-22 11:13 <REP> d-------- c:\program files\CCleaner
2009-03-19 09:37 . 2008-04-14 03:34 26,624 --a--c--- c:\windows\system32\dllcache\userinit.exe
2009-03-18 15:51 . 2009-03-18 15:51 1,516 --a------ C:\br.MSNFix
2009-03-13 17:15 . 2009-03-18 16:05 <REP> d-------- c:\program files\Dofus
2009-03-11 14:08 . 2009-03-11 14:08 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-11 14:08 . 2009-03-11 14:08 1,409 --a------ c:\windows\QTFont.for
2009-03-10 11:23 . 2009-03-10 11:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-25 09:51 . 2002-12-11 20:11 37,916 --a------ c:\windows\WMPrfFRA.prx
2009-02-25 09:46 . 2002-12-11 20:11 37,916 --a------ c:\windows\system32\WMPrfFRA.prx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 19:54 --------- d-----w c:\program files\McAfee
2009-03-22 16:09 --------- d-----w c:\program files\Hitman Pro
2009-03-22 16:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-22 16:04 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-19 06:37 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-03-18 08:19 53,408 ----a-w c:\documents and settings\timi\Application Data\wklnhst.dat
2009-03-14 09:53 51,586 ----a-w c:\documents and settings\jeremy\Application Data\wklnhst.dat
2009-03-14 09:29 --------- d-----w c:\program files\Messenger Plus! Live
2009-03-08 18:53 47,760 ----a-w c:\documents and settings\jp\Application Data\wklnhst.dat
2009-03-05 19:01 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-02-27 07:23 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 09:11 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-25 09:10 --------- d-----w c:\program files\CyberLink
2009-02-08 21:11 9,184 ----a-w c:\documents and settings\loic\Application Data\wklnhst.dat
2009-02-05 20:42 --------- d-----w c:\program files\WIDCOMM
2009-01-24 19:41 --------- d-----w c:\program files\devolo
2008-11-24 20:45 106,312 ----a-w c:\documents and settings\jp\Application Data\GDIPFONTCACHEV1.DAT
2008-09-24 14:45 106,312 -c--a-w c:\documents and settings\jeremy\Application Data\GDIPFONTCACHEV1.DAT
2008-09-12 11:54 106,312 -c--a-w c:\documents and settings\timi\Application Data\GDIPFONTCACHEV1.DAT
2008-02-11 16:19 105,928 -c--a-w c:\documents and settings\loic\Application Data\GDIPFONTCACHEV1.DAT
2007-12-19 20:22 22,328 ----a-w c:\documents and settings\jp\Application Data\PnkBstrK.sys
2007-07-09 15:09 20 -c-h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2007-02-20 12:48 15,286,543 ----a-w c:\program files\Reader E Carte.zip
2006-02-16 20:16 9,751,930 -c--a-w c:\program files\VSH_9_0_10_FR.EXE
2005-12-07 11:07 248 -c--a-w c:\program files\MIB2ROM.TXT
2006-05-21 18:09 56 -csha-r c:\windows\system32\1948D140EE.sys
2005-10-19 19:19 8 -csha-r c:\windows\system32\CFE20AE075.sys
2008-03-16 14:08 12,574 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-07-10 17:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008071020080711\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 1957888]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-10-12 241664]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"MedionVFD"="c:\program files\Medion Info Display\MdionLCM.exe" [2005-10-11 126976]
"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-25 98304]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"beidsystemtray"="c:\program files\Belgium Identity Card\beidsystemtray.exe" [2006-06-21 188416]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nwiz"="nwiz.exe" [2005-09-22 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2005-09-22 c:\windows\system32\nvmctray.dll]
"CHotkey"="mHotkey.exe" [2004-06-03 c:\windows\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2003-07-21 c:\windows\CNYHKey.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

c:\documents and settings\jp\Mes documents\Menu D‚marrer\Programmes\D‚marrage\
WkCalRem.LNK - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2005-08-19 21504]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-27 561213]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2005-12-25 118784]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 257752]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uSsiEfr.e

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%WinDir%\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SIERRA\\SWAT 4\\ContentExpansion\\System\\Swat4X.exe"=
"c:\\Program Files\\SIERRA\\SWAT 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=
"c:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"=
"c:\\Program Files\\xfire\\xfire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war winter assault demo\\WinterAssault.exe"=
"c:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\devolo\\dlanwlancfg\\dlanwlancfg.exe"=
"c:\\Program Files\\devolo\\informer\\devinf.exe"=
"c:\\Program Files\\devolo\\easyshare\\easyshare.exe"=
"c:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-23 28544]
R0 SSI;SSI;c:\windows\system32\drivers\ssi.sys [2006-04-06 78336]
R2 eID CRL Service;eID CRL Service;c:\windows\system32\beidservicecrl.exe [2006-06-20 225280]
R2 eID Privacy Service;eID Privacy Service;c:\windows\system32\beidservicepcsc.exe [2006-06-21 331776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-02 206096]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2007-02-07 35840]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-10-18 826112]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [2005-10-19 72320]
S0 rseb;rseb; [x]
S2 0171061237924244mcinstcleanup;McAfee Application Installer Cleanup (0171061237924244);c:\windows\TEMP\[u]0/u17106~1.EXE c:\progra~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\[u]0/u17106~1.EXE c:\progra~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 27b39893-76ff-4008-b46b-10853aee5ea5;27b39893-76ff-4008-b46b-10853aee5ea5;\??\g:\player\cds300.dll --> g:\player\cds300.dll [?]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2007-02-20 33536]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\16.tmp --> c:\windows\system32\16.tmp [?]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\MS-5530.sys [2006-10-11 7552]
S3 uxddrv;Dynamically loaded UxdDrv;\??\k:\winstress pro\uxddrv.sys --> k:\winstress pro\uxddrv.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2008-04-10 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2008-04-10 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2007-12-08 c:\windows\Tasks\User_Feed_Synchronization-{AE4C55C6-0711-46B2-BF7D-32B0FFA83E11}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]

2009-03-24 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
HKU-Default-Run-A00F20092.exe - c:\windows\TEMP\_A00F20092.exe
HKU-Default-Run-Spyware Doctor - (no file)

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&hl=fr&ie=UTF-8
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://www.m6video.fr/1click/install/files/installer2.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 21:38:29
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\16.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\WRLogonNTF.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\scardsvr.exe
c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\FICHIE~1\McAfee\MNA\McNASvc.exe
c:\progra~1\FICHIE~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
.
**************************************************************************
.
Heure de fin: 2009-03-24 21:43:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-24 20:43:14

Avant-CF: 48.634.068.992 octets libres
Après-CF: 49,919,090,688 octets libres

633 --- E O F --- 2009-03-23 15:30:50
0
Réponse 17 / 19
jpkohaku Messages postés 19 Statut Membre
 
Et voilà le rapport après installation de la nouvelle platorme Java :et désinstallation des anciennes versions.

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Mar 24 22:54:05 2009

Found and removed: C:\Program Files\Java\jre1.5.0_04

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: Software\JavaSoft\Java2D\1.5.0_04

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Classes\JavaPlugin.150_04

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_04

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_04

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150040}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_04

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_04\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

------------------------------------

Finished reporting.
0
Réponse 18 / 19
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
encore des soucis??
0
Réponse 19 / 19
jpkohaku Messages postés 19 Statut Membre
 
Bonsoir
A priori non.
Les symptômes qui m'ont amené ici avaient déjà disparus il y a quelques interventions. Mais apparemment, lorsque j'effectuais les analyses que tu me suggérais, il trouvait toujours un petit quelque chose à nettoyer.

Donc, je dirais que pour le moment tout me semble en ordre.
Aurais tu un logiciel anti virus à me recommander?
Car mon mc Afee pour lequel j'effectue les mises à jour en automatique, n'a apparemment rien vu venir.

Me conseilles tu d'exécuter périodiquement une analyse avec l'un ou l'autre des logiciels utilisés pour la désinfection? Si oui, lesquels?

Lors de la dernière intervention il a shooté un programme qui se trouvait dans 2 sessions sur les 4 existantes, dénommé Hbtools, As tu idée d'où se prog. à pu venir?

En tout cas je ne sais comment te remercier pour ton aide. Tes explications étaient chaque fois très complètes.

Encore une fois, un tout grand merci.
jp
0

Discussions similaires

Paris multiple : explications de 2/3, 3/4, 2/4, 2/5, etc.
florent.c -
Aide -

85 réponses