VOICI MON RAPPORT

Dylan -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
VOICI LE MESSAGE QUE J'AVAIS POSTER SUR LE TOPIC:
Bonjour,
Depuis quelque jours je suis infécté par le virus "privacy danger" qui se trouve dans C:WINDOWS quand j'essaye de le supprimer une fenètre s'affiche qui dit "impossible de supprimer pryvacie danger:accés refusé ,Vérifiez que le disque n'est pas plein ou protéger en écriture, et que le fichier n'est pas utilisé actuellement"
Je n'y comprends rien car je n'utilise pas ce ficher actuellement et que mon disque a de la place , il n'est pas plein.
Si vous pourriez m'aider à le supprimer....
Dylan
ET VOICI LE RAPPORT FAIT AVEC NAVILOG1 EN MODE:1( recherche )
Search Navipromo version 3.5.6 commencé le 05/05/2008 à 11:10:05,17

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "papa"

Mise à jour le 02.05.2008 à 22h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\papa\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\alison\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\dylan\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\DYLAN~1.HOA\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\maman\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\papa\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\alison\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\dylan\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\DYLAN~1.HOA\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\maman\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\papa\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\alison\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\dylan\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\DYLAN~1.HOA\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\maman\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\sullivan\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\papa\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\alison\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\dylan\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\DYLAN~1.HOA\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\maman\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\papa\locals~1\applic~1" :

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

* Dans "C:\DOCUME~1\alison\locals~1\applic~1" :

* Dans "C:\DOCUME~1\dylan\locals~1\applic~1" :

* Dans "C:\DOCUME~1\DYLAN~1.HOA\locals~1\applic~1" :

* Dans "C:\DOCUME~1\maman\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\SCbJlnpo.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

*** Analyse terminée le 05/05/2008 à 11:31:38,14 ***

dites moi ce que je doit faire aprés ce rapport
Voila merci de m'aider a réparer mon ordinateur car je n'y connais rien en informatique j'étais sur le point de le formater !!
Configuration: Windows XP
Internet Explorer 7.0

63 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

Une infection signalée par le virus « privacy danger » bloque la suppression de fichiers système sous Windows, affichant un message d'accès refusé et suggérant d'examiner le disque et les fichiers protégés. Plusieurs outils et rapports furent discutés, notamment l'analyse avec Navilog1 et l'examen des résultats, puis des recommandations pour éviter les suppressions manuelles et privilégier des antivirus et des nettoyeurs. Des réponses évoquent des outils comme OTMoveIt et ComboFix, des conseils pour désactiver temporairement des modules au démarrage et pour analyser les entrées de démarrage via msconfig. Enfin, des conseils encouragent à ne pas restaurer le système tant qu'une désinfection complète n'a pas été vérifiée, afin d'éviter de réactiver des composants malveillants.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Dylan
     
    je doit télécharger tous la liste des anti virus ect... ou alors que 2 ou 3?
    1
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt
    desinstalle navilog vai ton panneau de configuration

    ______________

    smit fraud fix (colle le rapport)

    1/ telecharger :

    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.

    3/ redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis lance smitfraudfix , sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée

    _______________

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :
    http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."

    ___________________
    encore des problèmes?????????,
    0
  3. Dylan
     
    OK merci je vais faire sa a 15h30 et je posterai un message ce soir je pense !!
    Jespere que sa marchera ....
    merci
    0
  4. Dylan
     
    ALORS VOICI LE RAPPORT DE SMITFRAUDFIX :

    SmitFraudFix v2.319

    Rapport fait à 16:10:09,07, 05/05/2008
    Executé à partir de C:\Documents and Settings\papa\Mes documents\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    C:\WINDOWS\ogxtsepr.dll deleted.

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\.protected supprimé
    Problème suppression C:\WINDOWS\privacy_danger
    C:\WINDOWS\xpupdate.exe supprimé
    C:\Program Files\akl\ supprimé
    C:\Program Files\WinMsg\ supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{7EB221C4-79EC-47BC-986F-92C0CB771083}: DhcpNameServer=82.216.111.124 192.168.0.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{9E9A7C4D-DB35-4CB7-84BC-08AEF9B109DB}: DhcpNameServer=82.216.111.124 192.168.0.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{7EB221C4-79EC-47BC-986F-92C0CB771083}: DhcpNameServer=82.216.111.124 192.168.0.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{9E9A7C4D-DB35-4CB7-84BC-08AEF9B109DB}: DhcpNameServer=82.216.111.124 192.168.0.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{7EB221C4-79EC-47BC-986F-92C0CB771083}: DhcpNameServer=82.216.111.124 192.168.0.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{9E9A7C4D-DB35-4CB7-84BC-08AEF9B109DB}: DhcpNameServer=82.216.111.124 192.168.0.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 192.168.0.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 192.168.0.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 192.168.0.1

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    ET CELUI DE HIJACKTHIS:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:33:12, on 05/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\All Users\Application Data\gnmnghip\yhmvynkn.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ahkrgdeb.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
    R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0A067D48-F308-4540-84DE-D12048C052FD} - C:\WINDOWS\system32\opnlJbCS.dll (file missing)
    O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
    O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D77D5578452A3DC7 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: (no name) - {57a0ab61-ac02-4e88-a1a9-5a50db7a6f7f} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - C:\WINDOWS\system32\tuvTKBsq.dll (file missing)
    O2 - BHO: (no name) - {F27CF379-28BD-3D3A-4C88-D03C376E32EE} - (no file)
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [MS32DLL] C

    VOILA LES RAPPORT AIDEZ MOI A CONTINUEZ MA (LUTTE CONTRE LES VIRUS) S.V.P de plus des pages internet "SYSTEME DEFENDER"s'affiche envion chaque 20 min !! merci
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. chimay8 Messages postés 7947 Statut Contributeur sécurité 60
     
    bonjour,
    ton rapport HijackThis est incomplèt.
    relance le
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ton raaport hijakchits est incomplet

    recommence

    ______________

    puis

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    0
  8. Dylan
     
    LE RAPPPORT AVEC HIJACKTHIS (complet ?):

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:33:12, on 05/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\All Users\Application Data\gnmnghip\yhmvynkn.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ahkrgdeb.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
    R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0A067D48-F308-4540-84DE-D12048C052FD} - C:\WINDOWS\system32\opnlJbCS.dll (file missing)
    O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
    O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D77D5578452A3DC7 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: (no name) - {57a0ab61-ac02-4e88-a1a9-5a50db7a6f7f} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - C:\WINDOWS\system32\tuvTKBsq.dll (file missing)
    O2 - BHO: (no name) - {F27CF379-28BD-3D3A-4C88-D03C376E32EE} - (no file)
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [WidgetGF38] C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Fichiers communs\SystemDoctor\DNSE.exe" -c
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min
    O4 - HKCU\..\Run: [fpnkqdop] C:\WINDOWS\system32\ahkrgdeb.exe
    O4 - HKLM\..\Policies\Explorer\Run: [0Ju7G0wNbG] C:\Documents and Settings\All Users\Application Data\gnmnghip\yhmvynkn.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    O8 - Extra context menu item: &Every Toolbar Search - res://C:\PROGRA~1\EVERYT~1.1\everycom.dll/GoRSDN.dll.htm
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt233YYFR
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O21 - SSODL: ogxtsepr - {D7D9FD9D-933B-4FED-9EC4-AB9915BD49BC} - C:\WINDOWS\ogxtsepr.dll (file missing)
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    combofix est incomplet!!!!!!

    __________

    il y a encore du boulot!! tu as error safe qui est un espion ne l'utilise pas!
    ____________

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
    R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
    O2 - BHO: (no name) - {0A067D48-F308-4540-84DE-D12048C052FD} - C:\WINDOWS\system32\opnlJbCS.dll (file missing)
    O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
    O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D77D5578452A3DC7 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
    O2 - BHO: (no name) - {57a0ab61-ac02-4e88-a1a9-5a50db7a6f7f} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - C:\WINDOWS\system32\tuvTKBsq.dll (file missing)
    O2 - BHO: (no name) - {F27CF379-28BD-3D3A-4C88-D03C376E32EE} - (no file)
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min
    O4 - HKCU\..\Run: [fpnkqdop] C:\WINDOWS\system32\ahkrgdeb.exe
    O4 - HKLM\..\Policies\Explorer\Run: [0Ju7G0wNbG] C:\Documents and Settings\All Users\Application Data\gnmnghip\yhmvynkn.exe

    O8 - Extra context menu item: &Every Toolbar Search - res://C:\PROGRA~1\EVERYT~1.1\everycom.dll/GoRSDN.dll.htm
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt233YYFR
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O21 - SSODL: ogxtsepr - {D7D9FD9D-933B-4FED-9EC4-AB9915BD49BC} - C:\WINDOWS\ogxtsepr.dll (file missing)

    ____________________

    Télécharge RavAntivirus d'Evosla :
    http://ww25.evosla.com/compteur.php?soft=rav_antivirus

    # Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
    # Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
    # Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
    # Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
    # Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
    # Retire tes disques amovibles et redémarrez votre ordinateur.
    # Poste le rapport, si infection!
    _____________________

    installe spybot scan avec et vire ce qui est trouvé (tu le gardera par la suite)

    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

    ____________________

    utilise pour supprimer tes traces

    CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
    ____________________

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :
    C:\WINDOWS\MS32DLL.dll.vbs
    C:\Program Files\Error Safe Free
    C:\Program Files\Error Safe Free\ers.exe
    C:\WINDOWS\system32\ahkrgdeb.exe
    C:\Documents and Settings\All Users\Application Data\gnmnghip\yhmvynkn.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ___________________
    recolle un nouveau hijackhtis

    ____________________

    un un nouveau combofix complet cette fois
    0
  10. Dylan
     
    RAPPORT HIJACKTHIS:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:04:55, on 06/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\fifgxivu.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchFilter.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [WidgetGF38] C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1353] command /c del "c:\Program Files\MalwareAlarm\MalwareAlarm0.ma"
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [dxaxcpri] C:\WINDOWS\system32\fifgxivu.exe
    O4 - HKCU\..\Run: [wvjvedcm] C:\WINDOWS\system32\jidevwhy.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    0
  11. Dylan
     
    RAPPORT HIJACKTHIS:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:04:55, on 06/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\fifgxivu.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchFilter.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [WidgetGF38] C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1353] command /c del "c:\Program Files\MalwareAlarm\MalwareAlarm0.ma"
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [dxaxcpri] C:\WINDOWS\system32\fifgxivu.exe
    O4 - HKCU\..\Run: [wvjvedcm] C:\WINDOWS\system32\jidevwhy.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    0
  12. Dylan
     
    CELUI DE COMBOFIX:

    ComboFix 08-05-01.3 - papa 2008-05-05 18:25:13.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.203 [GMT 2:00]
    Endroit: C:\Documents and Settings\papa\Bureau\KillBagle.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\.protected
    C:\autorun.inf
    C:\Documents and Settings\alison\Application Data\HbTools
    C:\Documents and Settings\alison\Application Data\HbTools\HbTools.log
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1002798.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1002878.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1025988.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1041655.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1049177.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1054344.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1055531.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1056107.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1056108.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1056919.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1065003.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1065005.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1067059.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1070515.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1087405.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1088120.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1109822.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\120513.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1224397.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1244483.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1287196.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1383356.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1383701.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1384138.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1384147.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1384577.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1384736.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1385400.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1386004.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1386161.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1386771.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1387231.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1387588.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1388230.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1388539.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1388545.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1388694.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1390269.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1391092.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1391284.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1391571.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1392669.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1394204.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1394240.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1395655.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1396684.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1396993.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1397460.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1399469.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1400009.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1400295.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1400879.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1401232.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1402137.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1402347.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1403308.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1404245.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1405029.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1411749.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1412146.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1414901.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1416724.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1416838.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1416885.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1438752.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\143907.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1496544.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\151198.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1545323.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1636521.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1642471.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1664226.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1678684.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1703105.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1734897.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\175184.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1772582.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1817352.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1824774.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1844534.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1845510.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1853224.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1859712.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1911283.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1924428.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\193164.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1974638.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1996086.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2065263.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2066717.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2066842.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2087561.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2101289.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\215031.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2158422.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2175800.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\217615.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2208946.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2291481.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2336681.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\233885.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\234819.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2360615.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2387924.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2415038.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2442555.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2572057.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2611528.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\262235.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2655434.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2691158.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2691160.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\270468.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2726728.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2802617.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2810922.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2811054.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2867400.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2880818.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2881384.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2883916.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2885069.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2889382.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\289096.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2893940.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2896152.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\289651.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2899612.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2903988.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3037545.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3240760.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3248862.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3248883.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3248884.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3251993.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\329896.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3423454.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3424992.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3428365.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3442551.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3442556.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3513495.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\370366.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3717325.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3720909.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3732170.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3736273.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3751912.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3752022.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3756147.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3756150.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3781310.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3781315.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3781380.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3786193.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3786291.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\39621.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\406631.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\417732.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\456763.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\459029.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\472651.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\475157.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\482651.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\48657.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\486992.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\499863.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\512718.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\56356.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\590542.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\600583.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\602359.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\611023.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\627350.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\633822.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\673052.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\699705.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\701597.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\703644.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\737654.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\789396.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\794121.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\803618.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\805478.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\819382.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\82707.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\84202.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\847909.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\886762.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\891784.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\892679.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\906390.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\914410.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\937458.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\943670.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\949763.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\965273.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\967915.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\969631.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\991767.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\997191.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\997827.sdf
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000003164
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000003674
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000003756
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000004528
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000013401
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000013657
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000019165
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000019251
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000021420
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000021726
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000021966
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023645
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023651
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023708
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023763
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023773
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023835
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023864
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023875
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023897
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023913
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023946
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023950
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024021
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024036
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024042
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024060
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024061
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024063
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024121
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024148
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024187
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024294
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024298
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024388
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024445
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024471
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024476
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024478
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024593
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024615
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024631
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024635
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024644
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024696
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024699
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024710
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024721
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024749
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024776
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024799
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024806
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024857
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024874
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024917
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024944
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024965
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024972
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024980
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024991
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025015
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025079
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025102
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025111
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025112
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025136
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025170
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025187
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025211
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025260
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025264
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025284
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025295
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025311
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025545
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025608
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025609
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025683
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025722
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025759
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025780
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025781
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025784
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025790
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025802
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025808
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025957
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026008
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026048
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026067
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026073
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026075
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026080
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026083
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026100
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026148
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026151
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026190
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026221
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026235
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026240
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026266
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026286
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026287
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026367
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026369
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026427
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026429
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026430
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026432
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026465
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026485
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026488
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026495
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026566
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026567
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026580
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026685
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026693
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026701
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026707
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026787
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026830
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026859
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026870
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026896
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026900
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026921
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026951
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026952
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026967
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026997
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027025
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027037
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027120
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027266
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027267
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027306
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027343
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027380
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027400
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027408
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027537
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027542
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027559
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027615
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027619
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027627
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027662
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027742
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027746
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027805
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027846
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027874
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027908
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027925
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027931
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027936
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027957
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027969
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027979
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028063
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028802
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028808
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028811
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028822
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028824
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028825
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028849
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028869
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028871
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028907
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028911
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028920
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000029204
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000029215
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000029220
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000029224
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000029227
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000029230
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000030548
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000030816
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000032933
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000032944
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000032953
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000032954
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000032963
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000033001
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000033005
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000033027
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000033077
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000033088
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000037209
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000037226
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000037230
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000037257
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000037304
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\10110
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\10546
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1058
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\10807
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\110943
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\11213
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\11891
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\127887
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\130921
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13306
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13546
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13562
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13617
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1370
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1381
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1396
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1424
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14435
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14575
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\146284
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14633
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14805
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14837
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\148687
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1491
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\15040
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\154042
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\15533
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\15643
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\156808
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1587
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1590
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16065
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1610
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16173
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16211
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16225
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16700
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17025
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\182864
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\18391
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\18806
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\19624
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\19650
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20153
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\2021
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20246
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20266
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20570
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20613
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20935
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\21017
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\211683
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\21612
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\21643
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\216889
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\223130
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\223385
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\22364
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\22377
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\227849
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\22809
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\22913
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\23901
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\23928
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\24098
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\243256
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\244692
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\24625
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\25063
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\251438
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\251949
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\25306
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\25708
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\258537
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\25869
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26077
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26106
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26335
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26340
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26479
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\2672
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27082
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27414
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27503
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27505
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\28062
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\281638
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\28383
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\28645
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\290893
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29115
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29135
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29425
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29642
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\297253
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\299892
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30301
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30309
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30431
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30840
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\31387
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\31548
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\31638
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32075
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32171
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32200
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32242
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32254
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32415
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\331149
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33137
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\3338
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33697
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33915
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33916
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\345209
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34754
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34911
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35000
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35006
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35015
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\352526
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35654
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\356660
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\357827
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35900
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35902
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35904
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\36598
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\3677
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\36834
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\37081
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\37122
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\371239
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\37135
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\372224
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\382910
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\386983
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\39245
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\40402
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\40999
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41215
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4142
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41421
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4166
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41668
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41854
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41952
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41980
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41999
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\42437
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\42788
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\43142
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\43638
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4382
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44228
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44229
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44293
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4442
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44458
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\445700
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44878
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45214
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45445
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\455743
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\455904
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\456080
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45833
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\471558
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4720
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\478995
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\479505
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\48166
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4880
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4919
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49269
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\494328
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49492
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49493
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49494
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49587
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4967
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49821
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49849
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49923
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\5112
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51166
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51233
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51374
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51824
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51931
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52177
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52253
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52335
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\526389
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52968
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53312
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53315
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53481
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\534945
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\5358
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53667
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\536855
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53842
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53923
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53933
    C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\54189
    C
    0
  13. Dylan
     
    LE RAPPORT AVEC OTMOVEIT:

    File/Folder C:\WINDOWS\MS32DLL.dll.vbs not found.
    File/Folder C:\Program Files\Error Safe Free not found.
    File/Folder C:\Program Files\Error Safe Free\ers.exe not found.
    C:\WINDOWS\system32\ahkrgdeb.exe moved successfully.
    C:\Documents and Settings\All Users\Application Data\gnmnghip\yhmvynkn.exe moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05062008_140232

    SINON AVEC SPYBOTS APPAREMENT IL N'ARRIVE PAS A SUPPRIMER UN VIRUS ET QUE FAIRE AVEC LES FENETRES QUI DEMANDE L AUTORISATION DES MODIFICATIONS.SINON UNE FENETRE VIENT RAREMENT DE "SYSTEME INTEGRITY SCAN WIZARD"
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    scan avec spybot en mode sans ehcec

    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fdocid/20020905112131924

    et tu me dira si il arrive a virer toutes les infections

    ___________________

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    _________________

    recolle un nouveau hijackhtis

    ____________________

    un un nouveau combofix complet cette fois
    0
  15. Dylan
     
    Bonsoir,
    Juste pour dire que je posterai les rapports surement demain ou après-demain,
    ( juste pour ne pas que vous attendez ) !!
    0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    a plus
    0
  17. Dylan
     
    RAPPORT AVEC COMBOFIXE:

    ComboFix 08-05-01.3 - papa 2008-05-07 21:46:26.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.93 [GMT 2:00]
    Endroit: C:\Documents and Settings\papa\Bureau\Combo-Fixe.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-07 to 2008-05-07 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-06 21:28 . 2008-05-07 12:18 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-06 21:28 . 2008-05-06 21:28 <REP> d-------- C:\Documents and Settings\papa\Application Data\Malwarebytes
    2008-05-06 21:28 . 2008-05-06 21:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-06 21:28 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-06 21:28 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-06 14:02 . 2008-05-06 14:02 <REP> d-------- C:\_OTMoveIt
    2008-05-06 13:55 . 2008-05-06 13:55 <REP> d-------- C:\Program Files\CCleaner
    2008-05-05 21:15 . 2008-05-05 21:16 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-05 21:15 . 2008-05-06 13:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-05 18:24 . 2008-05-05 18:52 <REP> d-------- C:\KillBagle
    2008-05-05 16:27 . 2008-05-05 16:27 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-05 15:48 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-05-05 15:48 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-05-01 18:25 . 2008-05-01 18:25 <REP> d-------- C:\VundoFix Backups
    2008-04-22 21:00 . 2008-04-22 21:00 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Apple Computer
    2008-04-22 18:12 . 2008-04-22 18:13 <REP> d-------- C:\WINDOWS\system32\Adobe
    2008-04-19 11:57 . 2008-04-19 11:57 1,160 --a------ C:\WINDOWS\mozver.dat
    2008-04-18 18:03 . 2008-04-18 18:03 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Talkback
    2008-04-18 14:10 . 2008-05-05 15:43 <REP> d-------- C:\Program Files\Navilog1
    2008-04-18 14:07 . 2008-04-18 17:13 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Contacts
    2008-04-18 13:28 . 2008-05-05 17:48 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\VMNTOOLBAR
    2008-04-18 13:28 . 2008-04-18 13:28 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Teleca
    2008-04-18 13:28 . 2008-04-18 13:28 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Sony Ericsson
    2008-04-18 13:28 . 2008-04-18 13:28 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\MSN Search Toolbar
    2008-04-18 13:27 . 2005-12-09 21:34 <REP> d--h----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Voisinage réseau
    2008-04-18 13:27 . 2005-12-09 21:34 <REP> d--h----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Voisinage d'impression
    2008-04-18 13:27 . 2005-12-09 20:40 <REP> d--h----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Modèles
    2008-04-18 13:27 . 2008-05-01 18:24 <REP> d---s---- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Mes documents
    2008-04-18 13:27 . 2005-12-09 21:34 <REP> dr------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Menu Démarrer
    2008-04-18 13:27 . 2008-04-26 11:54 <REP> d---s---- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Favoris
    2008-04-18 13:27 . 2008-05-01 18:27 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Bureau
    2008-04-18 13:27 . 2008-05-05 17:50 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F
    2008-04-18 13:27 . 2008-05-07 21:44 1,024 --ah----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\NTUSER.DAT.LOG
    2008-04-17 22:44 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-04-17 22:44 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-04-17 22:44 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-04-17 22:44 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-04-17 22:44 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-04-17 22:44 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-04-17 22:44 . 2008-05-05 16:10 3,566 --a------ C:\WINDOWS\system32\tmp.reg
    2008-04-16 23:23 . 2008-04-16 23:23 87,616 --a------ C:\WINDOWS\system32\thrmgppt.dll
    2008-04-16 21:53 . 2008-04-16 21:53 2,103 --a------ C:\Documents and Settings\maman\Application Data\update.log
    2008-04-15 22:17 . 2008-04-17 12:30 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-15 16:55 . 2008-04-15 16:55 <REP> d-------- C:\Documents and Settings\alison\Application Data\TmpRecentIcons
    2008-04-14 11:45 . 2008-04-14 11:45 3,648 --a------ C:\WINDOWS\system32\ltycfmxq.dll
    2008-04-13 11:26 . 2008-04-13 11:26 3,648 --a------ C:\WINDOWS\system32\xvvkgvgp.dll
    2008-04-12 23:54 . 2008-04-15 12:37 <REP> d-------- C:\Documents and Settings\maman\Application Data\TmpRecentIcons
    2008-04-12 23:34 . 2008-04-12 23:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-04-12 23:24 . 2008-04-12 23:24 <REP> d-------- C:\Documents and Settings\alison\Application Data\Teleca
    2008-04-12 23:24 . 2008-04-12 23:24 <REP> d-------- C:\Documents and Settings\alison\Application Data\Sony Ericsson
    2008-04-12 22:09 . 2008-05-06 14:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\gnmnghip
    2008-04-09 20:13 . 2008-04-09 20:13 <REP> d-------- C:\Program Files\GrenobleFoot38

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-07 19:37 --------- d-----w C:\Documents and Settings\papa\Application Data\VMNTOOLBAR
    2008-05-07 16:34 --------- d-----w C:\Program Files\eMule
    2008-05-07 11:18 --------- d-----w C:\Program Files\MSN Messenger
    2008-05-06 19:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-04-18 16:00 --------- d-----w C:\Program Files\Morpheus Toolbar
    2008-04-18 15:58 --------- d-----r C:\Program Files\Morpheus
    2008-04-18 14:43 --------- d-----w C:\Documents and Settings\alison\Application Data\VMNTOOLBAR
    2008-04-17 10:38 --------- d-----w C:\Documents and Settings\maman\Application Data\Lavasoft
    2008-04-17 10:16 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-04-17 09:34 --------- d-----w C:\Documents and Settings\maman\Application Data\VMNTOOLBAR
    2008-04-16 20:11 --------- d-----w C:\Documents and Settings\alison\Application Data\CoalEncMove
    2008-04-15 11:47 --------- d-----w C:\Documents and Settings\maman\Application Data\Teleca
    2008-04-14 09:58 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-04-11 11:25 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-23 10:47 --------- d-----w C:\Documents and Settings\papa\Application Data\Teleca
    2008-03-23 10:46 --------- d-----w C:\Documents and Settings\papa\Application Data\Sony Ericsson
    2008-03-14 11:17 --------- d-----w C:\Documents and Settings\maman\Application Data\Sony Ericsson
    2008-03-13 17:19 --------- d-----w C:\Program Files\MSXML 4.0
    2008-03-12 18:29 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
    2008-03-12 18:27 --------- d-----w C:\Program Files\Sony Ericsson
    2008-03-12 18:27 --------- d-----w C:\Program Files\Fichiers communs\Sony Ericsson Shared
    2008-03-12 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
    2008-03-12 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
    2008-03-12 13:06 --------- d-----w C:\Program Files\Sony
    2007-03-25 17:04 87,608 ----a-w C:\Documents and Settings\alison\Application Data\ezpinst.exe
    2007-03-25 17:04 47,360 ----a-w C:\Documents and Settings\alison\Application Data\pcouffin.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-05_18.49.46.76 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-05 16:44:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-07 16:31:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2008-04-26 11:22:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-05-05 18:30:47 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-04-26 11:22:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-05-05 18:30:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2008-04-26 11:22:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-05 18:30:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-07 16:31:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_534.dat
    .
    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "dxaxcpri"="C:\WINDOWS\system32\fifgxivu.exe" [ ]
    "wvjvedcm"="C:\WINDOWS\system32\jidevwhy.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio"="cmicnfg.cpl" []
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-11-23 22:05 111840]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-26 13:22 29744]
    "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 19:19 49152]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 11:14 528384]
    "WidgetGF38"="C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe" [2008-01-24 12:17 1701370]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 11:43 5146448]
    "SpybotDeletingA1353"="command /c del c:\Program Files\MalwareAlarm\MalwareAlarm0.ma" [ ]
    "GrpConv"="grpconv -o" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-05 14:00 44544]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-15 19:57:03 124912]
    Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearch.exe [2005-09-20 19:10:04 238080]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= DivXa32.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c08afad1]
    --a------ 2008-04-16 23:23 87616 C:\WINDOWS\system32\thrmgppt.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\eMule\\eMule.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
    S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-26 13:22]
    S3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3legacy.sys [2001-08-17 21:57]
    S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 13:43]
    S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 13:43]
    S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 13:43]
    S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 13:43]
    S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 13:43]
    S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 13:43]
    S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 13:43]
    S3 USB_NDIS_51;USB Ndis Cable Modem Network Device Driver;C:\WINDOWS\system32\DRIVERS\bcmndis.sys [2004-08-18 22:38]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    \Shell\AutoRun\command - J:\LaunchU3.exe -a

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-07 19:00:05 C:\WINDOWS\Tasks\A70C999E91930C96.job"
    - c:\docume~1\alison\applic~1\coalen~1\GPL ISO 2.exe
    "2007-05-18 22:14:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-07 21:54:33
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-07 22:00:24
    ComboFix-quarantined-files.txt 2008-05-07 20:00:06

    Pre-Run: 199,536,472,064 octets libres
    Post-Run: 199,803,826,176 octets libres

    187 --- E O F --- 2008-04-11 11:36:00

    RAPPORT AVEC HIJACKTHIS:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:03:37, on 07/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [WidgetGF38] C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1353] command /c del "c:\Program Files\MalwareAlarm\MalwareAlarm0.ma"
    O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [dxaxcpri] C:\WINDOWS\system32\fifgxivu.exe
    O4 - HKCU\..\Run: [wvjvedcm] C:\WINDOWS\system32\jidevwhy.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-220523388-839522115-921149763-1005\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'sullivan')
    O4 - HKUS\S-1-5-21-220523388-839522115-921149763-1005\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe (User 'sullivan')
    O4 - HKUS\S-1-5-21-220523388-839522115-921149763-1005\..\Run: [ajkbubxz] C:\WINDOWS\system32\litoxczm.exe (User 'sullivan')
    O4 - HKUS\S-1-5-21-220523388-839522115-921149763-1005\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart (User 'sullivan')
    O4 - HKUS\S-1-5-21-220523388-839522115-921149763-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire ce qui est dans la sauvegarde (quarantaine de spybot)

    ___________

    telecharge combofix:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Driver ::
    vxhhsueh

    File::
    C:\WINDOWS\system32\jidevwhy.exe
    C:\WINDOWS\system32\fifgxivu.exe

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "dxaxcpri"=-
    "wvjvedcm"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis et dis tes soucis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  19. Dylan
     
    LE RAPPORT AVEC COMBOFIX:

    ComboFix 08-05-01.3 - papa 2008-05-09 19:28:57.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.155 [GMT 2:00]
    Endroit: C:\Documents and Settings\papa\Bureau\Combo-Fixe.exe
    Command switches used :: C:\Documents and Settings\papa\Bureau\CFscript

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\WINDOWS\system32\fifgxivu.exe
    C:\WINDOWS\system32\jidevwhy.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-06 21:28 . 2008-05-07 12:18 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-06 21:28 . 2008-05-06 21:28 <REP> d-------- C:\Documents and Settings\papa\Application Data\Malwarebytes
    2008-05-06 21:28 . 2008-05-06 21:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-06 21:28 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-06 21:28 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-06 14:02 . 2008-05-06 14:02 <REP> d-------- C:\_OTMoveIt
    2008-05-06 13:55 . 2008-05-06 13:55 <REP> d-------- C:\Program Files\CCleaner
    2008-05-05 21:15 . 2008-05-05 21:16 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-05 21:15 . 2008-05-06 13:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-05 18:24 . 2008-05-05 18:52 <REP> d-------- C:\KillBagle
    2008-05-05 16:27 . 2008-05-05 16:27 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-05 15:48 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-05-05 15:48 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-05-01 18:25 . 2008-05-01 18:25 <REP> d-------- C:\VundoFix Backups
    2008-04-22 21:00 . 2008-04-22 21:00 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Apple Computer
    2008-04-22 18:12 . 2008-04-22 18:13 <REP> d-------- C:\WINDOWS\system32\Adobe
    2008-04-19 11:57 . 2008-04-19 11:57 1,160 --a------ C:\WINDOWS\mozver.dat
    2008-04-18 18:03 . 2008-04-18 18:03 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Talkback
    2008-04-18 14:10 . 2008-05-05 15:43 <REP> d-------- C:\Program Files\Navilog1
    2008-04-18 14:07 . 2008-04-18 17:13 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Contacts
    2008-04-18 13:28 . 2008-05-05 17:48 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\VMNTOOLBAR
    2008-04-18 13:28 . 2008-04-18 13:28 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Teleca
    2008-04-18 13:28 . 2008-04-18 13:28 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Sony Ericsson
    2008-04-18 13:28 . 2008-04-18 13:28 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\MSN Search Toolbar
    2008-04-18 13:27 . 2005-12-09 21:34 <REP> d--h----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Voisinage réseau
    2008-04-18 13:27 . 2005-12-09 21:34 <REP> d--h----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Voisinage d'impression
    2008-04-18 13:27 . 2005-12-09 20:40 <REP> d--h----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Modèles
    2008-04-18 13:27 . 2008-05-01 18:24 <REP> d---s---- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Mes documents
    2008-04-18 13:27 . 2005-12-09 21:34 <REP> dr------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Menu Démarrer
    2008-04-18 13:27 . 2008-04-26 11:54 <REP> d---s---- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Favoris
    2008-04-18 13:27 . 2008-05-01 18:27 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Bureau
    2008-04-18 13:27 . 2008-05-05 17:50 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F
    2008-04-18 13:27 . 2008-05-09 19:24 1,024 --ah----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\NTUSER.DAT.LOG
    2008-04-17 22:44 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-04-17 22:44 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-04-17 22:44 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-04-17 22:44 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-04-17 22:44 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-04-17 22:44 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-04-17 22:44 . 2008-05-05 16:10 3,566 --a------ C:\WINDOWS\system32\tmp.reg
    2008-04-16 23:23 . 2008-04-16 23:23 87,616 --a------ C:\WINDOWS\system32\thrmgppt.dll
    2008-04-16 21:53 . 2008-04-16 21:53 2,103 --a------ C:\Documents and Settings\maman\Application Data\update.log
    2008-04-15 22:17 . 2008-04-17 12:30 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-15 16:55 . 2008-04-15 16:55 <REP> d-------- C:\Documents and Settings\alison\Application Data\TmpRecentIcons
    2008-04-14 11:45 . 2008-04-14 11:45 3,648 --a------ C:\WINDOWS\system32\ltycfmxq.dll
    2008-04-13 11:26 . 2008-04-13 11:26 3,648 --a------ C:\WINDOWS\system32\xvvkgvgp.dll
    2008-04-12 23:54 . 2008-04-15 12:37 <REP> d-------- C:\Documents and Settings\maman\Application Data\TmpRecentIcons
    2008-04-12 23:34 . 2008-04-12 23:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-04-12 23:24 . 2008-04-12 23:24 <REP> d-------- C:\Documents and Settings\alison\Application Data\Teleca
    2008-04-12 23:24 . 2008-04-12 23:24 <REP> d-------- C:\Documents and Settings\alison\Application Data\Sony Ericsson
    2008-04-12 22:09 . 2008-05-06 14:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\gnmnghip
    2008-04-09 20:13 . 2008-04-09 20:13 <REP> d-------- C:\Program Files\GrenobleFoot38

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-09 17:24 --------- d-----w C:\Documents and Settings\papa\Application Data\VMNTOOLBAR
    2008-05-09 12:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-05-09 07:57 --------- d-----w C:\Program Files\eMule
    2008-05-07 11:18 --------- d-----w C:\Program Files\MSN Messenger
    2008-04-18 16:00 --------- d-----w C:\Program Files\Morpheus Toolbar
    2008-04-18 15:58 --------- d-----r C:\Program Files\Morpheus
    2008-04-18 14:43 --------- d-----w C:\Documents and Settings\alison\Application Data\VMNTOOLBAR
    2008-04-17 10:38 --------- d-----w C:\Documents and Settings\maman\Application Data\Lavasoft
    2008-04-17 10:16 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-04-17 09:34 --------- d-----w C:\Documents and Settings\maman\Application Data\VMNTOOLBAR
    2008-04-16 20:11 --------- d-----w C:\Documents and Settings\alison\Application Data\CoalEncMove
    2008-04-15 11:47 --------- d-----w C:\Documents and Settings\maman\Application Data\Teleca
    2008-04-14 09:58 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-04-11 11:25 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-23 10:47 --------- d-----w C:\Documents and Settings\papa\Application Data\Teleca
    2008-03-23 10:46 --------- d-----w C:\Documents and Settings\papa\Application Data\Sony Ericsson
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-14 11:17 --------- d-----w C:\Documents and Settings\maman\Application Data\Sony Ericsson
    2008-03-13 17:19 --------- d-----w C:\Program Files\MSXML 4.0
    2008-03-12 18:29 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
    2008-03-12 18:27 --------- d-----w C:\Program Files\Sony Ericsson
    2008-03-12 18:27 --------- d-----w C:\Program Files\Fichiers communs\Sony Ericsson Shared
    2008-03-12 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
    2008-03-12 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
    2008-03-12 13:06 --------- d-----w C:\Program Files\Sony
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2007-03-25 17:04 87,608 ----a-w C:\Documents and Settings\alison\Application Data\ezpinst.exe
    2007-03-25 17:04 47,360 ----a-w C:\Documents and Settings\alison\Application Data\pcouffin.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-05_18.49.46.76 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-05 16:44:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-09 17:18:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2008-04-26 11:22:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-05-05 18:30:47 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-04-26 11:22:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-05-05 18:30:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2008-04-26 11:22:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-05 18:30:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2008-05-05 16:44:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_53c.dat
    + 2008-05-09 17:18:42 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_53c.dat
    .
    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio"="cmicnfg.cpl" []
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-11-23 22:05 111840]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-26 13:22 29744]
    "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 19:19 49152]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 11:14 528384]
    "WidgetGF38"="C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe" [2008-01-24 12:17 1701370]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-05 14:00 44544]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-15 19:57:03 124912]
    Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearch.exe [2005-09-20 19:10:04 238080]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= DivXa32.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c08afad1]
    --a------ 2008-04-16 23:23 87616 C:\WINDOWS\system32\thrmgppt.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\eMule\\eMule.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
    S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-26 13:22]
    S3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3legacy.sys [2001-08-17 21:57]
    S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 13:43]
    S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 13:43]
    S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 13:43]
    S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 13:43]
    S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 13:43]
    S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 13:43]
    S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 13:43]
    S3 USB_NDIS_51;USB Ndis Cable Modem Network Device Driver;C:\WINDOWS\system32\DRIVERS\bcmndis.sys [2004-08-18 22:38]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    \Shell\AutoRun\command - J:\LaunchU3.exe -a

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-09 08:00:00 C:\WINDOWS\Tasks\A70C999E91930C96.job"
    - c:\docume~1\alison\applic~1\coalen~1\GPL ISO 2.exe
    "2007-05-18 22:14:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-09 19:32:50
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-09 19:36:29
    ComboFix-quarantined-files.txt 2008-05-09 17:36:25
    ComboFix2.txt 2008-05-07 20:00:30

    Pre-Run: 199,795,662,848 octets libres
    Post-Run: 199,860,805,632 octets libres

    190 --- E O F --- 2008-04-11 11:36:00

    LE RAPPORT AVEC HIJACKTHIS:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:42:55, on 09/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [WidgetGF38] C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    0
  20. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    le rapport est bon

    pour ne plus avoir les alertes désactive le tea timer de spybot (lance spybot puis MODE puis MODE AVANCE puis OUTIL puis RESIDENT et décoche tea timer)

    encore des soucis????

    pour protéger gratos ton ordi

    http://www.commentcamarche.net/telecharger/logiciel 4 securite

    mettre un antivirus

    AVAST en français ou ANTIVIR (en anglais mais très efficace)
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions :
    MalwareByte's Anti-Malware + SPYBOT
    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
    --------
    un pare feu :
    celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

    https://forum.pcastuces.com/sujet.asp?f=25&s=35606
    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

    -----------
    CCLEANER pour effacer les traces de surf
    ---------
    naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
    http://www.mozilla-europe.org/fr/products/firefox/
    0
  21. Dylan
     
    C'est bon privacy danger aussi il est partit ??
    Maintenant si sa te derange pas tu pourra m'aider a réparer l'ordi portable a ma soeur?
    Merci
    0
  • 1
  • 2
  • 3
  • 4