De l'aide? Virus VUNDO

Résolu

stephlat Messages postés 38 Date d'inscription Statut Membre Dernière intervention -
sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention - 4 juin 2008 à 13:58

Bonjour, J'ai déjà effectué mon scann, le voici

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:42, on 29/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\vsnpstd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\antiviirus.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\tmp0.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {25714611-2CFB-4984-9B29-AC6F10BBE6C1} - C:\WINDOWS\system32\efcbaAPG.dll (file missing)
O2 - BHO: (no name) - {27796771-8D05-4EE6-B478-43CE759F2106} - C:\WINDOWS\system32\ssqQkkjh.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TXP] f:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [dc08ea4d] rundll32.exe "C:\WINDOWS\system32\omjiiwfh.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [obpaeyfhv] c:\documents and settings\ericka stephen\local settings\application data\obpaeyfhv.exe obpaeyfhv
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt407YYGP
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ssqQkkjh - C:\WINDOWS\SYSTEM32\ssqQkkjh.dll
O21 - SSODL: ServiceMon - {64a6e79e-cd24-4d89-9e71-e3926ca3e7ed} - C:\WINDOWS\Resources\ServiceMon.dll (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Afficher la suite

A voir également:

De l'aide? Virus VUNDO
Virus mcafee - Accueil - Piratage
Virus facebook demande d'amis - Accueil - Facebook
Undisclosed-recipients virus - Guide
Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
Impossible de terminer l'opération car le fichier contient un virus - Forum Virus

34 réponses

Réponse 21 / 34

stephlat Messages postés 38 Date d'inscription Statut Membre Dernière intervention

non, je suis des antilles (Guadeloupe). c'est des mes habitudes de vouvoyer les personnes que je ne connais pas.

Donc voilà le rapport de Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:23, on 30/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25714611-2CFB-4984-9B29-AC6F10BBE6C1} - C:\WINDOWS\system32\efcbaAPG.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TXP] f:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: ServiceMon - {64a6e79e-cd24-4d89-9e71-e3926ca3e7ed} - C:\WINDOWS\Resources\ServiceMon.dll (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Réponse 22 / 34

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

bon travail !
allez , dernière ligne droite :

Télécharges ComboFix (par sUBs) sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clik droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix et valide .
-------------------------------------------- IMPORTANT -------------------------------------------------------
!! déconnectes toi,fermes tes applications en cours et DESACTIVES TES DEFENCES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe , tu les réactiveras après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
------------------------------------------------------------------------------------------------------------------------
Ensuite :
double-cliques C-Fix.exe ( = combofix.exe ) .

Appuyes sur la touche Y (Yes) pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
---> si un message d'erreur windows apparait à un momment , clik sur la croix en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! )

Le rapport sera crée dans: C:\Combofix.txt

Postes le rapport combo fix et un nouveau rapport hijackthis pour analyse ...

Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Réponse 23 / 34

stephlat Messages postés 38 Date d'inscription Statut Membre Dernière intervention

Voila le rapport de Combo-Fix:

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Application Data\FunWebProducts
C:\Documents and Settings\Administrateur\Application Data\FunWebProducts\Data\Administrateur\avatar.dat
C:\Documents and Settings\Administrateur\Application Data\FunWebProducts\Data\Administrateur\register.dat
C:\Documents and Settings\Administrateur\Application Data\FunWebProducts\Data\Administrateur\zbucks.dat
C:\Documents and Settings\Administrateur\Application Data\HbTools
C:\Documents and Settings\Administrateur\Application Data\HbTools\HbTools.log
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u30104_emte10_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u30104_emte11_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u30104_emte12_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u30104_emte13_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u30104_emte14_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u30104_emte19_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u30104_emte20_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u30104_emte21_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u30104_emte9_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u30203lib_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u33102angel_1_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u33102bigluf_1_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u33102bigsmile_1_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u33102birthday_1_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u33102cheers_1_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u33102flo_1_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u33102good_1_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u33102jump_1_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u33102king_1_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u33102lough_1_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u33102luf_1_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u33102smile_1_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u33102smiled_1_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u33102sor_1_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u33102thanx_1_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u33102uhu_1_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u40103ahh_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u40103wow_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u40104_emi2_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u42102_1134_112_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u50103big_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u50103gig_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u50103hm_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u50103nomail_emoti_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u50103norm_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u60104_ema15_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u60104_ema16_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u60104_ema17_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u60104_ema18_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u60104_ema19_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u60104_ema20_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u60104_ema21_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u60104_ema24_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u60104_ema25_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u60104_ema26_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u60104_ema30_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u60104_ema33_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u60104_ema34_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u62802hippi_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u62802jumpie_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u80402argh_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u80402oops_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u80402ouch_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u82502no_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\[u]0/u82502yes_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\110103_boring1_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\110103_confused_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\110103_crying_ugly_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\110103_fantastic_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\110103_feel_better_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\110103_gimme_break_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\110103_heehee_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\110103_hlopaet_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\110103_ign_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\110103_lol_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\110103_no_comment_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\110103_peace_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\110103_smashing_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\110103_talk2thehand_prv.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\block_sm.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\block_sm2.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\block_smli.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\block_smli2.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\blocked.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\blocked2.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\btn_add-but.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\btn_back-but.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\btn_left_cut_enabled_1.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\btn_left_enabled_1.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\btn_left_pressed_1.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\btn_middle_enabled_1.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\btn_middle_pressed_1.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\btn_right_cut_enabled_1.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\btn_right_enabled_1.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\btn_right_pressed_1.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\business_promo.htm
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\buttondir.txt
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\components.cdf
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\css_cattree.css
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\css_flashpreview.css
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\css2_main.css
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\css2_pagingmodule.css
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\css2_topbuttons.css
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\delete.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\edit_clear_sound.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\edit_fs.htm
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\edit_select.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-511724-543450.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-511724-589306.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-511724-591943.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-511724-592579.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-511724-598579.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-511724-603763.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-511724-9696.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-511745-514279.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-backgrounds.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-bcards.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-ecards.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-emoticons.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-estationery.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-funny.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-help.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-images.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-info.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-more.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-my.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-new.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-new2.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-options.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-people.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-photo.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-tell.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-temp.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-text.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def-email-voice.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-def.cdf
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-premium-email-premium.mnu
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-t1-bg.res
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\email-temp-bg.res
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\estatationery.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\flashpatch.js
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\flashpreview.htm
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\fs3.htm
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\hotbar_promo.htm
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\icon_checked_1.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\icon_close_1.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\icon_close_pressed_1.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\icon_edit_preview.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\icon_edit_send.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\icon_flash_preview.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\icon_recently_used.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\icon_remove_1.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\icon_remove_pressed_1.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\icon_sand-clock2.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\icon_tell_1.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\icon_tell_pressed_1.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\icon_tree_null.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\icon_unchecked_1.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\icon_unchecked_pressed_1.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\img_barlayout.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\img_barlayout2.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\img_barlayout4.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\img_corner_left.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\img_local_logo.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\1\js2_basetemplate.js
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\business_promo.xip
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\buttondir.xip
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\code.xip
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\email-def.xip
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\email-temp-bg.xip
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\images.xip
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\js2_hbgroups.js
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\js2_hbobject3.js
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\js2_hbobjectset3.js
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\js2_hotbarwrapper.js
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\js2_iteratorsandreaders3nf.js
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\js2_pagingmoduleobj3.js
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\js2_texts3.js
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\js2_xmltree3nf.js
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\layout.cdf
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\layout.xip
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\linkpathlegal.txt
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\localcontent.xip
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\more.res
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\more.xip
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\n.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\nav_b_2.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\nav_bb_2.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\nav_f_2.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\nav_ff_2.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\pro_hb_fo_word.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\pro_hb_fo_word.xip
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\progress.res
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\progress.xip
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\sales_buttons.res
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\searchbtn.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\submit.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\tab_bg.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\tab_bga.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\tab_bgia.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\tab_l.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\tab_la.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\tab_lia.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\tab_r.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\tab_ra.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\tab_ria.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\tree_dots.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\tree_minus.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\tree_plus.gif
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\treedata_animations.xml
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\treedata_backgrounds.xml
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\treedata_ecards.xml
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\treedata_emoticons.xml
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\treedata_notifiers.xml
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\treedata_text.xml
C:\Documents and Settings\Administrateur\Application Data\HbTools\v3.0\hostol\static\DownLoad\treexml.xip
C:\WINDOWS\system32\GPAabcfe.ini
C:\WINDOWS\system32\GPAabcfe.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\unhsttuq.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2008-05-29 18:57 . 2008-05-29 19:37 <DIR> d-------- C:\Program Files\Navilog1
2008-05-29 18:12 . 2004-05-05 09:40 16,384 --a------ C:\WINDOWS\system32\restart.exe
2008-05-29 18:09 . 2008-05-29 18:33 <DIR> d----c--- C:\Ad-Fix
2008-05-29 17:30 . 2008-05-29 17:30 430 --a--c--- C:\test.reg
2008-05-29 17:27 . 2007-02-09 10:26 184,320 --a------ C:\WINDOWS\system32\delnext.exe
2008-05-29 17:13 . 2008-05-29 17:13 909,254 --a------ C:\Ad-Fix.zip
2008-05-29 14:36 . 2008-05-29 14:36 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-05-29 11:55 . 2008-05-29 11:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-29 11:54 . 2008-05-29 14:36 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-29 11:49 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-29 11:49 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-29 11:46 . 2008-05-29 11:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-29 11:46 . 2008-05-29 11:46 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\Application Data\Malwarebytes
2008-05-29 11:46 . 2008-05-29 11:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-05-29 11:21 . 2008-05-29 11:21 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\WINDOWS
2008-05-29 10:48 . 2008-05-29 10:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-29 10:43 . 2008-05-29 10:44 812,344 --a------ C:\HJTInstall.exe
2008-05-28 22:33 . 2008-05-28 22:34 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-27 23:29 . 2008-05-27 23:29 34,432 --a------ C:\WINDOWS\system32\ssqQkkjh.dll.vir
2008-05-26 16:04 . 2008-05-26 16:04 690,648 --a------ C:\Program Files\installer-49276-33fr-StuffPlug-NG-French.exe
2008-05-26 12:30 . 2008-05-26 12:30 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-26 12:30 . 2008-05-26 12:30 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-26 12:30 . 2008-05-26 12:30 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-26 12:30 . 2008-05-26 12:30 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-26 11:00 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-05-26 10:59 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-05-26 10:59 . 2008-04-13 20:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-05-26 10:59 . 2008-04-13 20:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-05-26 10:59 . 2008-04-13 20:11 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2008-05-26 10:59 . 2008-04-13 20:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-05-26 10:59 . 2008-04-13 20:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-05-26 10:59 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-05-26 10:58 . 2008-04-13 20:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-05-26 10:58 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-05-26 10:58 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-05-26 10:58 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-05-26 10:58 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-05-26 10:58 . 2007-09-17 04:48 1,261 --------- C:\WINDOWS\system32\pid.inf
2008-05-26 10:56 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-05-25 02:00 . 2008-05-27 12:16 <DIR> d-------- C:\Program Files\MessengerDiscovery
2008-05-24 13:45 . 2008-05-24 13:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-23 22:37 . 2008-05-23 22:37 227 --a------ C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
2008-05-23 22:37 . 2008-05-23 22:37 214 --a------ C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2008-05-23 21:19 . 2008-05-23 21:19 221 --a------ C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
2008-05-16 21:22 . 2008-05-19 12:37 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\Application Data\Dev-Cpp
2008-05-16 21:21 . 2008-05-16 21:22 <DIR> d----c--- C:\Dev-Cpp
2008-05-11 11:00 . 2008-05-29 10:49 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-05-11 09:59 . 2008-05-30 08:14 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-11 09:59 . 2008-05-21 02:06 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\Application Data\AVGTOOLBAR
2008-05-11 09:59 . 2008-05-11 09:59 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-11 09:59 . 2008-05-11 13:08 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-11 09:59 . 2008-05-11 09:59 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-11 09:59 . 2008-05-12 09:06 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-11 09:58 . 2008-05-11 09:58 <DIR> d-------- C:\Program Files\AVG
2008-05-11 09:58 . 2008-05-11 09:58 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-05-11 09:58 . 2008-05-11 09:58 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-05-11 09:58 . 2008-05-11 09:58 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-05-04 19:55 . 2008-04-13 14:46 85,248 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2008-05-04 19:55 . 2008-04-13 14:46 19,200 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2008-05-04 19:55 . 2008-04-13 14:46 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2008-05-04 19:55 . 2008-04-13 20:12 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-05-04 19:55 . 2008-04-13 14:46 15,232 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2008-05-04 19:55 . 2008-04-13 14:46 11,136 --a------ C:\WINDOWS\system32\drivers\slip.sys
2008-05-04 19:55 . 2008-04-13 14:46 10,880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2008-05-04 19:55 . 2008-04-13 14:39 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2008-05-04 12:10 . 2008-05-04 12:10 <DIR> d-------- C:\Program Files\Imikimi
2008-05-03 22:16 . 2008-05-13 23:36 <DIR> d-a------ C:\Program Files\newObjects
2008-05-03 22:16 . 2008-05-03 22:16 <DIR> d-------- C:\Program Files\Common Files\newObjects
2008-05-03 22:16 . 2006-09-15 00:07 118,784 --a------ C:\WINDOWS\nwmicrohost.exe
2008-05-03 20:50 . 2008-05-12 19:56 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\Application Data\Image Zone Express
2008-04-25 22:05 . 2008-04-27 13:30 <DIR> d-------- C:\Documents and Settings\STEPHEN Laticha\Application Data\LimeWire
2008-04-25 21:32 . 2008-04-25 21:32 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-25 21:27 . 2008-04-27 13:34 <DIR> d-------- C:\Documents and Settings\STEPHEN Laticha\Contacts
2008-04-25 21:23 . 2008-05-11 09:59 <DIR> d-------- C:\Documents and Settings\STEPHEN Laticha
2008-04-22 19:57 . 2008-04-22 19:57 <DIR> d-------- C:\Program Files\Common Files\HP
2008-04-22 19:57 . 2008-04-22 19:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
2008-04-22 19:55 . 2008-04-22 19:55 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-04-22 19:54 . 2008-04-22 19:54 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-22 19:52 . 1998-10-29 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-22 19:52 . 2004-09-29 13:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-04-22 19:52 . 2004-09-29 13:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-04-22 19:52 . 2004-09-29 13:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-04-22 19:52 . 2007-08-09 03:27 73,728 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-04-22 19:52 . 2004-09-29 13:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-04-22 19:52 . 2004-09-29 13:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-04-22 19:52 . 2008-04-13 14:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-22 19:49 . 2008-04-22 19:57 <DIR> d-------- C:\Program Files\HP
2008-04-22 19:46 . 2008-05-12 19:51 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\Application Data\HP
2008-04-22 19:46 . 2008-04-22 19:58 113,699 --a------ C:\WINDOWS\hpoins07.dat
2008-04-22 19:46 . 2005-12-16 18:17 51,120 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-04-22 19:46 . 2005-12-16 18:17 21,744 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-04-22 19:46 . 2005-12-16 18:17 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-04-22 19:46 . 2005-12-16 18:17 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-04-22 19:44 . 2005-12-16 18:17 606,208 --a------ C:\WINDOWS\system32\hpotscl.dll
2008-04-22 19:44 . 2005-12-16 18:17 278,528 --a------ C:\WINDOWS\system32\hpgwiamd.dll
2008-04-22 19:44 . 2005-12-16 18:17 274,432 --a------ C:\WINDOWS\system32\HPZc3212.dll
2008-04-22 19:44 . 2005-12-16 18:17 258,122 --a------ C:\WINDOWS\system32\hpovst08.dll
2008-04-22 19:44 . 2005-12-16 18:18 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2008-04-22 19:42 . 2005-12-16 18:17 393,216 --a------ C:\WINDOWS\system32\hpzcon12.dll
2008-04-22 19:42 . 2005-12-16 18:17 196,608 --a------ C:\WINDOWS\system32\hpzcoi12.dll
2008-04-22 19:42 . 2005-12-16 18:17 139,345 --a------ C:\WINDOWS\system32\hpzlnt12.dll
2008-04-22 18:34 . 2008-04-22 18:34 <DIR> d-------- C:\Program Files\PowerQuest
2008-04-22 15:20 . 2008-04-22 19:46 <DIR> d----c--- C:\Temp\HP_WebRelease
2008-04-22 15:01 . 2008-04-22 15:20 <DIR> d----c--- C:\Temp
2008-04-21 22:16 . 2008-04-21 22:16 67 --a------ C:\WINDOWS\Kit.ini
2008-04-17 23:37 . 2008-05-24 13:43 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\Application Data\AdobeUM
2008-04-13 14:01 . 2008-04-13 14:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 12:49 . 2006-02-28 08:00 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-04-13 12:28 . 2008-04-13 12:28 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-04-13 11:44 . 2008-04-13 11:49 <DIR> d--h-c--- C:\i386
2008-04-13 11:44 . 2006-02-28 08:00 218,624 --a------ C:\WINDOWS\system32\uxtheme.sp2
2008-04-12 16:08 . 2008-04-12 16:08 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-11 20:12 . 2008-04-11 20:12 0 --------- C:\WINDOWS\WB.ini
2008-04-10 01:08 . 2008-04-10 01:08 <DIR> d-------- C:\Program Files\BearShare Applications
2008-04-10 01:08 . 2008-04-11 20:41 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\Application Data\BearShare
2008-04-09 21:52 . 2008-04-22 20:27 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-04-09 16:14 . 2007-07-11 17:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-04-09 15:51 . 2008-04-09 15:51 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\Application Data\DivX
2008-04-09 15:46 . 2006-03-22 16:53 337,320 --a------ C:\WINDOWS\difxapi.dll
2008-04-09 15:46 . 2006-04-28 04:56 49,152 --a------ C:\WINDOWS\InstFunc.exe
2008-04-09 15:46 . 2007-10-03 10:56 12,288 --a------ C:\WINDOWS\InstFunc.dll
2008-04-09 15:31 . 2008-04-09 15:31 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-09 15:23 . 2008-04-09 15:23 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\Application Data\vlc
2008-04-09 13:41 . 2008-03-01 09:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-09 13:41 . 2007-06-30 23:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 15:12 --------- d-----w C:\Program Files\Wanadoo
2008-05-27 03:03 --------- d-----w C:\Program Files\MSN Messenger
2008-05-24 01:14 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-04-23 00:27 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-23 00:27 --------- d-----w C:\Program Files\Real Alternative
2008-04-23 00:27 --------- d-----w C:\Program Files\PopCap Games
2008-04-23 00:27 --------- d-----w C:\Program Files\Media Player Classic
2008-04-23 00:27 --------- d-----w C:\Program Files\LimeWire
2008-04-22 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-22 19:07 --------- d-----w C:\Program Files\QuickTime
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 18:46 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 18:46 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 18:45 59,520 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
2008-04-13 18:45 49,408 ----a-w C:\WINDOWS\system32\drivers\stream.sys
2008-04-13 18:45 36,864 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys
2008-04-13 18:45 32,128 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-13 18:45 30,208 ----a-w C:\WINDOWS\system32\drivers\usbehci.sys
2008-04-13 18:45 25,728 ----a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
2008-04-13 18:45 25,600 ----a-w C:\WINDOWS\system32\drivers\usbcamd.sys
2008-04-13 18:45 24,960 ----a-w C:\WINDOWS\system32\drivers\hidparse.sys
2008-04-13 18:45 19,200 ------w C:\WINDOWS\system32\drivers\hidir.sys
2008-04-13 18:45 17,152 ----a-w C:\WINDOWS\system32\drivers\usbohci.sys
2008-04-13 18:45 15,872 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25714611-2CFB-4984-9B29-AC6F10BBE6C1}]
C:\WINDOWS\system32\efcbaAPG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-11 13:07 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-11 13:07 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-11 13:07 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-10-13 19:12 122880]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 14:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 07:25 144784]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 17:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 19:55 32768]
"Cmaudio"="cmicnfg.cpl" []
"TXP"="f:\program files\topthemesxp\txp.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-08-30 12:37 286720]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-11 13:08 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 20:12 15360]

C:\Documents and Settings\STEPHEN Laticha\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - F:\Program Files\LimeWire\LimeWire.exe [4/18/2008 3:21:09 PM 147456]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM 29696]
WinZip Quick Pick.lnk - F:\Program Files\WinZip\WZQKPICK.EXE [4/30/2008 10:37:33 PM 106560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ServiceMon"= {64a6e79e-cd24-4d89-9e71-e3926ca3e7ed} - C:\WINDOWS\Resources\ServiceMon.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"F:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-11 09:59]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-11 09:59]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-11 13:07]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-05-11 09:59]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-11 13:08]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-11 09:58]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-11 09:58]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 13:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a8eede6-0e2a-11dd-8f2a-000b6ab2680c}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 11:10:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\FTRTSVC.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-05-30 11:16:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-30 15:16:31

Pre-Run: 29,501,587,456 bytes free
Post-Run: 29,451,972,608 bytes free

581 --- E O F --- 2008-05-17 01:12:43

et le rapport de Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:56, on 30/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd2.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25714611-2CFB-4984-9B29-AC6F10BBE6C1} - C:\WINDOWS\system32\efcbaAPG.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TXP] f:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: ServiceMon - {64a6e79e-cd24-4d89-9e71-e3926ca3e7ed} - C:\WINDOWS\Resources\ServiceMon.dll (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Réponse 24 / 34

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

1-Crée un doc texte sur ton bureau :
pointes ta souris sur ton bureau , click droit : vas dans "nouveau" et choisis "document texte" .

Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de crée :

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25714611-2CFB-4984-9B29-AC6F10BBE6C1}]

File::
C:\WINDOWS\system32\efcbaAPG.dll
C:\WINDOWS\system32\ssqQkkjh.dll.vir

Puis vas dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valides ...

2-Nettoyage :
!!Déconnectes toi,fermes toute tes application et désactive ton antivirus le temps de la manipe ( tu le réactiveras après ) !!

--->Sur ton bureau, fais un glisser avec ta souris le fichier CFScript sur l'icone de ComboFix.exe (ou C-Fix.exe).

(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide.

Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)

!!Ne touche à rien tant que le scan n'est pas terminé !!

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.

Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport HijackThis pour analyse ...

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 34

stephlat Messages postés 38 Date d'inscription Statut Membre Dernière intervention

rapport Combo-Fix:

ComboFix 08-05-29.1 - Ericka STEPHEN 2008-05-30 11:39:29.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.299 [GMT -4:00]
Running from: C:\Documents and Settings\Ericka STEPHEN\Desktop\C-Fix.exe
Command switches used :: C:\Documents and Settings\Ericka STEPHEN\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\system32\efcbaAPG.dll
C:\WINDOWS\system32\ssqQkkjh.dll.vir
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ssqQkkjh.dll.vir

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2008-05-29 18:57 . 2008-05-29 19:37 <DIR> d-------- C:\Program Files\Navilog1
2008-05-29 18:12 . 2004-05-05 09:40 16,384 --a------ C:\WINDOWS\system32\restart.exe
2008-05-29 18:09 . 2008-05-29 18:33 <DIR> d----c--- C:\Ad-Fix
2008-05-29 17:30 . 2008-05-29 17:30 430 --a--c--- C:\test.reg
2008-05-29 17:27 . 2007-02-09 10:26 184,320 --a------ C:\WINDOWS\system32\delnext.exe
2008-05-29 17:13 . 2008-05-29 17:13 909,254 --a------ C:\Ad-Fix.zip
2008-05-29 14:36 . 2008-05-29 14:36 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-05-29 11:55 . 2008-05-29 11:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-29 11:54 . 2008-05-29 14:36 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-29 11:49 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-29 11:49 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-29 11:46 . 2008-05-29 11:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-29 11:46 . 2008-05-29 11:46 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\Application Data\Malwarebytes
2008-05-29 11:46 . 2008-05-29 11:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-05-29 11:21 . 2008-05-29 11:21 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\WINDOWS
2008-05-29 10:48 . 2008-05-29 10:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-29 10:43 . 2008-05-29 10:44 812,344 --a------ C:\HJTInstall.exe
2008-05-28 22:33 . 2008-05-28 22:34 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-26 16:04 . 2008-05-26 16:04 690,648 --a------ C:\Program Files\installer-49276-33fr-StuffPlug-NG-French.exe
2008-05-26 12:30 . 2008-05-26 12:30 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-26 12:30 . 2008-05-26 12:30 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-26 12:30 . 2008-05-26 12:30 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-26 12:30 . 2008-05-26 12:30 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-26 11:00 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-05-26 10:59 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-05-26 10:59 . 2008-04-13 20:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-05-26 10:59 . 2008-04-13 20:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-05-26 10:59 . 2008-04-13 20:11 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2008-05-26 10:59 . 2008-04-13 20:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-05-26 10:59 . 2008-04-13 20:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-05-26 10:59 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-05-26 10:58 . 2008-04-13 20:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-05-26 10:58 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-05-26 10:58 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-05-26 10:58 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-05-26 10:58 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-05-26 10:58 . 2007-09-17 04:48 1,261 --------- C:\WINDOWS\system32\pid.inf
2008-05-26 10:56 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-05-25 02:00 . 2008-05-27 12:16 <DIR> d-------- C:\Program Files\MessengerDiscovery
2008-05-24 13:45 . 2008-05-24 13:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-23 22:37 . 2008-05-23 22:37 227 --a------ C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
2008-05-23 22:37 . 2008-05-23 22:37 214 --a------ C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2008-05-23 21:19 . 2008-05-23 21:19 221 --a------ C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
2008-05-16 21:22 . 2008-05-19 12:37 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\Application Data\Dev-Cpp
2008-05-16 21:21 . 2008-05-16 21:22 <DIR> d----c--- C:\Dev-Cpp
2008-05-11 11:00 . 2008-05-29 10:49 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-05-11 09:59 . 2008-05-30 08:14 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-11 09:59 . 2008-05-21 02:06 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\Application Data\AVGTOOLBAR
2008-05-11 09:59 . 2008-05-11 09:59 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-11 09:59 . 2008-05-11 13:08 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-11 09:59 . 2008-05-11 09:59 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-11 09:59 . 2008-05-12 09:06 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-11 09:58 . 2008-05-11 09:58 <DIR> d-------- C:\Program Files\AVG
2008-05-11 09:58 . 2008-05-11 09:58 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-05-11 09:58 . 2008-05-11 09:58 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-05-11 09:58 . 2008-05-11 09:58 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-05-04 19:55 . 2008-04-13 14:46 85,248 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2008-05-04 19:55 . 2008-04-13 14:46 19,200 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2008-05-04 19:55 . 2008-04-13 14:46 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2008-05-04 19:55 . 2008-04-13 20:12 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-05-04 19:55 . 2008-04-13 14:46 15,232 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2008-05-04 19:55 . 2008-04-13 14:46 11,136 --a------ C:\WINDOWS\system32\drivers\slip.sys
2008-05-04 19:55 . 2008-04-13 14:46 10,880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2008-05-04 19:55 . 2008-04-13 14:39 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2008-05-04 12:10 . 2008-05-04 12:10 <DIR> d-------- C:\Program Files\Imikimi
2008-05-03 22:16 . 2008-05-13 23:36 <DIR> d-a------ C:\Program Files\newObjects
2008-05-03 22:16 . 2008-05-03 22:16 <DIR> d-------- C:\Program Files\Common Files\newObjects
2008-05-03 22:16 . 2006-09-15 00:07 118,784 --a------ C:\WINDOWS\nwmicrohost.exe
2008-05-03 20:50 . 2008-05-12 19:56 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\Application Data\Image Zone Express
2008-04-25 22:05 . 2008-04-27 13:30 <DIR> d-------- C:\Documents and Settings\STEPHEN Laticha\Application Data\LimeWire
2008-04-25 21:32 . 2008-04-25 21:32 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-25 21:27 . 2008-04-27 13:34 <DIR> d-------- C:\Documents and Settings\STEPHEN Laticha\Contacts
2008-04-25 21:23 . 2008-05-11 09:59 <DIR> d-------- C:\Documents and Settings\STEPHEN Laticha
2008-04-22 19:57 . 2008-04-22 19:57 <DIR> d-------- C:\Program Files\Common Files\HP
2008-04-22 19:57 . 2008-04-22 19:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
2008-04-22 19:55 . 2008-04-22 19:55 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-04-22 19:54 . 2008-04-22 19:54 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-22 19:52 . 1998-10-29 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-22 19:52 . 2004-09-29 13:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-04-22 19:52 . 2004-09-29 13:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-04-22 19:52 . 2004-09-29 13:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-04-22 19:52 . 2007-08-09 03:27 73,728 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-04-22 19:52 . 2004-09-29 13:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-04-22 19:52 . 2004-09-29 13:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-04-22 19:52 . 2008-04-13 14:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-22 19:49 . 2008-04-22 19:57 <DIR> d-------- C:\Program Files\HP
2008-04-22 19:46 . 2008-05-12 19:51 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\Application Data\HP
2008-04-22 19:46 . 2008-04-22 19:58 113,699 --a------ C:\WINDOWS\hpoins07.dat
2008-04-22 19:46 . 2005-12-16 18:17 51,120 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-04-22 19:46 . 2005-12-16 18:17 21,744 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-04-22 19:46 . 2005-12-16 18:17 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-04-22 19:46 . 2005-12-16 18:17 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-04-22 19:44 . 2005-12-16 18:17 606,208 --a------ C:\WINDOWS\system32\hpotscl.dll
2008-04-22 19:44 . 2005-12-16 18:17 278,528 --a------ C:\WINDOWS\system32\hpgwiamd.dll
2008-04-22 19:44 . 2005-12-16 18:17 274,432 --a------ C:\WINDOWS\system32\HPZc3212.dll
2008-04-22 19:44 . 2005-12-16 18:17 258,122 --a------ C:\WINDOWS\system32\hpovst08.dll
2008-04-22 19:44 . 2005-12-16 18:18 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2008-04-22 19:42 . 2005-12-16 18:17 393,216 --a------ C:\WINDOWS\system32\hpzcon12.dll
2008-04-22 19:42 . 2005-12-16 18:17 196,608 --a------ C:\WINDOWS\system32\hpzcoi12.dll
2008-04-22 19:42 . 2005-12-16 18:17 139,345 --a------ C:\WINDOWS\system32\hpzlnt12.dll
2008-04-22 18:34 . 2008-04-22 18:34 <DIR> d-------- C:\Program Files\PowerQuest
2008-04-22 15:20 . 2008-04-22 19:46 <DIR> d----c--- C:\Temp\HP_WebRelease
2008-04-22 15:01 . 2008-04-22 15:20 <DIR> d----c--- C:\Temp
2008-04-21 22:16 . 2008-04-21 22:16 67 --a------ C:\WINDOWS\Kit.ini
2008-04-17 23:37 . 2008-05-24 13:43 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\Application Data\AdobeUM
2008-04-13 14:01 . 2008-04-13 14:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 12:49 . 2006-02-28 08:00 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-04-13 12:28 . 2008-04-13 12:28 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-04-13 11:44 . 2008-04-13 11:49 <DIR> d--h-c--- C:\i386
2008-04-13 11:44 . 2006-02-28 08:00 218,624 --a------ C:\WINDOWS\system32\uxtheme.sp2
2008-04-12 16:08 . 2008-04-12 16:08 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-11 20:12 . 2008-04-11 20:12 0 --------- C:\WINDOWS\WB.ini
2008-04-10 01:08 . 2008-04-10 01:08 <DIR> d-------- C:\Program Files\BearShare Applications
2008-04-10 01:08 . 2008-04-11 20:41 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\Application Data\BearShare
2008-04-09 21:52 . 2008-04-22 20:27 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-04-09 16:14 . 2007-07-11 17:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-04-09 15:51 . 2008-04-09 15:51 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\Application Data\DivX
2008-04-09 15:46 . 2006-03-22 16:53 337,320 --a------ C:\WINDOWS\difxapi.dll
2008-04-09 15:46 . 2006-04-28 04:56 49,152 --a------ C:\WINDOWS\InstFunc.exe
2008-04-09 15:46 . 2007-10-03 10:56 12,288 --a------ C:\WINDOWS\InstFunc.dll
2008-04-09 15:31 . 2008-04-09 15:31 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-09 15:23 . 2008-04-09 15:23 <DIR> d-------- C:\Documents and Settings\Ericka STEPHEN\Application Data\vlc
2008-04-09 13:41 . 2008-03-01 09:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-09 13:41 . 2007-06-30 23:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-09 13:41 . 2007-06-30 23:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 15:37 --------- d-----w C:\Program Files\Wanadoo
2008-05-27 03:03 --------- d-----w C:\Program Files\MSN Messenger
2008-05-24 01:14 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-04-23 00:27 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-23 00:27 --------- d-----w C:\Program Files\Real Alternative
2008-04-23 00:27 --------- d-----w C:\Program Files\PopCap Games
2008-04-23 00:27 --------- d-----w C:\Program Files\Media Player Classic
2008-04-23 00:27 --------- d-----w C:\Program Files\LimeWire
2008-04-22 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-22 19:07 --------- d-----w C:\Program Files\QuickTime
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 18:46 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 18:46 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 18:45 59,520 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
2008-04-13 18:45 49,408 ----a-w C:\WINDOWS\system32\drivers\stream.sys
2008-04-13 18:45 36,864 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys
2008-04-13 18:45 32,128 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-13 18:45 30,208 ----a-w C:\WINDOWS\system32\drivers\usbehci.sys
2008-04-13 18:45 25,728 ----a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
2008-04-13 18:45 25,600 ----a-w C:\WINDOWS\system32\drivers\usbcamd.sys
2008-04-13 18:45 24,960 ----a-w C:\WINDOWS\system32\drivers\hidparse.sys
2008-04-13 18:45 19,200 ------w C:\WINDOWS\system32\drivers\hidir.sys
2008-04-13 18:45 17,152 ----a-w C:\WINDOWS\system32\drivers\usbohci.sys
2008-04-13 18:45 15,872 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-11 13:07 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-11 13:07 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-11 13:07 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-10-13 19:12 122880]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 14:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 07:25 144784]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 17:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 19:55 32768]
"Cmaudio"="cmicnfg.cpl" []
"TXP"="f:\program files\topthemesxp\txp.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-08-30 12:37 286720]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-11 13:08 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 20:12 15360]

C:\Documents and Settings\STEPHEN Laticha\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - F:\Program Files\LimeWire\LimeWire.exe [4/18/2008 3:21:09 PM 147456]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM 29696]
WinZip Quick Pick.lnk - F:\Program Files\WinZip\WZQKPICK.EXE [4/30/2008 10:37:33 PM 106560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ServiceMon"= {64a6e79e-cd24-4d89-9e71-e3926ca3e7ed} - C:\WINDOWS\Resources\ServiceMon.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"F:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-11 09:59]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-11 09:59]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-11 13:07]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-05-11 09:59]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-11 13:08]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-11 09:58]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-11 09:58]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 13:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a8eede6-0e2a-11dd-8f2a-000b6ab2680c}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 11:42:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-30 11:44:15
ComboFix-quarantined-files.txt 2008-05-30 15:44:10
ComboFix2.txt 2008-05-30 15:16:41

Pre-Run: 29,497,008,128 bytes free
Post-Run: 29,491,658,752 bytes free

344 --- E O F --- 2008-05-17 01:12:43

Rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:49, on 30/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd2.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TXP] f:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: ServiceMon - {64a6e79e-cd24-4d89-9e71-e3926ca3e7ed} - C:\WINDOWS\Resources\ServiceMon.dll (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Réponse 26 / 34

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

très bien !
on va procéder à un premier balayage ; fais ce qui suit :

1-Ouvre Malwarebytes . Vas sur l'onglet quarantaine et click sur " tout supprimer " .

2-Fermes toutes tes applications et déconnectes toi .

Relance Hijackthis mais click sur " Do a scan only "
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide .
Tu vas clické sur les carré des lignes suivantes :

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O21 - SSODL: ServiceMon - {64a6e79e-cd24-4d89-9e71-e3926ca3e7ed} - C:\WINDOWS\Resources\ServiceMon.dll (file missing)

Tu cliques en bas sur le bouton FIX CHECKED et valides .

3-Télécharges : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'instalation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 première.
Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ).

Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

Utilisation:
vas dans nettoyeur : fait annalyse puis nettoyage
et vas dans registre : fait chercher les erreurs et réparer ( plusieur fois jusqu'a ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )

Après tout cela ,on va faire un contrôle plus en profondeur avec ce-ci :
4-Télécharge DiagHelp.zip sur ton bureau :

http://www.malekal.com/download/DiagHelp.zip

!! déconnectes toi et fermes toutes tes applications en cours !!

Fais un clic droit sur le fichier et extraire tout .

--> Un nouveau dossier va être créé : "DiagHelp"
Ouvre le et double-clic sur go.cmd et pas sur autre chose ! (le .cmd peut ne pas apparaître )

--> Une fenêtre va s'ouvrir, choisis l'option 1
L'analyse va commencer, ce-ci peut durer quelques minutes, laisses faire et appuies sur une touche quand on te le demandera :
une page IE va s'ouvrir , ferme la .
Re-appuis sur une touche, le bloc-note s'ouvre :
Sauvegardes ce rapport de façon à le retrouver et postes tout son contenu dans ta prochaine réponse ...

Réponse 27 / 34

stephlat Messages postés 38 Date d'inscription Statut Membre Dernière intervention

DiagHelp version v1.4 - http://www.malekal.com
excute le 30/05/2008 à 12:40:00,57

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->30/05/2008 12:39:51
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->30/05/2008 12:38:58
C:\WINDOWS\prefetch\HPZIPM12.EXE-145E7369.pf -->30/05/2008 12:38:10
C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->30/05/2008 12:38:03
C:\WINDOWS\prefetch\CTFMON.EXE-0E17969B.pf -->30/05/2008 12:33:59
C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf -->30/05/2008 12:33:42
C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf -->30/05/2008 12:23:00
C:\WINDOWS\prefetch\AVGCMGR.EXE-1D29CBA8.pf -->30/05/2008 12:23:00
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->30/05/2008 12:20:32
C:\WINDOWS\prefetch\HIJACKTHIS.EXE-34A0FC79.pf -->30/05/2008 12:20:29

C:\WINDOWS\System32\drivers\avgmfx86.sys -->12/05/2008 09:06:14
C:\WINDOWS\System32\drivers\avgtdix.sys -->11/05/2008 13:08:14
C:\WINDOWS\System32\drivers\avgrkx86.sys -->11/05/2008 09:59:48
C:\WINDOWS\System32\drivers\avgldx86.sys -->11/05/2008 09:59:48
C:\WINDOWS\System32\drivers\avgfwdx.sys -->11/05/2008 09:58:14
C:\WINDOWS\System32\drivers\mbamcatchme.sys -->05/05/2008 20:46:36
C:\WINDOWS\System32\drivers\mbam.sys -->05/05/2008 20:46:32

C:\WINDOWS\System32\wpa.dbl -->28/05/2008 22:29:42
C:\WINDOWS\System32\clkcnt.txt -->28/05/2008 07:31:53
C:\WINDOWS\System32\package.lst -->27/05/2008 14:00:17
C:\WINDOWS\System32\perfh009.dat -->26/05/2008 12:52:34
C:\WINDOWS\System32\perfc009.dat -->26/05/2008 12:52:34
C:\WINDOWS\System32\PerfStringBackup.INI -->26/05/2008 12:52:32
C:\WINDOWS\System32\spupdwxp.log -->26/05/2008 12:50:32
C:\WINDOWS\System32\FNTCACHE.DAT -->26/05/2008 12:49:41
C:\WINDOWS\System32\hpzjrd01.dll -->23/05/2008 21:14:47
C:\WINDOWS\System32\avgrsstx.dll -->12/05/2008 09:06:14
C:\WINDOWS\System32\avgfwdx.dll -->11/05/2008 09:58:14
C:\WINDOWS\System32\MRT.exe -->09/05/2008 14:35:06
C:\WINDOWS\System32\spnpinst.exe -->14/04/2008 05:42:38
C:\WINDOWS\System32\setupapi.dll -->14/04/2008 05:42:06
C:\WINDOWS\System32\licdll.dll -->14/04/2008 05:41:58
C:\WINDOWS\System32\dcache.bin -->13/04/2008 20:25:26
C:\WINDOWS\System32\netsetup.exe -->13/04/2008 20:16:51
C:\WINDOWS\System32\rdpwsx.dll -->13/04/2008 20:13:22
C:\WINDOWS\System32\rdpdd.dll -->13/04/2008 20:13:22
C:\WINDOWS\System32\tsddd.dll -->13/04/2008 20:13:21
C:\WINDOWS\System32\drmclien.dll -->13/04/2008 20:13:00
C:\WINDOWS\System32\winspool.drv -->13/04/2008 20:12:45
C:\WINDOWS\System32\wdmaud.drv -->13/04/2008 20:12:45
C:\WINDOWS\System32\unimdm.tsp -->13/04/2008 20:12:45
C:\WINDOWS\System32\remotesp.tsp -->13/04/2008 20:12:45

C:\WINDOWS\system.ini -->30/05/2008 11:42:19
C:\WINDOWS\wiadebug.log -->30/05/2008 11:09:48
C:\WINDOWS\WindowsUpdate.log -->30/05/2008 11:09:46
C:\WINDOWS\wiaservc.log -->30/05/2008 11:09:40
C:\WINDOWS\bootstat.dat -->30/05/2008 11:09:22
C:\WINDOWS\SchedLgU.Txt -->30/05/2008 11:08:06
C:\WINDOWS\HP_CounterReport_Update_HPSU.ini -->23/05/2008 22:37:43
C:\WINDOWS\HP_48BitScanUpdatePatch.ini -->23/05/2008 22:37:15
C:\WINDOWS\HP_RedboxHprblog_HPSU.ini -->23/05/2008 21:19:39
C:\WINDOWS\win.ini -->17/05/2008 07:25:58
C:\WINDOWS\nsreg.dat -->25/04/2008 21:32:36
C:\WINDOWS\Thumbs.db -->22/04/2008 20:27:40
C:\WINDOWS\hpoins07.dat -->22/04/2008 19:58:57
C:\WINDOWS\Kit.ini -->21/04/2008 22:16:54
C:\WINDOWS\winhlp32.exe -->13/04/2008 20:12:39

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 2652
Command line: C:\WINDOWS\explorer.exe

Base Size Version Path
0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x77a80000 0x95000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x754d0000 0x80000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x42c10000 0xd0000 7.00.6000.16640 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x42990000 0x45000 7.00.6000.16640 C:\WINDOWS\system32\iertutil.dll
0x76c30000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76b20000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
0x42ef0000 0x5cd000 7.00.6000.16640 C:\WINDOWS\system32\ieframe.dll
0x42cf0000 0x127000 7.00.6000.16640 C:\WINDOWS\system32\urlmon.dll
0x7d1e0000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x42e40000 0x3c000 7.00.6000.16640 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x02f70000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x00f80000 0x7000 1.00.0000.0001 C:\PROGRA~1\Wanadoo\Inactivity.dll
0x16200000 0x6000 4.01.0000.0000 F:\PROGRA~1\WINZIP\WZSHLSTB.DLL
0x00df0000 0x2e000 F:\Program Files\WinRAR\rarext.dll
0x10000000 0x8000 1.00.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x621a0000 0x1d000 8.00.0000.0080 C:\Program Files\AVG\AVG8\avgse.dll
0x7c420000 0x87000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll
0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
0x00980000 0xd000 7.00.0009.0050 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x6bd10000 0x10000 12.00.4518.1014 C:\Program Files\Microsoft Office\Office12\msohevi.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 876
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x77a80000 0x95000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76c30000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
0x74320000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x00930000 0x17000 3.525.1132.0000 C:\WINDOWS\system32\odbcint.dll
0x76b20000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL

Volume in drive C has no label.
Volume Serial Number is DC08-EAE2

Directory of C:\WINDOWS\system

17/02/2004 20:51 1 458 176 SmWizard.exe
1 File(s) 1 458 176 bytes
0 Dir(s) 29 529 788 416 bytes free
Volume in drive C has no label.
Volume Serial Number is DC08-EAE2

Directory of C:\WINDOWS\system32

13/04/2008 20:12 6 144 csrss.exe
1 File(s) 6 144 bytes
0 Dir(s) 29 529 788 416 bytes free

Contenu de Downloaded Program Files
Volume in drive C has no label.
Volume Serial Number is DC08-EAE2

Directory of C:\WINDOWS\Downloaded Program Files

30/05/2008 12:23 <DIR> .
30/05/2008 12:23 <DIR> ..
08/04/2008 17:04 65 desktop.ini
24/03/2008 22:33 1 527 056 FP_AX_CAB_INSTALLER.exe
28/09/2007 04:41 381 960 GAME_UNO1.dll
17/01/2007 15:44 316 GAME_UNO1.INF
11/03/2008 09:53 1 060 jinstall-6u5.inf
22/02/2007 23:41 304 544 MessengerStatsPAClient.dll
28/02/2007 14:21 130 472 MineSweeper.dll
28/02/2007 14:21 131 472 msgrchkr.dll
30/07/2007 22:24 295 muweb.inf
24/03/2008 22:18 247 swflash.inf
10 File(s) 2 477 487 bytes

Total Files Listed:
10 File(s) 2 477 487 bytes
2 Dir(s) 29 529 788 416 bytes free

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\messenger\\msmsgs.exe"="C:\\Program Files\\messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="F:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"F:\\Program Files\\LimeWire\\LimeWire.exe"="F:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]

exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableRegistryTools"=dword:00000000
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000

Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 12:40:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000002bb

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
220 - hpqste08.exe
332 - Toaster.exe
336 - hpqtra08.exe
416 - avgwdsvc.exe
628 - msnmsgr.exe
700 - MessengerDiscov
852 - csrss.exe
876 - winlogon.exe
920 - services.exe
932 - lsass.exe
1040 - ctfmon.exe
1088 - svchost.exe
1168 - svchost.exe
1264 - svchost.exe
1296 - svchost.exe
1448 - svchost.exe
1472 - ALERTM~1.EXE
1520 - vsnpstd2.exe
1552 - svchost.exe
1608 - TaskBarIcon.exe
1752 - PollingModule.e
2236 - msnmsgr.exe
2288 - Inactivity.exe
2436 - alg.exe
2572 - firefox.exe
2588 - Watch.exe
2652 - explorer.exe
2816 - GestionnaireInt
3376 - cmd.exe
3436 - ComComp.exe
3508 - MessengerDiscov
3892 - usnsvc.exe

Total number of processes = 33
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EE000 - \WINDOWS\system32\hal.dll
F8553000 - \WINDOWS\system32\KDCOM.DLL
F8463000 - \WINDOWS\system32\BOOTVID.dll
F8004000 - ACPI.sys
F8555000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F7FF3000 - pci.sys
F8053000 - isapnp.sys
F861B000 - pciide.sys
F82D3000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F8063000 - MountMgr.sys
F7FD4000 - ftdisk.sys
F82DB000 - PartMgr.sys
F8073000 - VolSnap.sys
F7FBC000 - atapi.sys
F8083000 - disk.sys
F8093000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F7F9C000 - fltmgr.sys
F7F8A000 - sr.sys
F80A3000 - PxHelp20.sys
F7F73000 - KSecDD.sys
F7F60000 - WudfPf.sys
F7ED3000 - Ntfs.sys
F7EA6000 - NDIS.sys
F80B3000 - Combo-Fix.sys
F80C3000 - uagp35.sys
F7E8C000 - Mup.sys
F8557000 - avgrkx86.sys
F8223000 - \SystemRoot\system32\DRIVERS\amdk7.sys
F7B3B000 - \SystemRoot\system32\DRIVERS\sisgrp.sys
F7B27000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F8233000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F8373000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F837B000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F8243000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F8253000 - \SystemRoot\system32\DRIVERS\redbook.sys
F7B04000 - \SystemRoot\system32\DRIVERS\ks.sys
F79B4000 - \SystemRoot\system32\drivers\cmuda.sys
F7990000 - \SystemRoot\system32\drivers\portcls.sys
F8263000 - \SystemRoot\system32\drivers\drmk.sys
F8383000 - \SystemRoot\system32\DRIVERS\usbohci.sys
F796C000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F838B000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F8393000 - \SystemRoot\system32\DRIVERS\sisnic.sys
F839B000 - \SystemRoot\system32\DRIVERS\fdc.sys
F8273000 - \SystemRoot\system32\DRIVERS\serial.sys
F84FF000 - \SystemRoot\system32\DRIVERS\serenum.sys
F7958000 - \SystemRoot\system32\DRIVERS\parport.sys
F8503000 - \SystemRoot\system32\DRIVERS\gameenum.sys
F83A3000 - \SystemRoot\system32\DRIVERS\avgfwdx.sys
F87A8000 - \SystemRoot\system32\DRIVERS\audstub.sys
F8283000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F8507000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F7941000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F8293000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F82A3000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F83AB000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F7930000 - \SystemRoot\system32\DRIVERS\psched.sys
F82B3000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F83B3000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F83BB000 - \SystemRoot\system32\DRIVERS\raspti.sys
F80F3000 - \SystemRoot\system32\DRIVERS\termdd.sys
F856D000 - \SystemRoot\system32\DRIVERS\swenum.sys
F77F1000 - \SystemRoot\system32\DRIVERS\update.sys
F851B000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F8123000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F8153000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F856F000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F83CB000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
F8571000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F8735000 - \SystemRoot\System32\Drivers\Null.SYS
F8573000 - \SystemRoot\System32\Drivers\Beep.SYS
F83DB000 - \SystemRoot\System32\drivers\vga.sys
F8575000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F8577000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F83E3000 - \SystemRoot\System32\Drivers\Msfs.SYS
F83EB000 - \SystemRoot\System32\Drivers\Npfs.SYS
F854F000 - \SystemRoot\system32\DRIVERS\rasacd.sys
B5FA5000 - \SystemRoot\system32\DRIVERS\ipsec.sys
B5F4C000 - \SystemRoot\system32\DRIVERS\tcpip.sys
B5F24000 - \SystemRoot\system32\DRIVERS\netbt.sys
B5F02000 - \SystemRoot\System32\drivers\afd.sys
F8173000 - \SystemRoot\system32\DRIVERS\netbios.sys
F83F3000 - \SystemRoot\system32\DRIVERS\srvkp.sys
B5ED7000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F8740000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS
B5E3F000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F8193000 - \SystemRoot\System32\Drivers\Fips.SYS
B5E19000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F81A3000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F83FB000 - \SystemRoot\System32\Drivers\avgmfx86.sys
B5E03000 - \SystemRoot\System32\Drivers\avgldx86.sys
F81D3000 - \SystemRoot\System32\Drivers\Cdfs.SYS
B5DEB000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F8581000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F84EF000 - \SystemRoot\System32\drivers\Dxapi.sys
F840B000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F868C000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\SiSGRV.dll
B5C8B000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
B5A1E000 - \SystemRoot\system32\drivers\wdmaud.sys
B5B0B000 - \SystemRoot\system32\drivers\sysaudio.sys
B5769000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
F85D9000 - \SystemRoot\System32\Drivers\ParVdm.SYS
B5730000 - \SystemRoot\System32\Drivers\avgtdix.sys
B55C6000 - \SystemRoot\system32\DRIVERS\srv.sys
B51EA000 - \SystemRoot\System32\Drivers\HTTP.sys
F841B000 - \??\C:\C-Fix\catchme.sys
F8569000 - \??\C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
B5582000 - \??\C:\WINDOWS\system32\PCANDIS5.SYS
B49C1000 - \SystemRoot\system32\drivers\kmixer.sys
F8798000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 114

Liste des programmes installes

1500
1500_Help
1500Trb
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.1.0 - Français
AiO_Scan
AiOSoftware
Archiveur WinRAR
Assistant de connexion Windows Live
AutoUpdate
AVG 8.0
BearShare
BufferChm
C-Media WDM Audio Driver
Capture My Screen 1.03
CCleaner (remove only)
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CustomerResearchQFolder
Destinations
Dev-C++ 5 beta 9 release (4.9.9.2)
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DocProc
eSupportQFolder
Fax
GanttProject
Gestionnaire Internet
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Imikimi Plugin
Java(TM) 6 Update 5
Lecteur Windows Media 11
LimeWire 4.16.7
livebox
Malwarebytes' Anti-Malware
MarketResearch
Messenger Plus! Live
MessengerDiscovery Live 1.4.5408
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (French) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Software Update for Web Folders (French) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB936181)
Navilog1 3.5.7
NewCopy
newObjects ActiveX Pack1 Family v.2.5.0
newObjects Development Library (September 2006)
PartitionMagic
PhotoFiltre
PowerQuest PartitionMagic 8.0
ProductContext
Readme
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB941569)
SolutionCenter
Status
StuffPlug 3
TrayApp
Unload
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb950378)
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip
WinZip Self-Extractor

Volume in drive C has no label.
Volume Serial Number is DC08-EAE2

Directory of C:\Program Files

30/05/2008 12:29 <DIR> .
30/05/2008 12:29 <DIR> ..
29/01/2008 16:25 <DIR> Adobe
03/12/2007 05:37 <DIR> Ahead
19/04/2007 15:04 <DIR> Aspi
11/05/2008 09:58 <DIR> AVG
10/04/2008 01:08 <DIR> BearShare Applications
30/05/2008 12:29 <DIR> CCleaner
19/04/2007 18:20 <DIR> C-Media 3D Audio
19/04/2007 15:07 <DIR> Codec
24/05/2008 13:45 <DIR> Common Files
19/04/2007 15:06 <DIR> D-Tools
21/03/2008 12:45 <DIR> Fichiers communs
22/04/2008 19:55 <DIR> Hewlett-Packard
19/04/2007 14:52 <DIR> HFNetChk
22/04/2008 19:57 <DIR> HP
04/05/2008 12:10 <DIR> Imikimi
26/05/2008 16:04 690 648 installer-49276-33fr-StuffPlug-NG-French.exe
30/04/2008 18:08 <DIR> Internet Explorer
08/04/2008 17:36 <DIR> Java
10/04/2008 14:30 <DIR> Java Web Start
22/04/2008 20:27 <DIR> LimeWire
29/05/2008 11:49 <DIR> Malwarebytes' Anti-Malware
22/04/2008 20:27 <DIR> Media Player Classic
26/05/2008 12:31 <DIR> messenger
27/05/2008 12:16 <DIR> MessengerDiscovery
21/03/2008 20:10 <DIR> Microsoft CAPICOM 2.1.0.2
19/04/2007 14:47 <DIR> microsoft frontpage
08/04/2008 20:41 <DIR> Microsoft Office
21/03/2008 13:22 <DIR> Microsoft SQL Server Compact Edition
20/03/2008 09:51 <DIR> Microsoft Visual Studio
20/03/2008 09:52 <DIR> Microsoft Works
26/05/2008 12:30 <DIR> Movie Maker
30/05/2008 12:33 <DIR> Mozilla Firefox
20/03/2008 09:52 <DIR> MSBuild
09/04/2008 12:34 <DIR> MSN
19/04/2007 15:03 <DIR> msn gaming zone
26/05/2008 23:03 <DIR> MSN Messenger
26/01/2008 11:41 <DIR> MSXML 4.0
29/05/2008 19:37 <DIR> Navilog1
26/05/2008 12:05 <DIR> NetMeeting
13/05/2008 23:36 <DIR> newObjects
08/04/2008 17:04 <DIR> Online Services
26/05/2008 12:05 <DIR> Outlook Express
22/04/2008 20:27 <DIR> PopCap Games
22/04/2008 18:34 <DIR> PowerQuest
22/04/2008 15:07 <DIR> QuickTime
22/04/2008 20:27 <DIR> Real Alternative
23/01/2008 12:45 <DIR> SAGEM
23/04/2007 02:18 <DIR> Securitoo
19/04/2007 14:45 <DIR> Services en ligne
04/06/2007 02:02 <DIR> SiS VGA Utilities V3.75
04/06/2007 02:01 <DIR> sisagp
19/04/2007 18:20 <DIR> SiSLan
29/05/2008 10:48 <DIR> Trend Micro
30/05/2008 11:46 <DIR> Wanadoo
22/03/2008 19:56 <DIR> Windows Live
19/04/2007 17:25 <DIR> Windows Live Favorites
21/03/2008 19:34 <DIR> Windows Live Safety Center
22/04/2008 20:27 <DIR> Windows Live Toolbar
22/04/2008 20:27 <DIR> Windows Media Connect 2
26/05/2008 12:05 <DIR> Windows Media Player
26/05/2008 12:05 <DIR> Windows NT
19/04/2007 14:52 <DIR> WinRAR
19/04/2007 15:05 <DIR> WMV9_VCM
19/04/2007 14:47 <DIR> xerox
1 File(s) 690 648 bytes
65 Dir(s) 29 510 037 504 bytes free
Volume in drive C has no label.
Volume Serial Number is DC08-EAE2

Directory of C:\Program Files\fichiers communs

21/03/2008 12:45 <DIR> .
21/03/2008 12:45 <DIR> ..
25/04/2007 10:34 <DIR> Adobe
26/07/2003 04:11 <DIR> Ahead
20/03/2008 09:51 <DIR> DESIGNER
23/04/2007 11:59 <DIR> Hewlett-Packard
31/08/2007 12:53 <DIR> HP
19/04/2007 18:21 <DIR> InstallShield
20/04/2007 05:54 <DIR> Java
21/03/2008 12:46 <DIR> Microsoft Shared
19/04/2007 14:44 <DIR> MSSoap
19/04/2007 15:41 <DIR> ODBC
22/04/2008 20:27 <DIR> Services
19/04/2007 15:41 <DIR> SpeechEngines
21/03/2008 20:09 <DIR> System
0 File(s) 0 bytes
15 Dir(s) 29 510 037 504 bytes free
Volume in drive C has no label.
Volume Serial Number is DC08-EAE2

Directory of C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

20/03/2008 09:50 <DIR> .
20/03/2008 09:50 <DIR> ..
20/03/2008 09:43 <DIR> 1036
26/10/2006 14:49 970 528 MSONSEXT.DLL
26/10/2006 15:12 40 256 MSOSV.DLL
03/06/1999 08:09 122 937 MSOWS409.DLL
07/03/2001 03:00 127 033 MSOWS40c.DLL
4 File(s) 1 260 754 bytes
3 Dir(s) 29 510 037 504 bytes free
Volume in drive C has no label.
Volume Serial Number is DC08-EAE2

Directory of C:\Program Files\common files

24/05/2008 13:45 <DIR> .
24/05/2008 13:45 <DIR> ..
24/05/2008 13:46 <DIR> Adobe
08/04/2008 20:41 <DIR> DESIGNER
22/04/2008 19:54 <DIR> Hewlett-Packard
22/04/2008 19:57 <DIR> HP
22/04/2008 16:04 <DIR> InstallShield
08/04/2008 17:32 <DIR> Java
11/05/2008 09:57 <DIR> Microsoft Shared
08/04/2008 17:03 <DIR> MSSoap
03/05/2008 22:16 <DIR> newObjects
08/04/2008 09:43 <DIR> ODBC
08/04/2008 17:03 <DIR> Services
08/04/2008 09:43 <DIR> SpeechEngines
26/05/2008 12:04 <DIR> System
0 File(s) 0 bytes
15 Dir(s) 29 510 037 504 bytes free
Volume in drive C has no label.
Volume Serial Number is DC08-EAE2

Directory of C:\

29/05/2008 10:44 812 344 HJTInstall.exe
1 File(s) 812 344 bytes
0 Dir(s) 29 510 037 504 bytes free

c:\Documents and Settings\Administrateur\.limewire\.NetworkShare\LimeWireWin4.16.6.exe
c:\Documents and Settings\Administrateur\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\Administrateur\Bureau\IE7Setup.exe
c:\Documents and Settings\Administrateur\Bureau\OOo_2.2.0_Win32Intel_install_fr.exe
c:\Documents and Settings\Administrateur\Bureau\PimpFish.exe
c:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\cat_eyes_ls@hotmail.com\Sharing Folders\averagesec@hotmail.com\MsgPlusLive-460.exe
c:\Documents and Settings\Administrateur\Mes documents\Laticha STEPHEN\msjavx86.exe
c:\Documents and Settings\Administrateur\Mes documents\Laticha STEPHEN\wordbiz18.exe
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\aAvgApi.exe
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgcmgr.exe
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgdiag.exe
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgdumpx.exe
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgfrw.exe
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgnsx.exe
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgrsx.exe
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgscanx.exe
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgsrmax.exe
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgtray.exe
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgui.exe
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgwdsvc.exe
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\setup.exe
c:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
c:\Documents and Settings\Ericka STEPHEN\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_fr_FR.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\ccsetup207.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\C-Fix.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\LimeWireWin.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\mbam-setup.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\MDL_1.4.5408.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\Navilog1.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\VirtumundoBeGone.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\Ad-Fix\delnext.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\Ad-Fix\md5sum.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\Ad-Fix\Process.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\Ad-Fix\restart.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\Ad-Fix\swreg.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\Ad-Fix\swsc.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\Ad-Fix\URL2FILE.EXE
c:\Documents and Settings\Ericka STEPHEN\Desktop\Ad-Fix\zip.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\BTFix\BTFix.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\DiagHelp\catchme.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\DiagHelp\diff.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\DiagHelp\dumphive.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\DiagHelp\find2.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\DiagHelp\Fport.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\DiagHelp\grep.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\DiagHelp\gzip.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\DiagHelp\LFiles.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\DiagHelp\md5sums.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\DiagHelp\pslist.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\DiagHelp\sigcheck.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\DiagHelp\streams.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\DiagHelp\swreg.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\DiagHelp\tar.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\New Folder\Ad-Fix\delnext.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\New Folder\Ad-Fix\md5sum.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\New Folder\Ad-Fix\Process.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\New Folder\Ad-Fix\restart.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\New Folder\Ad-Fix\swreg.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\New Folder\Ad-Fix\swsc.exe
c:\Documents and Settings\Ericka STEPHEN\Desktop\New Folder\Ad-Fix\URL2FILE.EXE
c:\Documents and Settings\Ericka STEPHEN\Desktop\New Folder\Ad-Fix\zip.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\GameHouse\GHGamesPlayer\GameHouse\BigIslandBlends\en-US\BigIslandBlends.dll
c:\Documents and Settings\All Users\Application Data\GameHouse\GHGamesPlayer\GameHouse\GenericGameExtension\GenericGameExtension.dll
c:\Documents and Settings\All Users\Application Data\JollyBear\JBGamePlayer\GameHouse\BCASFWeb\bass.dll
c:\Documents and Settings\All Users\Application Data\JollyBear\JBGamePlayer\GameHouse\BCASFWeb\BCASFWeb.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\MumboJumbo\MJOLauncher\Zone\chainz_2_web\chainz_2_web.dll
c:\Documents and Settings\All Users\Application Data\MumboJumbo\MJOLauncher\Zone\chainz_2_web\core.dll
c:\Documents and Settings\All Users\Application Data\MumboJumbo\MJOLauncher\Zone\chainz_2_web\file.dll
c:\Documents and Settings\All Users\Application Data\MumboJumbo\MJOLauncher\Zone\chainz_2_web\fmod.dll
c:\Documents and Settings\All Users\Application Data\MumboJumbo\MJOLauncher\Zone\chainz_2_web\gfx2d.dll
c:\Documents and Settings\All Users\Application Data\MumboJumbo\MJOLauncher\Zone\chainz_2_web\gfx2d_dd7.dll
c:\Documents and Settings\All Users\Application Data\MumboJumbo\MJOLauncher\Zone\chainz_2_web\imglib.dll
c:\Documents and Settings\All Users\Application Data\MumboJumbo\MJOLauncher\Zone\chainz_2_web\jpeg.dll
c:\Documents and Settings\All Users\Application Data\MumboJumbo\MJOLauncher\Zone\chainz_2_web\logger.dll
c:\Documents and Settings\All Users\Application Data\MumboJumbo\MJOLauncher\Zone\chainz_2_web\net.dll
c:\Documents and Settings\All Users\Application Data\MumboJumbo\MJOLauncher\Zone\chainz_2_web\snd3d.dll
c:\Documents and Settings\All Users\Application Data\MumboJumbo\MJOLauncher\Zone\chainz_2_web\snd3d_fmod.dll
c:\Documents and Settings\All Users\Application Data\MumboJumbo\MJOLauncher\Zone\chainz_2_web\ui2.dll
c:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\popcap\chuzzle\Chuzzle.dll
c:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\popcapfr\chuzzle\Chuzzle.dll
c:\Documents and Settings\All Users\Application Data\SonyPicturesGames\ActiveX\TheDaVinciCode\XTheDaVinciCode.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\GameHouse\Delicious\en-US\delicious.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\GameHouse\Delicious\en-US\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\GameHouse\Delicious2\en-US\Delicious2.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\GameHouse\Delicious2\en-US\fmod.dll
c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\GameHouse\ZylomExtension\ZylomExtension.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgabout.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgcfgx.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgcorex.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgdiag.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avglngx.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avglogx.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgmail.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgmvflx.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgpp.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgrsstx.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgscanx.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgsched.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgse.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgsrmx.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgssff.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgssie.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgtbapi.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgtoolbar.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avguiadv.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avguires.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgupd.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgvvx.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgwd.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgwdwsc.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgxch32.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgxpl.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\imsdk32.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\update\backup\vmAVGConnector.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_STEPHEN-FD6539A.tar.gz a l'adresse http://upload.malekal.com

Réponse 28 / 34

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

Une dernière salté :

Télécharges OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,

C:\WINDOWS\System32\clkcnt.txt

et colles-la dans le cadre de gauche de OTMoveIt2 :
Paste standard List of Files/Folders to be moved.

cliques sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.

cliques sur Exit pour fermer.
--->postes le rapport situé dans " C:\OTMoveIt\MovedFiles." pour vérifier ...

il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
si c'est le cas acceptes par "Yes".

Réponse 29 / 34

stephlat Messages postés 38 Date d'inscription Statut Membre Dernière intervention

C:\WINDOWS\System32\clkcnt.txt moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05302008_125703

Réponse 30 / 34

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

très bien ...

1-Télécharges ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe

Cliques sur Recherche et laisses le scan se terminer.
Cliques sur Suppression pour finaliser.
Tu peux, si tu le souhaites, te servir des Options facultatives

Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection ( tu n'en as plus besion ! ) .
Supprimes tout les outils , dossiers ou rapports consernant la désinfection que Toolsclaener2 n'a pas supprimé .

Puis enfin supprimes Toolscleaner2 ... ( gardes Malwarebytes et CCleaner : très utile ! )

2-Refait un coup de CCleaner ( registre compris ) .

Après cela , dis moi comment va ton PC , du mieux non ?

Réponse 31 / 34

stephlat Messages postés 38 Date d'inscription Statut Membre Dernière intervention

C'est fini?

Mon ordinateur a 6 ans, c'est la première fois que je devrai faire autant de travail dessus.

Je voudrai savoir est-ce-que les Tracking Ciookies sont nuisible pour le système?

J'ai la dernière version de AVG, est-ce-que je dois équiper l'ordinateur au niveau sécurité pour empêcher cette situation de se reproduire?

Conclusion,

Je TE remercie énormément pour ta collaboration, si jamais je dois me référer a quelque pour de l'aide pour la sécurité de l'ordinateur, y a-t-il moyen de me diriger vers vous pour ne pas poser de questions sur le forum?

J'avais un problème avec le gestionnaire des tâches dûs aux virus.( Problème RESOLU!!!)

Est-ce que vous pouvez me faire un récapitulatif de tout ce qu'il avait sur mon système?

Merci énormément!!!

Réponse 32 / 34

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

Je voudrai savoir est-ce-que les Tracking Ciookies sont nuisible pour le système?
---> risque moyen , a supprimer systhémathiquement quand même ...

J'ai la dernière version de AVG, est-ce-que je dois équiper l'ordinateur au niveau sécurité pour empêcher cette situation de se reproduire?
--->est-ce une version demo ou acheter ?

Est-ce que vous pouvez me faire un récapitulatif de tout ce qu'il avait sur mon système?
---> regardes ici , cela donne un ordre d'idée ;)

si jamais je dois me référer a quelque pour de l'aide pour la sécurité de l'ordinateur, y a-t-il moyen de me diriger vers vous pour ne pas poser de questions sur le forum?
--->non , c'est toujours mieux d'exposer ces prb sur le forum , comme cela si d'autre personne rencontre les mêmes soucis , cela peut les aider ^^

On peut donc dire que le prb est résolut ....

Si tu as d'autres question ...

Réponse 33 / 34

stephlat Messages postés 38 Date d'inscription Statut Membre Dernière intervention

Pas de question!

Problème résolu!!!

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

Content d'avoir pu te rendre service !

Bonne continuation à toi sous le soleil des Antilles ^^

A+

PS : un petit lien pour la sécurité informatique ...

Réponse 34 / 34

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

j'ai faillit oublier !!!

Un petit checkup ne serai pas de trop :

1-Restauration système
*Désactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK
--->Redémarres ton PC
*Réactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK
--->Redémarres ton PC

2-Nettoyage et Défragmentation de tes Disques
*Nettoyage :
Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Général"
Cliques sur le bouton "nettoyage de disque", OK
tu le fais pour chacun de tes disques

*Vérifications des erreurs :
Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Outil"
"Vérifier maintenant", une boîte s'ouvre, cocher les cases :
-réparer automatiquement les erreurs...
-rechercher et tenter une récupération...
--->Démarrer, ok
Note : s'il te dis de redémarrer ton Pc pour le faire , tu redémarres et tu laisses faire, cela prend un peu de temps c'est normal
tu le fais pour chacun de tes disques

ensuite toujours dans le même onglet tu choisis :
*Défragmentation :
"défragmenter maintenant", OK
une boîte s'ouvre, tu sélectionnes le disque à défragmenter, et tu cliques sur "analyser", puis après l'analyse, "défragmenter" . OK
tu le fais pour chacun de tes disques

Cette manipe est certes un peu longue mais fortement conseillé

Voili, voilou ^^

Bye !!!

Discussions similaires

Softonic,est-ce un virus ?

message de postmaster incessant !

Désinstaller Softonic

Message Apple virus !!

4 virus en raison d’un porno ????

Votre réponse

Discussions similaires