rapport hijackyhis Résolu/Fermé

Question

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:39, on 18/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BufferZone\ClntSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\iexplore.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\BufferZone\CLIENTGUI.EXE
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule	bSec1.dll
O1 - Hosts: 202.75.62.88 banamex.com.mx
O1 - Hosts: 202.75.62.88 www.banamex.com.mx
O1 - Hosts: 202.75.62.88 banamex.com
O1 - Hosts: 202.75.62.88 www.banamex.com
O1 - Hosts: 202.75.62.88 www.bancanetempresarial.banamex.com.mx
O1 - Hosts: 202.75.62.88 boveda.banamex.com.mx
O1 - Hosts: 202.75.62.88 boveda.banamex.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule	bSec1.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet
ewdotnet7_22.dll
O2 - BHO: (no name) - {5DA5030D-C599-A19D-5E6B-D36C97DCEA37} - C:\DOCUME~1\MAMAN\APPLIC~1\MULTII~1\Settingsdog.exe (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule	bSec1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\MINITEL\Watch.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [uvexolmf] C:\WINDOWS\uvexolmf.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [PlusInfoLiteEq] C:\Documents and Settings\All Users\Application Data\SoapBurnPlusInfo\TrustCorn.exe
O4 - HKLM\..\Run: [BufferZone] "C:\Program Files\BufferZone\CLIENTGUI.EXE" /STARTUP
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Internet Explorer] iexplore.exe
O4 - HKLM\..\RunServices: [Internet Explorer] iexplore.exe
O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BITSUP] C:\DOCUME~1\MAMAN\APPLIC~1\HOPEME~1\film dumb.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKLM\..\Policies\Explorer\Run: [Internet Explorer] iexplore.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: e-Carte Bleue Banque Populaire.lnk = C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?0819bee09dea4e4d97d024ccef1008bc
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?0819bee09dea4e4d97d024ccef1008bc
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/255f08444349274b8020/netzip/RdxIE601_fr.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\ClntSvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe

darkcrystal33 · Answer

A effacer:

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule	bSec1.dll

O1 - Hosts: 202.75.62.88 banamex.com.mx

O1 - Hosts: 202.75.62.88 www.banamex.com.mx

O1 - Hosts: 202.75.62.88 banamex.com

O1 - Hosts: 202.75.62.88 www.banamex.com

O1 - Hosts: 202.75.62.88 www.bancanetempresarial.banamex.com.mx

O1 - Hosts: 202.75.62.88 boveda.banamex.com.mx

O1 - Hosts: 202.75.62.88 boveda.banamex.com

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet
ewdotnet7_22.dll

O2 - BHO: (no name) - {5DA5030D-C599-A19D-5E6B-D36C97DCEA37} - C:\DOCUME~1\MAMAN\APPLIC~1\MULTII~1\Settingsdog.exe (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM\..\Run: [Internet Explorer] iexplore.exe

O4 - HKLM\..\RunServices: [Internet Explorer] iexplore.exe

O4 - HKLM\..\Policies\Explorer\Run: [Internet Explorer] iexplore.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

Ayayou · Answer

euh... comment j'efface ? ^^' (désolée je suis vraiment une grosse quiche)

verni29 · Answer

Non, Darkcristal, il ne suffit pas de supprimer les lignes avec Hijackthis.

Il y a deux infections visbles ( que tu identifies ), mais tu ne proposes pas l'outil pour désinfecter.

 Pour  O4 - HKLM\..\RunServices: [Internet Explorer] iexplore.exe 

Tu vas utiliser SDFix téléchargeable à :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Tu installes le logiciel.
Tu peux t’aider du tuto suivant :
https://www.malekal.com/slenfbot-still-an-other-irc-bot/ 

Il faut que tu redémarres en mode sans échec. 
Pour cela, tu redémarres ton ordinateur et tu appuies sur la touche F8.

A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
Choisis ton compte.

Tu lances SDFix en double-cliquant sur RunThis.bat dans le dossier où tu as installé le logiciel.
Ton ordinateur va redémarrer. il te sera peut-être demander d'appuyer sur une touche pour redémarrer.
L'outil va continuer à travailler, c'est normal.
Une fois affiché Finished, appuie sur une touche pour finir l'exécution du logiciel.
Ton bureau devrait réapparaitre.
Ouvre le dossier de SDFix sur ton Bureau.
Copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.

Avec un nouveau log HijackThis !

A+

darkcrystal33 · Answer

Tu coche les lignes concernées et tu clique sur le bouton "fix checked"

verni29 · Answer

Ayayou, tu es encore là ?

Ton PC est infecté et il faut que tu passes les différents outils qui te seront proposés.

A+

anthony5151 · Answer

Bonjour,

Je confirme ce que dit verni29 : il ne faut pas fixer les lignes avec Hijackthis comme ça...
Ca ne supprime pas l'infection, et ça masque les résultats des outils de désinfection qu'on pourrait utiliser ensuite !


Ayayou :

Je te conseille de suivre le conseil que t'a donné verni29 ici :
http://www.commentcamarche.net/forum/affich 8487568 rapport hijackyhis#3

Ayayou · Answer

quand je clique sur sdfix, une fenêtre s'ouvre et ya des écritures qui "défilent" et ça se referme, pareil en mode sans échec, je fais quoi ?

verni29 · Answer

Ayayou, 

On va prendre son temps. Si tu as des difficultés ou des doutes, n'hésite pas à le dire.

On redeviendra sur SDFix après.
Commençons par l'infection qui doit t'afficher des pages de publicités.

Télécharge LopS&D. 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 

Installe le logiciel. 
Une icône va apparaitre sur le bureau. Double clique dessus pour lancer le logiciel 
Tu choisis la langue et l'option 1 pour effectuer la recherche. 

A la fin de la recherche, un rapport LopR.txt apparait.
Copie le contenu de ce rapport dans ton prochain message.
Sinon, il se trouve en C:\LopR.txt. 
Tu posteras ce rapport dans le prochain message.

A+

Ayayou · Answer

j'ai lancé la recherche, mais ça a pas l'air de faire grand chose

verni29 · Answer

Laisse lui le temps.

A+

Ayayou · Answer

okay (mais l'ordi fait vraiment rien là, normal ?)

verni29 · Answer

Au bout de 15 mn, c'est pas normal.
laisse le travailler encore 5 mn, après cela veut dire que le logiciel se bloque et ferme LopS&D ( crois sur la fenêtre )

On reprend au début.

1) va dans le panneau de configuration --> Ajout/Supp de programmes
Désinstalle LopS&D

2) On va enlever les logiciels qui ont été utilisés pour reprendre la procédure à zéro.
Télécharge ToolsCleaner .sur le bureau
http://pc-system.fr/
Double-clique sur ToolsCleaner2.exe --> Recherche --> Suppression.
Il est possible que ton bureau disparaisse.

Fais un copier/coller du rapport qui se trouve dans C:\TCleaner.txt

A+

Ayayou · Answer

Fais un copier/coller du rapport qui se trouve dans C:\TCleaner.txt : c'est ça ?

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\MAMAN\Recent\MSNFix.lnk: supprimé !
C:\Documents and Settings\MAMAN\Bureau\SdFix.exe: supprimé !
C:\Documents and Settings\MAMAN\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\MAMAN\Bureau\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\lopR.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\SDFIX: supprimé !
C:\Lop SD: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

verni29 · Answer

OK, c'est ça.

On recommence par un rapport Hijackthis.

Télécharge et installe HijackThis .
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Choisir « Download Hijackthis Installer »
Après l'installation, un raccourci sera crée sur le bureau. Double-clique dessus pour le lancer.

Choisir l'option Do a system scan and save a logfile.
Le rapport va s'ouvrir. Tu copies/colles le contenu de ce rapport dans ton prochain message.

A+

Ayayou · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40:33, on 18/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BufferZone\ClntSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\iexplore.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\BufferZone\CLIENTGUI.EXE
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule	bSec1.dll
O1 - Hosts: 202.75.62.88 banamex.com.mx
O1 - Hosts: 202.75.62.88 www.banamex.com.mx
O1 - Hosts: 202.75.62.88 banamex.com
O1 - Hosts: 202.75.62.88 www.banamex.com
O1 - Hosts: 202.75.62.88 www.bancanetempresarial.banamex.com.mx
O1 - Hosts: 202.75.62.88 boveda.banamex.com.mx
O1 - Hosts: 202.75.62.88 boveda.banamex.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule	bSec1.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet
ewdotnet7_22.dll
O2 - BHO: (no name) - {5DA5030D-C599-A19D-5E6B-D36C97DCEA37} - C:\DOCUME~1\MAMAN\APPLIC~1\MULTII~1\Settingsdog.exe (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule	bSec1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\MINITEL\Watch.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [uvexolmf] C:\WINDOWS\uvexolmf.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [PlusInfoLiteEq] C:\Documents and Settings\All Users\Application Data\SoapBurnPlusInfo\TrustCorn.exe
O4 - HKLM\..\Run: [BufferZone] "C:\Program Files\BufferZone\CLIENTGUI.EXE" /STARTUP
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Internet Explorer] iexplore.exe
O4 - HKLM\..\RunServices: [Internet Explorer] iexplore.exe
O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BITSUP] C:\DOCUME~1\MAMAN\APPLIC~1\HOPEME~1\film dumb.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKLM\..\Policies\Explorer\Run: [Internet Explorer] iexplore.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: e-Carte Bleue Banque Populaire.lnk = C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?0819bee09dea4e4d97d024ccef1008bc
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?0819bee09dea4e4d97d024ccef1008bc
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/255f08444349274b8020/netzip/RdxIE601_fr.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\ClntSvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe

verni29 · Answer

On va réutilisé LopS&D, sinon, j'utiliserais un autre outil mais la démarche est bien plus compliqué à expliquer.
Suis pas à pas les procédures pour qu'il n'y ait pas de surprises.

1) Supprime le dossier LopS&D existant.

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau. 
 http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

Double-clique sur OTMoveIt.exe pour le lancer. 
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move. 


C:\Lop SD 

clique sur MoveIt! pour lancer la suppression. 
Le résultat apparaitra dans le cadre "Results". 
Clique sur Exit pour fermer.

Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Il est possible que ton ordinateur redémarre pour supprimer les fichiers.

2) Télécharge LopS&D. 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 

Installe le logiciel. 
Une icône va apparaitre sur le bureau. Double clique dessus pour lancer le logiciel 
Tu choisis la langue et l'option 1 pour effectuer la recherche. 
A la fin de la recherche, un rapport LopR.txt apparait.
Copie le contenu de ce rapport dans ton prochain message.
Il se trouve en C:\LopR.txt. 
Tu posteras ce rapport dans le prochain message.

A+

Ayayou · Answer

il veut que je redemarre, je mets ok ?

verni29 · Answer

Oui.

Ayayou · Answer

Folder move failed. C:\Lop SD scheduled to be moved on reboot.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09182008_235603

Files moved on Reboot...
C:\Lop SD moved successfully.

PS : désolée j'avais pas vu le "Il est possible que ton ordinateur redémarre pour supprimer les fichiers."

verni29 · Answer

Bon, il faut qu'on arrive déjà à passer LopS&D, en espérant qu'on aura plus de chances cette fois-ci.
Fais la deuxième partie du message 20 :
http://www.commentcamarche.net/forum/affich 8487568 rapport hijackyhis#20

A+

Ayayou · Answer

je crois que ça fait pareil que tout à l'heure, l'ordi "travaille" pas...

verni29 · Answer

Attends cinq minutes pas plus, puis arrête lopS&D.

On utilisera les grands moyens dans ce cas.

A+

Ayayou · Answer

quand tu dis "utiliser les grands moyens" ça veut dire que ça va prendre du temps ? (j'ai cours demain)

verni29 · Answer

Les grans moyens, c'est utilisé un outil plus puissant qui permettra de supprimer toute ou partie de ces infections.
Si tu as cours, voyons cela demain plutôt.

de passer l'outil ne prends pas énormément de temps.
par contre l'analyse du rapport que je ferrais oui.

As-tu arrêté lopS&D ?

Ayayou · Answer

oui j'ai arrêté lopS&D, par contre demain je serais pas chez moi (je pars faire les vendanges, youpi -__-) ça serait possible que tu m'aides dimanche soir ou lundi plutôt ?

verni29 · Answer

C'est OK pour dimanche.

Peux-tu prendre 15 mn pour passer l'outil suivant ?
ceci me permettra de préparer le script de désinfection.

Tu vas télécharger ComBoFix et enregistre le sur ton bureau ( important pour la suite )
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

déconnecte toi du net.
Désactive les protections résidentes de ton ordinateur ( antivirus, antispyware et parefeu )
Lance Combofix.exe et suis les invites.

Une fois le scan fini, un rapport va apparaitre.
Copie/colle ce rapport dans ta prochaine réponse.
Si tu ne le trouves pas, il est à C:\ComboFix.txt.

A+

Ayayou · Answer

désolée j'ai pas pu me reconnecter au net hier soir (d'ailleurs ça remarche toujours pas), mais j'ai fait le rapport (par contre j'ai pas désactivé l'anti virus, et j'ai pas eu le temps de le refaire, je vais essayer maintenant mais c'est pas sur que je puisse, si j'ai le temps je le poste) ComboFix 08-09-16.05 - MAMAN 2008-09-19 0:31:48.1 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.176 [GMT 2:00] Lancé depuis: C:\Documents and Settings\MAMAN\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé * Resident AV is active [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\AGNES\Cookies\agnes@servedby.advertising[1].txt C:\Documents and Settings\AGNES\Cookies\agnes@servedby.advertising[2].txt C:\Documents and Settings\MAMAN\Cookies\maman@clickintext[4].txt C:\Documents and Settings\MAMAN\Cookies\maman@date.ventivmedia[3].txt C:\Documents and Settings\MAMAN\Cookies\maman@edt02[1].txt C:\Documents and Settings\MAMAN\Cookies\maman@edt02[3].txt C:\Documents and Settings\MAMAN\Cookies\maman@edt02[4].txt C:\Documents and Settings\MAMAN\Cookies\maman@edt02[5].txt C:\Documents and Settings\MAMAN\Cookies\maman@edt02[6].txt C:\Documents and Settings\MAMAN\Cookies\maman@edt02[8].txt C:\Documents and Settings\MAMAN\Cookies\maman@erreurchasseur[2].txt C:\Documents and Settings\MAMAN\Cookies\maman@hotbar[2].txt C:\Documents and Settings\MAMAN\Cookies\maman@metrics.adobe[2].txt C:\Documents and Settings\MAMAN\Cookies\maman@server.cpmstar[1].txt C:\Documents and Settings\MAMAN\Cookies\maman@tracker.affistats[3].txt C:\Documents and Settings\MAMAN\Cookies\maman@tracker.affistats[5].txt C:\Documents and Settings\MAMAN\Cookies\maman@tracker.affistats[6].txt C:\Documents and Settings\MAMAN\Cookies\maman@tracker.affistats[8].txt C:\Documents and Settings\MAMAN\Cookies\maman@trafiz[6].txt C:\Documents and Settings\MAMAN\Cookies\maman@trafiz[8].txt C:\Program Files ewdotnet C:\Program Files ewdotnet ewdotnet7_22.dll C:\Program Files ewdotnet eadme.html C:\Program Files ewdotnet\uninstall7_22.exe C:\Program Files\webhancer C:\Program Files\webhancer\Programs\webhdll.dll.bak.bak C:\WINDOWS\NDNuninstall7_22.exe C:\windows\system32\iexplore.exe C:\WINDOWS\system32\MSINET.oca . ((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-18 au 2008-09-18 )))))))))))))))))))))))))))))))))))) . 2008-09-19 00:04 . 2008-09-19 00:04 d-------- C:\Lop SD 2008-09-18 23:56 . 2008-09-18 23:56 d-------- C:\_OTMoveIt 2008-09-18 21:34 . 2008-09-18 21:34 d-------- C:\Program Files\Trend Micro 2008-09-18 20:28 . 2008-09-18 20:28 d-------- C:\Program Files\AxBx 2008-09-18 19:26 . 2008-09-18 19:26 d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-09-18 19:26 . 2008-09-18 19:26 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-02 18:23 . 2008-09-02 18:23 d--hs---- C:\FOUND.041 2008-09-01 11:09 . 2008-09-01 11:09 d--hs---- C:\FOUND.040 2008-08-27 23:24 . 2008-08-27 23:24 0 --a------ C:\WINDOWS sreg.dat 2008-08-21 15:00 . 2008-08-21 15:00 d--hs---- C:\FOUND.039 2008-08-19 18:40 . 2008-08-19 18:40 d--hs---- C:\FOUND.038 2008-08-18 21:33 . 2008-08-18 21:33 d-------- C:\WINDOWS\system32\CatRoot_bak . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-30 18:51 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll 2008-06-30 18:51 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll 2008-06-30 18:51 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll 2008-06-23 15:39 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2008-06-23 15:39 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2008-06-23 09:49 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache cpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache cpip6.sys 2006-09-05 21:03 31 ----a-w C:\Documents and Settings\MAMAN\getfile.dat 2005-12-03 23:30 37 ----a-w C:\Documents and Settings\GUILHEM\getfile.dat 2005-06-08 17:53 37 ----a-w C:\Documents and Settings\AGNES\getfile.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule bSec1.dll" [2008-07-07 1569304] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] 2008-07-07 20:12 1569304 --a------ C:\Program Files\Secured_eMule bSec1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}] 2007-12-23 12:26 394688 --a------ C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule bSec1.dll" [2008-07-07 1569304] "{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 480704] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}] [HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1] [HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}] [HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "C:\Program Files\Secured_eMule bSec1.dll" [2008-07-07 1569304] "{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 480704] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}] [HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1] [HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}] [HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzBufferZoneOverlay] @="{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}" [HKEY_CLASSES_ROOT\CLSID\{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}] 2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32 lshellext.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzConfidentialOverlay] @="{F594B094-8768-4632-8143-12852EBBD688}" [HKEY_CLASSES_ROOT\CLSID\{F594B094-8768-4632-8143-12852EBBD688}] 2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32 lshellext.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzForbiddenOverlay] @="{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}" [HKEY_CLASSES_ROOT\CLSID\{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}] 2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32 lshellext.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzUnknownOverlay] @="{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}" [HKEY_CLASSES_ROOT\CLSID\{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}] 2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32 lshellext.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PhilipsLime"="C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" [2005-09-08 159744] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-05-08 190024] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-02 1271032] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 3664944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-12 4112384] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 106496] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-12 81920] "WooCnxMon"="C:\PROGRA~1\WANADOO\CnxMon.exe" [2004-05-13 24576] "WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-05-13 24576] "WOOTASKBARICON"="C:\PROGRA~1\WANADOO\TaskbarIcon.exe" [2004-05-13 49152] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "Watch"="C:\PROGRA~1\MINITEL\Watch.exe" [2002-01-14 20480] "snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 286720] "PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2005-09-14 512000] "BufferZone"="C:\Program Files\BufferZone\CLIENTGUI.EXE" [2006-11-09 3274537] "F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" [2005-10-26 122929] "F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 700416] "F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" [2005-10-18 372736] "News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 356352] "nwiz"="nwiz.exe" [2004-07-12 C:\WINDOWS\system32 wiz.exe] "SoundMan"="SOUNDMAN.EXE" [2003-10-08 C:\WINDOWS\SOUNDMAN.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360] "NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2004-07-12 81920] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun] "1"= MSNCleaner.exe "2"= avp.exe "3"= kav.esp "4"= kav.eng "5"= msconfig.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\WINDOWS\system32\sessmgr.exe"= "C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe"= "C:\Program Files\Steam\SteamApps\will2708\counter-strike source\hl2.exe"= "C:\Program Files\eMule\emule.exe"= "C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe"= "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 70896] R0 REDLIGHT;REDLIGHT;C:\WINDOWS\system32\drivers\REDLIGHT.SYS [2006-11-09 3924096] R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-01 32807] R2 BufferZoneSvc;BufferZone Service;C:\Program Files\BufferZone\ClntSvc.exe [2006-11-09 767481] R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 48720] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-02 55424] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 16816] R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 450560] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\MAMAN\LOCALS~1\Temp\DMSKSSRh.sys [ ] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS [ ] . Contenu du dossier 'Tƒches planifi‚es' . - - - - ORPHELINS SUPPRIMES - - - - BHO-{5DA5030D-C599-A19D-5E6B-D36C97DCEA37} - C:\DOCUME~1\MAMAN\APPLIC~1\MULTII~1\Settingsdog.exe HKCU-Run-BITSUP - C:\DOCUME~1\MAMAN\APPLIC~1\HOPEME~1\film dumb.exe HKLM-Run-uvexolmf - C:\WINDOWS\uvexolmf.exe HKLM-Run-PlusInfoLiteEq - C:\Documents and Settings\All Users\Application Data\SoapBurnPlusInfo\TrustCorn.exe HKLM-Run-Internet Explorer - iexplore.exe HKLM-RunServices-Internet Explorer - iexplore.exe HKLM-Explorer_Run-Internet Explorer - iexplore.exe . ------- Examen suppl‚mentaire ------- . FireFox -: Profile - C:\Documents and Settings\MAMAN\Application Data\Mozilla\Firefox\Profiles\kpe9d9x2.default\ FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser ppdf32.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins oreg\NPVeohVersion.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-19 00:40:11 Windows 5.1.2600 Service Pack 2 FAT NTAPI Recherche de processus cach‚s ... Recherche d'‚l‚ments en d‚marrage automatique cach‚s ... Recherche de fichiers cach‚s ... Scan termin‚ avec succŠs Fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs charg‚es dans les processus actifs --------------------- PROCESSUS: C:\WINDOWS\explorer.exe -> C:\Program Files\BufferZone\WINBORDER.DLL . ------------------------ Autres processus actifs ------------------------ . C:\PROGRAM FILES\ANTIVIRUSFIREWALL\BACKWEB\6588780\PROGRAM\SERVIC~1.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSGK32ST.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\BACKWEB\6588780\PROGRAM\FSBWSYS.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSGK32.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\COMMON\FSMA32.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSSM32.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\COMMON\FSMB32.EXE C:\WINDOWS\SYSTEM32\NVSVC32.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\COMMON\FCH32.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\COMMON\FAMEH32.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSQH.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSRW.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\FWES\PROGRAM\FSDFWD.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSAV32.EXE C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\PROGRAM FILES\ANTIVIRUSFIREWALL\BACKWEB\6588780\PROGRAM\FSPEX.EXE C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************** . Heure de fin: 2008-09-19 0:46:21 - La machine a red‚marr‚ ComboFix-quarantined-files.txt 2008-09-18 22:46:02 Avant-CF: 78,034,993,152 octets libres AprŠs-CF: 83,112,394,752 octets libres 270 --- E O F --- 2008-09-10 22:08:50

Ayayou · Answer

voilà j'ai refait le rapport : ComboFix 08-09-16.05 - MAMAN 2008-09-19 18:07:28.2 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.238 [GMT 2:00] Lancé depuis: C:\Documents and Settings\MAMAN\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-19 au 2008-09-19 )))))))))))))))))))))))))))))))))))) . 2008-09-19 00:04 . 2008-09-19 00:04 d-------- C:\Lop SD 2008-09-18 23:56 . 2008-09-18 23:56 d-------- C:\_OTMoveIt 2008-09-18 21:34 . 2008-09-18 21:34 d-------- C:\Program Files\Trend Micro 2008-09-18 20:28 . 2008-09-18 20:28 d-------- C:\Program Files\AxBx 2008-09-18 19:26 . 2008-09-18 19:26 d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-09-18 19:26 . 2008-09-18 19:26 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-02 18:23 . 2008-09-02 18:23 d--hs---- C:\FOUND.041 2008-09-01 11:09 . 2008-09-01 11:09 d--hs---- C:\FOUND.040 2008-08-27 23:24 . 2008-08-27 23:24 0 --a------ C:\WINDOWS sreg.dat 2008-08-21 15:00 . 2008-08-21 15:00 d--hs---- C:\FOUND.039 2008-08-19 18:40 . 2008-08-19 18:40 d--hs---- C:\FOUND.038 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-30 18:51 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll 2008-06-30 18:51 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll 2008-06-30 18:51 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll 2008-06-23 15:39 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2008-06-23 15:39 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2008-06-23 09:49 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache cpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache cpip6.sys 2006-09-05 21:03 31 ----a-w C:\Documents and Settings\MAMAN\getfile.dat 2005-12-03 23:30 37 ----a-w C:\Documents and Settings\GUILHEM\getfile.dat 2005-06-08 17:53 37 ----a-w C:\Documents and Settings\AGNES\getfile.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule bSec1.dll" [2008-07-07 1569304] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] 2008-07-07 20:12 1569304 --a------ C:\Program Files\Secured_eMule bSec1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}] 2007-12-23 12:26 394688 --a------ C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule bSec1.dll" [2008-07-07 1569304] "{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 480704] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}] [HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1] [HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}] [HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "C:\Program Files\Secured_eMule bSec1.dll" [2008-07-07 1569304] "{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 480704] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}] [HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1] [HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}] [HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzBufferZoneOverlay] @="{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}" [HKEY_CLASSES_ROOT\CLSID\{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}] 2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32 lshellext.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzConfidentialOverlay] @="{F594B094-8768-4632-8143-12852EBBD688}" [HKEY_CLASSES_ROOT\CLSID\{F594B094-8768-4632-8143-12852EBBD688}] 2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32 lshellext.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzForbiddenOverlay] @="{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}" [HKEY_CLASSES_ROOT\CLSID\{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}] 2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32 lshellext.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzUnknownOverlay] @="{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}" [HKEY_CLASSES_ROOT\CLSID\{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}] 2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32 lshellext.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PhilipsLime"="C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" [2005-09-08 159744] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-05-08 190024] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-02 1271032] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 3664944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-12 4112384] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 106496] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-12 81920] "WooCnxMon"="C:\PROGRA~1\WANADOO\CnxMon.exe" [2004-05-13 24576] "WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-05-13 24576] "WOOTASKBARICON"="C:\PROGRA~1\WANADOO\TaskbarIcon.exe" [2004-05-13 49152] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "Watch"="C:\PROGRA~1\MINITEL\Watch.exe" [2002-01-14 20480] "snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 286720] "PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2005-09-14 512000] "BufferZone"="C:\Program Files\BufferZone\CLIENTGUI.EXE" [2006-11-09 3274537] "F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" [2005-10-26 122929] "F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 700416] "F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" [2005-10-18 372736] "News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 356352] "nwiz"="nwiz.exe" [2004-07-12 C:\WINDOWS\system32 wiz.exe] "SoundMan"="SOUNDMAN.EXE" [2003-10-08 C:\WINDOWS\SOUNDMAN.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360] "NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2004-07-12 81920] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-07-12 950272] Antivirus Firewall.lnk - C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe [2008-04-01 32807] e-Carte Bleue Banque Populaire.lnk - C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe [2008-06-24 278528] Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe [2004-12-14 29696] Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-11 110592] Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-11 110592] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun] "1"= MSNCleaner.exe "2"= avp.exe "3"= kav.esp "4"= kav.eng "5"= msconfig.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\WINDOWS\system32\sessmgr.exe"= "C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe"= "C:\Program Files\Steam\SteamApps\will2708\counter-strike source\hl2.exe"= "C:\Program Files\eMule\emule.exe"= "C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe"= "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 70896] R0 REDLIGHT;REDLIGHT;C:\WINDOWS\system32\drivers\REDLIGHT.SYS [2006-11-09 3924096] R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-01 32807] R2 BufferZoneSvc;BufferZone Service;C:\Program Files\BufferZone\ClntSvc.exe [2006-11-09 767481] R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 48720] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-02 55424] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 16816] R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 450560] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\MAMAN\LOCALS~1\Temp\DMSKSSRh.sys [ ] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS [ ] *Newly Created Service* - FSBL . Contenu du dossier 'Tâches planifiées' . . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\MAMAN\Application Data\Mozilla\Firefox\Profiles\kpe9d9x2.default\ FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser ppdf32.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins oreg\NPVeohVersion.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-19 18:11:30 Windows 5.1.2600 Service Pack 2 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- PROCESSUS: C:\WINDOWS\explorer.exe -> C:\Program Files\BufferZone\WINBORDER.DLL . Heure de fin: 2008-09-19 18:13:16 ComboFix-quarantined-files.txt 2008-09-19 16:13:10 ComboFix2.txt 2008-09-18 22:46:28 Avant-CF: 83,127,271,424 octets libres AprŠs-CF: 83,110,887,424 octets libres 207 --- E O F --- 2008-09-10 22:08:50

verni29 · Answer

OK, merci.

J'analyse le rapport et te posterait le script.

A+

verni29 · Answer

1) Ouvre le bloc-notes :
Démarrer --> Tous les programmes --> accessoires --> bloc-notes

Sélectionne le texte en citation ci-dessous.
Copie/colle ce texte dans le bloc-notes.

Driver::
DMSKSSRh

File::
C:\DOCUME~1\MAMAN\LOCALS~1\Temp\DMSKSSRh.sys 
C:\WINDOWS\uvexolmf.exe 

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"New.net Startup"=-

Folder::
C:\DOCUME~1\MAMAN\APPLIC~1\HOPEME~1\
C:\Documents and Settings\All Users\Application Data\SoapBurnPlusInfo
C:\FOUND.038 
C:\FOUND.039 
C:\FOUND.040 
C:\FOUND.041 
C:\WINDOWS\system32\CatRoot_bak 


Enregistre le fichier sur le bureau et nomme-le CFScript.txt.

Vérifie que l'icone de Combofix se trouve également sur le bureau, sinon, tu relécharges combofix et tu l'enregistres aussi sur le bureau.

Glisse/dépose le script sur ComBoFix. Comme indiqué sur le lien suivant.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif 

Tu suis les invites.
Ton bureau va disparaître à plusieurs reprises. Normal.
Une fois le scan achevé, tu enregistres le rapport et tu le postes 

2) Poste moi ensuite un nouveau rapport Hijackthis.

Il reste encore des choses à vérifier.
Le rapport de ComBoFix montre des choses étranges ( logiciels bloqués, ... )

A+

Ayayou · Answer

ComboFix 08-09-16.05 - MAMAN 2008-09-21 18:32:42.3 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.255 [GMT 2:00] Lancé depuis: C:\Documents and Settings\MAMAN\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\MAMAN\Bureau\CFScript.txt [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\DOCUME~1\MAMAN\APPLIC~1\HOPEME~1\ C:\DOCUME~1\MAMAN\APPLIC~1\HOPEME~1\A766D585 C:\Documents and Settings\All Users\Application Data\SoapBurnPlusInfo C:\Documents and Settings\All Users\Application Data\SoapBurnPlusInfo\city error frag C:\Documents and Settings\All Users\Application Data\SoapBurnPlusInfo\exit flap spam C:\Documents and Settings\All Users\Application Data\SoapBurnPlusInfo\TRUSTCORN.0XE C:\FOUND.038 C:\FOUND.038\FILE0000.CHK C:\FOUND.038\FILE0001.CHK C:\FOUND.038\FILE0002.CHK C:\FOUND.038\FILE0003.CHK C:\FOUND.038\FILE0004.CHK C:\FOUND.038\FILE0005.CHK C:\FOUND.038\FILE0006.CHK C:\FOUND.038\FILE0007.CHK C:\FOUND.039 C:\FOUND.039\FILE0000.CHK C:\FOUND.039\FILE0001.CHK C:\FOUND.039\FILE0002.CHK C:\FOUND.039\FILE0003.CHK C:\FOUND.039\FILE0004.CHK C:\FOUND.039\FILE0005.CHK C:\FOUND.039\FILE0006.CHK C:\FOUND.039\FILE0007.CHK C:\FOUND.039\FILE0008.CHK C:\FOUND.039\FILE0009.CHK C:\FOUND.039\FILE0010.CHK C:\FOUND.039\FILE0011.CHK C:\FOUND.039\FILE0012.CHK C:\FOUND.039\FILE0013.CHK C:\FOUND.039\FILE0014.CHK C:\FOUND.039\FILE0015.CHK C:\FOUND.039\FILE0016.CHK C:\FOUND.039\FILE0017.CHK C:\FOUND.039\FILE0018.CHK C:\FOUND.039\FILE0019.CHK C:\FOUND.039\FILE0020.CHK C:\FOUND.039\FILE0021.CHK C:\FOUND.039\FILE0022.CHK C:\FOUND.039\FILE0023.CHK C:\FOUND.039\FILE0024.CHK C:\FOUND.039\FILE0025.CHK C:\FOUND.039\FILE0026.CHK C:\FOUND.039\FILE0027.CHK C:\FOUND.039\FILE0028.CHK C:\FOUND.039\FILE0029.CHK C:\FOUND.039\FILE0030.CHK C:\FOUND.039\FILE0031.CHK C:\FOUND.039\FILE0032.CHK C:\FOUND.039\FILE0033.CHK C:\FOUND.039\FILE0034.CHK C:\FOUND.039\FILE0035.CHK C:\FOUND.039\FILE0036.CHK C:\FOUND.039\FILE0037.CHK C:\FOUND.039\FILE0038.CHK C:\FOUND.040 C:\FOUND.040\FILE0000.CHK C:\FOUND.040\FILE0001.CHK C:\FOUND.040\FILE0002.CHK C:\FOUND.040\FILE0003.CHK C:\FOUND.040\FILE0004.CHK C:\FOUND.040\FILE0005.CHK C:\FOUND.040\FILE0006.CHK C:\FOUND.040\FILE0007.CHK C:\FOUND.040\FILE0008.CHK C:\FOUND.040\FILE0009.CHK C:\FOUND.040\FILE0010.CHK C:\FOUND.040\FILE0011.CHK C:\FOUND.040\FILE0012.CHK C:\FOUND.040\FILE0013.CHK C:\FOUND.040\FILE0014.CHK C:\FOUND.040\FILE0015.CHK C:\FOUND.040\FILE0016.CHK C:\FOUND.040\FILE0017.CHK C:\FOUND.040\FILE0018.CHK C:\FOUND.040\FILE0019.CHK C:\FOUND.040\FILE0020.CHK C:\FOUND.040\FILE0021.CHK C:\FOUND.040\FILE0022.CHK C:\FOUND.040\FILE0023.CHK C:\FOUND.040\FILE0024.CHK C:\FOUND.040\FILE0025.CHK C:\FOUND.040\FILE0026.CHK C:\FOUND.040\FILE0027.CHK C:\FOUND.040\FILE0028.CHK C:\FOUND.040\FILE0029.CHK C:\FOUND.040\FILE0030.CHK C:\FOUND.040\FILE0031.CHK C:\FOUND.040\FILE0032.CHK C:\FOUND.040\FILE0033.CHK C:\FOUND.040\FILE0034.CHK C:\FOUND.040\FILE0035.CHK C:\FOUND.040\FILE0036.CHK C:\FOUND.040\FILE0037.CHK C:\FOUND.040\FILE0038.CHK C:\FOUND.040\FILE0039.CHK C:\FOUND.040\FILE0040.CHK C:\FOUND.040\FILE0041.CHK C:\FOUND.040\FILE0042.CHK C:\FOUND.040\FILE0043.CHK C:\FOUND.040\FILE0044.CHK C:\FOUND.040\FILE0045.CHK C:\FOUND.040\FILE0046.CHK C:\FOUND.040\FILE0047.CHK C:\FOUND.040\FILE0048.CHK C:\FOUND.040\FILE0049.CHK C:\FOUND.040\FILE0050.CHK C:\FOUND.040\FILE0051.CHK C:\FOUND.040\FILE0052.CHK C:\FOUND.040\FILE0053.CHK C:\FOUND.040\FILE0054.CHK C:\FOUND.040\FILE0055.CHK C:\FOUND.040\FILE0056.CHK C:\FOUND.040\FILE0057.CHK C:\FOUND.040\FILE0058.CHK C:\FOUND.040\FILE0059.CHK C:\FOUND.040\FILE0060.CHK C:\FOUND.040\FILE0061.CHK C:\FOUND.040\FILE0062.CHK C:\FOUND.040\FILE0063.CHK C:\FOUND.040\FILE0064.CHK C:\FOUND.040\FILE0065.CHK C:\FOUND.040\FILE0066.CHK C:\FOUND.040\FILE0067.CHK C:\FOUND.040\FILE0068.CHK C:\FOUND.040\FILE0069.CHK C:\FOUND.040\FILE0070.CHK C:\FOUND.040\FILE0071.CHK C:\FOUND.040\FILE0072.CHK C:\FOUND.040\FILE0073.CHK C:\FOUND.040\FILE0074.CHK C:\FOUND.040\FILE0075.CHK C:\FOUND.040\FILE0076.CHK C:\FOUND.040\FILE0077.CHK C:\FOUND.040\FILE0078.CHK C:\FOUND.040\FILE0079.CHK C:\FOUND.040\FILE0080.CHK C:\FOUND.040\FILE0081.CHK C:\FOUND.040\FILE0082.CHK C:\FOUND.040\FILE0083.CHK C:\FOUND.040\FILE0084.CHK C:\FOUND.040\FILE0085.CHK C:\FOUND.040\FILE0086.CHK C:\FOUND.040\FILE0087.CHK C:\FOUND.040\FILE0088.CHK C:\FOUND.040\FILE0089.CHK C:\FOUND.040\FILE0090.CHK C:\FOUND.040\FILE0091.CHK C:\FOUND.040\FILE0092.CHK C:\FOUND.040\FILE0093.CHK C:\FOUND.040\FILE0094.CHK C:\FOUND.040\FILE0095.CHK C:\FOUND.040\FILE0096.CHK C:\FOUND.040\FILE0097.CHK C:\FOUND.040\FILE0098.CHK C:\FOUND.040\FILE0099.CHK C:\FOUND.040\FILE0100.CHK C:\FOUND.040\FILE0101.CHK C:\FOUND.040\FILE0102.CHK C:\FOUND.040\FILE0103.CHK C:\FOUND.040\FILE0104.CHK C:\FOUND.040\FILE0105.CHK C:\FOUND.040\FILE0106.CHK C:\FOUND.040\FILE0107.CHK C:\FOUND.040\FILE0108.CHK C:\FOUND.040\FILE0109.CHK C:\FOUND.040\FILE0110.CHK C:\FOUND.040\FILE0111.CHK C:\FOUND.040\FILE0112.CHK C:\FOUND.040\FILE0113.CHK C:\FOUND.040\FILE0114.CHK C:\FOUND.040\FILE0115.CHK C:\FOUND.040\FILE0116.CHK C:\FOUND.040\FILE0117.CHK C:\FOUND.040\FILE0118.CHK C:\FOUND.040\FILE0119.CHK C:\FOUND.040\FILE0120.CHK C:\FOUND.040\FILE0121.CHK C:\FOUND.040\FILE0122.CHK C:\FOUND.040\FILE0123.CHK C:\FOUND.040\FILE0124.CHK C:\FOUND.040\FILE0125.CHK C:\FOUND.040\FILE0126.CHK C:\FOUND.040\FILE0127.CHK C:\FOUND.040\FILE0128.CHK C:\FOUND.040\FILE0129.CHK C:\FOUND.040\FILE0130.CHK C:\FOUND.040\FILE0131.CHK C:\FOUND.040\FILE0132.CHK C:\FOUND.040\FILE0133.CHK C:\FOUND.040\FILE0134.CHK C:\FOUND.040\FILE0135.CHK C:\FOUND.040\FILE0136.CHK C:\FOUND.040\FILE0137.CHK C:\FOUND.040\FILE0138.CHK C:\FOUND.040\FILE0139.CHK C:\FOUND.040\FILE0140.CHK C:\FOUND.040\FILE0141.CHK C:\FOUND.040\FILE0142.CHK C:\FOUND.040\FILE0143.CHK C:\FOUND.040\FILE0144.CHK C:\FOUND.040\FILE0145.CHK C:\FOUND.040\FILE0146.CHK C:\FOUND.040\FILE0147.CHK C:\FOUND.040\FILE0148.CHK C:\FOUND.040\FILE0149.CHK C:\FOUND.040\FILE0150.CHK C:\FOUND.040\FILE0151.CHK C:\FOUND.040\FILE0152.CHK C:\FOUND.040\FILE0153.CHK C:\FOUND.040\FILE0154.CHK C:\FOUND.040\FILE0155.CHK C:\FOUND.040\FILE0156.CHK C:\FOUND.040\FILE0157.CHK C:\FOUND.040\FILE0158.CHK C:\FOUND.040\FILE0159.CHK C:\FOUND.040\FILE0160.CHK C:\FOUND.040\FILE0161.CHK C:\FOUND.040\FILE0162.CHK C:\FOUND.040\FILE0163.CHK C:\FOUND.040\FILE0164.CHK C:\FOUND.040\FILE0165.CHK C:\FOUND.040\FILE0166.CHK C:\FOUND.040\FILE0167.CHK C:\FOUND.040\FILE0168.CHK C:\FOUND.040\FILE0169.CHK C:\FOUND.040\FILE0170.CHK C:\FOUND.040\FILE0171.CHK C:\FOUND.040\FILE0172.CHK C:\FOUND.040\FILE0173.CHK C:\FOUND.040\FILE0174.CHK C:\FOUND.040\FILE0175.CHK C:\FOUND.040\FILE0176.CHK C:\FOUND.040\FILE0177.CHK C:\FOUND.040\FILE0178.CHK C:\FOUND.040\FILE0179.CHK C:\FOUND.040\FILE0180.CHK C:\FOUND.040\FILE0181.CHK C:\FOUND.040\FILE0182.CHK C:\FOUND.040\FILE0183.CHK C:\FOUND.040\FILE0184.CHK C:\FOUND.040\FILE0185.CHK C:\FOUND.040\FILE0186.CHK C:\FOUND.040\FILE0187.CHK C:\FOUND.040\FILE0188.CHK C:\FOUND.040\FILE0189.CHK C:\FOUND.040\FILE0190.CHK C:\FOUND.040\FILE0191.CHK C:\FOUND.040\FILE0192.CHK C:\FOUND.040\FILE0193.CHK C:\FOUND.040\FILE0194.CHK C:\FOUND.040\FILE0195.CHK C:\FOUND.040\FILE0196.CHK C:\FOUND.040\FILE0197.CHK C:\FOUND.040\FILE0198.CHK C:\FOUND.040\FILE0199.CHK C:\FOUND.040\FILE0200.CHK C:\FOUND.040\FILE0201.CHK C:\FOUND.040\FILE0202.CHK C:\FOUND.040\FILE0203.CHK C:\FOUND.040\FILE0204.CHK C:\FOUND.040\FILE0205.CHK C:\FOUND.040\FILE0206.CHK C:\FOUND.040\FILE0207.CHK C:\FOUND.040\FILE0208.CHK C:\FOUND.040\FILE0209.CHK C:\FOUND.040\FILE0210.CHK C:\FOUND.040\FILE0211.CHK C:\FOUND.040\FILE0212.CHK C:\FOUND.040\FILE0213.CHK C:\FOUND.040\FILE0214.CHK C:\FOUND.040\FILE0215.CHK C:\FOUND.040\FILE0216.CHK C:\FOUND.040\FILE0217.CHK C:\FOUND.040\FILE0218.CHK C:\FOUND.040\FILE0219.CHK C:\FOUND.040\FILE0220.CHK C:\FOUND.040\FILE0221.CHK C:\FOUND.040\FILE0222.CHK C:\FOUND.040\FILE0223.CHK C:\FOUND.040\FILE0224.CHK C:\FOUND.040\FILE0225.CHK C:\FOUND.040\FILE0226.CHK C:\FOUND.040\FILE0227.CHK C:\FOUND.040\FILE0228.CHK C:\FOUND.040\FILE0229.CHK C:\FOUND.040\FILE0230.CHK C:\FOUND.040\FILE0231.CHK C:\FOUND.040\FILE0232.CHK C:\FOUND.040\FILE0233.CHK C:\FOUND.040\FILE0234.CHK C:\FOUND.040\FILE0235.CHK C:\FOUND.040\FILE0236.CHK C:\FOUND.040\FILE0237.CHK C:\FOUND.040\FILE0238.CHK C:\FOUND.040\FILE0239.CHK C:\FOUND.040\FILE0240.CHK C:\FOUND.040\FILE0241.CHK C:\FOUND.040\FILE0242.CHK C:\FOUND.040\FILE0243.CHK C:\FOUND.040\FILE0244.CHK C:\FOUND.040\FILE0245.CHK C:\FOUND.040\FILE0246.CHK C:\FOUND.040\FILE0247.CHK C:\FOUND.040\FILE0248.CHK C:\FOUND.040\FILE0249.CHK C:\FOUND.040\FILE0250.CHK C:\FOUND.040\FILE0251.CHK C:\FOUND.040\FILE0252.CHK C:\FOUND.040\FILE0253.CHK C:\FOUND.040\FILE0254.CHK C:\FOUND.040\FILE0255.CHK C:\FOUND.040\FILE0256.CHK C:\FOUND.040\FILE0257.CHK C:\FOUND.040\FILE0258.CHK C:\FOUND.040\FILE0259.CHK C:\FOUND.040\FILE0260.CHK C:\FOUND.040\FILE0261.CHK C:\FOUND.040\FILE0262.CHK C:\FOUND.040\FILE0263.CHK C:\FOUND.040\FILE0264.CHK C:\FOUND.040\FILE0265.CHK C:\FOUND.040\FILE0266.CHK C:\FOUND.040\FILE0267.CHK C:\FOUND.040\FILE0268.CHK C:\FOUND.040\FILE0269.CHK C:\FOUND.040\FILE0270.CHK C:\FOUND.040\FILE0271.CHK C:\FOUND.040\FILE0272.CHK C:\FOUND.040\FILE0273.CHK C:\FOUND.040\FILE0274.CHK C:\FOUND.040\FILE0275.CHK C:\FOUND.040\FILE0276.CHK C:\FOUND.040\FILE0277.CHK C:\FOUND.040\FILE0278.CHK C:\FOUND.040\FILE0279.CHK C:\FOUND.040\FILE0280.CHK C:\FOUND.040\FILE0281.CHK C:\FOUND.040\FILE0282.CHK C:\FOUND.040\FILE0283.CHK C:\FOUND.040\FILE0284.CHK C:\FOUND.040\FILE0285.CHK C:\FOUND.040\FILE0286.CHK C:\FOUND.040\FILE0287.CHK C:\FOUND.040\FILE0288.CHK C:\FOUND.040\FILE0289.CHK C:\FOUND.040\FILE0290.CHK C:\FOUND.040\FILE0291.CHK C:\FOUND.040\FILE0292.CHK C:\FOUND.040\FILE0293.CHK C:\FOUND.040\FILE0294.CHK C:\FOUND.040\FILE0295.CHK C:\FOUND.040\FILE0296.CHK C:\FOUND.040\FILE0297.CHK C:\FOUND.040\FILE0298.CHK C:\FOUND.040\FILE0299.CHK C:\FOUND.040\FILE0300.CHK C:\FOUND.040\FILE0301.CHK C:\FOUND.040\FILE0302.CHK C:\FOUND.040\FILE0303.CHK C:\FOUND.040\FILE0304.CHK C:\FOUND.040\FILE0305.CHK C:\FOUND.040\FILE0306.CHK C:\FOUND.040\FILE0307.CHK C:\FOUND.040\FILE0308.CHK C:\FOUND.040\FILE0309.CHK C:\FOUND.040\FILE0310.CHK C:\FOUND.040\FILE0311.CHK C:\FOUND.040\FILE0312.CHK C:\FOUND.040\FILE0313.CHK C:\FOUND.040\FILE0314.CHK C:\FOUND.040\FILE0315.CHK C:\FOUND.040\FILE0316.CHK C:\FOUND.040\FILE0317.CHK C:\FOUND.040\FILE0318.CHK C:\FOUND.040\FILE0319.CHK C:\FOUND.040\FILE0320.CHK C:\FOUND.040\FILE0321.CHK C:\FOUND.040\FILE0322.CHK C:\FOUND.040\FILE0323.CHK C:\FOUND.040\FILE0324.CHK C:\FOUND.040\FILE0325.CHK C:\FOUND.040\FILE0326.CHK C:\FOUND.040\FILE0327.CHK C:\FOUND.040\FILE0328.CHK C:\FOUND.040\FILE0329.CHK C:\FOUND.040\FILE0330.CHK C:\FOUND.040\FILE0331.CHK C:\FOUND.040\FILE0332.CHK C:\FOUND.040\FILE0333.CHK C:\FOUND.040\FILE0334.CHK C:\FOUND.040\FILE0335.CHK C:\FOUND.040\FILE0336.CHK C:\FOUND.040\FILE0337.CHK C:\FOUND.040\FILE0338.CHK C:\FOUND.040\FILE0339.CHK C:\FOUND.040\FILE0340.CHK C:\FOUND.040\FILE0341.CHK C:\FOUND.040\FILE0342.CHK C:\FOUND.040\FILE0343.CHK C:\FOUND.040\FILE0344.CHK C:\FOUND.040\FILE0345.CHK C:\FOUND.040\FILE0346.CHK C:\FOUND.040\FILE0347.CHK C:\FOUND.040\FILE0348.CHK C:\FOUND.040\FILE0349.CHK C:\FOUND.040\FILE0350.CHK C:\FOUND.040\FILE0351.CHK C:\FOUND.040\FILE0352.CHK C:\FOUND.040\FILE0353.CHK C:\FOUND.040\FILE0354.CHK C:\FOUND.040\FILE0355.CHK C:\FOUND.040\FILE0356.CHK C:\FOUND.040\FILE0357.CHK C:\FOUND.040\FILE0358.CHK C:\FOUND.040\FILE0359.CHK C:\FOUND.040\FILE0360.CHK C:\FOUND.040\FILE0361.CHK C:\FOUND.040\FILE0362.CHK C:\FOUND.040\FILE0363.CHK C:\FOUND.040\FILE0364.CHK C:\FOUND.040\FILE0365.CHK C:\FOUND.040\FILE0366.CHK C:\FOUND.040\FILE0367.CHK C:\FOUND.040\FILE0368.CHK C:\FOUND.040\FILE0369.CHK C:\FOUND.040\FILE0370.CHK C:\FOUND.040\FILE0371.CHK C:\FOUND.040\FILE0372.CHK C:\FOUND.040\FILE0373.CHK C:\FOUND.040\FILE0374.CHK C:\FOUND.040\FILE0375.CHK C:\FOUND.040\FILE0376.CHK C:\FOUND.040\FILE0377.CHK C:\FOUND.040\FILE0378.CHK C:\FOUND.040\FILE0379.CHK C:\FOUND.040\FILE0380.CHK C:\FOUND.040\FILE0381.CHK C:\FOUND.040\FILE0382.CHK C:\FOUND.040\FILE0383.CHK C:\FOUND.040\FILE0384.CHK C:\FOUND.040\FILE0385.CHK C:\FOUND.040\FILE0386.CHK C:\FOUND.040\FILE0387.CHK C:\FOUND.040\FILE0388.CHK C:\FOUND.040\FILE0389.CHK C:\FOUND.040\FILE0390.CHK C:\FOUND.040\FILE0391.CHK C:\FOUND.040\FILE0392.CHK C:\FOUND.040\FILE0393.CHK C:\FOUND.040\FILE0394.CHK C:\FOUND.040\FILE0395.CHK C:\FOUND.040\FILE0396.CHK C:\FOUND.040\FILE0397.CHK C:\FOUND.040\FILE0398.CHK C:\FOUND.040\FILE0399.CHK C:\FOUND.040\FILE0400.CHK C:\FOUND.040\FILE0401.CHK C:\FOUND.040\FILE0402.CHK C:\FOUND.040\FILE0403.CHK C:\FOUND.040\FILE0404.CHK C:\FOUND.040\FILE0405.CHK C:\FOUND.040\FILE0406.CHK C:\FOUND.040\FILE0407.CHK C:\FOUND.040\FILE0408.CHK C:\FOUND.040\FILE0409.CHK C:\FOUND.040\FILE0410.CHK C:\FOUND.040\FILE0411.CHK C:\FOUND.040\FILE0412.CHK C:\FOUND.040\FILE0413.CHK C:\FOUND.040\FILE0414.CHK C:\FOUND.040\FILE0415.CHK C:\FOUND.040\FILE0416.CHK C:\FOUND.040\FILE0417.CHK C:\FOUND.040\FILE0418.CHK C:\FOUND.040\FILE0419.CHK C:\FOUND.040\FILE0420.CHK C:\FOUND.040\FILE0421.CHK C:\FOUND.040\FILE0422.CHK C:\FOUND.040\FILE0423.CHK C:\FOUND.040\FILE0424.CHK C:\FOUND.040\FILE0425.CHK C:\FOUND.040\FILE0426.CHK C:\FOUND.040\FILE0427.CHK C:\FOUND.040\FILE0428.CHK C:\FOUND.040\FILE0429.CHK C:\FOUND.040\FILE0430.CHK C:\FOUND.040\FILE0431.CHK C:\FOUND.040\FILE0432.CHK C:\FOUND.040\FILE0433.CHK C:\FOUND.040\FILE0434.CHK C:\FOUND.040\FILE0435.CHK C:\FOUND.040\FILE0436.CHK C:\FOUND.040\FILE0437.CHK C:\FOUND.040\FILE0438.CHK C:\FOUND.040\FILE0439.CHK C:\FOUND.040\FILE0440.CHK C:\FOUND.040\FILE0441.CHK C:\FOUND.040\FILE0442.CHK C:\FOUND.040\FILE0443.CHK C:\FOUND.040\FILE0444.CHK C:\FOUND.040\FILE0445.CHK C:\FOUND.040\FILE0446.CHK C:\FOUND.040\FILE0447.CHK C:\FOUND.040\FILE0448.CHK C:\FOUND.040\FILE0449.CHK C:\FOUND.040\FILE0450.CHK C:\FOUND.040\FILE0451.CHK C:\FOUND.040\FILE0452.CHK C:\FOUND.040\FILE0453.CHK C:\FOUND.040\FILE0454.CHK C:\FOUND.040\FILE0455.CHK C:\FOUND.040\FILE0456.CHK C:\FOUND.040\FILE0457.CHK C:\FOUND.040\FILE0458.CHK C:\FOUND.040\FILE0459.CHK C:\FOUND.040\FILE0460.CHK C:\FOUND.040\FILE0461.CHK C:\FOUND.040\FILE0462.CHK C:\FOUND.040\FILE0463.CHK C:\FOUND.040\FILE0464.CHK C:\FOUND.040\FILE0465.CHK C:\FOUND.040\FILE0466.CHK C:\FOUND.040\FILE0467.CHK C:\FOUND.040\FILE0468.CHK C:\FOUND.040\FILE0469.CHK C:\FOUND.040\FILE0470.CHK C:\FOUND.040\FILE0471.CHK C:\FOUND.040\FILE0472.CHK C:\FOUND.040\FILE0473.CHK C:\FOUND.040\FILE0474.CHK C:\FOUND.040\FILE0475.CHK C:\FOUND.040\FILE0476.CHK C:\FOUND.040\FILE0477.CHK C:\FOUND.040\FILE0478.CHK C:\FOUND.040\FILE0479.CHK C:\FOUND.040\FILE0480.CHK C:\FOUND.040\FILE0481.CHK C:\FOUND.040\FILE0482.CHK C:\FOUND.040\FILE0483.CHK C:\FOUND.040\FILE0484.CHK C:\FOUND.040\FILE0485.CHK C:\FOUND.040\FILE0486.CHK C:\FOUND.040\FILE0487.CHK C:\FOUND.040\FILE0488.CHK C:\FOUND.040\FILE0489.CHK C:\FOUND.040\FILE0490.CHK C:\FOUND.040\FILE0491.CHK C:\FOUND.040\FILE0492.CHK C:\FOUND.040\FILE0493.CHK C:\FOUND.040\FILE0494.CHK C:\FOUND.040\FILE0495.CHK C:\FOUND.040\FILE0496.CHK C:\FOUND.040\FILE0497.CHK C:\FOUND.040\FILE0498.CHK C:\FOUND.040\FILE0499.CHK C:\FOUND.040\FILE0500.CHK C:\FOUND.040\FILE0501.CHK C:\FOUND.040\FILE0502.CHK C:\FOUND.040\FILE0503.CHK C:\FOUND.040\FILE0504.CHK C:\FOUND.040\FILE0505.CHK C:\FOUND.040\FILE0506.CHK C:\FOUND.040\FILE0507.CHK C:\FOUND.040\FILE0508.CHK C:\FOUND.040\FILE0509.CHK C:\FOUND.040\FILE0510.CHK C:\FOUND.040\FILE0511.CHK C:\FOUND.040\FILE0512.CHK C:\FOUND.040\FILE0513.CHK C:\FOUND.040\FILE0514.CHK C:\FOUND.040\FILE0515.CHK C:\FOUND.040\FILE0516.CHK C:\FOUND.040\FILE0517.CHK C:\FOUND.040\FILE0518.CHK C:\FOUND.040\FILE0519.CHK C:\FOUND.040\FILE0520.CHK C:\FOUND.040\FILE0521.CHK C:\FOUND.040\FILE0522.CHK C:\FOUND.040\FILE0523.CHK C:\FOUND.040\FILE0524.CHK C:\FOUND.040\FILE0525.CHK C:\FOUND.040\FILE0526.CHK C:\FOUND.040\FILE0527.CHK C:\FOUND.040\FILE0528.CHK C:\FOUND.040\FILE0529.CHK C:\FOUND.040\FILE0530.CHK C:\FOUND.040\FILE0531.CHK C:\FOUND.040\FILE0532.CHK C:\FOUND.040\FILE0533.CHK C:\FOUND.040\FILE0534.CHK C:\FOUND.040\FILE0535.CHK C:\FOUND.040\FILE0536.CHK C:\FOUND.040\FILE0537.CHK C:\FOUND.040\FILE0538.CHK C:\FOUND.040\FILE0539.CHK C:\FOUND.040\FILE0540.CHK C:\FOUND.040\FILE0541.CHK C:\FOUND.040\FILE0542.CHK C:\FOUND.040\FILE0543.CHK C:\FOUND.040\FILE0544.CHK C:\FOUND.040\FILE0545.CHK C:\FOUND.040\FILE0546.CHK C:\FOUND.040\FILE0547.CHK C:\FOUND.040\FILE0548.CHK C:\FOUND.040\FILE0549.CHK C:\FOUND.040\FILE0550.CHK C:\FOUND.040\FILE0551.CHK C:\FOUND.040\FILE0552.CHK C:\FOUND.040\FILE0553.CHK C:\FOUND.040\FILE0554.CHK C:\FOUND.040\FILE0555.CHK C:\FOUND.040\FILE0556.CHK C:\FOUND.040\FILE0557.CHK C:\FOUND.040\FILE0558.CHK C:\FOUND.040\FILE0559.CHK C:\FOUND.040\FILE0560.CHK C:\FOUND.040\FILE0561.CHK C:\FOUND.040\FILE0562.CHK C:\FOUND.040\FILE0563.CHK C:\FOUND.040\FILE0564.CHK C:\FOUND.040\FILE0565.CHK C:\FOUND.040\FILE0566.CHK C:\FOUND.040\FILE0567.CHK C:\FOUND.040\FILE0568.CHK C:\FOUND.040\FILE0569.CHK C:\FOUND.040\FILE0570.CHK C:\FOUND.040\FILE0571.CHK C:\FOUND.040\FILE0572.CHK C:\FOUND.040\FILE0573.CHK C:\FOUND.040\FILE0574.CHK C:\FOUND.040\FILE0575.CHK C:\FOUND.040\FILE0576.CHK C:\FOUND.040\FILE0577.CHK C:\FOUND.040\FILE0578.CHK C:\FOUND.040\FILE0579.CHK C:\FOUND.040\FILE0580.CHK C:\FOUND.040\FILE0581.CHK C:\FOUND.040\FILE0582.CHK C:\FOUND.040\FILE0583.CHK C:\FOUND.040\FILE0584.CHK C:\FOUND.040\FILE0585.CHK C:\FOUND.040\FILE0586.CHK C:\FOUND.040\FILE0587.CHK C:\FOUND.040\FILE0588.CHK C:\FOUND.040\FILE0589.CHK C:\FOUND.040\FILE0590.CHK C:\FOUND.040\FILE0591.CHK C:\FOUND.040\FILE0592.CHK C:\FOUND.040\FILE0593.CHK C:\FOUND.040\FILE0594.CHK C:\FOUND.040\FILE0595.CHK C:\FOUND.040\FILE0596.CHK C:\FOUND.040\FILE0597.CHK C:\FOUND.040\FILE0598.CHK C:\FOUND.040\FILE0599.CHK C:\FOUND.040\FILE0600.CHK C:\FOUND.040\FILE0601.CHK C:\FOUND.040\FILE0602.CHK C:\FOUND.040\FILE0603.CHK C:\FOUND.040\FILE0604.CHK C:\FOUND.040\FILE0605.CHK C:\FOUND.040\FILE0606.CHK C:\FOUND.040\FILE0607.CHK C:\FOUND.040\FILE0608.CHK C:\FOUND.040\FILE0609.CHK C:\FOUND.040\FILE0610.CHK C:\FOUND.040\FILE0611.CHK C:\FOUND.040\FILE0612.CHK C:\FOUND.040\FILE0613.CHK C:\FOUND.040\FILE0614.CHK C:\FOUND.040\FILE0615.CHK C:\FOUND.040\FILE0616.CHK C:\FOUND.040\FILE0617.CHK C:\FOUND.040\FILE0618.CHK C:\FOUND.040\FILE0619.CHK C:\FOUND.040\FILE0620.CHK C:\FOUND.040\FILE0621.CHK C:\FOUND.040\FILE0622.CHK C:\FOUND.040\FILE0623.CHK C:\FOUND.040\FILE0624.CHK C:\FOUND.040\FILE0625.CHK C:\FOUND.040\FILE0626.CHK C:\FOUND.040\FILE0627.CHK C:\FOUND.040\FILE0628.CHK C:\FOUND.040\FILE0629.CHK C:\FOUND.040\FILE0630.CHK C:\FOUND.040\FILE0631.CHK C:\FOUND.040\FILE0632.CHK C:\FOUND.040\FILE0633.CHK C:\FOUND.040\FILE0634.CHK C:\FOUND.040\FILE0635.CHK C:\FOUND.040\FILE0636.CHK C:\FOUND.040\FILE0637.CHK C:\FOUND.040\FILE0638.CHK C:\FOUND.040\FILE0639.CHK C:\FOUND.040\FILE0640.CHK C:\FOUND.040\FILE0641.CHK C:\FOUND.041 C:\FOUND.041\FILE0000.CHK C:\FOUND.041\FILE0001.CHK C:\FOUND.041\FILE0002.CHK C:\FOUND.041\FILE0003.CHK C:\FOUND.041\FILE0004.CHK C:\FOUND.041\FILE0005.CHK C:\FOUND.041\FILE0006.CHK C:\FOUND.041\FILE0007.CHK C:\FOUND.041\FILE0008.CHK C:\FOUND.041\FILE0009.CHK C:\FOUND.041\FILE0010.CHK C:\FOUND.041\FILE0011.CHK C:\FOUND.041\FILE0012.CHK C:\FOUND.041\FILE0013.CHK C:\FOUND.041\FILE0014.CHK C:\FOUND.041\FILE0015.CHK C:\FOUND.041\FILE0016.CHK C:\FOUND.041\FILE0017.CHK C:\FOUND.041\FILE0018.CHK C:\FOUND.041\FILE0019.CHK C:\FOUND.041\FILE0020.CHK C:\FOUND.041\FILE0021.CHK C:\FOUND.041\FILE0022.CHK C:\FOUND.041\FILE0023.CHK C:\FOUND.041\FILE0024.CHK C:\FOUND.041\FILE0025.CHK C:\FOUND.041\FILE0026.CHK C:\FOUND.041\FILE0027.CHK C:\FOUND.041\FILE0028.CHK C:\FOUND.041\FILE0029.CHK C:\FOUND.041\FILE0030.CHK C:\FOUND.041\FILE0031.CHK C:\FOUND.041\FILE0032.CHK C:\FOUND.041\FILE0033.CHK C:\FOUND.041\FILE0034.CHK C:\FOUND.041\FILE0035.CHK C:\FOUND.041\FILE0036.CHK C:\FOUND.041\FILE0037.CHK C:\FOUND.041\FILE0038.CHK C:\FOUND.041\FILE0039.CHK C:\FOUND.041\FILE0040.CHK C:\FOUND.041\FILE0041.CHK C:\FOUND.041\FILE0042.CHK C:\FOUND.041\FILE0043.CHK C:\FOUND.041\FILE0044.CHK C:\FOUND.041\FILE0045.CHK C:\FOUND.041\FILE0046.CHK C:\FOUND.041\FILE0047.CHK C:\FOUND.041\FILE0048.CHK C:\FOUND.041\FILE0049.CHK C:\FOUND.041\FILE0050.CHK C:\FOUND.041\FILE0051.CHK C:\FOUND.041\FILE0052.CHK C:\FOUND.041\FILE0053.CHK C:\FOUND.041\FILE0054.CHK C:\FOUND.041\FILE0055.CHK C:\FOUND.041\FILE0056.CHK C:\FOUND.041\FILE0057.CHK C:\FOUND.041\FILE0058.CHK C:\FOUND.041\FILE0059.CHK C:\FOUND.041\FILE0060.CHK C:\FOUND.041\FILE0061.CHK C:\FOUND.041\FILE0062.CHK C:\FOUND.041\FILE0063.CHK C:\FOUND.041\FILE0064.CHK C:\FOUND.041\FILE0065.CHK C:\FOUND.041\FILE0066.CHK C:\FOUND.041\FILE0067.CHK C:\FOUND.041\FILE0068.CHK C:\FOUND.041\FILE0069.CHK C:\FOUND.041\FILE0070.CHK C:\FOUND.041\FILE0071.CHK C:\FOUND.041\FILE0072.CHK C:\FOUND.041\FILE0073.CHK C:\FOUND.041\FILE0074.CHK C:\FOUND.041\FILE0075.CHK C:\FOUND.041\FILE0076.CHK C:\FOUND.041\FILE0077.CHK C:\FOUND.041\FILE0078.CHK C:\FOUND.041\FILE0079.CHK C:\FOUND.041\FILE0080.CHK C:\FOUND.041\FILE0081.CHK C:\FOUND.041\FILE0082.CHK C:\FOUND.041\FILE0083.CHK C:\FOUND.041\FILE0084.CHK C:\FOUND.041\FILE0085.CHK C:\FOUND.041\FILE0086.CHK C:\FOUND.041\FILE0087.CHK C:\FOUND.041\FILE0088.CHK C:\FOUND.041\FILE0089.CHK C:\FOUND.041\FILE0090.CHK C:\FOUND.041\FILE0091.CHK C:\FOUND.041\FILE0092.CHK C:\FOUND.041\FILE0093.CHK C:\FOUND.041\FILE0094.CHK C:\FOUND.041\FILE0095.CHK C:\FOUND.041\FILE0096.CHK C:\FOUND.041\FILE0097.CHK C:\FOUND.041\FILE0098.CHK C:\FOUND.041\FILE0099.CHK C:\FOUND.041\FILE0100.CHK C:\FOUND.041\FILE0101.CHK C:\FOUND.041\FILE0102.CHK C:\FOUND.041\FILE0103.CHK C:\FOUND.041\FILE0104.CHK C:\FOUND.041\FILE0105.CHK C:\FOUND.041\FILE0106.CHK C:\FOUND.041\FILE0107.CHK C:\FOUND.041\FILE0108.CHK C:\FOUND.041\FILE0109.CHK C:\FOUND.041\FILE0110.CHK C:\FOUND.041\FILE0111.CHK C:\FOUND.041\FILE0112.CHK C:\FOUND.041\FILE0113.CHK C:\FOUND.041\FILE0114.CHK C:\FOUND.041\FILE0115.CHK C:\FOUND.041\FILE0116.CHK C:\FOUND.041\FILE0117.CHK C:\FOUND.041\FILE0118.CHK C:\FOUND.041\FILE0119.CHK C:\FOUND.041\FILE0120.CHK C:\FOUND.041\FILE0121.CHK C:\FOUND.041\FILE0122.CHK C:\FOUND.041\FILE0123.CHK C:\FOUND.041\FILE0124.CHK C:\FOUND.041\FILE0125.CHK C:\FOUND.041\FILE0126.CHK C:\FOUND.041\FILE0127.CHK C:\FOUND.041\FILE0128.CHK C:\FOUND.041\FILE0129.CHK C:\FOUND.041\FILE0130.CHK C:\FOUND.041\FILE0131.CHK C:\FOUND.041\FILE0132.CHK C:\FOUND.041\FILE0133.CHK C:\FOUND.041\FILE0134.CHK C:\FOUND.041\FILE0135.CHK C:\FOUND.041\FILE0136.CHK C:\FOUND.041\FILE0137.CHK C:\FOUND.041\FILE0138.CHK C:\FOUND.041\FILE0139.CHK C:\FOUND.041\FILE0140.CHK C:\FOUND.041\FILE0141.CHK C:\FOUND.041\FILE0142.CHK C:\FOUND.041\FILE0143.CHK C:\FOUND.041\FILE0144.CHK C:\FOUND.041\FILE0145.CHK C:\FOUND.041\FILE0146.CHK C:\FOUND.041\FILE0147.CHK C:\FOUND.041\FILE0148.CHK C:\FOUND.041\FILE0149.CHK C:\FOUND.041\FILE0150.CHK C:\FOUND.041\FILE0151.CHK C:\FOUND.041\FILE0152.CHK C:\FOUND.041\FILE0153.CHK C:\FOUND.041\FILE0154.CHK C:\FOUND.041\FILE0155.CHK C:\FOUND.041\FILE0156.CHK C:\FOUND.041\FILE0157.CHK C:\FOUND.041\FILE0158.CHK C:\FOUND.041\FILE0159.CHK C:\FOUND.041\FILE0160.CHK C:\FOUND.041\FILE0161.CHK C:\FOUND.041\FILE0162.CHK C:\FOUND.041\FILE0163.CHK C:\FOUND.041\FILE0164.CHK C:\FOUND.041\FILE0165.CHK C:\FOUND.041\FILE0166.CHK C:\FOUND.041\FILE0167.CHK C:\FOUND.041\FILE0168.CHK C:\FOUND.041\FILE0169.CHK C:\FOUND.041\FILE0170.CHK C:\FOUND.041\FILE0171.CHK C:\FOUND.041\FILE0172.CHK C:\FOUND.041\FILE0173.CHK C:\FOUND.041\FILE0174.CHK C:\FOUND.041\FILE0175.CHK C:\FOUND.041\FILE0176.CHK C:\FOUND.041\FILE0177.CHK C:\FOUND.041\FILE0178.CHK C:\FOUND.041\FILE0179.CHK C:\FOUND.041\FILE0180.CHK C:\FOUND.041\FILE0181.CHK C:\FOUND.041\FILE0182.CHK C:\FOUND.041\FILE0183.CHK C:\FOUND.041\FILE0184.CHK C:\FOUND.041\FILE0185.CHK C:\FOUND.041\FILE0186.CHK C:\FOUND.041\FILE0187.CHK C:\FOUND.041\FILE0188.CHK C:\FOUND.041\FILE0189.CHK C:\FOUND.041\FILE0190.CHK C:\FOUND.041\FILE0191.CHK C:\FOUND.041\FILE0192.CHK C:\FOUND.041\FILE0193.CHK C:\FOUND.041\FILE0194.CHK C:\FOUND.041\FILE0195.CHK C:\FOUND.041\FILE0196.CHK C:\FOUND.041\FILE0197.CHK C:\FOUND.041\FILE0198.CHK C:\FOUND.041\FILE0199.CHK C:\FOUND.041\FILE0200.CHK C:\FOUND.041\FILE0201.CHK C:\FOUND.041\FILE0202.CHK C:\FOUND.041\FILE0203.CHK C:\FOUND.041\FILE0204.CHK C:\FOUND.041\FILE0205.CHK C:\FOUND.041\FILE0206.CHK C:\FOUND.041\FILE0207.CHK C:\FOUND.041\FILE0208.CHK C:\FOUND.041\FILE0209.CHK C:\FOUND.041\FILE0210.CHK C:\FOUND.041\FILE0211.CHK C:\FOUND.041\FILE0212.CHK C:\FOUND.041\FILE0213.CHK C:\FOUND.041\FILE0214.CHK C:\FOUND.041\FILE0215.CHK C:\FOUND.041\FILE0216.CHK C:\FOUND.041\FILE0217.CHK C:\FOUND.041\FILE0218.CHK C:\FOUND.041\FILE0219.CHK C:\FOUND.041\FILE0220.CHK C:\FOUND.041\FILE0221.CHK C:\FOUND.041\FILE0222.CHK C:\FOUND.041\FILE0223.CHK C:\FOUND.041\FILE0224.CHK C:\FOUND.041\FILE0225.CHK C:\FOUND.041\FILE0226.CHK C:\FOUND.041\FILE0227.CHK C:\FOUND.041\FILE0228.CHK C:\FOUND.041\FILE0229.CHK C:\FOUND.041\FILE0230.CHK C:\FOUND.041\FILE0231.CHK C:\FOUND.041\FILE0232.CHK C:\FOUND.041\FILE0233.CHK C:\FOUND.041\FILE0234.CHK C:\FOUND.041\FILE0235.CHK C:\FOUND.041\FILE0236.CHK C:\FOUND.041\FILE0237.CHK C:\FOUND.041\FILE0238.CHK C:\FOUND.041\FILE0239.CHK C:\FOUND.041\FILE0240.CHK C:\FOUND.041\FILE0241.CHK C:\FOUND.041\FILE0242.CHK C:\FOUND.041\FILE0243.CHK C:\FOUND.041\FILE0244.CHK C:\FOUND.041\FILE0245.CHK C:\FOUND.041\FILE0246.CHK C:\FOUND.041\FILE0247.CHK C:\FOUND.041\FILE0248.CHK C:\FOUND.041\FILE0249.CHK C:\FOUND.041\FILE0250.CHK C:\FOUND.041\FILE0251.CHK C:\FOUND.041\FILE0252.CHK C:\FOUND.041\FILE0253.CHK C:\FOUND.041\FILE0254.CHK C:\FOUND.041\FILE0255.CHK C:\FOUND.041\FILE0256.CHK C:\FOUND.041\FILE0257.CHK C:\FOUND.041\FILE0258.CHK C:\FOUND.041\FILE0259.CHK C:\FOUND.041\FILE0260.CHK C:\FOUND.041\FILE0261.CHK C:\FOUND.041\FILE0262.CHK C:\FOUND.041\FILE0263.CHK C:\FOUND.041\FILE0264.CHK C:\FOUND.041\FILE0265.CHK C:\FOUND.041\FILE0266.CHK C:\FOUND.041\FILE0267.CHK C:\FOUND.041\FILE0268.CHK C:\FOUND.041\FILE0269.CHK C:\FOUND.041\FILE0270.CHK C:\FOUND.041\FILE0271.CHK C:\FOUND.041\FILE0272.CHK C:\FOUND.041\FILE0273.CHK C:\FOUND.041\FILE0274.CHK C:\FOUND.041\FILE0275.CHK C:\FOUND.041\FILE0276.CHK C:\FOUND.041\FILE0277.CHK C:\FOUND.041\FILE0278.CHK C:\FOUND.041\FILE0279.CHK C:\FOUND.041\FILE0280.CHK C:\FOUND.041\FILE0281.CHK C:\FOUND.041\FILE0282.CHK C:\FOUND.041\FILE0283.CHK C:\FOUND.041\FILE0284.CHK C:\FOUND.041\FILE0285.CHK C:\FOUND.041\FILE0286.CHK C:\FOUND.041\FILE0287.CHK C:\FOUND.041\FILE0288.CHK C:\FOUND.041\FILE0289.CHK C:\FOUND.041\FILE0290.CHK C:\FOUND.041\FILE0291.CHK C:\FOUND.041\FILE0292.CHK C:\FOUND.041\FILE0293.CHK C:\FOUND.041\FILE0294.CHK C:\FOUND.041\FILE0295.CHK C:\FOUND.041\FILE0296.CHK C:\FOUND.041\FILE0297.CHK C:\FOUND.041\FILE0298.CHK C:\FOUND.041\FILE0299.CHK C:\FOUND.041\FILE0300.CHK C:\FOUND.041\FILE0301.CHK C:\FOUND.041\FILE0302.CHK C:\FOUND.041\FILE0303.CHK C:\FOUND.041\FILE0304.CHK C:\FOUND.041\FILE0305.CHK C:\FOUND.041\FILE0306.CHK C:\FOUND.041\FILE0307.CHK C:\FOUND.041\FILE0308.CHK C:\FOUND.041\FILE0309.CHK C:\FOUND.041\FILE0310.CHK C:\FOUND.041\FILE0311.CHK C:\FOUND.041\FILE0312.CHK C:\FOUND.041\FILE0313.CHK C:\FOUND.041\FILE0314.CHK C:\FOUND.041\FILE0315.CHK C:\FOUND.041\FILE0316.CHK C:\FOUND.041\FILE0317.CHK C:\FOUND.041\FILE0318.CHK C:\FOUND.041\FILE0319.CHK C:\FOUND.041\FILE0320.CHK C:\FOUND.041\FILE0321.CHK C:\FOUND.041\FILE0322.CHK C:\FOUND.041\FILE0323.CHK C:\FOUND.041\FILE0324.CHK C:\FOUND.041\FILE0325.CHK C:\FOUND.041\FILE0326.CHK C:\FOUND.041\FILE0327.CHK C:\FOUND.041\FILE0328.CHK C:\FOUND.041\FILE0329.CHK C:\FOUND.041\FILE0330.CHK C:\FOUND.041\FILE0331.CHK C:\FOUND.041\FILE0332.CHK C:\FOUND.041\FILE0333.CHK C:\FOUND.041\FILE0334.CHK C:\FOUND.041\FILE0335.CHK C:\FOUND.041\FILE0336.CHK C:\FOUND.041\FILE0337.CHK C:\FOUND.041\FILE0338.CHK C:\FOUND.041\FILE0339.CHK C:\FOUND.041\FILE0340.CHK C:\FOUND.041\FILE0341.CHK C:\FOUND.041\FILE0342.CHK C:\FOUND.041\FILE0343.CHK C:\FOUND.041\FILE0344.CHK C:\FOUND.041\FILE0345.CHK C:\FOUND.041\FILE0346.CHK C:\FOUND.041\FILE0347.CHK C:\FOUND.041\FILE0348.CHK C:\FOUND.041\FILE0349.CHK C:\FOUND.041\FILE0350.CHK C:\FOUND.041\FILE0351.CHK C:\FOUND.041\FILE0352.CHK C:\FOUND.041\FILE0353.CHK C:\FOUND.041\FILE0354.CHK C:\FOUND.041\FILE0355.CHK C:\FOUND.041\FILE0356.CHK C:\FOUND.041\FILE0357.CHK C:\FOUND.041\FILE0358.CHK C:\FOUND.041\FILE0359.CHK C:\FOUND.041\FILE0360.CHK C:\FOUND.041\FILE0361.CHK C:\FOUND.041\FILE0362.CHK C:\FOUND.041\FILE0363.CHK C:\FOUND.041\FILE0364.CHK C:\FOUND.041\FILE0365.CHK C:\FOUND.041\FILE0366.CHK C:\FOUND.041\FILE0367.CHK C:\FOUND.041\FILE0368.CHK C:\FOUND.041\FILE0369.CHK C:\FOUND.041\FILE0370.CHK C:\FOUND.041\FILE0371.CHK C:\FOUND.041\FILE0372.CHK C:\FOUND.041\FILE0373.CHK C:\FOUND.041\FILE0374.CHK C:\FOUND.041\FILE0375.CHK C:\FOUND.041\FILE0376.CHK C:\FOUND.041\FILE0377.CHK C:\FOUND.041\FILE0378.CHK C:\FOUND.041\FILE0379.CHK C:\FOUND.041\FILE0380.CHK C:\FOUND.041\FILE0381.CHK C:\FOUND.041\FILE0382.CHK C:\FOUND.041\FILE0383.CHK C:\FOUND.041\FILE0384.CHK C:\FOUND.041\FILE0385.CHK C:\FOUND.041\FILE0386.CHK C:\FOUND.041\FILE0387.CHK C:\FOUND.041\FILE0388.CHK C:\FOUND.041\FILE0389.CHK C:\FOUND.041\FILE0390.CHK C:\FOUND.041\FILE0391.CHK C:\FOUND.041\FILE0392.CHK C:\FOUND.041\FILE0393.CHK C:\FOUND.041\FILE0394.CHK C:\FOUND.041\FILE0395.CHK C:\FOUND.041\FILE0396.CHK C:\FOUND.041\FILE0397.CHK C:\FOUND.041\FILE0398.CHK C:\FOUND.041\FILE0399.CHK C:\FOUND.041\FILE0400.CHK C:\FOUND.041\FILE0401.CHK C:\FOUND.041\FILE0402.CHK C:\FOUND.041\FILE0403.CHK C:\FOUND.041\FILE0404.CHK C:\FOUND.041\FILE0405.CHK C:\FOUND.041\FILE0406.CHK C:\FOUND.041\FILE0407.CHK C:\FOUND.041\FILE0408.CHK C:\FOUND.041\FILE0409.CHK C:\FOUND.041\FILE0410.CHK C:\FOUND.041\FILE0411.CHK C:\FOUND.041\FILE0412.CHK C:\FOUND.041\FILE0413.CHK C:\FOUND.041\FILE0414.CHK C:\FOUND.041\FILE0415.CHK C:\FOUND.041\FILE0416.CHK C:\FOUND.041\FILE0417.CHK C:\FOUND.041\FILE0418.CHK C:\FOUND.041\FILE0419.CHK C:\FOUND.041\FILE0420.CHK C:\FOUND.041\FILE0421.CHK C:\FOUND.041\FILE0422.CHK C:\FOUND.041\FILE0423.CHK C:\FOUND.041\FILE0424.CHK C:\FOUND.041\FILE0425.CHK C:\FOUND.041\FILE0426.CHK C:\FOUND.041\FILE0427.CHK C:\FOUND.041\FILE0428.CHK C:\FOUND.041\FILE0429.CHK C:\FOUND.041\FILE0430.CHK C:\FOUND.041\FILE0431.CHK C:\FOUND.041\FILE0432.CHK C:\FOUND.041\FILE0433.CHK C:\FOUND.041\FILE0434.CHK C:\FOUND.041\FILE0435.CHK C:\FOUND.041\FILE0436.CHK C:\FOUND.041\FILE0437.CHK C:\FOUND.041\FILE0438.CHK C:\FOUND.041\FILE0439.CHK C:\FOUND.041\FILE0440.CHK C:\FOUND.041\FILE0441.CHK C:\FOUND.041\FILE0442.CHK C:\FOUND.041\FILE0443.CHK C:\FOUND.041\FILE0444.CHK C:\FOUND.041\FILE0445.CHK C:\FOUND.041\FILE0446.CHK C:\FOUND.041\FILE0447.CHK C:\FOUND.041\FILE0448.CHK C:\FOUND.041\FILE0449.CHK C:\FOUND.041\FILE0450.CHK C:\FOUND.041\FILE0451.CHK C:\FOUND.041\FILE0452.CHK C:\FOUND.041\FILE0453.CHK C:\FOUND.041\FILE0454.CHK C:\FOUND.041\FILE0455.CHK C:\FOUND.041\FILE0456.CHK C:\FOUND.041\FILE0457.CHK C:\FOUND.041\FILE0458.CHK C:\FOUND.041\FILE0459.CHK C:\FOUND.041\FILE0460.CHK C:\FOUND.041\FILE0461.CHK C:\FOUND.041\FILE0462.CHK C:\FOUND.041\FILE0463.CHK C:\FOUND.041\FILE0464.CHK C:\FOUND.041\FILE0465.CHK C:\FOUND.041\FILE0466.CHK C:\FOUND.041\FILE0467.CHK C:\FOUND.041\FILE0468.CHK C:\FOUND.041\FILE0469.CHK C:\FOUND.041\FILE0470.CHK C:\FOUND.041\FILE0471.CHK C:\FOUND.041\FILE0472.CHK C:\FOUND.041\FILE0473.CHK C:\FOUND.041\FILE0474.CHK C:\FOUND.041\FILE0475.CHK C:\FOUND.041\FILE0476.CHK C:\FOUND.041\FILE0477.CHK C:\FOUND.041\FILE0478.CHK C:\FOUND.041\FILE0479.CHK C:\FOUND.041\FILE0480.CHK C:\FOUND.041\FILE0481.CHK C:\FOUND.041\FILE0482.CHK C:\FOUND.041\FILE0483.CHK C:\FOUND.041\FILE0484.CHK C:\FOUND.041\FILE0485.CHK C:\FOUND.041\FILE0486.CHK C:\FOUND.041\FILE0487.CHK C:\FOUND.041\FILE0488.CHK C:\FOUND.041\FILE0489.CHK C:\FOUND.041\FILE0490.CHK C:\FOUND.041\FILE0491.CHK C:\FOUND.041\FILE0492.CHK C:\FOUND.041\FILE0493.CHK C:\FOUND.041\FILE0494.CHK C:\FOUND.041\FILE0495.CHK C:\FOUND.041\FILE0496.CHK C:\FOUND.041\FILE0497.CHK C:\FOUND.041\FILE0498.CHK C:\FOUND.041\FILE0499.CHK C:\FOUND.041\FILE0500.CHK C:\FOUND.041\FILE0501.CHK C:\FOUND.041\FILE0502.CHK C:\FOUND.041\FILE0503.CHK C:\FOUND.041\FILE0504.CHK C:\FOUND.041\FILE0505.CHK C:\FOUND.041\FILE0506.CHK C:\FOUND.041\FILE0507.CHK C:\FOUND.041\FILE0508.CHK C:\FOUND.041\FILE0509.CHK C:\FOUND.041\FILE0510.CHK C:\FOUND.041\FILE0511.CHK C:\FOUND.041\FILE0512.CHK C:\FOUND.041\FILE0513.CHK C:\FOUND.041\FILE0514.CHK C:\FOUND.041\FILE0515.CHK C:\FOUND.041\FILE0516.CHK C:\FOUND.041\FILE0517.CHK C:\FOUND.041\FILE0518.CHK C:\FOUND.041\FILE0519.CHK C:\FOUND.041\FILE0520.CHK C:\FOUND.041\FILE0521.CHK C:\FOUND.041\FILE0522.CHK C:\FOUND.041\FILE0523.CHK C:\FOUND.041\FILE0524.CHK C:\FOUND.041\FILE0525.CHK C:\FOUND.041\FILE0526.CHK C:\FOUND.041\FILE0527.CHK C:\FOUND.041\FILE0528.CHK C:\FOUND.041\FILE0529.CHK C:\FOUND.041\FILE0530.CHK C:\FOUND.041\FILE0531.CHK C:\FOUND.041\FILE0532.CHK C:\FOUND.041\FILE0533.CHK C:\FOUND.041\FILE0534.CHK C:\FOUND.041\FILE0535.CHK C:\FOUND.041\FILE0536.CHK C:\FOUND.041\FILE0537.CHK C:\FOUND.041\FILE0538.CHK C:\FOUND.041\FILE0539.CHK C:\FOUND.041\FILE0540.CHK C:\FOUND.041\FILE0541.CHK C:\FOUND.041\FILE0542.CHK C:\FOUND.041\FILE0543.CHK C:\FOUND.041\FILE0544.CHK C:\FOUND.041\FILE0545.CHK C:\FOUND.041\FILE0546.CHK C:\FOUND.041\FILE0547.CHK C:\FOUND.041\FILE0548.CHK C:\FOUND.041\FILE0549.CHK C:\FOUND.041\FILE0550.CHK C:\FOUND.041\FILE0551.CHK C:\FOUND.041\FILE0552.CHK C:\FOUND.041\FILE0553.CHK C:\FOUND.041\FILE0554.CHK C:\FOUND.041\FILE0555.CHK C:\FOUND.041\FILE0556.CHK C:\FOUND.041\FILE0557.CHK C:\FOUND.041\FILE0558.CHK C:\FOUND.041\FILE0559.CHK C:\FOUND.041\FILE0560.CHK C:\FOUND.041\FILE0561.CHK C:\FOUND.041\FILE0562.CHK C:\FOUND.041\FILE0563.CHK C:\FOUND.041\FILE0564.CHK C:\FOUND.041\FILE0565.CHK C:\FOUND.041\FILE0566.CHK C:\FOUND.041\FILE0567.CHK C:\FOUND.041\FILE0568.CHK C:\FOUND.041\FILE0569.CHK C:\FOUND.041\FILE0570.CHK C:\FOUND.041\FILE0571.CHK C:\FOUND.041\FILE0572.CHK C:\FOUND.041\FILE0573.CHK C:\FOUND.041\FILE0574.CHK C:\FOUND.041\FILE0575.CHK C:\FOUND.041\FILE0576.CHK C:\FOUND.041\FILE0577.CHK C:\FOUND.041\FILE0578.CHK C:\FOUND.041\FILE0579.CHK C:\FOUND.041\FILE0580.CHK C:\FOUND.041\FILE0581.CHK C:\FOUND.041\FILE0582.CHK C:\FOUND.041\FILE0583.CHK C:\FOUND.041\FILE0584.CHK C:\FOUND.041\FILE0585.CHK C:\FOUND.041\FILE0586.CHK C:\FOUND.041\FILE0587.CHK C:\FOUND.041\FILE0588.CHK C:\FOUND.041\FILE0589.CHK C:\FOUND.041\FILE0590.CHK C:\FOUND.041\FILE0591.CHK C:\FOUND.041\FILE0592.CHK C:\FOUND.041\FILE0593.CHK C:\FOUND.041\FILE0594.CHK C:\FOUND.041\FILE0595.CHK C:\FOUND.041\FILE0596.CHK C:\FOUND.041\FILE0597.CHK C:\FOUND.041\FILE0598.CHK C:\FOUND.041\FILE0599.CHK C:\FOUND.041\FILE0600.CHK C:\FOUND.041\FILE0601.CHK C:\FOUND.041\FILE0602.CHK C:\FOUND.041\FILE0603.CHK C:\FOUND.041\FILE0604.CHK C:\FOUND.041\FILE0605.CHK C:\FOUND.041\FILE0606.CHK C:\FOUND.041\FILE0607.CHK C:\FOUND.041\FILE0608.CHK C:\FOUND.041\FILE0609.CHK C:\FOUND.041\FILE0610.CHK C:\FOUND.041\FILE0611.CHK C:\FOUND.041\FILE0612.CHK C:\FOUND.041\FILE0613.CHK C:\FOUND.041\FILE0614.CHK C:\FOUND.041\FILE0615.CHK C:\FOUND.041\FILE0616.CHK C:\FOUND.041\FILE0617.CHK C:\FOUND.041\FILE0618.CHK C:\FOUND.041\FILE0619.CHK C:\FOUND.041\FILE0620.CHK C:\FOUND.041\FILE0621.CHK C:\FOUND.041\FILE0622.CHK C:\FOUND.041\FILE0623.CHK C:\FOUND.041\FILE0624.CHK C:\FOUND.041\FILE0625.CHK C:\WINDOWS\system32\CatRoot_bak . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DMSKSSRH -------\Service_DMSKSSRh ((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-21 au 2008-09-21 )))))))))))))))))))))))))))))))))))) . 2008-09-19 00:04 . 2008-09-19 00:04 d-------- C:\Lop SD 2008-09-18 23:56 . 2008-09-18 23:56 d-------- C:\_OTMoveIt 2008-09-18 21:34 . 2008-09-18 21:34 d-------- C:\Program Files\Trend Micro 2008-09-18 20:28 . 2008-09-18 20:28 d-------- C:\Program Files\AxBx 2008-09-18 19:26 . 2008-09-18 19:26 d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-09-18 19:26 . 2008-09-18 19:26 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-08-27 23:24 . 2008-08-27 23:24 0 --a------ C:\WINDOWS sreg.dat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-30 18:51 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll 2008-06-30 18:51 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll 2008-06-30 18:51 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll 2008-06-23 15:39 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2008-06-23 15:39 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2008-06-23 09:49 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2006-09-05 21:03 31 ----a-w C:\Documents and Settings\MAMAN\getfile.dat 2005-12-03 23:30 37 ----a-w C:\Documents and Settings\GUILHEM\getfile.dat 2005-06-08 17:53 37 ----a-w C:\Documents and Settings\AGNES\getfile.dat . ((((((((((((((((((((((((((((( snapshot@2008-09-19_ 0.44.40.51 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule bSec1.dll" [2008-07-07 1569304] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] 2008-07-07 20:12 1569304 --a------ C:\Program Files\Secured_eMule bSec1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}] 2007-12-23 12:26 394688 --a------ C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule bSec1.dll" [2008-07-07 1569304] "{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 480704] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}] [HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1] [HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}] [HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "C:\Program Files\Secured_eMule bSec1.dll" [2008-07-07 1569304] "{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 480704] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}] [HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1] [HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}] [HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzBufferZoneOverlay] @="{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}" [HKEY_CLASSES_ROOT\CLSID\{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}] 2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32 lshellext.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzConfidentialOverlay] @="{F594B094-8768-4632-8143-12852EBBD688}" [HKEY_CLASSES_ROOT\CLSID\{F594B094-8768-4632-8143-12852EBBD688}] 2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32 lshellext.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzForbiddenOverlay] @="{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}" [HKEY_CLASSES_ROOT\CLSID\{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}] 2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32 lshellext.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzUnknownOverlay] @="{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}" [HKEY_CLASSES_ROOT\CLSID\{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}] 2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32 lshellext.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PhilipsLime"="C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" [2005-09-08 159744] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-05-08 190024] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-02 1271032] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 3664944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-12 4112384] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 106496] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-12 81920] "WooCnxMon"="C:\PROGRA~1\WANADOO\CnxMon.exe" [2004-05-13 24576] "WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-05-13 24576] "WOOTASKBARICON"="C:\PROGRA~1\WANADOO\TaskbarIcon.exe" [2004-05-13 49152] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "Watch"="C:\PROGRA~1\MINITEL\Watch.exe" [2002-01-14 20480] "snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 286720] "PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2005-09-14 512000] "BufferZone"="C:\Program Files\BufferZone\CLIENTGUI.EXE" [2006-11-09 3274537] "F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" [2005-10-26 122929] "F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 700416] "F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" [2005-10-18 372736] "News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 356352] "nwiz"="nwiz.exe" [2004-07-12 C:\WINDOWS\system32 wiz.exe] "SoundMan"="SOUNDMAN.EXE" [2003-10-08 C:\WINDOWS\SOUNDMAN.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360] "NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2004-07-12 81920] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun] "1"= MSNCleaner.exe "2"= avp.exe "3"= kav.esp "4"= kav.eng "5"= msconfig.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\WINDOWS\system32\sessmgr.exe"= "C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe"= "C:\Program Files\Steam\SteamApps\will2708\counter-strike source\hl2.exe"= "C:\Program Files\eMule\emule.exe"= "C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe"= "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 70896] R0 REDLIGHT;REDLIGHT;C:\WINDOWS\system32\drivers\REDLIGHT.SYS [2006-11-09 3924096] R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-01 32807] R2 BufferZoneSvc;BufferZone Service;C:\Program Files\BufferZone\ClntSvc.exe [2006-11-09 767481] R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 48720] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-02 55424] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 16816] R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 450560] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS [ ] . Contenu du dossier 'Tƒches planifi‚es' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-21 19:21:49 Windows 5.1.2600 Service Pack 2 FAT NTAPI Recherche de processus cach‚s ... Recherche d'‚l‚ments en d‚marrage automatique cach‚s ... Recherche de fichiers cach‚s ... Scan termin‚ avec succŠs Fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs charg‚es dans les processus actifs --------------------- PROCESSUS: C:\WINDOWS\explorer.exe -> C:\Program Files\BufferZone\WINBORDER.DLL . ------------------------ Autres processus actifs ------------------------ . C:\PROGRAM FILES\ANTIVIRUSFIREWALL\BACKWEB\6588780\PROGRAM\SERVIC~1.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSGK32ST.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\BACKWEB\6588780\PROGRAM\FSBWSYS.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSGK32.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\COMMON\FSMA32.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSSM32.EXE C:\WINDOWS\SYSTEM32\NVSVC32.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\COMMON\FSMB32.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\COMMON\FCH32.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSQH.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\COMMON\FAMEH32.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSRW.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\FWES\PROGRAM\FSDFWD.EXE C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSAV32.EXE C:\PROGRAM FILES\WANADOO\CNXMON.EXE C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\PROGRAM FILES\ANTIVIRUSFIREWALL\BACKWEB\6588780\PROGRAM\FSPEX.EXE C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe . ************************************************************************** . Heure de fin: 2008-09-21 19:30:02 - La machine a red‚marr‚ ComboFix-quarantined-files.txt 2008-09-21 17:29:30 ComboFix3.txt 2008-09-18 22:46:28 ComboFix2.txt 2008-09-19 16:13:20 Avant-CF: 83,080,740,864 octets libres AprŠs-CF: 83,002,228,736 octets libres 1541 --- E O F --- 2008-09-10 22:08:50

Ayayou · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:04, on 21/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BufferZone\ClntSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\BufferZone\CLIENTGUI.EXE
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule	bSec1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule	bSec1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule	bSec1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\MINITEL\Watch.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [BufferZone] "C:\Program Files\BufferZone\CLIENTGUI.EXE" /STARTUP
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: e-Carte Bleue Banque Populaire.lnk = C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?0819bee09dea4e4d97d024ccef1008bc
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?0819bee09dea4e4d97d024ccef1008bc
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\ClntSvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe

verni29 · Answer

Est-ce qu'il y a des améliorations sur ton PC ?

1)  Lance Hijackthis et tu choisis " Do a system scan only ".
Tu sélectionnes les lignes suivantes :

 O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart     
 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')     
 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')     
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')     
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')     
 O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe     
 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe     
 O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe     
 O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU) 

Tu choisis l'option " Fixchecked" en bas de la page.

2) première chose, sur ton ordinateur, certains programmes sont interdits d'utilisation.
Ce sont :
MSNCleaner.exe , kaspersky ( qui n'est plus installé ) et l'utiliaire msconfig.exe

Est-ce volontaire ? pour par exemple que parmi les différents utilisateurs certains ne puissent pas les lancer.
Est-ce toi qui a installé cette restriction ?
Peux-tu essayer de les lancer ?
- MSNCleaner dans la liste des programmes ( peut-être ne le trouveras tu pas )
- msconfig : démarrer --> executer --> tape msconfig.exe
Ferme ensuite la fenêtre si elle s'ouvre.
Dis moi pour ces deux exécutables si ils se lancent.

3) J'aimerais que tu analyses un fichier

Tu vas sur le site de VirusTotal et tu vas pouvoir analyser le fichier.
https://www.virustotal.com/gui/

Copiez le chemin indiqué ci-dessous et le coller dans la zone à analyser.
Tu cliques ensuite sur envoyer le fichier.
Tu postes le rapport de l'analyse ( pour cela, tu sélectionnes la zone de résultat --> click droit --> copier )

Chemin : C:\WINDOWS\System32\rlshellext.dll 

A+

Ayayou · Answer

Oui ça a l'air d'aller mieux, j'ai plus la petite fenêtre qui s'affiche tout le temps ^^
Pour les logiciels bloqués, j'ai pas trouvé MSNCleaner, par contre j'ai pu lancer msconfig.exe 
E pour l'analyse du fichier, dans la colonne résultat, il y a que des -

verni29 · Answer

Si il y a d'autres symptomes sur ton PC, dis les moi.

Pour cette manipulation, je te conseille de noter ou d'imprimer ce texte car la désinfection va se faire en mode sans échec et tu n'auras pas accès à Internet pour visualiser les consignes.
Autre astuce : Copie/colle le texte dans un fichier .txt que tu enregistres sur ton bureau. Tu le retrouveras alors sur ton bureau et en mode sans échec.

Tu télécharges MalwareBytes. 
http://www.malwarebytes.org/mbam/program/mbam-setup.exe 

Tu l'installes. Choisis les options par défaut. 
A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’exécuter . 
Ne choisis que la mise à jour. Le logiciel sera lancé en mode sans échec. 

Tu relances l'ordinateur en mode sans échec ( tapote la touche F8 après redémarrage ). 
Tu choisis ton compte utilisateur. 

Pour lancer MalwareBytes, double-clique sur le raccourci du bureau. 

Dans l’onglet Recherche, sélectionne Exécuter un examen complet. 
Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur. 
Clique sur lancer l’examen. 

A la fin de la recherche, Comme il est demandé, clique sur afficher les résultats de la recherche. 
Choisis alors Supprimer la selection pour nettoyer les infections. 
Tu postes le rapport dans ton prochain message.

Si tu ne le retrouves pas, ouvre MalwareBytes et regarde dans l’onglet Rapport/logs. Il y est.
Clique dessus et choisir ouvrir.

Le scan environ 50 mn.

A+

Ayayou · Answer

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1186
Windows 5.1.2600 Service Pack 2

22/09/2008 06:23:16
mbam-log-2008-09-22 (06-23-16).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 186288
Temps écoulé: 7 hour(s), 9 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Secured_eMule	bSec0.dll (Adware.Shopper) -> Quarantined and deleted successfully.

verni29 · Answer

On effectue une dernière vérifiaction, après je te donne les consignes de netteoyage.

Tu vas sur le site de Kaspersky:
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

Clique sur Demarrer Online-scanner ( en bas de page à droite ) pour commencer l'analyse.
Il te sera demandé d'installer un logiciel de Kaspersky, accepte.

A la fin de cette analyse, clique sur enregistrer le rapport.
Poste le contenu de ce rapport dans ton prochain message.

A+

Ayayou · Answer

je clique sur demarrer onlive scanner, une fenêtre s'ouvre, mais après plus rien

verni29 · Answer

Je te mets un tuto.
Lis-le. Il y a peut-être des réglages sur ton PC à faire.

Si tu n'y arrives pas, tu feraus un scan avec nod32 :
https://www.eset.com/
A la fin, colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt

A+

Ayayou · Answer

ya des cases avec "remove found threats" et "scan unwanted applications", je coche laquelle ?

verni29 · Answer

les deux .

Ayayou · Answer

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3460 (20080922)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=9436a42264f53446b1b2f11cd747ebe8
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-09-22 09:06:01
# local_time=2008-09-22 11:06:01 (+0100, Paris, Madrid)
# country="France"
# osver=5.1.2600 NT Service Pack 2
# scanned=404540
# found=20
# scan_time=4061
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1101.dll	Win32/Adware.Gator application (unable to clean - deleted)	00000000000000000000000000000000
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1101.dll	Win32/Adware.Gator application (unable to clean - deleted)	00000000000000000000000000000000
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1101.dll	Win32/Adware.Gator application (unable to clean - deleted)	00000000000000000000000000000000
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1101.dll	Win32/Adware.Gator application (unable to clean - deleted)	00000000000000000000000000000000
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\HDPlugin1101.dll	Win32/Adware.Gator application (unable to clean - deleted)	00000000000000000000000000000000
C:\Documents and Settings\MAMAN\Mes documents\NudgeMania-Installer.exe	multiple infiltrations (deleted)	00000000000000000000000000000000
C:\Documents and Settings\MAMAN\Mes documents\NudgeMania-Installer.exe »NSIS »SHNT288.exe	Win32/Adware.NdotNet application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object)	00000000000000000000000000000000
C:\Documents and Settings\MAMAN\Mes documents\NudgeMania-Installer.exe »NSIS »wh.exe	multiple infiltrations (error while deleting - operation unavailable for this type of object - was a part of the deleted object)	00000000000000000000000000000000
C:\Documents and Settings\MAMAN\Mes documents\NudgeMania-Installer.exe »NSIS »wh.exe »RAR »whAgent.exe	Win32/Adware.Webhancer.A application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object)	00000000000000000000000000000000
C:\Documents and Settings\MAMAN\Mes documents\NudgeMania-Installer.exe »NSIS »wh.exe »RAR »whInstaller.exe	Win32/Adware.Webhancer.A.installer application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object)	00000000000000000000000000000000
C:\Documents and Settings\MAMAN\Mes documents\NudgeMania-Installer.exe »NSIS »wh.exe »RAR »whSurvey.exe	Win32/Adware.Webhancer.A application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object)	00000000000000000000000000000000
C:\Documents and Settings\MAMAN\Mes documents\NudgeMania-Installer.exe »NSIS »wh.exe »RAR »webhdll.dll	Win32/Adware.Webhancer.A application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object)	00000000000000000000000000000000
C:\Documents and Settings\MAMAN\Mes documents\NudgeMania-Installer.exe »NSIS »wh.exe »RAR »whiehlpr.dll	Win32/Adware.Webhancer.A application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object)	00000000000000000000000000000000
C:\Documents and Settings\MAMAN\Mes documents\NudgeMania-Installer.exe »NSIS »MGW_SH.exe	Win32/Adware.WinAd application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object)	00000000000000000000000000000000
C:\System Volume Information\_restore{6A043ED6-82F4-4712-AD99-286BBD85EF49}\RP947\A0264185.exe	Win32/Injector.CW trojan (unable to clean - deleted)	00000000000000000000000000000000
C:\System Volume Information\_restore{6A043ED6-82F4-4712-AD99-286BBD85EF49}\RP947\A0264186.exe	Win32/Injector.CW trojan (unable to clean - deleted)	00000000000000000000000000000000
C:\System Volume Information\_restore{6A043ED6-82F4-4712-AD99-286BBD85EF49}\RP960\A0266323.EXE	Win32/Injector.CW trojan (unable to clean - deleted)	00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\webhdll.dll.bak.bak.vir	Win32/Adware.Webhancer.390 application (unable to clean - deleted)	00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\iexplore.exe.vir	Win32/Injector.CW trojan (unable to clean - deleted)	00000000000000000000000000000000
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\SoapBurnPlusInfo\TRUSTCORN.0XE.vir	Win32/Obfuscated.A1 trojan (unable to clean - deleted)	00000000000000000000000000000000

verni29 · Answer

1) On va enlever les logiciels qui ont été utilisés..
Télécharge ToolsCleaner .sur le bureau
http://pc-system.fr/

Double-clique sur ToolsCleaner2.exe --> Recherche --> Suppression.
Il est possible que ton bureau disparaisse.

Fais un copier/coller du rapport qui se trouve dans C:\TCleaner.txt.

2) Tu vas utiliser CCleaner. 
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner 

utilise les fonctions nettoyeur et registre. 

3) Les points de restauration : 
-  Panneau de configuation --> Système --> Restauration du sytème 
cocher " Désactiver la restauration .... " ( si elle est cochée sinon la décocher -- >  valider -- > cocher )
Une fenêtre va s’ouvrir pour t’avertir que les poins de restauration existants seront supprimés.
Accepte.
Décoche ensuite « Désactiver la restauration .... » pour réactiver la restauration système
- Tu vas recréer un point de restauration propre.
Pour recréer un point de restauration :
Démarrer --> Programmes --> Accessoires --> Outils système --> Restauration système
Choisis "Créer un point de restauration". Suis les invites.

A+

Ayayou · Answer

je trouve pas le rapport, mais ça a tout supprimé sauf combo fix

verni29 · Answer

Il faut supprimer combofix manuellement.
Il se trouve sur ton bureau.

A+

Ayayou · Answer

après avoir cliquer sur restauration du système, je trouve pas "créer un point de restauration" (ya une fenêtre qui s'ouvre et qui me dit que la restauration du système est désactivée et me demande si je veux l'activer)

verni29 · Answer

Oui, réactive la restauration système.

A+

Ayayou · Answer

j'écris ce que je veux dans "description du point de restauration ?"

verni29 · Answer

Oui, ce que tu veux mais qui soit explicite :
par exemple désinfection CCM

Après cela ton PC devrait être propre.

Pourrais-tu mettre le sujet comme résolu ?

@+

Ayayou · Answer

okay c'est fait. 
Merci beaucoup pour ton aide ^^

Rapport hijackyhis

50 réponses

Discussions similaires