Abebot...trojandownloader

Marjo -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
jai depuis quelque temp des problèmes avec le virus abebot ou trojandownloader. Je vous envoi le rapport Hijackthis. Jespère que vous pourez maider
Merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:49, on 2008-04-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
C:\WINDOWS\system32\wzclcxwt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

https://www.usherbrooke.ca/monbureau/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers

communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: vnbptxlf - {2765DD3A-7AB1-4813-9612-C14A5981728A} -

C:\WINDOWS\vnbptxlf.dll (file missing)
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media

Reader\shwiconem.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program

Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe

/c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe]

C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [keffbwrq] C:\WINDOWS\system32\wzclcxwt.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [cbMDNXwcgZ] C:\Documents and

Settings\All Users\Application Data\avgbgton\ajmjwtgt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft

Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{0CE09F27-5369-44CB-A667-D7DFCAFC31F8}:

NameServer = 142.169.1.16 199.84.242.22
O17 -

HKLM\System\CS1\Services\Tcpip\..\{0CE09F27-5369-44CB-A667-D7DFCAFC31F8}:

NameServer = 142.169.1.16 199.84.242.22
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program

Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6577 bytes
Configuration: Windows XP
Internet Explorer 7.0

10 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    _

    télécharger sur le bureau
    Navilog.zip
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    = Double-Clic navilog1.zip
    = Extraire tout sur le bureau
    = Double-Clic navilog1 qui est sur le bureau
    = Appuyer sur une touche jusqu' arriver aux options
    = Choisir option 1

    un rapport : fixnavi.txt dans C : va se creer
    le copier/coller dans ton prochain message.
    0
    1. marjo
       
      Bonjour
      Jai fais comme vous mavez dit voila le rapport combofix et navilog
      Merci

      ComboFix 08-04-28.2 - Owner 2008-05-01 22:30:03.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.163 [GMT -4:00]
      Endroit: C:\Documents and Settings\Owner\Bureau\Combo-Fix.exe
      Command switches used :: C:\Documents and Settings\Owner\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
      * Création d'un nouveau point de restauration
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Owner\Application Data\HbTools
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1055531.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1056123.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1065003.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1066483.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1067625.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1078147.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1383356.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1383582.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1384364.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1386073.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1386148.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1387540.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1399883.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1401976.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1404579.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\1689157.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\2014541.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\2078058.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\215270.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\2464437.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\2497529.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\2532242.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\2885069.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\2896152.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\3251993.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\33526.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\3423454.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\3442551.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\3739953.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\3786291.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\461576.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\516440.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\600583.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\60207.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\639567.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\652352.sdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\hstat\3407.dat
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\130921
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13546
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13562
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1369
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1424
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14633
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14640
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14643
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\15040
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\15162
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\15171
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16087
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17189
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17502
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1810
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\18721
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\19650
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\19814
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\2021
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20392
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20816
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20935
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20970
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\21215
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\223385
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\23901
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\249862
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\25424
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26134
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27414
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27503
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27505
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\28383
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29115
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\2924
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29297
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30301
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30604
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32171
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32242
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32415
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33069
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33110
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33116
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33697
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33912
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34123
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34186
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34267
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35047
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\36598
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\37135
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\39245
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\39897
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\39972
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4142
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41421
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41999
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\42372
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44228
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44293
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44323
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44458
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4487
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44878
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44915
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45820
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45827
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45833
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45837
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\469814
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\50830
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51233
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52335
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\526389
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53813
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53933
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\54189
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\54473
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\5535
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\55865
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\575586
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\578150
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\57904
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\57973
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\580754
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\580792
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\59598
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\59844
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61779
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61837
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\63264
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64434
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64451
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64646
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64678
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\6635
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\66855
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\67226
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\67567
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\68148
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\6873
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\696893
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705036
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705206
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705238
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\70907
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\71084
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\71822
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\72912
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\73840
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\7518
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\7521
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\78796
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79257
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79805
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79977
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79989
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\80026
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\82292
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\83139
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\83706
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\85535
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\85547
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\85831
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\86379
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\87439
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\87499
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\896
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\90009
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\90283
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\91224
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\92573
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\93899
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\95645
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\95704
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\95825
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\97741
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\9875
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\3407.dat
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\ads.cdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\btntrans.idx
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\btntrans1.dat
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\business_promo.htm
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\default.cdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz1.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz10.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz11.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz12.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz13.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz14.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz15.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz16.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz17.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz18.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz19.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz2.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz20.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz3.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz4.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz5.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz6.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz7.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz8.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz9.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemster.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsterie.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsteruk.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_jobsearch.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_reun.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\icons2.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\progress.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\sales_buttons.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\t2_bg.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\1\tsd_bg.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\ads.cdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\btntrans.idx
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\btntrans1.dat
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\business_promo.htm
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\buttondir.txt
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\components.cdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_1000.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_2000.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_3000.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bar.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bbar1.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_logos.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_other.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_weather.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\default.cdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_511745-514279.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz1.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz10.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz11.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz12.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz13.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz14.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz15.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz16.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz17.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz18.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz19.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz2.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz20.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz3.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz4.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz5.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz6.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz7.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz8.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz9.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_categorize.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_comparison.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_explorer-Mails.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_explorer-people.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_favorites.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_Games.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_Hide.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_hotbarcom.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_Hotmail.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_hsskin.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemster.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemsterie.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemsteruk.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_jobsearch.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_Mails.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_new.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_premium.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_reun.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_ringtones.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_SearchBoxTrapper.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_searchfor.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_searchgo.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_weather.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Default_yellowpages.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\email-def-511724-548964.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\email-def-511724-9595.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\email-t1-bg.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\hotbar-premium-hotbar-premium.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\hotbar-premium.cdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\hotbar_promo.htm
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\icons2.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\keywords.idx
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\keywords1.dat
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\layout.cdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\linkpathlegal.txt
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\progress.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\s_icons_buttons.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\sales_buttons.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\t2_bg.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\theweb.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\top7.cdf
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\Top7_theweb.mnu
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\2\tsd_bg.res
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\default.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\progress.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\sales_buttons.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
      C:\Documents and Settings\Owner\Application Data\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip
      C:\Documents and Settings\Owner\Bureaublackbird.jpg
      C:\Documents and Settings\Owner\BureauEditorFKWP1.5.exe
      C:\Documents and Settings\Owner\BureauEditorFKWP2.0.exe
      C:\Documents and Settings\Owner\Bureaufilemanagerclient.exe
      C:\Documents and Settings\Owner\Bureaufkwp1.5.exe
      C:\Documents and Settings\Owner\Bureaufkwp2.0.exe
      C:\Documents and Settings\Owner\Bureaufwebd.exe
      C:\Documents and Settings\Owner\BureauFWebdEditor.exe
      C:\Documents and Settings\Owner\BureauTrojan.Win32.BlackBird.exe
      C:\Documents and Settings\Owner\Bureauvirii
      C:\Program Files\Inet Delivery
      C:\Program Files\Inet Delivery\inetdl.exe
      C:\Program Files\Inet Delivery\intdel.exe
      C:\WINDOWS\apoxqwfv.exe
      C:\WINDOWS\rs.txt
      D:\Autorun.inf

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-30 14:13 . 2008-04-30 14:13 98,304 --a------ C:\WINDOWS\system32\mxqhwjqh.exe
      2008-04-28 19:30 . 2008-04-28 19:34 942 --a------ C:\WINDOWS\wininit.ini
      2008-04-28 18:58 . 2008-04-28 18:59 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-04-28 18:58 . 2008-04-28 19:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-04-28 15:34 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
      2008-04-28 15:34 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
      2008-04-28 15:34 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
      2008-04-28 13:10 . 2008-04-28 13:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IM
      2008-04-28 13:09 . 2008-04-28 13:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
      2008-04-28 12:45 . 2008-04-28 12:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
      2008-04-21 18:10 . 2008-04-21 18:10 244 --ah----- C:\sqmnoopt03.sqm
      2008-04-21 18:10 . 2008-04-21 18:10 232 --ah----- C:\sqmdata03.sqm
      2008-04-13 01:10 . 2008-04-13 01:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
      2008-04-12 09:54 . 2008-04-13 00:54 <REP> d-------- C:\Program Files\The Cleaner Free
      2008-04-12 09:54 . 2008-04-12 09:54 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
      2008-04-12 02:26 . 2008-04-12 02:26 <REP> d-------- C:\WINDOWS\Internet Logs
      2008-04-11 23:10 . 2008-04-11 23:28 3,876 --a------ C:\WINDOWS\system32\tmp.reg
      2008-04-11 23:09 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-04-11 23:09 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-04-11 23:09 . 2008-04-10 21:00 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-04-11 23:09 . 2008-04-11 22:13 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-04-11 23:09 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2008-04-11 23:09 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-04-11 23:09 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-04-11 07:34 . 2008-04-11 07:34 <REP> d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
      2008-04-11 00:05 . 2008-04-11 00:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avgbgton
      2008-04-11 00:05 . 2008-04-11 00:05 94,208 --a------ C:\WINDOWS\system32\wzclcxwt.exe

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-28 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
      2008-04-28 17:20 --------- d-----w C:\Program Files\Ahead
      2008-04-28 17:09 --------- d-----w C:\Program Files\IncrediMail
      2008-04-15 00:36 --------- d-----w C:\Program Files\Free Easy Burner
      2008-04-12 02:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
      2008-04-12 02:14 --------- d-----w C:\Program Files\Windows Live Toolbar
      2008-04-12 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
      2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
      2008-03-16 00:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\McAfee
      2008-03-16 00:49 --------- d-----w C:\Program Files\Common Files
      2008-03-16 00:10 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems
      2008-03-15 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
      2008-03-01 22:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
      2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
      2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
      2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
      2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
      2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
      2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
      2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
      2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
      2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
      2006-02-03 00:09 0 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
      2006-01-06 17:10 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{2765DD3A-7AB1-4813-9612-C14A5981728A}"= "C:\WINDOWS\vnbptxlf.dll" [ ]

      [HKEY_CLASSES_ROOT\clsid\{2765dd3a-7ab1-4813-9612-c14a5981728a}]
      [HKEY_CLASSES_ROOT\vnbptxlf.1]
      [HKEY_CLASSES_ROOT\TypeLib\{77ECF945-2592-41EE-8DCB-ECAC3CB628FB}]
      [HKEY_CLASSES_ROOT\vnbptxlf]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-04-23 17:45 243072]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:20 68856]
      "Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2007-04-16 13:38 534200]
      "keffbwrq"="C:\WINDOWS\system32\wzclcxwt.exe" [2008-04-11 00:05 94208]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
      "vqkkfryd"="C:\WINDOWS\system32\mxqhwjqh.exe" [2008-04-30 14:13 98304]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168]
      "CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
      "ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 23:05 339968]
      "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24 32768]
      "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
      "SoundMan"="SOUNDMAN.EXE" [2004-12-01 18:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
      "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
      "Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]

      C:\Documents and Settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
      wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2005-08-23 20:08:46 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
      "cbMDNXwcgZ"= C:\Documents and Settings\All Users\Application Data\avgbgton\ajmjwtgt.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Documents and Settings\\Owner\\Mes documents\\transportabilite.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=

      S3 cusbohcn;cusbohcn;C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys []

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0987888c-13f1-11dd-9a3c-0013d30d7190}]
      \shell\Setup\command - setup.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b44a4a1-1439-11da-95be-806d6172696f}]
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eed8fcc-5401-11dc-99ad-0013d30d7190}]
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

      *Newly Created Service* - CATCHME
      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-04-23 14:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-01 22:32:13
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-01 22:33:57
      ComboFix-quarantined-files.txt 2008-05-02 02:33:37

      Pre-Run: 40,613,122,048 octets libres
      Post-Run: 40,987,852,800 octets libres

      WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
      C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

      541 --- E O F --- 2008-04-10 03:25:41








      Search Navipromo version 3.5.5 commencé le 2008-05-01 à 22:44:27,87

      !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
      !!! Postez ce rapport sur le forum pour le faire analyser !!!
      !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

      Outil exécuté depuis C:\Program Files\navilog1
      Session actuelle : "Owner"

      Mise à jour le 29.04.2008 à 20h00 par IL-MAFIOSO


      Microsoft Windows XP [version 5.1.2600]
      Internet Explorer : 7.0.5730.11
      Système de fichiers : NTFS

      Executé en mode normal

      *** Recherche Programmes installés ***


      *** Recherche dossiers dans "C:\WINDOWS" ***


      *** Recherche dossiers dans "C:\Program Files" ***


      *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


      *** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***


      *** Recherche dossiers dans "C:\Documents and Settings\Owner\applic~1" ***


      *** Recherche dossiers dans "C:\Documents and Settings\Owner\locals~1\applic~1" ***


      *** Recherche dossiers dans "C:\Documents and Settings\Owner\menudm~1\progra~1" ***


      *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
      pour + d'infos : http://www.gmer.net

      Aucun Fichier trouvé


      *** Recherche avec GenericNaviSearch ***
      !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
      !!! A vérifier impérativement avant toute suppression manuelle !!!

      * Recherche dans "C:\WINDOWS\system32" *

      * Recherche dans "C:\Documents and Settings\Owner\locals~1\applic~1" *



      *** Recherche fichiers ***



      *** Recherche clés spécifiques dans le Registre ***


      *** Module de Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Recherche nouveaux fichiers Instant Access :


      2)Recherche Heuristique :

      * Dans "C:\WINDOWS\system32" :


      * Dans "C:\Documents and Settings\Owner\locals~1\applic~1" :


      3)Recherche Certificats :

      Certificat Egroup absent !
      Certificat Electronic-Group absent !
      Certificat OOO-Favorit absent !
      Certificat Sunny-Day-Design-Ltd absent !

      4)Recherche fichiers connus :



      *** Analyse terminée le 2008-05-01 à 22:47:34,81 ***
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    analyse ce fichier sur virus total et colle le rapport: https://www.virustotal.com/gui/

    C:\WINDOWS\vnbptxlf.dll

    ________________

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."

    _____________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    0
  3. marjo
     
    Bonjour

    Jai toujours des avertissement et le petit triangle jaune qui apparaissent. Jai chercher le document C:\WINDOWS\vnbptxlf.dll pour le faire analyser par virus total mais je ne le trouve pas et il nest pas la et il n'est pas dans les dossiers cachés. Je vous envoit le rapport hidjackthis et et le rapport bitdefender

    Merci de votre aide

    Logfile of HijackThis v1.99.1
    Scan saved at 13:53:51, on 2008-05-08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\All Users\Application Data\avgbgton\ajmjwtgt.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wzclcxwt.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Hijackthis\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.usherbrooke.ca/monbureau/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: vnbptxlf - {2765DD3A-7AB1-4813-9612-C14A5981728A} - C:\WINDOWS\vnbptxlf.dll (file missing)
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
    O4 - HKCU\..\Run: [keffbwrq] C:\WINDOWS\system32\wzclcxwt.exe
    O4 - HKCU\..\Run: [vqkkfryd] C:\WINDOWS\system32\mxqhwjqh.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [csiphfok] C:\WINDOWS\system32\wzevehsj.exe
    O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS

    BitDefender Online Scanner

    Rapport d'analyse généré à: Thu, May 08, 2008 - 15:36:04

    Voie d'analyse: C:\;D:\;E:\;

    Statistiques

    Temps
    00:15:55

    Fichiers
    40003

    Directoires
    4576

    Secteurs de boot
    3

    Archives
    820

    Paquets programmes
    2849

    Résultats

    Virus identifiés
    2

    Fichiers infectés
    2

    Fichiers suspects
    0

    Avertissements
    0

    Désinfectés
    0

    Fichiers effacés
    2

    Info sur les moteurs

    Définition virus
    1190717

    Version des moteurs
    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Analyse des plugins
    15

    Archive des plugins
    34

    Unpack des plugins
    6

    E-mail plugins
    6

    Système plugins
    4

    Paramètres d'analyse

    Première action
    Désinfecté

    Seconde Action
    Supprimé

    Heuristique
    Oui

    Acceptez les avertissements
    Oui

    Extensions analysées
    exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

    Excludez les extensions

    Analyse d'emails
    Oui

    Analyse des Archives
    Oui

    Analyser paquets programmes
    Oui

    Analyse des fichiers
    Oui

    Analyse de boot
    Oui

    Fichier analysé
    Statut

    C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP529\A0041795.exe
    Détecté avec: Adware.Hotbar.Be.9.C

    C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP529\A0041795.exe
    Supprimé

    C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP529\A0041796.exe
    Détecté avec: Adware.Hotbar.BQ

    C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP529\A0041796.exe
    Supprimé
    0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    telecharge combofix:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Drivers::
    cusbohcn

    File::
    C:\WINDOWS\system32\wzclcxwt.exe
    C:\Documents and Settings\All Users\Application Data\avgbgton\ajmjwtgt.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys
    C:\WINDOWS\system32\mxqhwjqh.exe
    C:\WINDOWS\vnbptxlf.dll

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "cbMDNXwcgZ"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "keffbwrq"=-
    "vqkkfryd"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{2765DD3A-7AB1-4813-9612-C14A5981728A}"=-
    [HKEY_CLASSES_ROOT\clsid\{2765dd3a-7ab1-4813-9612-c14a5981728a}]
    [HKEY_CLASSES_ROOT\vnbptxlf.1]
    [HKEY_CLASSES_ROOT\TypeLib\{77ECF945-2592-41EE-8DCB-ECAC3CB628FB}]
    [HKEY_CLASSES_ROOT\vnbptxlf]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. marjo
     
    Voici le rapport combofix

    Jattend votre réponse

    Merci

    ComboFix 08-05-08.1 - Owner 2008-05-09 16:15:35.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.160 [GMT -4:00]
    Endroit: C:\Documents and Settings\Owner\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Owner\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys
    C:\Documents and Settings\All Users\Application Data\avgbgton\ajmjwtgt.exe
    C:\WINDOWS\system32\mxqhwjqh.exe
    C:\WINDOWS\system32\wzclcxwt.exe
    C:\WINDOWS\vnbptxlf.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\avgbgton\ajmjwtgt.exe
    C:\WINDOWS\system32\wzclcxwt.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-08 14:04 . 2008-05-08 15:36 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-05-08 13:52 . 2008-05-08 13:53 <REP> d-------- C:\Hijackthis
    2008-05-08 13:41 . 2008-05-08 13:45 <REP> d-------- C:\hidjackthis
    2008-05-08 13:40 . 2008-05-08 13:40 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-01 22:43 . 2008-05-01 22:47 <REP> d-------- C:\Program Files\Navilog1
    2008-04-28 19:30 . 2008-04-28 19:34 942 --a------ C:\WINDOWS\wininit.ini
    2008-04-28 18:58 . 2008-05-01 23:33 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-04-28 18:58 . 2008-05-01 23:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-28 15:34 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
    2008-04-28 15:34 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
    2008-04-28 15:34 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
    2008-04-28 13:10 . 2008-04-28 13:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IM
    2008-04-28 13:09 . 2008-04-28 13:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
    2008-04-28 12:45 . 2008-04-28 12:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2008-04-21 18:10 . 2008-04-21 18:10 244 --ah----- C:\sqmnoopt03.sqm
    2008-04-21 18:10 . 2008-04-21 18:10 232 --ah----- C:\sqmdata03.sqm
    2008-04-13 01:10 . 2008-04-13 01:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-12 09:54 . 2008-04-13 00:54 <REP> d-------- C:\Program Files\The Cleaner Free
    2008-04-12 09:54 . 2008-04-12 09:54 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
    2008-04-12 02:26 . 2008-04-12 02:26 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-04-11 23:10 . 2008-04-11 23:28 3,876 --a------ C:\WINDOWS\system32\tmp.reg
    2008-04-11 23:09 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-04-11 23:09 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-04-11 23:09 . 2008-04-10 21:00 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-04-11 23:09 . 2008-04-11 22:13 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-04-11 23:09 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-04-11 23:09 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-04-11 07:34 . 2008-04-11 07:34 <REP> d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
    2008-04-11 00:05 . 2008-05-09 16:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avgbgton

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-28 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
    2008-04-28 17:20 --------- d-----w C:\Program Files\Ahead
    2008-04-28 17:09 --------- d-----w C:\Program Files\IncrediMail
    2008-04-15 00:36 --------- d-----w C:\Program Files\Free Easy Burner
    2008-04-12 02:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
    2008-04-12 02:14 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-04-12 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-03-16 00:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\McAfee
    2008-03-16 00:49 --------- d-----w C:\Program Files\Common Files
    2008-03-16 00:10 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems
    2008-03-15 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-03-01 22:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2006-02-03 00:09 0 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    2006-01-06 17:10 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-01_22.33.24,73 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-05-08 18:06:50 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
    + 2008-05-08 18:06:52 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
    + 2008-05-08 18:06:55 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
    + 2008-05-08 18:07:28 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
    + 2006-05-25 05:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
    + 2006-05-25 05:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
    + 2008-05-08 18:07:51 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
    + 2008-05-08 18:07:03 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
    + 2006-05-25 05:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    - 2008-04-30 17:42:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-09 17:04:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2006-05-25 05:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
    + 2006-05-25 05:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-04-23 17:45 243072]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:20 68856]
    "Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2007-04-16 13:38 534200]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "csiphfok"="C:\WINDOWS\system32\wzevehsj.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168]
    "CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
    "ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 23:05 339968]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24 32768]
    "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
    "SoundMan"="SOUNDMAN.EXE" [2004-12-01 18:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
    "Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]

    C:\Documents and Settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
    wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2005-08-23 20:08:46 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-08-23 20:06:24 1742384]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Documents and Settings\\Owner\\Mes documents\\transportabilite.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=

    S3 cusbohcn;cusbohcn;C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0987888c-13f1-11dd-9a3c-0013d30d7190}]
    \shell\Setup\command - setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b44a4a1-1439-11da-95be-806d6172696f}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-23 14:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-09 16:17:20
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-09 16:19:18
    ComboFix-quarantined-files.txt 2008-05-09 20:19:10
    ComboFix2.txt 2008-05-02 02:33:57

    Pre-Run: 41,222,840,320 octets libres
    Post-Run: 41,383,477,248 octets libres

    162 --- E O F --- 2008-04-10 03:25:41
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Drivers::
    cusbohcn

    File::
    C:\WINDOWS\system32\wzevehsj.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "csiphfok"="-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    _________________

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    _________________

    pense ensuite a coller un rapport hijackhtis
    __________________
    0
  8. marjo
     
    Voici le rapport combofix , ce que jai viré avec Anti Malware et le rapport hidjackthis

    Merci
    Je nai plus davertissement de virus
    Jespère que le problème est réglé

    ComboFix 08-05-08.1 - Owner 2008-05-11 22:14:30.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.173 [GMT -4:00]
    Endroit: C:\Documents and Settings\Owner\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Owner\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys
    C:\WINDOWS\system32\wzevehsj.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-08 14:04 . 2008-05-08 15:36 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-05-08 13:52 . 2008-05-08 13:53 <REP> d-------- C:\Hijackthis
    2008-05-08 13:41 . 2008-05-08 13:45 <REP> d-------- C:\hidjackthis
    2008-05-08 13:40 . 2008-05-08 13:40 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-01 22:43 . 2008-05-01 22:47 <REP> d-------- C:\Program Files\Navilog1
    2008-04-28 19:30 . 2008-04-28 19:34 942 --a------ C:\WINDOWS\wininit.ini
    2008-04-28 18:58 . 2008-05-01 23:33 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-04-28 18:58 . 2008-05-01 23:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-28 15:34 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
    2008-04-28 15:34 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
    2008-04-28 15:34 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
    2008-04-28 13:10 . 2008-04-28 13:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IM
    2008-04-28 13:09 . 2008-04-28 13:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
    2008-04-28 12:45 . 2008-04-28 12:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2008-04-21 18:10 . 2008-04-21 18:10 244 --ah----- C:\sqmnoopt03.sqm
    2008-04-21 18:10 . 2008-04-21 18:10 232 --ah----- C:\sqmdata03.sqm
    2008-04-13 01:10 . 2008-04-13 01:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-12 09:54 . 2008-04-13 00:54 <REP> d-------- C:\Program Files\The Cleaner Free
    2008-04-12 09:54 . 2008-04-12 09:54 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
    2008-04-12 02:26 . 2008-04-12 02:26 <REP> d-------- C:\WINDOWS\Internet Logs

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-09 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\avgbgton
    2008-04-28 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
    2008-04-28 17:20 --------- d-----w C:\Program Files\Ahead
    2008-04-28 17:09 --------- d-----w C:\Program Files\IncrediMail
    2008-04-15 00:36 --------- d-----w C:\Program Files\Free Easy Burner
    2008-04-12 03:28 3,876 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-04-12 02:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
    2008-04-12 02:14 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-04-12 02:13 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
    2008-04-12 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
    2008-04-11 11:34 --------- d-----w C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
    2008-04-11 01:00 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-03-16 00:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\McAfee
    2008-03-16 00:49 --------- d-----w C:\Program Files\Common Files
    2008-03-16 00:10 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems
    2008-03-15 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-03-01 22:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2006-02-03 00:09 0 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    2006-01-06 17:10 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-01_22.33.24,73 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-05-08 18:06:50 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
    + 2008-05-08 18:06:52 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
    + 2008-05-08 18:06:55 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
    + 2008-05-08 18:07:28 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
    + 2006-05-25 05:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
    + 2006-05-25 05:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
    + 2008-05-08 18:07:51 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
    + 2008-05-08 18:07:03 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
    + 2006-05-25 05:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    - 2008-04-30 17:42:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-12 02:10:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2006-05-25 05:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
    + 2006-05-25 05:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-04-23 17:45 243072]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:20 68856]
    "Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2007-04-16 13:38 534200]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "csiphfok"="C:\WINDOWS\system32\wzevehsj.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168]
    "CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
    "ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 23:05 339968]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24 32768]
    "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
    "SoundMan"="SOUNDMAN.EXE" [2004-12-01 18:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
    "Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]

    C:\Documents and Settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
    wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2005-08-23 20:08:46 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-08-23 20:06:24 1742384]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Documents and Settings\\Owner\\Mes documents\\transportabilite.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=

    S3 cusbohcn;cusbohcn;C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0987888c-13f1-11dd-9a3c-0013d30d7190}]
    \shell\Setup\command - setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b44a4a1-1439-11da-95be-806d6172696f}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-23 14:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-11 22:16:27
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-11 22:18:26
    ComboFix-quarantined-files.txt 2008-05-12 02:18:13
    ComboFix2.txt 2008-05-09 20:19:18
    ComboFix3.txt 2008-05-02 02:33:57

    Pre-Run: 41,185,132,544 octets libres
    Post-Run: 41,341,669,376 octets libres

    151 --- E O F --- 2008-04-10 03:25:41

    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 740

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 95598
    Temps écoulé: 36 minute(s), 4 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 8

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\vnbptxlf.beps (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\avgbgton\ajmjwtgt.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\apoxqwfv.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\wzclcxwt.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP533\A0041849.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP534\A0042073.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP536\A0042096.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP537\A0042103.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{49E555D9-D0EB-467A-88B3-D72AC730B29C}\RP537\A0042104.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Logfile of HijackThis v1.99.1
    Scan saved at 23:16:29, on 2008-05-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
    C:\WINDOWS\explorer.exe
    C:\Hijackthis\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.usherbrooke.ca/monbureau/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [csiphfok] C:\WINDOWS\system32\wzevehsj.exe
    O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0CE09F27-5369-44CB-A667-D7DFCAFC31F8}: NameServer = 142.169.1.16 199.84.242.22
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0CE09F27-5369-44CB-A667-D7DFCAFC31F8}: NameServer = 142.169.1.16 199.84.242.22
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    vire ce qui est dans le dossier quarantine: en allant dans poste de travail puis C puis:

    C:\QooBox\Quarantine

    _____________

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Drivers::
    cusbohcn

    File::
    C:\WINDOWS\system32\wzevehsj.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys
    C:\QooBox\Quarantine\C\WINDOWS\system32\wzclcxwt.exe.vir

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "csiphfok"="-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    _________

    tu as quel antivirus????

    si tu n'en as pas installe antivir et colle moi un rapport avec:

    https://www.malekal.com/avira-free-security-antivirus-gratuit/

    si tu as un antivirus déjà :
    n'installe pas antivir et

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    Kaspersky en ligne
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    __________
    0
  10. marjo
     
    Bonjour,

    Jai vidé le dossier quarantine et jai un anti virus (McAfee) est ce correcte? Voici le rapport ComboFix et Bitdefender.
    Merci

    ComboFix 08-05-11.1 - Owner 2008-05-12 14:41:54.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.126 [GMT -4:00]
    Endroit: C:\Documents and Settings\Owner\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Owner\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys
    C:\QooBox\Quarantine\C\WINDOWS\system32\wzclcxwt.exe.vir
    C:\WINDOWS\system32\wzevehsj.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-11 23:37 . 2008-05-11 23:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2008-05-11 23:37 . 2007-10-16 20:50 171,272 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
    2008-05-11 23:37 . 2007-10-16 20:50 72,680 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
    2008-05-11 23:37 . 2007-10-16 20:50 64,168 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
    2008-05-11 23:37 . 2007-10-16 20:50 51,944 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
    2008-05-11 23:37 . 2007-10-16 20:50 33,960 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
    2008-05-11 23:36 . 2008-05-11 23:37 <REP> d-------- C:\Program Files\McAfee
    2008-05-11 23:36 . 2008-05-11 23:36 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
    2008-05-11 22:31 . 2008-05-11 22:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-11 22:31 . 2008-05-11 22:31 <REP> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2008-05-11 22:31 . 2008-05-11 22:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-11 22:31 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-11 22:31 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-08 14:04 . 2008-05-08 15:36 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-05-08 13:52 . 2008-05-11 23:16 <REP> d-------- C:\Hijackthis
    2008-05-08 13:41 . 2008-05-08 13:45 <REP> d-------- C:\hidjackthis
    2008-05-08 13:40 . 2008-05-08 13:40 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-01 22:43 . 2008-05-12 13:48 <REP> d-------- C:\Program Files\Navilog1
    2008-04-28 19:30 . 2008-04-28 19:34 942 --a------ C:\WINDOWS\wininit.ini
    2008-04-28 18:58 . 2008-05-01 23:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-28 15:34 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
    2008-04-28 15:34 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
    2008-04-28 15:34 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
    2008-04-28 13:10 . 2008-04-28 13:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IM
    2008-04-28 13:09 . 2008-04-28 13:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
    2008-04-28 12:45 . 2008-04-28 12:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2008-04-21 18:10 . 2008-04-21 18:10 244 --ah----- C:\sqmnoopt03.sqm
    2008-04-21 18:10 . 2008-04-21 18:10 232 --ah----- C:\sqmdata03.sqm
    2008-04-13 01:10 . 2008-04-13 01:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-12 09:54 . 2008-04-13 00:54 <REP> d-------- C:\Program Files\The Cleaner Free
    2008-04-12 09:54 . 2008-04-12 09:54 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
    2008-04-12 02:26 . 2008-04-12 02:26 <REP> d-------- C:\WINDOWS\Internet Logs

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-09 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\avgbgton
    2008-04-28 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
    2008-04-28 17:20 --------- d-----w C:\Program Files\Ahead
    2008-04-28 17:09 --------- d-----w C:\Program Files\IncrediMail
    2008-04-15 00:36 --------- d-----w C:\Program Files\Free Easy Burner
    2008-04-12 03:28 3,876 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-04-12 02:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
    2008-04-12 02:14 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-04-12 02:13 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
    2008-04-12 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
    2008-04-11 11:34 --------- d-----w C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
    2008-04-11 01:00 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-03-16 00:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\McAfee
    2008-03-16 00:49 --------- d-----w C:\Program Files\Common Files
    2008-03-16 00:10 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems
    2008-03-15 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-03-01 22:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2006-02-03 00:09 0 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    2006-01-06 17:10 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-01_22.33.24,73 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-05-08 18:06:50 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
    + 2008-05-08 18:06:52 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
    + 2008-05-08 18:06:55 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
    + 2008-05-08 18:07:28 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
    + 2006-05-25 05:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
    + 2006-05-25 05:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
    + 2008-05-08 18:07:51 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
    + 2008-05-08 18:07:03 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
    + 2006-05-25 05:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    - 2008-04-30 17:42:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-12 13:20:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2006-05-25 05:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
    + 2006-05-25 05:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
    + 2006-11-30 12:50:00 24,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\AdsLokUU.Dll
    + 2007-02-23 00:50:00 104,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\BBCpl.dll
    + 2006-11-30 12:50:00 71,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\condl.dll
    + 2006-11-30 12:50:00 99,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\consl.dll
    + 2006-11-30 12:50:00 132,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\coptcpl.dll
    + 2007-02-23 00:50:00 71,232 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\csscan.exe
    + 2006-11-30 12:50:00 17,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\EntSrv.dll
    + 2006-11-30 12:50:00 11,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\entvutil.exe
    + 2006-11-30 12:50:00 11,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4834_mcconsol.exe
    + 2007-02-23 00:50:00 194,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4837_shutil.dll
    + 2007-02-23 00:50:00 24,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4842_McShield.DLL
    + 2007-02-23 00:50:00 144,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4843_Mcshield.exe
    + 2006-11-30 12:50:00 75,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4844_naiann.dll
    + 2006-11-30 12:50:00 263,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4845_NaiEvent.dll
    + 2007-02-23 00:50:00 54,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4853_VsTskMgr.exe
    + 2006-11-30 12:50:00 13,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4856_scan32.exe
    + 2007-02-23 00:50:00 79,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4861_mcupdate.exe
    + 2006-11-30 12:50:00 104,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftcfg.dll
    + 2006-11-30 12:50:00 41,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftl.dll
    + 2006-11-30 12:50:00 25,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\lockdown.dll
    + 2007-02-23 00:50:00 58,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\logparser.exe
    + 2006-11-30 12:50:00 16,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVDetect.DLL
    + 2006-11-30 12:50:00 19,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVSCV.DLL
    + 2007-02-23 00:50:00 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShield.dll
    + 2006-11-30 12:50:00 19,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShieldPerfData.dll
    + 2006-11-30 12:50:00 34,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\Mcvssnmp.dll
    + 2006-11-30 12:50:00 83,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfa.dll
    + 2006-11-30 12:50:00 64,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfk.sys
    + 2006-11-30 12:50:00 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfa.dll
    + 2006-11-30 12:50:00 72,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfk.sys
    + 2006-11-30 12:50:00 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopa.dll
    + 2006-11-30 12:50:00 34,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopk.sys
    + 2006-11-30 12:50:00 19,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehida.dll
    + 2006-11-30 12:50:00 46,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidin.exe
    + 2007-02-23 00:50:00 170,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidk.sys
    + 2006-11-30 12:50:00 18,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mferkda.dll
    + 2006-11-30 12:50:00 52,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfetdik.sys
    + 2006-11-30 12:50:00 132,672 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus.dll
    + 2007-02-23 00:50:00 226,880 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus2.dll
    + 2006-11-30 12:50:00 75,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NaEvent.Dll
    + 2006-11-30 12:50:00 362,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCDaemon.exe
    + 2007-02-23 00:50:00 333,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCExtMgr.dll
    + 2006-11-30 12:50:00 149,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCInstall.dll
    + 2007-02-23 00:50:00 464,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCScan.dll
    + 2007-02-23 00:50:00 35,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\OASCpl.dll
    + 2006-11-30 12:50:00 263,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScanOTLK.Dll
    + 2006-11-30 12:50:00 11,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScnCfg32.Exe
    + 2006-11-30 12:50:00 67,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScriptCl.dll
    + 2006-11-30 12:50:00 17,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\scriptsv.dll
    + 2007-02-23 00:50:00 112,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\shstat.exe
    + 2007-02-23 00:50:00 243,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsodscpl.dll
    + 2006-11-30 12:50:00 83,544 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\VSPlugin.dll
    + 2006-11-30 12:50:00 75,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsupdcpl.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-04-23 17:45 243072]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 20:20 68856]
    "Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2007-04-16 13:38 534200]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
    "csiphfok"="C:\WINDOWS\system32\wzevehsj.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168]
    "CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
    "ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 23:05 339968]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24 32768]
    "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
    "SoundMan"="SOUNDMAN.EXE" [2004-12-01 18:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
    "Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
    "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-10-16 20:50 111952]
    "McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-08-30 18:22 136512]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]

    C:\Documents and Settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
    wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2005-08-23 20:08:46 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-08-23 20:06:24 1742384]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Documents and Settings\\Owner\\Mes documents\\transportabilite.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
    "C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

    S3 cusbohcn;cusbohcn;C:\DOCUME~1\Owner\LOCALS~1\Temp\cusbohcn.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0987888c-13f1-11dd-9a3c-0013d30d7190}]
    \shell\Setup\command - setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b44a4a1-1439-11da-95be-806d6172696f}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-23 14:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-12 14:44:01
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-12 14:46:06
    ComboFix-quarantined-files.txt 2008-05-12 18:45:56
    ComboFix2.txt 2008-05-12 02:18:27
    ComboFix3.txt 2008-05-09 20:19:18
    ComboFix4.txt 2008-05-02 02:33:57

    Pre-Run: 40,967,737,344 octets libres
    Post-Run: 41,172,910,080 octets libres

    223 --- E O F --- 2008-04-10 03:25:41

    BitDefender Online Scanner - Rapport virus en temps réel

    Généré à: Mon, May 12, 2008 - 19:38:31

    --------------------------------------------------------

    Info d'analyse

    Fichiers scannés
    49471

    Infectés Fichiers
    0

    Virus Détectés

    Aucun virus trouvé.

    Ce sommaire du processus d'analyse sera utilisé par les laboratoires

    Antivirus BitDefender pour créer des statistiques agréguées sur l'activité

    des virus dans le monde.
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    ________

    si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans
    puis redemarre ton ordi
    puis réactive là :

    https://www.informatruc.com

    __________

    encore des soucis??????????????????,
    0