VOICI MON RAPPORT
Dylan
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
VOICI LE MESSAGE QUE J'AVAIS POSTER SUR LE TOPIC:
Bonjour,
Depuis quelque jours je suis infécté par le virus "privacy danger" qui se trouve dans C:WINDOWS quand j'essaye de le supprimer une fenètre s'affiche qui dit "impossible de supprimer pryvacie danger:accés refusé ,Vérifiez que le disque n'est pas plein ou protéger en écriture, et que le fichier n'est pas utilisé actuellement"
Je n'y comprends rien car je n'utilise pas ce ficher actuellement et que mon disque a de la place , il n'est pas plein.
Si vous pourriez m'aider à le supprimer....
Dylan
ET VOICI LE RAPPORT FAIT AVEC NAVILOG1 EN MODE:1( recherche )
Search Navipromo version 3.5.6 commencé le 05/05/2008 à 11:10:05,17
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "papa"
Mise à jour le 02.05.2008 à 22h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\papa\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\alison\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\dylan\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\DYLAN~1.HOA\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\maman\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\papa\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\alison\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\dylan\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\DYLAN~1.HOA\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\maman\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\papa\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\alison\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\dylan\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\DYLAN~1.HOA\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\maman\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\sullivan\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\papa\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\alison\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\dylan\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\DYLAN~1.HOA\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\maman\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\papa\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
* Dans "C:\DOCUME~1\alison\locals~1\applic~1" :
* Dans "C:\DOCUME~1\dylan\locals~1\applic~1" :
* Dans "C:\DOCUME~1\DYLAN~1.HOA\locals~1\applic~1" :
* Dans "C:\DOCUME~1\maman\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
C:\WINDOWS\system32\SCbJlnpo.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 05/05/2008 à 11:31:38,14 ***
dites moi ce que je doit faire aprés ce rapport
Voila merci de m'aider a réparer mon ordinateur car je n'y connais rien en informatique j'étais sur le point de le formater !!
Bonjour,
Depuis quelque jours je suis infécté par le virus "privacy danger" qui se trouve dans C:WINDOWS quand j'essaye de le supprimer une fenètre s'affiche qui dit "impossible de supprimer pryvacie danger:accés refusé ,Vérifiez que le disque n'est pas plein ou protéger en écriture, et que le fichier n'est pas utilisé actuellement"
Je n'y comprends rien car je n'utilise pas ce ficher actuellement et que mon disque a de la place , il n'est pas plein.
Si vous pourriez m'aider à le supprimer....
Dylan
ET VOICI LE RAPPORT FAIT AVEC NAVILOG1 EN MODE:1( recherche )
Search Navipromo version 3.5.6 commencé le 05/05/2008 à 11:10:05,17
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "papa"
Mise à jour le 02.05.2008 à 22h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\papa\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\alison\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\dylan\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\DYLAN~1.HOA\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\maman\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\papa\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\alison\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\dylan\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\DYLAN~1.HOA\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\maman\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\papa\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\alison\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\dylan\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\DYLAN~1.HOA\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\maman\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\sullivan\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\papa\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\alison\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\dylan\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\DYLAN~1.HOA\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\maman\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\papa\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
* Dans "C:\DOCUME~1\alison\locals~1\applic~1" :
* Dans "C:\DOCUME~1\dylan\locals~1\applic~1" :
* Dans "C:\DOCUME~1\DYLAN~1.HOA\locals~1\applic~1" :
* Dans "C:\DOCUME~1\maman\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
C:\WINDOWS\system32\SCbJlnpo.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 05/05/2008 à 11:31:38,14 ***
dites moi ce que je doit faire aprés ce rapport
Voila merci de m'aider a réparer mon ordinateur car je n'y connais rien en informatique j'étais sur le point de le formater !!
63 réponses
slt
desinstalle navilog vai ton panneau de configuration
______________
smit fraud fix (colle le rapport)
1/ telecharger :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
3/ redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis lance smitfraudfix , sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée
_______________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
___________________
encore des problèmes?????????,
desinstalle navilog vai ton panneau de configuration
______________
smit fraud fix (colle le rapport)
1/ telecharger :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
3/ redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis lance smitfraudfix , sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée
_______________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
___________________
encore des problèmes?????????,
OK merci je vais faire sa a 15h30 et je posterai un message ce soir je pense !!
Jespere que sa marchera ....
merci
Jespere que sa marchera ....
merci
ALORS VOICI LE RAPPORT DE SMITFRAUDFIX :
SmitFraudFix v2.319
Rapport fait à 16:10:09,07, 05/05/2008
Executé à partir de C:\Documents and Settings\papa\Mes documents\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\ogxtsepr.dll deleted.
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\.protected supprimé
Problème suppression C:\WINDOWS\privacy_danger
C:\WINDOWS\xpupdate.exe supprimé
C:\Program Files\akl\ supprimé
C:\Program Files\WinMsg\ supprimé
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7EB221C4-79EC-47BC-986F-92C0CB771083}: DhcpNameServer=82.216.111.124 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9E9A7C4D-DB35-4CB7-84BC-08AEF9B109DB}: DhcpNameServer=82.216.111.124 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7EB221C4-79EC-47BC-986F-92C0CB771083}: DhcpNameServer=82.216.111.124 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9E9A7C4D-DB35-4CB7-84BC-08AEF9B109DB}: DhcpNameServer=82.216.111.124 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7EB221C4-79EC-47BC-986F-92C0CB771083}: DhcpNameServer=82.216.111.124 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9E9A7C4D-DB35-4CB7-84BC-08AEF9B109DB}: DhcpNameServer=82.216.111.124 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
ET CELUI DE HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:12, on 05/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\gnmnghip\yhmvynkn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ahkrgdeb.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A067D48-F308-4540-84DE-D12048C052FD} - C:\WINDOWS\system32\opnlJbCS.dll (file missing)
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D77D5578452A3DC7 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {57a0ab61-ac02-4e88-a1a9-5a50db7a6f7f} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - C:\WINDOWS\system32\tuvTKBsq.dll (file missing)
O2 - BHO: (no name) - {F27CF379-28BD-3D3A-4C88-D03C376E32EE} - (no file)
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [MS32DLL] C
VOILA LES RAPPORT AIDEZ MOI A CONTINUEZ MA (LUTTE CONTRE LES VIRUS) S.V.P de plus des pages internet "SYSTEME DEFENDER"s'affiche envion chaque 20 min !! merci
SmitFraudFix v2.319
Rapport fait à 16:10:09,07, 05/05/2008
Executé à partir de C:\Documents and Settings\papa\Mes documents\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\ogxtsepr.dll deleted.
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\.protected supprimé
Problème suppression C:\WINDOWS\privacy_danger
C:\WINDOWS\xpupdate.exe supprimé
C:\Program Files\akl\ supprimé
C:\Program Files\WinMsg\ supprimé
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7EB221C4-79EC-47BC-986F-92C0CB771083}: DhcpNameServer=82.216.111.124 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9E9A7C4D-DB35-4CB7-84BC-08AEF9B109DB}: DhcpNameServer=82.216.111.124 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7EB221C4-79EC-47BC-986F-92C0CB771083}: DhcpNameServer=82.216.111.124 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9E9A7C4D-DB35-4CB7-84BC-08AEF9B109DB}: DhcpNameServer=82.216.111.124 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7EB221C4-79EC-47BC-986F-92C0CB771083}: DhcpNameServer=82.216.111.124 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9E9A7C4D-DB35-4CB7-84BC-08AEF9B109DB}: DhcpNameServer=82.216.111.124 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
ET CELUI DE HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:12, on 05/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\gnmnghip\yhmvynkn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ahkrgdeb.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A067D48-F308-4540-84DE-D12048C052FD} - C:\WINDOWS\system32\opnlJbCS.dll (file missing)
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D77D5578452A3DC7 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {57a0ab61-ac02-4e88-a1a9-5a50db7a6f7f} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - C:\WINDOWS\system32\tuvTKBsq.dll (file missing)
O2 - BHO: (no name) - {F27CF379-28BD-3D3A-4C88-D03C376E32EE} - (no file)
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [MS32DLL] C
VOILA LES RAPPORT AIDEZ MOI A CONTINUEZ MA (LUTTE CONTRE LES VIRUS) S.V.P de plus des pages internet "SYSTEME DEFENDER"s'affiche envion chaque 20 min !! merci
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ton raaport hijakchits est incomplet
recommence
______________
puis
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
recommence
______________
puis
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
LE RAPPPORT AVEC HIJACKTHIS (complet ?):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:12, on 05/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\gnmnghip\yhmvynkn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ahkrgdeb.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A067D48-F308-4540-84DE-D12048C052FD} - C:\WINDOWS\system32\opnlJbCS.dll (file missing)
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D77D5578452A3DC7 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {57a0ab61-ac02-4e88-a1a9-5a50db7a6f7f} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - C:\WINDOWS\system32\tuvTKBsq.dll (file missing)
O2 - BHO: (no name) - {F27CF379-28BD-3D3A-4C88-D03C376E32EE} - (no file)
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WidgetGF38] C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Fichiers communs\SystemDoctor\DNSE.exe" -c
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min
O4 - HKCU\..\Run: [fpnkqdop] C:\WINDOWS\system32\ahkrgdeb.exe
O4 - HKLM\..\Policies\Explorer\Run: [0Ju7G0wNbG] C:\Documents and Settings\All Users\Application Data\gnmnghip\yhmvynkn.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &Every Toolbar Search - res://C:\PROGRA~1\EVERYT~1.1\everycom.dll/GoRSDN.dll.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt233YYFR
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O21 - SSODL: ogxtsepr - {D7D9FD9D-933B-4FED-9EC4-AB9915BD49BC} - C:\WINDOWS\ogxtsepr.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:12, on 05/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\gnmnghip\yhmvynkn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ahkrgdeb.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A067D48-F308-4540-84DE-D12048C052FD} - C:\WINDOWS\system32\opnlJbCS.dll (file missing)
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D77D5578452A3DC7 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {57a0ab61-ac02-4e88-a1a9-5a50db7a6f7f} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - C:\WINDOWS\system32\tuvTKBsq.dll (file missing)
O2 - BHO: (no name) - {F27CF379-28BD-3D3A-4C88-D03C376E32EE} - (no file)
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WidgetGF38] C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Fichiers communs\SystemDoctor\DNSE.exe" -c
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min
O4 - HKCU\..\Run: [fpnkqdop] C:\WINDOWS\system32\ahkrgdeb.exe
O4 - HKLM\..\Policies\Explorer\Run: [0Ju7G0wNbG] C:\Documents and Settings\All Users\Application Data\gnmnghip\yhmvynkn.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &Every Toolbar Search - res://C:\PROGRA~1\EVERYT~1.1\everycom.dll/GoRSDN.dll.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt233YYFR
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O21 - SSODL: ogxtsepr - {D7D9FD9D-933B-4FED-9EC4-AB9915BD49BC} - C:\WINDOWS\ogxtsepr.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
combofix est incomplet!!!!!!
__________
il y a encore du boulot!! tu as error safe qui est un espion ne l'utilise pas!
____________
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
O2 - BHO: (no name) - {0A067D48-F308-4540-84DE-D12048C052FD} - C:\WINDOWS\system32\opnlJbCS.dll (file missing)
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D77D5578452A3DC7 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
O2 - BHO: (no name) - {57a0ab61-ac02-4e88-a1a9-5a50db7a6f7f} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - C:\WINDOWS\system32\tuvTKBsq.dll (file missing)
O2 - BHO: (no name) - {F27CF379-28BD-3D3A-4C88-D03C376E32EE} - (no file)
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min
O4 - HKCU\..\Run: [fpnkqdop] C:\WINDOWS\system32\ahkrgdeb.exe
O4 - HKLM\..\Policies\Explorer\Run: [0Ju7G0wNbG] C:\Documents and Settings\All Users\Application Data\gnmnghip\yhmvynkn.exe
O8 - Extra context menu item: &Every Toolbar Search - res://C:\PROGRA~1\EVERYT~1.1\everycom.dll/GoRSDN.dll.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt233YYFR
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O21 - SSODL: ogxtsepr - {D7D9FD9D-933B-4FED-9EC4-AB9915BD49BC} - C:\WINDOWS\ogxtsepr.dll (file missing)
____________________
Télécharge RavAntivirus d'Evosla :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus
# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!
_____________________
installe spybot scan avec et vire ce qui est trouvé (tu le gardera par la suite)
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
____________________
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
____________________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\MS32DLL.dll.vbs
C:\Program Files\Error Safe Free
C:\Program Files\Error Safe Free\ers.exe
C:\WINDOWS\system32\ahkrgdeb.exe
C:\Documents and Settings\All Users\Application Data\gnmnghip\yhmvynkn.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
___________________
recolle un nouveau hijackhtis
____________________
un un nouveau combofix complet cette fois
__________
il y a encore du boulot!! tu as error safe qui est un espion ne l'utilise pas!
____________
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
O2 - BHO: (no name) - {0A067D48-F308-4540-84DE-D12048C052FD} - C:\WINDOWS\system32\opnlJbCS.dll (file missing)
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D77D5578452A3DC7 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
O2 - BHO: (no name) - {57a0ab61-ac02-4e88-a1a9-5a50db7a6f7f} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - C:\WINDOWS\system32\tuvTKBsq.dll (file missing)
O2 - BHO: (no name) - {F27CF379-28BD-3D3A-4C88-D03C376E32EE} - (no file)
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min
O4 - HKCU\..\Run: [fpnkqdop] C:\WINDOWS\system32\ahkrgdeb.exe
O4 - HKLM\..\Policies\Explorer\Run: [0Ju7G0wNbG] C:\Documents and Settings\All Users\Application Data\gnmnghip\yhmvynkn.exe
O8 - Extra context menu item: &Every Toolbar Search - res://C:\PROGRA~1\EVERYT~1.1\everycom.dll/GoRSDN.dll.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt233YYFR
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O21 - SSODL: ogxtsepr - {D7D9FD9D-933B-4FED-9EC4-AB9915BD49BC} - C:\WINDOWS\ogxtsepr.dll (file missing)
____________________
Télécharge RavAntivirus d'Evosla :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus
# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!
_____________________
installe spybot scan avec et vire ce qui est trouvé (tu le gardera par la suite)
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
____________________
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
____________________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\MS32DLL.dll.vbs
C:\Program Files\Error Safe Free
C:\Program Files\Error Safe Free\ers.exe
C:\WINDOWS\system32\ahkrgdeb.exe
C:\Documents and Settings\All Users\Application Data\gnmnghip\yhmvynkn.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
___________________
recolle un nouveau hijackhtis
____________________
un un nouveau combofix complet cette fois
RAPPORT HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:55, on 06/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\fifgxivu.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchFilter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WidgetGF38] C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA1353] command /c del "c:\Program Files\MalwareAlarm\MalwareAlarm0.ma"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [dxaxcpri] C:\WINDOWS\system32\fifgxivu.exe
O4 - HKCU\..\Run: [wvjvedcm] C:\WINDOWS\system32\jidevwhy.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:55, on 06/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\fifgxivu.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchFilter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WidgetGF38] C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA1353] command /c del "c:\Program Files\MalwareAlarm\MalwareAlarm0.ma"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [dxaxcpri] C:\WINDOWS\system32\fifgxivu.exe
O4 - HKCU\..\Run: [wvjvedcm] C:\WINDOWS\system32\jidevwhy.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
RAPPORT HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:55, on 06/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\fifgxivu.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchFilter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WidgetGF38] C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA1353] command /c del "c:\Program Files\MalwareAlarm\MalwareAlarm0.ma"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [dxaxcpri] C:\WINDOWS\system32\fifgxivu.exe
O4 - HKCU\..\Run: [wvjvedcm] C:\WINDOWS\system32\jidevwhy.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:55, on 06/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\fifgxivu.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchFilter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WidgetGF38] C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA1353] command /c del "c:\Program Files\MalwareAlarm\MalwareAlarm0.ma"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [dxaxcpri] C:\WINDOWS\system32\fifgxivu.exe
O4 - HKCU\..\Run: [wvjvedcm] C:\WINDOWS\system32\jidevwhy.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
CELUI DE COMBOFIX:
ComboFix 08-05-01.3 - papa 2008-05-05 18:25:13.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.203 [GMT 2:00]
Endroit: C:\Documents and Settings\papa\Bureau\KillBagle.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\.protected
C:\autorun.inf
C:\Documents and Settings\alison\Application Data\HbTools
C:\Documents and Settings\alison\Application Data\HbTools\HbTools.log
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1002798.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1002878.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1025988.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1041655.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1049177.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1054344.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1055531.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1056107.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1056108.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1056919.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1065003.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1065005.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1067059.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1070515.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1087405.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1088120.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1109822.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\120513.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1224397.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1244483.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1287196.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1383356.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1383701.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1384138.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1384147.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1384577.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1384736.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1385400.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1386004.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1386161.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1386771.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1387231.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1387588.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1388230.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1388539.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1388545.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1388694.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1390269.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1391092.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1391284.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1391571.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1392669.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1394204.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1394240.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1395655.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1396684.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1396993.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1397460.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1399469.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1400009.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1400295.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1400879.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1401232.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1402137.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1402347.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1403308.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1404245.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1405029.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1411749.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1412146.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1414901.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1416724.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1416838.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1416885.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1438752.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\143907.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1496544.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\151198.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1545323.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1636521.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1642471.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1664226.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1678684.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1703105.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1734897.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\175184.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1772582.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1817352.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1824774.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1844534.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1845510.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1853224.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1859712.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1911283.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1924428.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\193164.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1974638.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1996086.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2065263.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2066717.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2066842.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2087561.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2101289.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\215031.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2158422.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2175800.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\217615.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2208946.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2291481.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2336681.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\233885.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\234819.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2360615.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2387924.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2415038.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2442555.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2572057.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2611528.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\262235.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2655434.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2691158.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2691160.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\270468.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2726728.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2802617.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2810922.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2811054.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2867400.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2880818.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2881384.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2883916.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2885069.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2889382.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\289096.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2893940.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2896152.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\289651.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2899612.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2903988.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3037545.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3240760.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3248862.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3248883.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3248884.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3251993.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\329896.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3423454.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3424992.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3428365.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3442551.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3442556.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3513495.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\370366.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3717325.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3720909.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3732170.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3736273.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3751912.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3752022.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3756147.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3756150.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3781310.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3781315.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3781380.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3786193.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3786291.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\39621.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\406631.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\417732.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\456763.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\459029.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\472651.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\475157.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\482651.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\48657.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\486992.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\499863.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\512718.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\56356.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\590542.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\600583.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\602359.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\611023.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\627350.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\633822.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\673052.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\699705.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\701597.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\703644.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\737654.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\789396.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\794121.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\803618.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\805478.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\819382.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\82707.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\84202.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\847909.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\886762.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\891784.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\892679.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\906390.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\914410.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\937458.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\943670.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\949763.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\965273.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\967915.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\969631.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\991767.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\997191.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\997827.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000003164
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000003674
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000003756
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000004528
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000013401
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000013657
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000019165
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000019251
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000021420
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000021726
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000021966
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023645
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023651
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023708
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023763
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023773
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023835
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023864
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023875
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023897
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023913
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023946
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023950
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024021
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024036
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024042
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024060
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024061
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024063
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024121
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024148
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024187
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024294
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024298
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024388
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024445
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024471
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024476
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024478
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024593
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024615
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024631
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024635
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024644
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024696
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024699
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024710
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024721
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024749
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024776
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024799
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024806
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024857
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024874
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024917
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024944
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024965
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024972
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024980
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024991
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025015
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025079
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025102
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025111
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025112
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025136
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025170
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025187
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025211
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025260
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025264
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025284
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025295
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025311
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025545
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025608
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025609
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025683
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025722
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025759
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025780
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025781
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025784
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025790
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025802
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025808
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025957
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026008
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026048
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026067
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026073
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026075
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026080
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026083
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026100
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026148
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026151
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026190
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026221
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026235
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026240
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026266
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026286
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026287
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026367
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026369
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026427
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026429
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026430
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026432
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026465
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026485
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026488
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026495
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026566
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026567
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026580
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026685
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026693
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026701
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026707
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026787
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026830
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026859
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026870
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026896
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026900
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026921
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026951
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026952
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026967
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026997
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027025
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027037
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027120
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027266
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027267
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027306
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027343
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027380
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027400
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027408
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027537
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027542
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027559
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027615
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027619
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027627
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027662
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027742
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027746
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027805
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027846
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027874
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027908
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027925
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027931
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027936
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027957
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027969
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027979
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028063
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028802
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028808
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028811
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028822
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028824
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028825
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028849
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028869
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028871
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028907
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028911
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028920
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000029204
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000029215
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000029220
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000029224
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000029227
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000029230
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000030548
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000030816
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000032933
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000032944
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000032953
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000032954
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000032963
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000033001
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000033005
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000033027
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000033077
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000033088
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000037209
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000037226
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000037230
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000037257
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000037304
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\10110
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\10546
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1058
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\10807
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\110943
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\11213
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\11891
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\127887
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\130921
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13306
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13546
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13562
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13617
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1370
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1381
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1396
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1424
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14435
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14575
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\146284
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14633
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14805
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14837
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\148687
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1491
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\15040
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\154042
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\15533
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\15643
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\156808
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1587
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1590
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16065
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1610
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16173
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16211
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16225
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16700
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17025
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\182864
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\18391
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\18806
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\19624
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\19650
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20153
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\2021
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20246
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20266
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20570
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20613
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20935
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\21017
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\211683
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\21612
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\21643
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\216889
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\223130
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\223385
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\22364
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\22377
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\227849
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\22809
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\22913
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\23901
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\23928
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\24098
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\243256
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\244692
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\24625
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\25063
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\251438
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\251949
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\25306
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\25708
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\258537
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\25869
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26077
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26106
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26335
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26340
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26479
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\2672
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27082
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27414
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27503
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27505
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\28062
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\281638
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\28383
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\28645
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\290893
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29115
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29135
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29425
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29642
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\297253
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\299892
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30301
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30309
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30431
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30840
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\31387
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\31548
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\31638
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32075
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32171
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32200
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32242
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32254
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32415
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\331149
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33137
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\3338
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33697
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33915
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33916
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\345209
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34754
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34911
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35000
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35006
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35015
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\352526
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35654
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\356660
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\357827
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35900
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35902
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35904
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\36598
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\3677
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\36834
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\37081
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\37122
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\371239
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\37135
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\372224
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\382910
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\386983
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\39245
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\40402
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\40999
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41215
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4142
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41421
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4166
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41668
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41854
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41952
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41980
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41999
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\42437
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\42788
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\43142
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\43638
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4382
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44228
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44229
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44293
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4442
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44458
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\445700
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44878
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45214
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45445
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\455743
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\455904
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\456080
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45833
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\471558
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4720
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\478995
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\479505
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\48166
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4880
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4919
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49269
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\494328
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49492
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49493
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49494
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49587
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4967
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49821
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49849
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49923
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\5112
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51166
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51233
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51374
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51824
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51931
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52177
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52253
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52335
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\526389
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52968
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53312
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53315
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53481
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\534945
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\5358
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53667
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\536855
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53842
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53923
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53933
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\54189
C
ComboFix 08-05-01.3 - papa 2008-05-05 18:25:13.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.203 [GMT 2:00]
Endroit: C:\Documents and Settings\papa\Bureau\KillBagle.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\.protected
C:\autorun.inf
C:\Documents and Settings\alison\Application Data\HbTools
C:\Documents and Settings\alison\Application Data\HbTools\HbTools.log
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1002798.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1002878.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1025988.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1041655.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1049177.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1054344.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1055531.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1056107.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1056108.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1056919.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1065003.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1065005.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1067059.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1070515.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1087405.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1088120.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1109822.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\120513.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1224397.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1244483.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1287196.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1383356.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1383701.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1384138.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1384147.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1384577.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1384736.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1385400.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1386004.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1386161.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1386771.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1387231.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1387588.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1388230.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1388539.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1388545.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1388694.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1390269.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1391092.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1391284.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1391571.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1392669.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1394204.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1394240.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1395655.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1396684.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1396993.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1397460.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1399469.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1400009.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1400295.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1400879.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1401232.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1402137.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1402347.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1403308.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1404245.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1405029.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1411749.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1412146.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1414901.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1416724.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1416838.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1416885.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1438752.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\143907.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1496544.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\151198.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1545323.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1636521.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1642471.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1664226.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1678684.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1703105.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1734897.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\175184.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1772582.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1817352.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1824774.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1844534.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1845510.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1853224.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1859712.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1911283.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1924428.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\193164.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1974638.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\1996086.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2065263.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2066717.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2066842.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2087561.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2101289.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\215031.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2158422.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2175800.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\217615.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2208946.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2291481.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2336681.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\233885.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\234819.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2360615.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2387924.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2415038.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2442555.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2572057.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2611528.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\262235.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2655434.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2691158.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2691160.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\270468.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2726728.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2802617.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2810922.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2811054.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2867400.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2880818.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2881384.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2883916.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2885069.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2889382.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\289096.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2893940.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2896152.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\289651.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2899612.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\2903988.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3037545.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3240760.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3248862.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3248883.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3248884.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3251993.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\329896.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3423454.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3424992.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3428365.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3442551.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3442556.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3513495.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\370366.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3717325.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3720909.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3732170.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3736273.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3751912.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3752022.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3756147.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3756150.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3781310.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3781315.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3781380.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3786193.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\3786291.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\39621.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\406631.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\417732.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\456763.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\459029.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\472651.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\475157.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\482651.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\48657.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\486992.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\499863.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\512718.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\56356.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\590542.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\600583.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\602359.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\611023.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\627350.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\633822.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\673052.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\699705.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\701597.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\703644.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\737654.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\789396.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\794121.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\803618.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\805478.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\819382.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\82707.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\84202.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\847909.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\886762.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\891784.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\892679.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\906390.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\914410.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\937458.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\943670.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\949763.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\965273.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\967915.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\969631.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\991767.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\997191.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\997827.sdf
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000003164
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000003674
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000003756
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000004528
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000013401
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000013657
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000019165
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000019251
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000021420
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000021726
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000021966
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023645
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023651
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023708
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023763
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023773
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023835
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023864
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023875
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023897
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023913
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023946
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023950
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024021
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024036
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024042
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024060
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024061
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024063
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024121
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024148
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024187
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024294
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024298
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024388
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024445
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024471
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024476
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024478
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024593
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024615
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024631
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024635
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024644
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024696
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024699
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024710
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024721
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024749
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024776
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024799
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024806
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024857
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024874
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024917
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024944
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024965
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024972
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024980
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024991
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025015
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025079
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025102
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025111
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025112
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025136
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025170
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025187
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025211
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025260
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025264
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025284
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025295
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025311
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025545
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025608
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025609
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025683
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025722
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025759
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025780
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025781
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025784
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025790
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025802
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025808
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025957
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026008
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026048
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026067
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026073
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026075
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026080
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026083
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026100
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026148
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026151
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026190
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026221
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026235
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026240
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026266
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026286
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026287
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026367
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026369
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026427
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026429
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026430
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026432
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026465
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026485
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026488
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026495
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026566
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026567
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026580
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026685
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026693
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026701
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026707
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026787
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026830
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026859
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026870
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026896
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026900
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026921
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026951
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026952
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026967
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026997
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027025
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027037
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027120
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027266
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027267
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027306
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027343
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027380
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027400
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027408
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027537
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027542
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027559
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027615
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027619
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027627
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027662
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027742
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027746
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027805
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027846
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027874
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027908
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027925
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027931
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027936
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027957
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027969
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027979
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028063
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028802
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028808
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028811
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028822
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028824
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028825
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028849
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028869
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028871
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028907
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028911
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028920
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000029204
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000029215
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000029220
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000029224
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000029227
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000029230
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000030548
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000030816
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000032933
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000032944
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000032953
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000032954
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000032963
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000033001
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000033005
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000033027
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000033077
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000033088
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000037209
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000037226
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000037230
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000037257
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000037304
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\10110
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\10546
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1058
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\10807
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\110943
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\11213
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\11891
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\127887
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\130921
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13306
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13546
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13562
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13617
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1370
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1381
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1396
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1424
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14435
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14575
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\146284
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14633
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14805
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14837
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\148687
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1491
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\15040
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\154042
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\15533
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\15643
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\156808
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1587
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1590
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16065
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1610
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16173
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16211
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16225
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16700
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17025
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\182864
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\18391
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\18806
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\19624
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\19650
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20153
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\2021
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20246
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20266
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20570
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20613
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20935
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\21017
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\211683
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\21612
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\21643
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\216889
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\223130
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\223385
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\22364
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\22377
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\227849
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\22809
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\22913
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\23901
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\23928
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\24098
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\243256
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\244692
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\24625
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\25063
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\251438
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\251949
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\25306
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\25708
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\258537
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\25869
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26077
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26106
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26335
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26340
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26479
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\2672
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27082
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27414
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27503
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27505
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\28062
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\281638
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\28383
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\28645
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\290893
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29115
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29135
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29425
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29642
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\297253
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\299892
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30301
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30309
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30431
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30840
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\31387
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\31548
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\31638
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32075
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32171
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32200
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32242
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32254
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32415
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\331149
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33137
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\3338
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33697
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33915
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\33916
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\345209
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34754
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34911
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35000
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35006
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35015
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\352526
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35654
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\356660
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\357827
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35900
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35902
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35904
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\36598
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\3677
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\36834
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\37081
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\37122
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\371239
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\37135
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\372224
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\382910
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\386983
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\39245
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\40402
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\40999
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41215
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4142
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41421
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4166
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41668
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41854
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41952
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41980
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41999
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\42437
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\42788
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\43142
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\43638
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4382
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44228
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44229
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44293
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4442
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44458
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\445700
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44878
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45214
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45445
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\455743
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\455904
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\456080
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45833
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\471558
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4720
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\478995
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\479505
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\48166
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4880
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4919
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49269
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\494328
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49492
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49493
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49494
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49587
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4967
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49821
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49849
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49923
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\5112
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51166
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51233
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51374
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51824
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\51931
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52177
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52253
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52335
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\526389
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52968
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53312
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53315
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53481
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\534945
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\5358
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53667
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\536855
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53842
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53923
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53933
C:\Documents and Settings\alison\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\54189
C
LE RAPPORT AVEC OTMOVEIT:
File/Folder C:\WINDOWS\MS32DLL.dll.vbs not found.
File/Folder C:\Program Files\Error Safe Free not found.
File/Folder C:\Program Files\Error Safe Free\ers.exe not found.
C:\WINDOWS\system32\ahkrgdeb.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\gnmnghip\yhmvynkn.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05062008_140232
SINON AVEC SPYBOTS APPAREMENT IL N'ARRIVE PAS A SUPPRIMER UN VIRUS ET QUE FAIRE AVEC LES FENETRES QUI DEMANDE L AUTORISATION DES MODIFICATIONS.SINON UNE FENETRE VIENT RAREMENT DE "SYSTEME INTEGRITY SCAN WIZARD"
File/Folder C:\WINDOWS\MS32DLL.dll.vbs not found.
File/Folder C:\Program Files\Error Safe Free not found.
File/Folder C:\Program Files\Error Safe Free\ers.exe not found.
C:\WINDOWS\system32\ahkrgdeb.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\gnmnghip\yhmvynkn.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05062008_140232
SINON AVEC SPYBOTS APPAREMENT IL N'ARRIVE PAS A SUPPRIMER UN VIRUS ET QUE FAIRE AVEC LES FENETRES QUI DEMANDE L AUTORISATION DES MODIFICATIONS.SINON UNE FENETRE VIENT RAREMENT DE "SYSTEME INTEGRITY SCAN WIZARD"
scan avec spybot en mode sans ehcec
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fdocid/20020905112131924
et tu me dira si il arrive a virer toutes les infections
___________________
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_________________
recolle un nouveau hijackhtis
____________________
un un nouveau combofix complet cette fois
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fdocid/20020905112131924
et tu me dira si il arrive a virer toutes les infections
___________________
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_________________
recolle un nouveau hijackhtis
____________________
un un nouveau combofix complet cette fois
Bonsoir,
Juste pour dire que je posterai les rapports surement demain ou après-demain,
( juste pour ne pas que vous attendez ) !!
Juste pour dire que je posterai les rapports surement demain ou après-demain,
( juste pour ne pas que vous attendez ) !!
RAPPORT AVEC COMBOFIXE:
ComboFix 08-05-01.3 - papa 2008-05-07 21:46:26.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.93 [GMT 2:00]
Endroit: C:\Documents and Settings\papa\Bureau\Combo-Fixe.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-07 to 2008-05-07 ))))))))))))))))))))))))))))))))))))
.
2008-05-06 21:28 . 2008-05-07 12:18 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-06 21:28 . 2008-05-06 21:28 <REP> d-------- C:\Documents and Settings\papa\Application Data\Malwarebytes
2008-05-06 21:28 . 2008-05-06 21:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-06 21:28 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-06 21:28 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-06 14:02 . 2008-05-06 14:02 <REP> d-------- C:\_OTMoveIt
2008-05-06 13:55 . 2008-05-06 13:55 <REP> d-------- C:\Program Files\CCleaner
2008-05-05 21:15 . 2008-05-05 21:16 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-05 21:15 . 2008-05-06 13:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-05 18:24 . 2008-05-05 18:52 <REP> d-------- C:\KillBagle
2008-05-05 16:27 . 2008-05-05 16:27 <REP> d-------- C:\Program Files\Trend Micro
2008-05-05 15:48 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-05 15:48 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-01 18:25 . 2008-05-01 18:25 <REP> d-------- C:\VundoFix Backups
2008-04-22 21:00 . 2008-04-22 21:00 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Apple Computer
2008-04-22 18:12 . 2008-04-22 18:13 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-04-19 11:57 . 2008-04-19 11:57 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-18 18:03 . 2008-04-18 18:03 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Talkback
2008-04-18 14:10 . 2008-05-05 15:43 <REP> d-------- C:\Program Files\Navilog1
2008-04-18 14:07 . 2008-04-18 17:13 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Contacts
2008-04-18 13:28 . 2008-05-05 17:48 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\VMNTOOLBAR
2008-04-18 13:28 . 2008-04-18 13:28 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Teleca
2008-04-18 13:28 . 2008-04-18 13:28 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Sony Ericsson
2008-04-18 13:28 . 2008-04-18 13:28 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\MSN Search Toolbar
2008-04-18 13:27 . 2005-12-09 21:34 <REP> d--h----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Voisinage réseau
2008-04-18 13:27 . 2005-12-09 21:34 <REP> d--h----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Voisinage d'impression
2008-04-18 13:27 . 2005-12-09 20:40 <REP> d--h----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Modèles
2008-04-18 13:27 . 2008-05-01 18:24 <REP> d---s---- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Mes documents
2008-04-18 13:27 . 2005-12-09 21:34 <REP> dr------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Menu Démarrer
2008-04-18 13:27 . 2008-04-26 11:54 <REP> d---s---- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Favoris
2008-04-18 13:27 . 2008-05-01 18:27 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Bureau
2008-04-18 13:27 . 2008-05-05 17:50 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F
2008-04-18 13:27 . 2008-05-07 21:44 1,024 --ah----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\NTUSER.DAT.LOG
2008-04-17 22:44 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-17 22:44 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-17 22:44 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-17 22:44 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-17 22:44 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-17 22:44 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-17 22:44 . 2008-05-05 16:10 3,566 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-16 23:23 . 2008-04-16 23:23 87,616 --a------ C:\WINDOWS\system32\thrmgppt.dll
2008-04-16 21:53 . 2008-04-16 21:53 2,103 --a------ C:\Documents and Settings\maman\Application Data\update.log
2008-04-15 22:17 . 2008-04-17 12:30 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-15 16:55 . 2008-04-15 16:55 <REP> d-------- C:\Documents and Settings\alison\Application Data\TmpRecentIcons
2008-04-14 11:45 . 2008-04-14 11:45 3,648 --a------ C:\WINDOWS\system32\ltycfmxq.dll
2008-04-13 11:26 . 2008-04-13 11:26 3,648 --a------ C:\WINDOWS\system32\xvvkgvgp.dll
2008-04-12 23:54 . 2008-04-15 12:37 <REP> d-------- C:\Documents and Settings\maman\Application Data\TmpRecentIcons
2008-04-12 23:34 . 2008-04-12 23:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-12 23:24 . 2008-04-12 23:24 <REP> d-------- C:\Documents and Settings\alison\Application Data\Teleca
2008-04-12 23:24 . 2008-04-12 23:24 <REP> d-------- C:\Documents and Settings\alison\Application Data\Sony Ericsson
2008-04-12 22:09 . 2008-05-06 14:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\gnmnghip
2008-04-09 20:13 . 2008-04-09 20:13 <REP> d-------- C:\Program Files\GrenobleFoot38
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 19:37 --------- d-----w C:\Documents and Settings\papa\Application Data\VMNTOOLBAR
2008-05-07 16:34 --------- d-----w C:\Program Files\eMule
2008-05-07 11:18 --------- d-----w C:\Program Files\MSN Messenger
2008-05-06 19:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-18 16:00 --------- d-----w C:\Program Files\Morpheus Toolbar
2008-04-18 15:58 --------- d-----r C:\Program Files\Morpheus
2008-04-18 14:43 --------- d-----w C:\Documents and Settings\alison\Application Data\VMNTOOLBAR
2008-04-17 10:38 --------- d-----w C:\Documents and Settings\maman\Application Data\Lavasoft
2008-04-17 10:16 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-17 09:34 --------- d-----w C:\Documents and Settings\maman\Application Data\VMNTOOLBAR
2008-04-16 20:11 --------- d-----w C:\Documents and Settings\alison\Application Data\CoalEncMove
2008-04-15 11:47 --------- d-----w C:\Documents and Settings\maman\Application Data\Teleca
2008-04-14 09:58 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-11 11:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-23 10:47 --------- d-----w C:\Documents and Settings\papa\Application Data\Teleca
2008-03-23 10:46 --------- d-----w C:\Documents and Settings\papa\Application Data\Sony Ericsson
2008-03-14 11:17 --------- d-----w C:\Documents and Settings\maman\Application Data\Sony Ericsson
2008-03-13 17:19 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-12 18:29 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-03-12 18:27 --------- d-----w C:\Program Files\Sony Ericsson
2008-03-12 18:27 --------- d-----w C:\Program Files\Fichiers communs\Sony Ericsson Shared
2008-03-12 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-03-12 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-03-12 13:06 --------- d-----w C:\Program Files\Sony
2007-03-25 17:04 87,608 ----a-w C:\Documents and Settings\alison\Application Data\ezpinst.exe
2007-03-25 17:04 47,360 ----a-w C:\Documents and Settings\alison\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-05_18.49.46.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-05 16:44:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-07 16:31:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-26 11:22:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-05 18:30:47 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-26 11:22:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-05-05 18:30:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-04-26 11:22:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-05 18:30:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-07 16:31:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_534.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"dxaxcpri"="C:\WINDOWS\system32\fifgxivu.exe" [ ]
"wvjvedcm"="C:\WINDOWS\system32\jidevwhy.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-11-23 22:05 111840]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-26 13:22 29744]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 19:19 49152]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 11:14 528384]
"WidgetGF38"="C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe" [2008-01-24 12:17 1701370]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 11:43 5146448]
"SpybotDeletingA1353"="command /c del c:\Program Files\MalwareAlarm\MalwareAlarm0.ma" [ ]
"GrpConv"="grpconv -o" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-05 14:00 44544]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-15 19:57:03 124912]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearch.exe [2005-09-20 19:10:04 238080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c08afad1]
--a------ 2008-04-16 23:23 87616 C:\WINDOWS\system32\thrmgppt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-26 13:22]
S3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3legacy.sys [2001-08-17 21:57]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 13:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 13:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 13:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 13:43]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 13:43]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 13:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 13:43]
S3 USB_NDIS_51;USB Ndis Cable Modem Network Device Driver;C:\WINDOWS\system32\DRIVERS\bcmndis.sys [2004-08-18 22:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-07 19:00:05 C:\WINDOWS\Tasks\A70C999E91930C96.job"
- c:\docume~1\alison\applic~1\coalen~1\GPL ISO 2.exe
"2007-05-18 22:14:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 21:54:33
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-07 22:00:24
ComboFix-quarantined-files.txt 2008-05-07 20:00:06
Pre-Run: 199,536,472,064 octets libres
Post-Run: 199,803,826,176 octets libres
187 --- E O F --- 2008-04-11 11:36:00
RAPPORT AVEC HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:37, on 07/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WidgetGF38] C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1353] command /c del "c:\Program Files\MalwareAlarm\MalwareAlarm0.ma"
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [dxaxcpri] C:\WINDOWS\system32\fifgxivu.exe
O4 - HKCU\..\Run: [wvjvedcm] C:\WINDOWS\system32\jidevwhy.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-220523388-839522115-921149763-1005\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'sullivan')
O4 - HKUS\S-1-5-21-220523388-839522115-921149763-1005\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe (User 'sullivan')
O4 - HKUS\S-1-5-21-220523388-839522115-921149763-1005\..\Run: [ajkbubxz] C:\WINDOWS\system32\litoxczm.exe (User 'sullivan')
O4 - HKUS\S-1-5-21-220523388-839522115-921149763-1005\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart (User 'sullivan')
O4 - HKUS\S-1-5-21-220523388-839522115-921149763-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
ComboFix 08-05-01.3 - papa 2008-05-07 21:46:26.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.93 [GMT 2:00]
Endroit: C:\Documents and Settings\papa\Bureau\Combo-Fixe.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-07 to 2008-05-07 ))))))))))))))))))))))))))))))))))))
.
2008-05-06 21:28 . 2008-05-07 12:18 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-06 21:28 . 2008-05-06 21:28 <REP> d-------- C:\Documents and Settings\papa\Application Data\Malwarebytes
2008-05-06 21:28 . 2008-05-06 21:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-06 21:28 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-06 21:28 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-06 14:02 . 2008-05-06 14:02 <REP> d-------- C:\_OTMoveIt
2008-05-06 13:55 . 2008-05-06 13:55 <REP> d-------- C:\Program Files\CCleaner
2008-05-05 21:15 . 2008-05-05 21:16 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-05 21:15 . 2008-05-06 13:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-05 18:24 . 2008-05-05 18:52 <REP> d-------- C:\KillBagle
2008-05-05 16:27 . 2008-05-05 16:27 <REP> d-------- C:\Program Files\Trend Micro
2008-05-05 15:48 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-05 15:48 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-01 18:25 . 2008-05-01 18:25 <REP> d-------- C:\VundoFix Backups
2008-04-22 21:00 . 2008-04-22 21:00 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Apple Computer
2008-04-22 18:12 . 2008-04-22 18:13 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-04-19 11:57 . 2008-04-19 11:57 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-18 18:03 . 2008-04-18 18:03 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Talkback
2008-04-18 14:10 . 2008-05-05 15:43 <REP> d-------- C:\Program Files\Navilog1
2008-04-18 14:07 . 2008-04-18 17:13 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Contacts
2008-04-18 13:28 . 2008-05-05 17:48 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\VMNTOOLBAR
2008-04-18 13:28 . 2008-04-18 13:28 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Teleca
2008-04-18 13:28 . 2008-04-18 13:28 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Sony Ericsson
2008-04-18 13:28 . 2008-04-18 13:28 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\MSN Search Toolbar
2008-04-18 13:27 . 2005-12-09 21:34 <REP> d--h----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Voisinage réseau
2008-04-18 13:27 . 2005-12-09 21:34 <REP> d--h----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Voisinage d'impression
2008-04-18 13:27 . 2005-12-09 20:40 <REP> d--h----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Modèles
2008-04-18 13:27 . 2008-05-01 18:24 <REP> d---s---- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Mes documents
2008-04-18 13:27 . 2005-12-09 21:34 <REP> dr------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Menu Démarrer
2008-04-18 13:27 . 2008-04-26 11:54 <REP> d---s---- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Favoris
2008-04-18 13:27 . 2008-05-01 18:27 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Bureau
2008-04-18 13:27 . 2008-05-05 17:50 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F
2008-04-18 13:27 . 2008-05-07 21:44 1,024 --ah----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\NTUSER.DAT.LOG
2008-04-17 22:44 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-17 22:44 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-17 22:44 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-17 22:44 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-17 22:44 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-17 22:44 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-17 22:44 . 2008-05-05 16:10 3,566 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-16 23:23 . 2008-04-16 23:23 87,616 --a------ C:\WINDOWS\system32\thrmgppt.dll
2008-04-16 21:53 . 2008-04-16 21:53 2,103 --a------ C:\Documents and Settings\maman\Application Data\update.log
2008-04-15 22:17 . 2008-04-17 12:30 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-15 16:55 . 2008-04-15 16:55 <REP> d-------- C:\Documents and Settings\alison\Application Data\TmpRecentIcons
2008-04-14 11:45 . 2008-04-14 11:45 3,648 --a------ C:\WINDOWS\system32\ltycfmxq.dll
2008-04-13 11:26 . 2008-04-13 11:26 3,648 --a------ C:\WINDOWS\system32\xvvkgvgp.dll
2008-04-12 23:54 . 2008-04-15 12:37 <REP> d-------- C:\Documents and Settings\maman\Application Data\TmpRecentIcons
2008-04-12 23:34 . 2008-04-12 23:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-12 23:24 . 2008-04-12 23:24 <REP> d-------- C:\Documents and Settings\alison\Application Data\Teleca
2008-04-12 23:24 . 2008-04-12 23:24 <REP> d-------- C:\Documents and Settings\alison\Application Data\Sony Ericsson
2008-04-12 22:09 . 2008-05-06 14:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\gnmnghip
2008-04-09 20:13 . 2008-04-09 20:13 <REP> d-------- C:\Program Files\GrenobleFoot38
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 19:37 --------- d-----w C:\Documents and Settings\papa\Application Data\VMNTOOLBAR
2008-05-07 16:34 --------- d-----w C:\Program Files\eMule
2008-05-07 11:18 --------- d-----w C:\Program Files\MSN Messenger
2008-05-06 19:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-18 16:00 --------- d-----w C:\Program Files\Morpheus Toolbar
2008-04-18 15:58 --------- d-----r C:\Program Files\Morpheus
2008-04-18 14:43 --------- d-----w C:\Documents and Settings\alison\Application Data\VMNTOOLBAR
2008-04-17 10:38 --------- d-----w C:\Documents and Settings\maman\Application Data\Lavasoft
2008-04-17 10:16 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-17 09:34 --------- d-----w C:\Documents and Settings\maman\Application Data\VMNTOOLBAR
2008-04-16 20:11 --------- d-----w C:\Documents and Settings\alison\Application Data\CoalEncMove
2008-04-15 11:47 --------- d-----w C:\Documents and Settings\maman\Application Data\Teleca
2008-04-14 09:58 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-11 11:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-23 10:47 --------- d-----w C:\Documents and Settings\papa\Application Data\Teleca
2008-03-23 10:46 --------- d-----w C:\Documents and Settings\papa\Application Data\Sony Ericsson
2008-03-14 11:17 --------- d-----w C:\Documents and Settings\maman\Application Data\Sony Ericsson
2008-03-13 17:19 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-12 18:29 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-03-12 18:27 --------- d-----w C:\Program Files\Sony Ericsson
2008-03-12 18:27 --------- d-----w C:\Program Files\Fichiers communs\Sony Ericsson Shared
2008-03-12 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-03-12 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-03-12 13:06 --------- d-----w C:\Program Files\Sony
2007-03-25 17:04 87,608 ----a-w C:\Documents and Settings\alison\Application Data\ezpinst.exe
2007-03-25 17:04 47,360 ----a-w C:\Documents and Settings\alison\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-05_18.49.46.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-05 16:44:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-07 16:31:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-26 11:22:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-05 18:30:47 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-26 11:22:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-05-05 18:30:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-04-26 11:22:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-05 18:30:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-07 16:31:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_534.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"dxaxcpri"="C:\WINDOWS\system32\fifgxivu.exe" [ ]
"wvjvedcm"="C:\WINDOWS\system32\jidevwhy.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-11-23 22:05 111840]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-26 13:22 29744]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 19:19 49152]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 11:14 528384]
"WidgetGF38"="C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe" [2008-01-24 12:17 1701370]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 11:43 5146448]
"SpybotDeletingA1353"="command /c del c:\Program Files\MalwareAlarm\MalwareAlarm0.ma" [ ]
"GrpConv"="grpconv -o" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-05 14:00 44544]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-15 19:57:03 124912]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearch.exe [2005-09-20 19:10:04 238080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c08afad1]
--a------ 2008-04-16 23:23 87616 C:\WINDOWS\system32\thrmgppt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-26 13:22]
S3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3legacy.sys [2001-08-17 21:57]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 13:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 13:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 13:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 13:43]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 13:43]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 13:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 13:43]
S3 USB_NDIS_51;USB Ndis Cable Modem Network Device Driver;C:\WINDOWS\system32\DRIVERS\bcmndis.sys [2004-08-18 22:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-07 19:00:05 C:\WINDOWS\Tasks\A70C999E91930C96.job"
- c:\docume~1\alison\applic~1\coalen~1\GPL ISO 2.exe
"2007-05-18 22:14:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 21:54:33
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-07 22:00:24
ComboFix-quarantined-files.txt 2008-05-07 20:00:06
Pre-Run: 199,536,472,064 octets libres
Post-Run: 199,803,826,176 octets libres
187 --- E O F --- 2008-04-11 11:36:00
RAPPORT AVEC HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:37, on 07/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WidgetGF38] C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1353] command /c del "c:\Program Files\MalwareAlarm\MalwareAlarm0.ma"
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [dxaxcpri] C:\WINDOWS\system32\fifgxivu.exe
O4 - HKCU\..\Run: [wvjvedcm] C:\WINDOWS\system32\jidevwhy.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-220523388-839522115-921149763-1005\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'sullivan')
O4 - HKUS\S-1-5-21-220523388-839522115-921149763-1005\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe (User 'sullivan')
O4 - HKUS\S-1-5-21-220523388-839522115-921149763-1005\..\Run: [ajkbubxz] C:\WINDOWS\system32\litoxczm.exe (User 'sullivan')
O4 - HKUS\S-1-5-21-220523388-839522115-921149763-1005\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart (User 'sullivan')
O4 - HKUS\S-1-5-21-220523388-839522115-921149763-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
vire ce qui est dans la sauvegarde (quarantaine de spybot)
___________
telecharge combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
Driver ::
vxhhsueh
File::
C:\WINDOWS\system32\jidevwhy.exe
C:\WINDOWS\system32\fifgxivu.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dxaxcpri"=-
"wvjvedcm"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis et dis tes soucis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
___________
telecharge combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
Driver ::
vxhhsueh
File::
C:\WINDOWS\system32\jidevwhy.exe
C:\WINDOWS\system32\fifgxivu.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dxaxcpri"=-
"wvjvedcm"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis et dis tes soucis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
LE RAPPORT AVEC COMBOFIX:
ComboFix 08-05-01.3 - papa 2008-05-09 19:28:57.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.155 [GMT 2:00]
Endroit: C:\Documents and Settings\papa\Bureau\Combo-Fixe.exe
Command switches used :: C:\Documents and Settings\papa\Bureau\CFscript
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\WINDOWS\system32\fifgxivu.exe
C:\WINDOWS\system32\jidevwhy.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))))))))
.
2008-05-06 21:28 . 2008-05-07 12:18 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-06 21:28 . 2008-05-06 21:28 <REP> d-------- C:\Documents and Settings\papa\Application Data\Malwarebytes
2008-05-06 21:28 . 2008-05-06 21:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-06 21:28 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-06 21:28 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-06 14:02 . 2008-05-06 14:02 <REP> d-------- C:\_OTMoveIt
2008-05-06 13:55 . 2008-05-06 13:55 <REP> d-------- C:\Program Files\CCleaner
2008-05-05 21:15 . 2008-05-05 21:16 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-05 21:15 . 2008-05-06 13:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-05 18:24 . 2008-05-05 18:52 <REP> d-------- C:\KillBagle
2008-05-05 16:27 . 2008-05-05 16:27 <REP> d-------- C:\Program Files\Trend Micro
2008-05-05 15:48 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-05 15:48 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-01 18:25 . 2008-05-01 18:25 <REP> d-------- C:\VundoFix Backups
2008-04-22 21:00 . 2008-04-22 21:00 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Apple Computer
2008-04-22 18:12 . 2008-04-22 18:13 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-04-19 11:57 . 2008-04-19 11:57 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-18 18:03 . 2008-04-18 18:03 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Talkback
2008-04-18 14:10 . 2008-05-05 15:43 <REP> d-------- C:\Program Files\Navilog1
2008-04-18 14:07 . 2008-04-18 17:13 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Contacts
2008-04-18 13:28 . 2008-05-05 17:48 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\VMNTOOLBAR
2008-04-18 13:28 . 2008-04-18 13:28 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Teleca
2008-04-18 13:28 . 2008-04-18 13:28 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Sony Ericsson
2008-04-18 13:28 . 2008-04-18 13:28 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\MSN Search Toolbar
2008-04-18 13:27 . 2005-12-09 21:34 <REP> d--h----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Voisinage réseau
2008-04-18 13:27 . 2005-12-09 21:34 <REP> d--h----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Voisinage d'impression
2008-04-18 13:27 . 2005-12-09 20:40 <REP> d--h----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Modèles
2008-04-18 13:27 . 2008-05-01 18:24 <REP> d---s---- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Mes documents
2008-04-18 13:27 . 2005-12-09 21:34 <REP> dr------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Menu Démarrer
2008-04-18 13:27 . 2008-04-26 11:54 <REP> d---s---- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Favoris
2008-04-18 13:27 . 2008-05-01 18:27 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Bureau
2008-04-18 13:27 . 2008-05-05 17:50 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F
2008-04-18 13:27 . 2008-05-09 19:24 1,024 --ah----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\NTUSER.DAT.LOG
2008-04-17 22:44 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-17 22:44 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-17 22:44 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-17 22:44 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-17 22:44 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-17 22:44 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-17 22:44 . 2008-05-05 16:10 3,566 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-16 23:23 . 2008-04-16 23:23 87,616 --a------ C:\WINDOWS\system32\thrmgppt.dll
2008-04-16 21:53 . 2008-04-16 21:53 2,103 --a------ C:\Documents and Settings\maman\Application Data\update.log
2008-04-15 22:17 . 2008-04-17 12:30 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-15 16:55 . 2008-04-15 16:55 <REP> d-------- C:\Documents and Settings\alison\Application Data\TmpRecentIcons
2008-04-14 11:45 . 2008-04-14 11:45 3,648 --a------ C:\WINDOWS\system32\ltycfmxq.dll
2008-04-13 11:26 . 2008-04-13 11:26 3,648 --a------ C:\WINDOWS\system32\xvvkgvgp.dll
2008-04-12 23:54 . 2008-04-15 12:37 <REP> d-------- C:\Documents and Settings\maman\Application Data\TmpRecentIcons
2008-04-12 23:34 . 2008-04-12 23:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-12 23:24 . 2008-04-12 23:24 <REP> d-------- C:\Documents and Settings\alison\Application Data\Teleca
2008-04-12 23:24 . 2008-04-12 23:24 <REP> d-------- C:\Documents and Settings\alison\Application Data\Sony Ericsson
2008-04-12 22:09 . 2008-05-06 14:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\gnmnghip
2008-04-09 20:13 . 2008-04-09 20:13 <REP> d-------- C:\Program Files\GrenobleFoot38
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 17:24 --------- d-----w C:\Documents and Settings\papa\Application Data\VMNTOOLBAR
2008-05-09 12:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-09 07:57 --------- d-----w C:\Program Files\eMule
2008-05-07 11:18 --------- d-----w C:\Program Files\MSN Messenger
2008-04-18 16:00 --------- d-----w C:\Program Files\Morpheus Toolbar
2008-04-18 15:58 --------- d-----r C:\Program Files\Morpheus
2008-04-18 14:43 --------- d-----w C:\Documents and Settings\alison\Application Data\VMNTOOLBAR
2008-04-17 10:38 --------- d-----w C:\Documents and Settings\maman\Application Data\Lavasoft
2008-04-17 10:16 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-17 09:34 --------- d-----w C:\Documents and Settings\maman\Application Data\VMNTOOLBAR
2008-04-16 20:11 --------- d-----w C:\Documents and Settings\alison\Application Data\CoalEncMove
2008-04-15 11:47 --------- d-----w C:\Documents and Settings\maman\Application Data\Teleca
2008-04-14 09:58 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-11 11:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-23 10:47 --------- d-----w C:\Documents and Settings\papa\Application Data\Teleca
2008-03-23 10:46 --------- d-----w C:\Documents and Settings\papa\Application Data\Sony Ericsson
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 11:17 --------- d-----w C:\Documents and Settings\maman\Application Data\Sony Ericsson
2008-03-13 17:19 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-12 18:29 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-03-12 18:27 --------- d-----w C:\Program Files\Sony Ericsson
2008-03-12 18:27 --------- d-----w C:\Program Files\Fichiers communs\Sony Ericsson Shared
2008-03-12 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-03-12 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-03-12 13:06 --------- d-----w C:\Program Files\Sony
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-03-25 17:04 87,608 ----a-w C:\Documents and Settings\alison\Application Data\ezpinst.exe
2007-03-25 17:04 47,360 ----a-w C:\Documents and Settings\alison\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-05_18.49.46.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-05 16:44:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-09 17:18:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-26 11:22:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-05 18:30:47 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-26 11:22:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-05-05 18:30:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-04-26 11:22:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-05 18:30:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-05 16:44:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_53c.dat
+ 2008-05-09 17:18:42 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_53c.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-11-23 22:05 111840]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-26 13:22 29744]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 19:19 49152]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 11:14 528384]
"WidgetGF38"="C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe" [2008-01-24 12:17 1701370]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-05 14:00 44544]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-15 19:57:03 124912]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearch.exe [2005-09-20 19:10:04 238080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c08afad1]
--a------ 2008-04-16 23:23 87616 C:\WINDOWS\system32\thrmgppt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-26 13:22]
S3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3legacy.sys [2001-08-17 21:57]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 13:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 13:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 13:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 13:43]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 13:43]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 13:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 13:43]
S3 USB_NDIS_51;USB Ndis Cable Modem Network Device Driver;C:\WINDOWS\system32\DRIVERS\bcmndis.sys [2004-08-18 22:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-09 08:00:00 C:\WINDOWS\Tasks\A70C999E91930C96.job"
- c:\docume~1\alison\applic~1\coalen~1\GPL ISO 2.exe
"2007-05-18 22:14:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 19:32:50
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-09 19:36:29
ComboFix-quarantined-files.txt 2008-05-09 17:36:25
ComboFix2.txt 2008-05-07 20:00:30
Pre-Run: 199,795,662,848 octets libres
Post-Run: 199,860,805,632 octets libres
190 --- E O F --- 2008-04-11 11:36:00
LE RAPPORT AVEC HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:55, on 09/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WidgetGF38] C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
ComboFix 08-05-01.3 - papa 2008-05-09 19:28:57.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.155 [GMT 2:00]
Endroit: C:\Documents and Settings\papa\Bureau\Combo-Fixe.exe
Command switches used :: C:\Documents and Settings\papa\Bureau\CFscript
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\WINDOWS\system32\fifgxivu.exe
C:\WINDOWS\system32\jidevwhy.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))))))))
.
2008-05-06 21:28 . 2008-05-07 12:18 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-06 21:28 . 2008-05-06 21:28 <REP> d-------- C:\Documents and Settings\papa\Application Data\Malwarebytes
2008-05-06 21:28 . 2008-05-06 21:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-06 21:28 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-06 21:28 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-06 14:02 . 2008-05-06 14:02 <REP> d-------- C:\_OTMoveIt
2008-05-06 13:55 . 2008-05-06 13:55 <REP> d-------- C:\Program Files\CCleaner
2008-05-05 21:15 . 2008-05-05 21:16 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-05 21:15 . 2008-05-06 13:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-05 18:24 . 2008-05-05 18:52 <REP> d-------- C:\KillBagle
2008-05-05 16:27 . 2008-05-05 16:27 <REP> d-------- C:\Program Files\Trend Micro
2008-05-05 15:48 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-05 15:48 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-01 18:25 . 2008-05-01 18:25 <REP> d-------- C:\VundoFix Backups
2008-04-22 21:00 . 2008-04-22 21:00 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Apple Computer
2008-04-22 18:12 . 2008-04-22 18:13 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-04-19 11:57 . 2008-04-19 11:57 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-18 18:03 . 2008-04-18 18:03 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Talkback
2008-04-18 14:10 . 2008-05-05 15:43 <REP> d-------- C:\Program Files\Navilog1
2008-04-18 14:07 . 2008-04-18 17:13 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Contacts
2008-04-18 13:28 . 2008-05-05 17:48 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\VMNTOOLBAR
2008-04-18 13:28 . 2008-04-18 13:28 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Teleca
2008-04-18 13:28 . 2008-04-18 13:28 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\Sony Ericsson
2008-04-18 13:28 . 2008-04-18 13:28 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Application Data\MSN Search Toolbar
2008-04-18 13:27 . 2005-12-09 21:34 <REP> d--h----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Voisinage réseau
2008-04-18 13:27 . 2005-12-09 21:34 <REP> d--h----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Voisinage d'impression
2008-04-18 13:27 . 2005-12-09 20:40 <REP> d--h----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Modèles
2008-04-18 13:27 . 2008-05-01 18:24 <REP> d---s---- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Mes documents
2008-04-18 13:27 . 2005-12-09 21:34 <REP> dr------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Menu Démarrer
2008-04-18 13:27 . 2008-04-26 11:54 <REP> d---s---- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Favoris
2008-04-18 13:27 . 2008-05-01 18:27 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\Bureau
2008-04-18 13:27 . 2008-05-05 17:50 <REP> d-------- C:\Documents and Settings\Dylan.HOANG-77DA29D2F
2008-04-18 13:27 . 2008-05-09 19:24 1,024 --ah----- C:\Documents and Settings\Dylan.HOANG-77DA29D2F\NTUSER.DAT.LOG
2008-04-17 22:44 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-17 22:44 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-17 22:44 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-17 22:44 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-17 22:44 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-17 22:44 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-17 22:44 . 2008-05-05 16:10 3,566 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-16 23:23 . 2008-04-16 23:23 87,616 --a------ C:\WINDOWS\system32\thrmgppt.dll
2008-04-16 21:53 . 2008-04-16 21:53 2,103 --a------ C:\Documents and Settings\maman\Application Data\update.log
2008-04-15 22:17 . 2008-04-17 12:30 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-15 16:55 . 2008-04-15 16:55 <REP> d-------- C:\Documents and Settings\alison\Application Data\TmpRecentIcons
2008-04-14 11:45 . 2008-04-14 11:45 3,648 --a------ C:\WINDOWS\system32\ltycfmxq.dll
2008-04-13 11:26 . 2008-04-13 11:26 3,648 --a------ C:\WINDOWS\system32\xvvkgvgp.dll
2008-04-12 23:54 . 2008-04-15 12:37 <REP> d-------- C:\Documents and Settings\maman\Application Data\TmpRecentIcons
2008-04-12 23:34 . 2008-04-12 23:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-12 23:24 . 2008-04-12 23:24 <REP> d-------- C:\Documents and Settings\alison\Application Data\Teleca
2008-04-12 23:24 . 2008-04-12 23:24 <REP> d-------- C:\Documents and Settings\alison\Application Data\Sony Ericsson
2008-04-12 22:09 . 2008-05-06 14:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\gnmnghip
2008-04-09 20:13 . 2008-04-09 20:13 <REP> d-------- C:\Program Files\GrenobleFoot38
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 17:24 --------- d-----w C:\Documents and Settings\papa\Application Data\VMNTOOLBAR
2008-05-09 12:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-09 07:57 --------- d-----w C:\Program Files\eMule
2008-05-07 11:18 --------- d-----w C:\Program Files\MSN Messenger
2008-04-18 16:00 --------- d-----w C:\Program Files\Morpheus Toolbar
2008-04-18 15:58 --------- d-----r C:\Program Files\Morpheus
2008-04-18 14:43 --------- d-----w C:\Documents and Settings\alison\Application Data\VMNTOOLBAR
2008-04-17 10:38 --------- d-----w C:\Documents and Settings\maman\Application Data\Lavasoft
2008-04-17 10:16 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-17 09:34 --------- d-----w C:\Documents and Settings\maman\Application Data\VMNTOOLBAR
2008-04-16 20:11 --------- d-----w C:\Documents and Settings\alison\Application Data\CoalEncMove
2008-04-15 11:47 --------- d-----w C:\Documents and Settings\maman\Application Data\Teleca
2008-04-14 09:58 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-11 11:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-23 10:47 --------- d-----w C:\Documents and Settings\papa\Application Data\Teleca
2008-03-23 10:46 --------- d-----w C:\Documents and Settings\papa\Application Data\Sony Ericsson
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 11:17 --------- d-----w C:\Documents and Settings\maman\Application Data\Sony Ericsson
2008-03-13 17:19 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-12 18:29 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-03-12 18:27 --------- d-----w C:\Program Files\Sony Ericsson
2008-03-12 18:27 --------- d-----w C:\Program Files\Fichiers communs\Sony Ericsson Shared
2008-03-12 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-03-12 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-03-12 13:06 --------- d-----w C:\Program Files\Sony
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-03-25 17:04 87,608 ----a-w C:\Documents and Settings\alison\Application Data\ezpinst.exe
2007-03-25 17:04 47,360 ----a-w C:\Documents and Settings\alison\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-05_18.49.46.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-05 16:44:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-09 17:18:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-26 11:22:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-05 18:30:47 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-26 11:22:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-05-05 18:30:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-04-26 11:22:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-05 18:30:47 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-05 16:44:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_53c.dat
+ 2008-05-09 17:18:42 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_53c.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-11-23 22:05 111840]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-26 13:22 29744]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 19:19 49152]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 11:14 528384]
"WidgetGF38"="C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe" [2008-01-24 12:17 1701370]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-05 14:00 44544]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-15 19:57:03 124912]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearch.exe [2005-09-20 19:10:04 238080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c08afad1]
--a------ 2008-04-16 23:23 87616 C:\WINDOWS\system32\thrmgppt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-26 13:22]
S3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3legacy.sys [2001-08-17 21:57]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 13:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 13:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 13:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 13:43]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 13:43]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 13:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 13:43]
S3 USB_NDIS_51;USB Ndis Cable Modem Network Device Driver;C:\WINDOWS\system32\DRIVERS\bcmndis.sys [2004-08-18 22:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-09 08:00:00 C:\WINDOWS\Tasks\A70C999E91930C96.job"
- c:\docume~1\alison\applic~1\coalen~1\GPL ISO 2.exe
"2007-05-18 22:14:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 19:32:50
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-09 19:36:29
ComboFix-quarantined-files.txt 2008-05-09 17:36:25
ComboFix2.txt 2008-05-07 20:00:30
Pre-Run: 199,795,662,848 octets libres
Post-Run: 199,860,805,632 octets libres
190 --- E O F --- 2008-04-11 11:36:00
LE RAPPORT AVEC HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:55, on 09/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WidgetGF38] C:\Program Files\GrenobleFoot38\Widget\widget_gf38.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
le rapport est bon
pour ne plus avoir les alertes désactive le tea timer de spybot (lance spybot puis MODE puis MODE AVANCE puis OUTIL puis RESIDENT et décoche tea timer)
encore des soucis????
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
pour ne plus avoir les alertes désactive le tea timer de spybot (lance spybot puis MODE puis MODE AVANCE puis OUTIL puis RESIDENT et décoche tea timer)
encore des soucis????
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
