Rapport hijackyhis

Résolu/Fermé

Ayayou Messages postés 44 Date d'inscription lundi 11 août 2008 Statut Membre Dernière intervention 13 mars 2015 - 18 sept. 2008 à 21:50
Ayayou Messages postés 44 Date d'inscription lundi 11 août 2008 Statut Membre Dernière intervention 13 mars 2015 - 23 sept. 2008 à 20:22

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:39, on 18/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BufferZone\ClntSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\iexplore.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\BufferZone\CLIENTGUI.EXE
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O1 - Hosts: 202.75.62.88 banamex.com.mx
O1 - Hosts: 202.75.62.88 www.banamex.com.mx
O1 - Hosts: 202.75.62.88 banamex.com
O1 - Hosts: 202.75.62.88 www.banamex.com
O1 - Hosts: 202.75.62.88 www.bancanetempresarial.banamex.com.mx
O1 - Hosts: 202.75.62.88 boveda.banamex.com.mx
O1 - Hosts: 202.75.62.88 boveda.banamex.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: (no name) - {5DA5030D-C599-A19D-5E6B-D36C97DCEA37} - C:\DOCUME~1\MAMAN\APPLIC~1\MULTII~1\Settingsdog.exe (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\MINITEL\Watch.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [uvexolmf] C:\WINDOWS\uvexolmf.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [PlusInfoLiteEq] C:\Documents and Settings\All Users\Application Data\SoapBurnPlusInfo\TrustCorn.exe
O4 - HKLM\..\Run: [BufferZone] "C:\Program Files\BufferZone\CLIENTGUI.EXE" /STARTUP
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Internet Explorer] iexplore.exe
O4 - HKLM\..\RunServices: [Internet Explorer] iexplore.exe
O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BITSUP] C:\DOCUME~1\MAMAN\APPLIC~1\HOPEME~1\film dumb.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKLM\..\Policies\Explorer\Run: [Internet Explorer] iexplore.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: e-Carte Bleue Banque Populaire.lnk = C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?0819bee09dea4e4d97d024ccef1008bc
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?0819bee09dea4e4d97d024ccef1008bc
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/255f08444349274b8020/netzip/RdxIE601_fr.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\ClntSvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

A voir également:

Rapport hijackyhis
Plan rapport de stage - Guide
Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport existant ✓ - Forum Excel
Problém affichage du tableau croisé dynamique - Forum Excel
Rapport erreur windows - Guide
Envoyer un rapport de bug à mi pour analyse - Forum Xiaomi

50 réponses

Réponse 21 / 50

Ayayou Messages postés 44 Date d'inscription lundi 11 août 2008 Statut Membre Dernière intervention 13 mars 2015 1
19 sept. 2008 à 00:10

je crois que ça fait pareil que tout à l'heure, l'ordi "travaille" pas...

Réponse 22 / 50

verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 sept. 2008 à 00:12

Attends cinq minutes pas plus, puis arrête lopS&D.

On utilisera les grands moyens dans ce cas.

A+

Réponse 23 / 50

Ayayou Messages postés 44 Date d'inscription lundi 11 août 2008 Statut Membre Dernière intervention 13 mars 2015 1
19 sept. 2008 à 00:14

quand tu dis "utiliser les grands moyens" ça veut dire que ça va prendre du temps ? (j'ai cours demain)

Réponse 24 / 50

verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 sept. 2008 à 00:21

Les grans moyens, c'est utilisé un outil plus puissant qui permettra de supprimer toute ou partie de ces infections.
Si tu as cours, voyons cela demain plutôt.

de passer l'outil ne prends pas énormément de temps.
par contre l'analyse du rapport que je ferrais oui.

As-tu arrêté lopS&D ?

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 50

Ayayou Messages postés 44 Date d'inscription lundi 11 août 2008 Statut Membre Dernière intervention 13 mars 2015 1
19 sept. 2008 à 00:23

oui j'ai arrêté lopS&D, par contre demain je serais pas chez moi (je pars faire les vendanges, youpi -__-) ça serait possible que tu m'aides dimanche soir ou lundi plutôt ?

Réponse 26 / 50

verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 sept. 2008 à 00:27

C'est OK pour dimanche.

Peux-tu prendre 15 mn pour passer l'outil suivant ?
ceci me permettra de préparer le script de désinfection.

Tu vas télécharger ComBoFix et enregistre le sur ton bureau ( important pour la suite )
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

déconnecte toi du net.
Désactive les protections résidentes de ton ordinateur ( antivirus, antispyware et parefeu )
Lance Combofix.exe et suis les invites.

Une fois le scan fini, un rapport va apparaitre.
Copie/colle ce rapport dans ta prochaine réponse.
Si tu ne le trouves pas, il est à C:\ComboFix.txt.

A+

Réponse 27 / 50

Ayayou Messages postés 44 Date d'inscription lundi 11 août 2008 Statut Membre Dernière intervention 13 mars 2015 1
19 sept. 2008 à 18:09

désolée j'ai pas pu me reconnecter au net hier soir (d'ailleurs ça remarche toujours pas), mais j'ai fait le rapport (par contre j'ai pas désactivé l'anti virus, et j'ai pas eu le temps de le refaire, je vais essayer maintenant mais c'est pas sur que je puisse, si j'ai le temps je le poste)
ComboFix 08-09-16.05 - MAMAN 2008-09-19 0:31:48.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.176 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\MAMAN\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\AGNES\Cookies\agnes@servedby.advertising[1].txt
C:\Documents and Settings\AGNES\Cookies\agnes@servedby.advertising[2].txt
C:\Documents and Settings\MAMAN\Cookies\maman@clickintext[4].txt
C:\Documents and Settings\MAMAN\Cookies\maman@date.ventivmedia[3].txt
C:\Documents and Settings\MAMAN\Cookies\maman@edt02[1].txt
C:\Documents and Settings\MAMAN\Cookies\maman@edt02[3].txt
C:\Documents and Settings\MAMAN\Cookies\maman@edt02[4].txt
C:\Documents and Settings\MAMAN\Cookies\maman@edt02[5].txt
C:\Documents and Settings\MAMAN\Cookies\maman@edt02[6].txt
C:\Documents and Settings\MAMAN\Cookies\maman@edt02[8].txt
C:\Documents and Settings\MAMAN\Cookies\maman@erreurchasseur[2].txt
C:\Documents and Settings\MAMAN\Cookies\maman@hotbar[2].txt
C:\Documents and Settings\MAMAN\Cookies\maman@metrics.adobe[2].txt
C:\Documents and Settings\MAMAN\Cookies\maman@server.cpmstar[1].txt
C:\Documents and Settings\MAMAN\Cookies\maman@tracker.affistats[3].txt
C:\Documents and Settings\MAMAN\Cookies\maman@tracker.affistats[5].txt
C:\Documents and Settings\MAMAN\Cookies\maman@tracker.affistats[6].txt
C:\Documents and Settings\MAMAN\Cookies\maman@tracker.affistats[8].txt
C:\Documents and Settings\MAMAN\Cookies\maman@trafiz[6].txt
C:\Documents and Settings\MAMAN\Cookies\maman@trafiz[8].txt
C:\Program Files\newdotnet
C:\Program Files\newdotnet\newdotnet7_22.dll
C:\Program Files\newdotnet\readme.html
C:\Program Files\newdotnet\uninstall7_22.exe
C:\Program Files\webhancer
C:\Program Files\webhancer\Programs\webhdll.dll.bak.bak
C:\WINDOWS\NDNuninstall7_22.exe
C:\windows\system32\iexplore.exe
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-18 au 2008-09-18 ))))))))))))))))))))))))))))))))))))
.

2008-09-19 00:04 . 2008-09-19 00:04 <REP> d-------- C:\Lop SD
2008-09-18 23:56 . 2008-09-18 23:56 <REP> d-------- C:\_OTMoveIt
2008-09-18 21:34 . 2008-09-18 21:34 <REP> d-------- C:\Program Files\Trend Micro
2008-09-18 20:28 . 2008-09-18 20:28 <REP> d-------- C:\Program Files\AxBx
2008-09-18 19:26 . 2008-09-18 19:26 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-18 19:26 . 2008-09-18 19:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-02 18:23 . 2008-09-02 18:23 <REP> d--hs---- C:\FOUND.041
2008-09-01 11:09 . 2008-09-01 11:09 <REP> d--hs---- C:\FOUND.040
2008-08-27 23:24 . 2008-08-27 23:24 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-21 15:00 . 2008-08-21 15:00 <REP> d--hs---- C:\FOUND.039
2008-08-19 18:40 . 2008-08-19 18:40 <REP> d--hs---- C:\FOUND.038
2008-08-18 21:33 . 2008-08-18 21:33 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-30 18:51 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
2008-06-30 18:51 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
2008-06-30 18:51 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 15:39 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 15:39 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:49 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2006-09-05 21:03 31 ----a-w C:\Documents and Settings\MAMAN\getfile.dat
2005-12-03 23:30 37 ----a-w C:\Documents and Settings\GUILHEM\getfile.dat
2005-06-08 17:53 37 ----a-w C:\Documents and Settings\AGNES\getfile.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule\tbSec1.dll" [2008-07-07 1569304]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2008-07-07 20:12 1569304 --a------ C:\Program Files\Secured_eMule\tbSec1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]
2007-12-23 12:26 394688 --a------ C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule\tbSec1.dll" [2008-07-07 1569304]
"{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 480704]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "C:\Program Files\Secured_eMule\tbSec1.dll" [2008-07-07 1569304]
"{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 480704]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzBufferZoneOverlay]
@="{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}"
[HKEY_CLASSES_ROOT\CLSID\{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}]
2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32\rlshellext.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzConfidentialOverlay]
@="{F594B094-8768-4632-8143-12852EBBD688}"
[HKEY_CLASSES_ROOT\CLSID\{F594B094-8768-4632-8143-12852EBBD688}]
2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32\rlshellext.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzForbiddenOverlay]
@="{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}"
[HKEY_CLASSES_ROOT\CLSID\{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}]
2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32\rlshellext.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzUnknownOverlay]
@="{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}"
[HKEY_CLASSES_ROOT\CLSID\{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}]
2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32\rlshellext.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhilipsLime"="C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" [2005-09-08 159744]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-05-08 190024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-02 1271032]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 3664944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-12 4112384]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 106496]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-12 81920]
"WooCnxMon"="C:\PROGRA~1\WANADOO\CnxMon.exe" [2004-05-13 24576]
"WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-05-13 24576]
"WOOTASKBARICON"="C:\PROGRA~1\WANADOO\TaskbarIcon.exe" [2004-05-13 49152]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Watch"="C:\PROGRA~1\MINITEL\Watch.exe" [2002-01-14 20480]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 286720]
"PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2005-09-14 512000]
"BufferZone"="C:\Program Files\BufferZone\CLIENTGUI.EXE" [2006-11-09 3274537]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" [2005-10-26 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" [2005-10-18 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 356352]
"nwiz"="nwiz.exe" [2004-07-12 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-10-08 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2004-07-12 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= MSNCleaner.exe
"2"= avp.exe
"3"= kav.esp
"4"= kav.eng
"5"= msconfig.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"C:\\Program Files\\Steam\\SteamApps\\will2708\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 70896]
R0 REDLIGHT;REDLIGHT;C:\WINDOWS\system32\drivers\REDLIGHT.SYS [2006-11-09 3924096]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-01 32807]
R2 BufferZoneSvc;BufferZone Service;C:\Program Files\BufferZone\ClntSvc.exe [2006-11-09 767481]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 48720]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-02 55424]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 16816]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 450560]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\MAMAN\LOCALS~1\Temp\DMSKSSRh.sys [ ]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS [ ]
.
Contenu du dossier 'Tƒches planifi‚es'
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{5DA5030D-C599-A19D-5E6B-D36C97DCEA37} - C:\DOCUME~1\MAMAN\APPLIC~1\MULTII~1\Settingsdog.exe
HKCU-Run-BITSUP - C:\DOCUME~1\MAMAN\APPLIC~1\HOPEME~1\film dumb.exe
HKLM-Run-uvexolmf - C:\WINDOWS\uvexolmf.exe
HKLM-Run-PlusInfoLiteEq - C:\Documents and Settings\All Users\Application Data\SoapBurnPlusInfo\TrustCorn.exe
HKLM-Run-Internet Explorer - iexplore.exe
HKLM-RunServices-Internet Explorer - iexplore.exe
HKLM-Explorer_Run-Internet Explorer - iexplore.exe

.
------- Examen suppl‚mentaire -------
.
FireFox -: Profile - C:\Documents and Settings\MAMAN\Application Data\Mozilla\Firefox\Profiles\kpe9d9x2.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 00:40:11
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Recherche de processus cach‚s ...

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

Recherche de fichiers cach‚s ...

Scan termin‚ avec succŠs
Fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs charg‚es dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\BufferZone\WINBORDER.DLL
.
------------------------ Autres processus actifs ------------------------
.
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\BACKWEB\6588780\PROGRAM\SERVIC~1.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSGK32ST.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\BACKWEB\6588780\PROGRAM\FSBWSYS.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSGK32.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\COMMON\FSMA32.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSSM32.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\COMMON\FSMB32.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\COMMON\FCH32.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\COMMON\FAMEH32.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSQH.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSRW.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\FWES\PROGRAM\FSDFWD.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSAV32.EXE
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\BACKWEB\6588780\PROGRAM\FSPEX.EXE
C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-09-19 0:46:21 - La machine a red‚marr‚
ComboFix-quarantined-files.txt 2008-09-18 22:46:02

Avant-CF: 78,034,993,152 octets libres
AprŠs-CF: 83,112,394,752 octets libres

270 --- E O F --- 2008-09-10 22:08:50

Réponse 28 / 50

Ayayou Messages postés 44 Date d'inscription lundi 11 août 2008 Statut Membre Dernière intervention 13 mars 2015 1
19 sept. 2008 à 18:16

voilà j'ai refait le rapport :
ComboFix 08-09-16.05 - MAMAN 2008-09-19 18:07:28.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.238 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\MAMAN\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-19 au 2008-09-19 ))))))))))))))))))))))))))))))))))))
.

2008-09-19 00:04 . 2008-09-19 00:04 <REP> d-------- C:\Lop SD
2008-09-18 23:56 . 2008-09-18 23:56 <REP> d-------- C:\_OTMoveIt
2008-09-18 21:34 . 2008-09-18 21:34 <REP> d-------- C:\Program Files\Trend Micro
2008-09-18 20:28 . 2008-09-18 20:28 <REP> d-------- C:\Program Files\AxBx
2008-09-18 19:26 . 2008-09-18 19:26 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-18 19:26 . 2008-09-18 19:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-02 18:23 . 2008-09-02 18:23 <REP> d--hs---- C:\FOUND.041
2008-09-01 11:09 . 2008-09-01 11:09 <REP> d--hs---- C:\FOUND.040
2008-08-27 23:24 . 2008-08-27 23:24 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-21 15:00 . 2008-08-21 15:00 <REP> d--hs---- C:\FOUND.039
2008-08-19 18:40 . 2008-08-19 18:40 <REP> d--hs---- C:\FOUND.038

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-30 18:51 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
2008-06-30 18:51 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
2008-06-30 18:51 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 15:39 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 15:39 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:49 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2006-09-05 21:03 31 ----a-w C:\Documents and Settings\MAMAN\getfile.dat
2005-12-03 23:30 37 ----a-w C:\Documents and Settings\GUILHEM\getfile.dat
2005-06-08 17:53 37 ----a-w C:\Documents and Settings\AGNES\getfile.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule\tbSec1.dll" [2008-07-07 1569304]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2008-07-07 20:12 1569304 --a------ C:\Program Files\Secured_eMule\tbSec1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]
2007-12-23 12:26 394688 --a------ C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule\tbSec1.dll" [2008-07-07 1569304]
"{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 480704]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "C:\Program Files\Secured_eMule\tbSec1.dll" [2008-07-07 1569304]
"{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 480704]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzBufferZoneOverlay]
@="{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}"
[HKEY_CLASSES_ROOT\CLSID\{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}]
2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32\rlshellext.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzConfidentialOverlay]
@="{F594B094-8768-4632-8143-12852EBBD688}"
[HKEY_CLASSES_ROOT\CLSID\{F594B094-8768-4632-8143-12852EBBD688}]
2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32\rlshellext.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzForbiddenOverlay]
@="{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}"
[HKEY_CLASSES_ROOT\CLSID\{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}]
2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32\rlshellext.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzUnknownOverlay]
@="{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}"
[HKEY_CLASSES_ROOT\CLSID\{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}]
2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32\rlshellext.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhilipsLime"="C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" [2005-09-08 159744]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-05-08 190024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-02 1271032]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 3664944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-12 4112384]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 106496]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-12 81920]
"WooCnxMon"="C:\PROGRA~1\WANADOO\CnxMon.exe" [2004-05-13 24576]
"WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-05-13 24576]
"WOOTASKBARICON"="C:\PROGRA~1\WANADOO\TaskbarIcon.exe" [2004-05-13 49152]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Watch"="C:\PROGRA~1\MINITEL\Watch.exe" [2002-01-14 20480]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 286720]
"PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2005-09-14 512000]
"BufferZone"="C:\Program Files\BufferZone\CLIENTGUI.EXE" [2006-11-09 3274537]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" [2005-10-26 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" [2005-10-18 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 356352]
"nwiz"="nwiz.exe" [2004-07-12 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-10-08 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2004-07-12 81920]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-07-12 950272]
Antivirus Firewall.lnk - C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe [2008-04-01 32807]
e-Carte Bleue Banque Populaire.lnk - C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe [2008-06-24 278528]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-11 110592]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-11 110592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= MSNCleaner.exe
"2"= avp.exe
"3"= kav.esp
"4"= kav.eng
"5"= msconfig.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"C:\\Program Files\\Steam\\SteamApps\\will2708\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 70896]
R0 REDLIGHT;REDLIGHT;C:\WINDOWS\system32\drivers\REDLIGHT.SYS [2006-11-09 3924096]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-01 32807]
R2 BufferZoneSvc;BufferZone Service;C:\Program Files\BufferZone\ClntSvc.exe [2006-11-09 767481]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 48720]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-02 55424]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 16816]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 450560]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\MAMAN\LOCALS~1\Temp\DMSKSSRh.sys [ ]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS [ ]

*Newly Created Service* - FSBL
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\MAMAN\Application Data\Mozilla\Firefox\Profiles\kpe9d9x2.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 18:11:30
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\BufferZone\WINBORDER.DLL
.
Heure de fin: 2008-09-19 18:13:16
ComboFix-quarantined-files.txt 2008-09-19 16:13:10
ComboFix2.txt 2008-09-18 22:46:28

Avant-CF: 83,127,271,424 octets libres
AprŠs-CF: 83,110,887,424 octets libres

207 --- E O F --- 2008-09-10 22:08:50

Réponse 29 / 50

verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
19 sept. 2008 à 21:33

OK, merci.

J'analyse le rapport et te posterait le script.

A+

Réponse 30 / 50

verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
20 sept. 2008 à 13:46

1) Ouvre le bloc-notes :
Démarrer --> Tous les programmes --> accessoires --> bloc-notes

Sélectionne le texte en citation ci-dessous.
Copie/colle ce texte dans le bloc-notes.

Driver::
DMSKSSRh

File::
C:\DOCUME~1\MAMAN\LOCALS~1\Temp\DMSKSSRh.sys
C:\WINDOWS\uvexolmf.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"New.net Startup"=-

Folder::
C:\DOCUME~1\MAMAN\APPLIC~1\HOPEME~1\
C:\Documents and Settings\All Users\Application Data\SoapBurnPlusInfo
C:\FOUND.038
C:\FOUND.039
C:\FOUND.040
C:\FOUND.041
C:\WINDOWS\system32\CatRoot_bak

Enregistre le fichier sur le bureau et nomme-le CFScript.txt.

Vérifie que l'icone de Combofix se trouve également sur le bureau, sinon, tu relécharges combofix et tu l'enregistres aussi sur le bureau.

Glisse/dépose le script sur ComBoFix. Comme indiqué sur le lien suivant.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Tu suis les invites.
Ton bureau va disparaître à plusieurs reprises. Normal.
Une fois le scan achevé, tu enregistres le rapport et tu le postes

2) Poste moi ensuite un nouveau rapport Hijackthis.

Il reste encore des choses à vérifier.
Le rapport de ComBoFix montre des choses étranges ( logiciels bloqués, ... )

A+

Réponse 31 / 50

Ayayou Messages postés 44 Date d'inscription lundi 11 août 2008 Statut Membre Dernière intervention 13 mars 2015 1
21 sept. 2008 à 19:33

ComboFix 08-09-16.05 - MAMAN 2008-09-21 18:32:42.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.255 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\MAMAN\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\MAMAN\Bureau\CFScript.txt

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\MAMAN\APPLIC~1\HOPEME~1\
C:\DOCUME~1\MAMAN\APPLIC~1\HOPEME~1\\A766D585
C:\Documents and Settings\All Users\Application Data\SoapBurnPlusInfo
C:\Documents and Settings\All Users\Application Data\SoapBurnPlusInfo\city error frag
C:\Documents and Settings\All Users\Application Data\SoapBurnPlusInfo\exit flap spam
C:\Documents and Settings\All Users\Application Data\SoapBurnPlusInfo\TRUSTCORN.0XE
C:\FOUND.038
C:\FOUND.038\FILE0000.CHK
C:\FOUND.038\FILE0001.CHK
C:\FOUND.038\FILE0002.CHK
C:\FOUND.038\FILE0003.CHK
C:\FOUND.038\FILE0004.CHK
C:\FOUND.038\FILE0005.CHK
C:\FOUND.038\FILE0006.CHK
C:\FOUND.038\FILE0007.CHK
C:\FOUND.039
C:\FOUND.039\FILE0000.CHK
C:\FOUND.039\FILE0001.CHK
C:\FOUND.039\FILE0002.CHK
C:\FOUND.039\FILE0003.CHK
C:\FOUND.039\FILE0004.CHK
C:\FOUND.039\FILE0005.CHK
C:\FOUND.039\FILE0006.CHK
C:\FOUND.039\FILE0007.CHK
C:\FOUND.039\FILE0008.CHK
C:\FOUND.039\FILE0009.CHK
C:\FOUND.039\FILE0010.CHK
C:\FOUND.039\FILE0011.CHK
C:\FOUND.039\FILE0012.CHK
C:\FOUND.039\FILE0013.CHK
C:\FOUND.039\FILE0014.CHK
C:\FOUND.039\FILE0015.CHK
C:\FOUND.039\FILE0016.CHK
C:\FOUND.039\FILE0017.CHK
C:\FOUND.039\FILE0018.CHK
C:\FOUND.039\FILE0019.CHK
C:\FOUND.039\FILE0020.CHK
C:\FOUND.039\FILE0021.CHK
C:\FOUND.039\FILE0022.CHK
C:\FOUND.039\FILE0023.CHK
C:\FOUND.039\FILE0024.CHK
C:\FOUND.039\FILE0025.CHK
C:\FOUND.039\FILE0026.CHK
C:\FOUND.039\FILE0027.CHK
C:\FOUND.039\FILE0028.CHK
C:\FOUND.039\FILE0029.CHK
C:\FOUND.039\FILE0030.CHK
C:\FOUND.039\FILE0031.CHK
C:\FOUND.039\FILE0032.CHK
C:\FOUND.039\FILE0033.CHK
C:\FOUND.039\FILE0034.CHK
C:\FOUND.039\FILE0035.CHK
C:\FOUND.039\FILE0036.CHK
C:\FOUND.039\FILE0037.CHK
C:\FOUND.039\FILE0038.CHK
C:\FOUND.040
C:\FOUND.040\FILE0000.CHK
C:\FOUND.040\FILE0001.CHK
C:\FOUND.040\FILE0002.CHK
C:\FOUND.040\FILE0003.CHK
C:\FOUND.040\FILE0004.CHK
C:\FOUND.040\FILE0005.CHK
C:\FOUND.040\FILE0006.CHK
C:\FOUND.040\FILE0007.CHK
C:\FOUND.040\FILE0008.CHK
C:\FOUND.040\FILE0009.CHK
C:\FOUND.040\FILE0010.CHK
C:\FOUND.040\FILE0011.CHK
C:\FOUND.040\FILE0012.CHK
C:\FOUND.040\FILE0013.CHK
C:\FOUND.040\FILE0014.CHK
C:\FOUND.040\FILE0015.CHK
C:\FOUND.040\FILE0016.CHK
C:\FOUND.040\FILE0017.CHK
C:\FOUND.040\FILE0018.CHK
C:\FOUND.040\FILE0019.CHK
C:\FOUND.040\FILE0020.CHK
C:\FOUND.040\FILE0021.CHK
C:\FOUND.040\FILE0022.CHK
C:\FOUND.040\FILE0023.CHK
C:\FOUND.040\FILE0024.CHK
C:\FOUND.040\FILE0025.CHK
C:\FOUND.040\FILE0026.CHK
C:\FOUND.040\FILE0027.CHK
C:\FOUND.040\FILE0028.CHK
C:\FOUND.040\FILE0029.CHK
C:\FOUND.040\FILE0030.CHK
C:\FOUND.040\FILE0031.CHK
C:\FOUND.040\FILE0032.CHK
C:\FOUND.040\FILE0033.CHK
C:\FOUND.040\FILE0034.CHK
C:\FOUND.040\FILE0035.CHK
C:\FOUND.040\FILE0036.CHK
C:\FOUND.040\FILE0037.CHK
C:\FOUND.040\FILE0038.CHK
C:\FOUND.040\FILE0039.CHK
C:\FOUND.040\FILE0040.CHK
C:\FOUND.040\FILE0041.CHK
C:\FOUND.040\FILE0042.CHK
C:\FOUND.040\FILE0043.CHK
C:\FOUND.040\FILE0044.CHK
C:\FOUND.040\FILE0045.CHK
C:\FOUND.040\FILE0046.CHK
C:\FOUND.040\FILE0047.CHK
C:\FOUND.040\FILE0048.CHK
C:\FOUND.040\FILE0049.CHK
C:\FOUND.040\FILE0050.CHK
C:\FOUND.040\FILE0051.CHK
C:\FOUND.040\FILE0052.CHK
C:\FOUND.040\FILE0053.CHK
C:\FOUND.040\FILE0054.CHK
C:\FOUND.040\FILE0055.CHK
C:\FOUND.040\FILE0056.CHK
C:\FOUND.040\FILE0057.CHK
C:\FOUND.040\FILE0058.CHK
C:\FOUND.040\FILE0059.CHK
C:\FOUND.040\FILE0060.CHK
C:\FOUND.040\FILE0061.CHK
C:\FOUND.040\FILE0062.CHK
C:\FOUND.040\FILE0063.CHK
C:\FOUND.040\FILE0064.CHK
C:\FOUND.040\FILE0065.CHK
C:\FOUND.040\FILE0066.CHK
C:\FOUND.040\FILE0067.CHK
C:\FOUND.040\FILE0068.CHK
C:\FOUND.040\FILE0069.CHK
C:\FOUND.040\FILE0070.CHK
C:\FOUND.040\FILE0071.CHK
C:\FOUND.040\FILE0072.CHK
C:\FOUND.040\FILE0073.CHK
C:\FOUND.040\FILE0074.CHK
C:\FOUND.040\FILE0075.CHK
C:\FOUND.040\FILE0076.CHK
C:\FOUND.040\FILE0077.CHK
C:\FOUND.040\FILE0078.CHK
C:\FOUND.040\FILE0079.CHK
C:\FOUND.040\FILE0080.CHK
C:\FOUND.040\FILE0081.CHK
C:\FOUND.040\FILE0082.CHK
C:\FOUND.040\FILE0083.CHK
C:\FOUND.040\FILE0084.CHK
C:\FOUND.040\FILE0085.CHK
C:\FOUND.040\FILE0086.CHK
C:\FOUND.040\FILE0087.CHK
C:\FOUND.040\FILE0088.CHK
C:\FOUND.040\FILE0089.CHK
C:\FOUND.040\FILE0090.CHK
C:\FOUND.040\FILE0091.CHK
C:\FOUND.040\FILE0092.CHK
C:\FOUND.040\FILE0093.CHK
C:\FOUND.040\FILE0094.CHK
C:\FOUND.040\FILE0095.CHK
C:\FOUND.040\FILE0096.CHK
C:\FOUND.040\FILE0097.CHK
C:\FOUND.040\FILE0098.CHK
C:\FOUND.040\FILE0099.CHK
C:\FOUND.040\FILE0100.CHK
C:\FOUND.040\FILE0101.CHK
C:\FOUND.040\FILE0102.CHK
C:\FOUND.040\FILE0103.CHK
C:\FOUND.040\FILE0104.CHK
C:\FOUND.040\FILE0105.CHK
C:\FOUND.040\FILE0106.CHK
C:\FOUND.040\FILE0107.CHK
C:\FOUND.040\FILE0108.CHK
C:\FOUND.040\FILE0109.CHK
C:\FOUND.040\FILE0110.CHK
C:\FOUND.040\FILE0111.CHK
C:\FOUND.040\FILE0112.CHK
C:\FOUND.040\FILE0113.CHK
C:\FOUND.040\FILE0114.CHK
C:\FOUND.040\FILE0115.CHK
C:\FOUND.040\FILE0116.CHK
C:\FOUND.040\FILE0117.CHK
C:\FOUND.040\FILE0118.CHK
C:\FOUND.040\FILE0119.CHK
C:\FOUND.040\FILE0120.CHK
C:\FOUND.040\FILE0121.CHK
C:\FOUND.040\FILE0122.CHK
C:\FOUND.040\FILE0123.CHK
C:\FOUND.040\FILE0124.CHK
C:\FOUND.040\FILE0125.CHK
C:\FOUND.040\FILE0126.CHK
C:\FOUND.040\FILE0127.CHK
C:\FOUND.040\FILE0128.CHK
C:\FOUND.040\FILE0129.CHK
C:\FOUND.040\FILE0130.CHK
C:\FOUND.040\FILE0131.CHK
C:\FOUND.040\FILE0132.CHK
C:\FOUND.040\FILE0133.CHK
C:\FOUND.040\FILE0134.CHK
C:\FOUND.040\FILE0135.CHK
C:\FOUND.040\FILE0136.CHK
C:\FOUND.040\FILE0137.CHK
C:\FOUND.040\FILE0138.CHK
C:\FOUND.040\FILE0139.CHK
C:\FOUND.040\FILE0140.CHK
C:\FOUND.040\FILE0141.CHK
C:\FOUND.040\FILE0142.CHK
C:\FOUND.040\FILE0143.CHK
C:\FOUND.040\FILE0144.CHK
C:\FOUND.040\FILE0145.CHK
C:\FOUND.040\FILE0146.CHK
C:\FOUND.040\FILE0147.CHK
C:\FOUND.040\FILE0148.CHK
C:\FOUND.040\FILE0149.CHK
C:\FOUND.040\FILE0150.CHK
C:\FOUND.040\FILE0151.CHK
C:\FOUND.040\FILE0152.CHK
C:\FOUND.040\FILE0153.CHK
C:\FOUND.040\FILE0154.CHK
C:\FOUND.040\FILE0155.CHK
C:\FOUND.040\FILE0156.CHK
C:\FOUND.040\FILE0157.CHK
C:\FOUND.040\FILE0158.CHK
C:\FOUND.040\FILE0159.CHK
C:\FOUND.040\FILE0160.CHK
C:\FOUND.040\FILE0161.CHK
C:\FOUND.040\FILE0162.CHK
C:\FOUND.040\FILE0163.CHK
C:\FOUND.040\FILE0164.CHK
C:\FOUND.040\FILE0165.CHK
C:\FOUND.040\FILE0166.CHK
C:\FOUND.040\FILE0167.CHK
C:\FOUND.040\FILE0168.CHK
C:\FOUND.040\FILE0169.CHK
C:\FOUND.040\FILE0170.CHK
C:\FOUND.040\FILE0171.CHK
C:\FOUND.040\FILE0172.CHK
C:\FOUND.040\FILE0173.CHK
C:\FOUND.040\FILE0174.CHK
C:\FOUND.040\FILE0175.CHK
C:\FOUND.040\FILE0176.CHK
C:\FOUND.040\FILE0177.CHK
C:\FOUND.040\FILE0178.CHK
C:\FOUND.040\FILE0179.CHK
C:\FOUND.040\FILE0180.CHK
C:\FOUND.040\FILE0181.CHK
C:\FOUND.040\FILE0182.CHK
C:\FOUND.040\FILE0183.CHK
C:\FOUND.040\FILE0184.CHK
C:\FOUND.040\FILE0185.CHK
C:\FOUND.040\FILE0186.CHK
C:\FOUND.040\FILE0187.CHK
C:\FOUND.040\FILE0188.CHK
C:\FOUND.040\FILE0189.CHK
C:\FOUND.040\FILE0190.CHK
C:\FOUND.040\FILE0191.CHK
C:\FOUND.040\FILE0192.CHK
C:\FOUND.040\FILE0193.CHK
C:\FOUND.040\FILE0194.CHK
C:\FOUND.040\FILE0195.CHK
C:\FOUND.040\FILE0196.CHK
C:\FOUND.040\FILE0197.CHK
C:\FOUND.040\FILE0198.CHK
C:\FOUND.040\FILE0199.CHK
C:\FOUND.040\FILE0200.CHK
C:\FOUND.040\FILE0201.CHK
C:\FOUND.040\FILE0202.CHK
C:\FOUND.040\FILE0203.CHK
C:\FOUND.040\FILE0204.CHK
C:\FOUND.040\FILE0205.CHK
C:\FOUND.040\FILE0206.CHK
C:\FOUND.040\FILE0207.CHK
C:\FOUND.040\FILE0208.CHK
C:\FOUND.040\FILE0209.CHK
C:\FOUND.040\FILE0210.CHK
C:\FOUND.040\FILE0211.CHK
C:\FOUND.040\FILE0212.CHK
C:\FOUND.040\FILE0213.CHK
C:\FOUND.040\FILE0214.CHK
C:\FOUND.040\FILE0215.CHK
C:\FOUND.040\FILE0216.CHK
C:\FOUND.040\FILE0217.CHK
C:\FOUND.040\FILE0218.CHK
C:\FOUND.040\FILE0219.CHK
C:\FOUND.040\FILE0220.CHK
C:\FOUND.040\FILE0221.CHK
C:\FOUND.040\FILE0222.CHK
C:\FOUND.040\FILE0223.CHK
C:\FOUND.040\FILE0224.CHK
C:\FOUND.040\FILE0225.CHK
C:\FOUND.040\FILE0226.CHK
C:\FOUND.040\FILE0227.CHK
C:\FOUND.040\FILE0228.CHK
C:\FOUND.040\FILE0229.CHK
C:\FOUND.040\FILE0230.CHK
C:\FOUND.040\FILE0231.CHK
C:\FOUND.040\FILE0232.CHK
C:\FOUND.040\FILE0233.CHK
C:\FOUND.040\FILE0234.CHK
C:\FOUND.040\FILE0235.CHK
C:\FOUND.040\FILE0236.CHK
C:\FOUND.040\FILE0237.CHK
C:\FOUND.040\FILE0238.CHK
C:\FOUND.040\FILE0239.CHK
C:\FOUND.040\FILE0240.CHK
C:\FOUND.040\FILE0241.CHK
C:\FOUND.040\FILE0242.CHK
C:\FOUND.040\FILE0243.CHK
C:\FOUND.040\FILE0244.CHK
C:\FOUND.040\FILE0245.CHK
C:\FOUND.040\FILE0246.CHK
C:\FOUND.040\FILE0247.CHK
C:\FOUND.040\FILE0248.CHK
C:\FOUND.040\FILE0249.CHK
C:\FOUND.040\FILE0250.CHK
C:\FOUND.040\FILE0251.CHK
C:\FOUND.040\FILE0252.CHK
C:\FOUND.040\FILE0253.CHK
C:\FOUND.040\FILE0254.CHK
C:\FOUND.040\FILE0255.CHK
C:\FOUND.040\FILE0256.CHK
C:\FOUND.040\FILE0257.CHK
C:\FOUND.040\FILE0258.CHK
C:\FOUND.040\FILE0259.CHK
C:\FOUND.040\FILE0260.CHK
C:\FOUND.040\FILE0261.CHK
C:\FOUND.040\FILE0262.CHK
C:\FOUND.040\FILE0263.CHK
C:\FOUND.040\FILE0264.CHK
C:\FOUND.040\FILE0265.CHK
C:\FOUND.040\FILE0266.CHK
C:\FOUND.040\FILE0267.CHK
C:\FOUND.040\FILE0268.CHK
C:\FOUND.040\FILE0269.CHK
C:\FOUND.040\FILE0270.CHK
C:\FOUND.040\FILE0271.CHK
C:\FOUND.040\FILE0272.CHK
C:\FOUND.040\FILE0273.CHK
C:\FOUND.040\FILE0274.CHK
C:\FOUND.040\FILE0275.CHK
C:\FOUND.040\FILE0276.CHK
C:\FOUND.040\FILE0277.CHK
C:\FOUND.040\FILE0278.CHK
C:\FOUND.040\FILE0279.CHK
C:\FOUND.040\FILE0280.CHK
C:\FOUND.040\FILE0281.CHK
C:\FOUND.040\FILE0282.CHK
C:\FOUND.040\FILE0283.CHK
C:\FOUND.040\FILE0284.CHK
C:\FOUND.040\FILE0285.CHK
C:\FOUND.040\FILE0286.CHK
C:\FOUND.040\FILE0287.CHK
C:\FOUND.040\FILE0288.CHK
C:\FOUND.040\FILE0289.CHK
C:\FOUND.040\FILE0290.CHK
C:\FOUND.040\FILE0291.CHK
C:\FOUND.040\FILE0292.CHK
C:\FOUND.040\FILE0293.CHK
C:\FOUND.040\FILE0294.CHK
C:\FOUND.040\FILE0295.CHK
C:\FOUND.040\FILE0296.CHK
C:\FOUND.040\FILE0297.CHK
C:\FOUND.040\FILE0298.CHK
C:\FOUND.040\FILE0299.CHK
C:\FOUND.040\FILE0300.CHK
C:\FOUND.040\FILE0301.CHK
C:\FOUND.040\FILE0302.CHK
C:\FOUND.040\FILE0303.CHK
C:\FOUND.040\FILE0304.CHK
C:\FOUND.040\FILE0305.CHK
C:\FOUND.040\FILE0306.CHK
C:\FOUND.040\FILE0307.CHK
C:\FOUND.040\FILE0308.CHK
C:\FOUND.040\FILE0309.CHK
C:\FOUND.040\FILE0310.CHK
C:\FOUND.040\FILE0311.CHK
C:\FOUND.040\FILE0312.CHK
C:\FOUND.040\FILE0313.CHK
C:\FOUND.040\FILE0314.CHK
C:\FOUND.040\FILE0315.CHK
C:\FOUND.040\FILE0316.CHK
C:\FOUND.040\FILE0317.CHK
C:\FOUND.040\FILE0318.CHK
C:\FOUND.040\FILE0319.CHK
C:\FOUND.040\FILE0320.CHK
C:\FOUND.040\FILE0321.CHK
C:\FOUND.040\FILE0322.CHK
C:\FOUND.040\FILE0323.CHK
C:\FOUND.040\FILE0324.CHK
C:\FOUND.040\FILE0325.CHK
C:\FOUND.040\FILE0326.CHK
C:\FOUND.040\FILE0327.CHK
C:\FOUND.040\FILE0328.CHK
C:\FOUND.040\FILE0329.CHK
C:\FOUND.040\FILE0330.CHK
C:\FOUND.040\FILE0331.CHK
C:\FOUND.040\FILE0332.CHK
C:\FOUND.040\FILE0333.CHK
C:\FOUND.040\FILE0334.CHK
C:\FOUND.040\FILE0335.CHK
C:\FOUND.040\FILE0336.CHK
C:\FOUND.040\FILE0337.CHK
C:\FOUND.040\FILE0338.CHK
C:\FOUND.040\FILE0339.CHK
C:\FOUND.040\FILE0340.CHK
C:\FOUND.040\FILE0341.CHK
C:\FOUND.040\FILE0342.CHK
C:\FOUND.040\FILE0343.CHK
C:\FOUND.040\FILE0344.CHK
C:\FOUND.040\FILE0345.CHK
C:\FOUND.040\FILE0346.CHK
C:\FOUND.040\FILE0347.CHK
C:\FOUND.040\FILE0348.CHK
C:\FOUND.040\FILE0349.CHK
C:\FOUND.040\FILE0350.CHK
C:\FOUND.040\FILE0351.CHK
C:\FOUND.040\FILE0352.CHK
C:\FOUND.040\FILE0353.CHK
C:\FOUND.040\FILE0354.CHK
C:\FOUND.040\FILE0355.CHK
C:\FOUND.040\FILE0356.CHK
C:\FOUND.040\FILE0357.CHK
C:\FOUND.040\FILE0358.CHK
C:\FOUND.040\FILE0359.CHK
C:\FOUND.040\FILE0360.CHK
C:\FOUND.040\FILE0361.CHK
C:\FOUND.040\FILE0362.CHK
C:\FOUND.040\FILE0363.CHK
C:\FOUND.040\FILE0364.CHK
C:\FOUND.040\FILE0365.CHK
C:\FOUND.040\FILE0366.CHK
C:\FOUND.040\FILE0367.CHK
C:\FOUND.040\FILE0368.CHK
C:\FOUND.040\FILE0369.CHK
C:\FOUND.040\FILE0370.CHK
C:\FOUND.040\FILE0371.CHK
C:\FOUND.040\FILE0372.CHK
C:\FOUND.040\FILE0373.CHK
C:\FOUND.040\FILE0374.CHK
C:\FOUND.040\FILE0375.CHK
C:\FOUND.040\FILE0376.CHK
C:\FOUND.040\FILE0377.CHK
C:\FOUND.040\FILE0378.CHK
C:\FOUND.040\FILE0379.CHK
C:\FOUND.040\FILE0380.CHK
C:\FOUND.040\FILE0381.CHK
C:\FOUND.040\FILE0382.CHK
C:\FOUND.040\FILE0383.CHK
C:\FOUND.040\FILE0384.CHK
C:\FOUND.040\FILE0385.CHK
C:\FOUND.040\FILE0386.CHK
C:\FOUND.040\FILE0387.CHK
C:\FOUND.040\FILE0388.CHK
C:\FOUND.040\FILE0389.CHK
C:\FOUND.040\FILE0390.CHK
C:\FOUND.040\FILE0391.CHK
C:\FOUND.040\FILE0392.CHK
C:\FOUND.040\FILE0393.CHK
C:\FOUND.040\FILE0394.CHK
C:\FOUND.040\FILE0395.CHK
C:\FOUND.040\FILE0396.CHK
C:\FOUND.040\FILE0397.CHK
C:\FOUND.040\FILE0398.CHK
C:\FOUND.040\FILE0399.CHK
C:\FOUND.040\FILE0400.CHK
C:\FOUND.040\FILE0401.CHK
C:\FOUND.040\FILE0402.CHK
C:\FOUND.040\FILE0403.CHK
C:\FOUND.040\FILE0404.CHK
C:\FOUND.040\FILE0405.CHK
C:\FOUND.040\FILE0406.CHK
C:\FOUND.040\FILE0407.CHK
C:\FOUND.040\FILE0408.CHK
C:\FOUND.040\FILE0409.CHK
C:\FOUND.040\FILE0410.CHK
C:\FOUND.040\FILE0411.CHK
C:\FOUND.040\FILE0412.CHK
C:\FOUND.040\FILE0413.CHK
C:\FOUND.040\FILE0414.CHK
C:\FOUND.040\FILE0415.CHK
C:\FOUND.040\FILE0416.CHK
C:\FOUND.040\FILE0417.CHK
C:\FOUND.040\FILE0418.CHK
C:\FOUND.040\FILE0419.CHK
C:\FOUND.040\FILE0420.CHK
C:\FOUND.040\FILE0421.CHK
C:\FOUND.040\FILE0422.CHK
C:\FOUND.040\FILE0423.CHK
C:\FOUND.040\FILE0424.CHK
C:\FOUND.040\FILE0425.CHK
C:\FOUND.040\FILE0426.CHK
C:\FOUND.040\FILE0427.CHK
C:\FOUND.040\FILE0428.CHK
C:\FOUND.040\FILE0429.CHK
C:\FOUND.040\FILE0430.CHK
C:\FOUND.040\FILE0431.CHK
C:\FOUND.040\FILE0432.CHK
C:\FOUND.040\FILE0433.CHK
C:\FOUND.040\FILE0434.CHK
C:\FOUND.040\FILE0435.CHK
C:\FOUND.040\FILE0436.CHK
C:\FOUND.040\FILE0437.CHK
C:\FOUND.040\FILE0438.CHK
C:\FOUND.040\FILE0439.CHK
C:\FOUND.040\FILE0440.CHK
C:\FOUND.040\FILE0441.CHK
C:\FOUND.040\FILE0442.CHK
C:\FOUND.040\FILE0443.CHK
C:\FOUND.040\FILE0444.CHK
C:\FOUND.040\FILE0445.CHK
C:\FOUND.040\FILE0446.CHK
C:\FOUND.040\FILE0447.CHK
C:\FOUND.040\FILE0448.CHK
C:\FOUND.040\FILE0449.CHK
C:\FOUND.040\FILE0450.CHK
C:\FOUND.040\FILE0451.CHK
C:\FOUND.040\FILE0452.CHK
C:\FOUND.040\FILE0453.CHK
C:\FOUND.040\FILE0454.CHK
C:\FOUND.040\FILE0455.CHK
C:\FOUND.040\FILE0456.CHK
C:\FOUND.040\FILE0457.CHK
C:\FOUND.040\FILE0458.CHK
C:\FOUND.040\FILE0459.CHK
C:\FOUND.040\FILE0460.CHK
C:\FOUND.040\FILE0461.CHK
C:\FOUND.040\FILE0462.CHK
C:\FOUND.040\FILE0463.CHK
C:\FOUND.040\FILE0464.CHK
C:\FOUND.040\FILE0465.CHK
C:\FOUND.040\FILE0466.CHK
C:\FOUND.040\FILE0467.CHK
C:\FOUND.040\FILE0468.CHK
C:\FOUND.040\FILE0469.CHK
C:\FOUND.040\FILE0470.CHK
C:\FOUND.040\FILE0471.CHK
C:\FOUND.040\FILE0472.CHK
C:\FOUND.040\FILE0473.CHK
C:\FOUND.040\FILE0474.CHK
C:\FOUND.040\FILE0475.CHK
C:\FOUND.040\FILE0476.CHK
C:\FOUND.040\FILE0477.CHK
C:\FOUND.040\FILE0478.CHK
C:\FOUND.040\FILE0479.CHK
C:\FOUND.040\FILE0480.CHK
C:\FOUND.040\FILE0481.CHK
C:\FOUND.040\FILE0482.CHK
C:\FOUND.040\FILE0483.CHK
C:\FOUND.040\FILE0484.CHK
C:\FOUND.040\FILE0485.CHK
C:\FOUND.040\FILE0486.CHK
C:\FOUND.040\FILE0487.CHK
C:\FOUND.040\FILE0488.CHK
C:\FOUND.040\FILE0489.CHK
C:\FOUND.040\FILE0490.CHK
C:\FOUND.040\FILE0491.CHK
C:\FOUND.040\FILE0492.CHK
C:\FOUND.040\FILE0493.CHK
C:\FOUND.040\FILE0494.CHK
C:\FOUND.040\FILE0495.CHK
C:\FOUND.040\FILE0496.CHK
C:\FOUND.040\FILE0497.CHK
C:\FOUND.040\FILE0498.CHK
C:\FOUND.040\FILE0499.CHK
C:\FOUND.040\FILE0500.CHK
C:\FOUND.040\FILE0501.CHK
C:\FOUND.040\FILE0502.CHK
C:\FOUND.040\FILE0503.CHK
C:\FOUND.040\FILE0504.CHK
C:\FOUND.040\FILE0505.CHK
C:\FOUND.040\FILE0506.CHK
C:\FOUND.040\FILE0507.CHK
C:\FOUND.040\FILE0508.CHK
C:\FOUND.040\FILE0509.CHK
C:\FOUND.040\FILE0510.CHK
C:\FOUND.040\FILE0511.CHK
C:\FOUND.040\FILE0512.CHK
C:\FOUND.040\FILE0513.CHK
C:\FOUND.040\FILE0514.CHK
C:\FOUND.040\FILE0515.CHK
C:\FOUND.040\FILE0516.CHK
C:\FOUND.040\FILE0517.CHK
C:\FOUND.040\FILE0518.CHK
C:\FOUND.040\FILE0519.CHK
C:\FOUND.040\FILE0520.CHK
C:\FOUND.040\FILE0521.CHK
C:\FOUND.040\FILE0522.CHK
C:\FOUND.040\FILE0523.CHK
C:\FOUND.040\FILE0524.CHK
C:\FOUND.040\FILE0525.CHK
C:\FOUND.040\FILE0526.CHK
C:\FOUND.040\FILE0527.CHK
C:\FOUND.040\FILE0528.CHK
C:\FOUND.040\FILE0529.CHK
C:\FOUND.040\FILE0530.CHK
C:\FOUND.040\FILE0531.CHK
C:\FOUND.040\FILE0532.CHK
C:\FOUND.040\FILE0533.CHK
C:\FOUND.040\FILE0534.CHK
C:\FOUND.040\FILE0535.CHK
C:\FOUND.040\FILE0536.CHK
C:\FOUND.040\FILE0537.CHK
C:\FOUND.040\FILE0538.CHK
C:\FOUND.040\FILE0539.CHK
C:\FOUND.040\FILE0540.CHK
C:\FOUND.040\FILE0541.CHK
C:\FOUND.040\FILE0542.CHK
C:\FOUND.040\FILE0543.CHK
C:\FOUND.040\FILE0544.CHK
C:\FOUND.040\FILE0545.CHK
C:\FOUND.040\FILE0546.CHK
C:\FOUND.040\FILE0547.CHK
C:\FOUND.040\FILE0548.CHK
C:\FOUND.040\FILE0549.CHK
C:\FOUND.040\FILE0550.CHK
C:\FOUND.040\FILE0551.CHK
C:\FOUND.040\FILE0552.CHK
C:\FOUND.040\FILE0553.CHK
C:\FOUND.040\FILE0554.CHK
C:\FOUND.040\FILE0555.CHK
C:\FOUND.040\FILE0556.CHK
C:\FOUND.040\FILE0557.CHK
C:\FOUND.040\FILE0558.CHK
C:\FOUND.040\FILE0559.CHK
C:\FOUND.040\FILE0560.CHK
C:\FOUND.040\FILE0561.CHK
C:\FOUND.040\FILE0562.CHK
C:\FOUND.040\FILE0563.CHK
C:\FOUND.040\FILE0564.CHK
C:\FOUND.040\FILE0565.CHK
C:\FOUND.040\FILE0566.CHK
C:\FOUND.040\FILE0567.CHK
C:\FOUND.040\FILE0568.CHK
C:\FOUND.040\FILE0569.CHK
C:\FOUND.040\FILE0570.CHK
C:\FOUND.040\FILE0571.CHK
C:\FOUND.040\FILE0572.CHK
C:\FOUND.040\FILE0573.CHK
C:\FOUND.040\FILE0574.CHK
C:\FOUND.040\FILE0575.CHK
C:\FOUND.040\FILE0576.CHK
C:\FOUND.040\FILE0577.CHK
C:\FOUND.040\FILE0578.CHK
C:\FOUND.040\FILE0579.CHK
C:\FOUND.040\FILE0580.CHK
C:\FOUND.040\FILE0581.CHK
C:\FOUND.040\FILE0582.CHK
C:\FOUND.040\FILE0583.CHK
C:\FOUND.040\FILE0584.CHK
C:\FOUND.040\FILE0585.CHK
C:\FOUND.040\FILE0586.CHK
C:\FOUND.040\FILE0587.CHK
C:\FOUND.040\FILE0588.CHK
C:\FOUND.040\FILE0589.CHK
C:\FOUND.040\FILE0590.CHK
C:\FOUND.040\FILE0591.CHK
C:\FOUND.040\FILE0592.CHK
C:\FOUND.040\FILE0593.CHK
C:\FOUND.040\FILE0594.CHK
C:\FOUND.040\FILE0595.CHK
C:\FOUND.040\FILE0596.CHK
C:\FOUND.040\FILE0597.CHK
C:\FOUND.040\FILE0598.CHK
C:\FOUND.040\FILE0599.CHK
C:\FOUND.040\FILE0600.CHK
C:\FOUND.040\FILE0601.CHK
C:\FOUND.040\FILE0602.CHK
C:\FOUND.040\FILE0603.CHK
C:\FOUND.040\FILE0604.CHK
C:\FOUND.040\FILE0605.CHK
C:\FOUND.040\FILE0606.CHK
C:\FOUND.040\FILE0607.CHK
C:\FOUND.040\FILE0608.CHK
C:\FOUND.040\FILE0609.CHK
C:\FOUND.040\FILE0610.CHK
C:\FOUND.040\FILE0611.CHK
C:\FOUND.040\FILE0612.CHK
C:\FOUND.040\FILE0613.CHK
C:\FOUND.040\FILE0614.CHK
C:\FOUND.040\FILE0615.CHK
C:\FOUND.040\FILE0616.CHK
C:\FOUND.040\FILE0617.CHK
C:\FOUND.040\FILE0618.CHK
C:\FOUND.040\FILE0619.CHK
C:\FOUND.040\FILE0620.CHK
C:\FOUND.040\FILE0621.CHK
C:\FOUND.040\FILE0622.CHK
C:\FOUND.040\FILE0623.CHK
C:\FOUND.040\FILE0624.CHK
C:\FOUND.040\FILE0625.CHK
C:\FOUND.040\FILE0626.CHK
C:\FOUND.040\FILE0627.CHK
C:\FOUND.040\FILE0628.CHK
C:\FOUND.040\FILE0629.CHK
C:\FOUND.040\FILE0630.CHK
C:\FOUND.040\FILE0631.CHK
C:\FOUND.040\FILE0632.CHK
C:\FOUND.040\FILE0633.CHK
C:\FOUND.040\FILE0634.CHK
C:\FOUND.040\FILE0635.CHK
C:\FOUND.040\FILE0636.CHK
C:\FOUND.040\FILE0637.CHK
C:\FOUND.040\FILE0638.CHK
C:\FOUND.040\FILE0639.CHK
C:\FOUND.040\FILE0640.CHK
C:\FOUND.040\FILE0641.CHK
C:\FOUND.041
C:\FOUND.041\FILE0000.CHK
C:\FOUND.041\FILE0001.CHK
C:\FOUND.041\FILE0002.CHK
C:\FOUND.041\FILE0003.CHK
C:\FOUND.041\FILE0004.CHK
C:\FOUND.041\FILE0005.CHK
C:\FOUND.041\FILE0006.CHK
C:\FOUND.041\FILE0007.CHK
C:\FOUND.041\FILE0008.CHK
C:\FOUND.041\FILE0009.CHK
C:\FOUND.041\FILE0010.CHK
C:\FOUND.041\FILE0011.CHK
C:\FOUND.041\FILE0012.CHK
C:\FOUND.041\FILE0013.CHK
C:\FOUND.041\FILE0014.CHK
C:\FOUND.041\FILE0015.CHK
C:\FOUND.041\FILE0016.CHK
C:\FOUND.041\FILE0017.CHK
C:\FOUND.041\FILE0018.CHK
C:\FOUND.041\FILE0019.CHK
C:\FOUND.041\FILE0020.CHK
C:\FOUND.041\FILE0021.CHK
C:\FOUND.041\FILE0022.CHK
C:\FOUND.041\FILE0023.CHK
C:\FOUND.041\FILE0024.CHK
C:\FOUND.041\FILE0025.CHK
C:\FOUND.041\FILE0026.CHK
C:\FOUND.041\FILE0027.CHK
C:\FOUND.041\FILE0028.CHK
C:\FOUND.041\FILE0029.CHK
C:\FOUND.041\FILE0030.CHK
C:\FOUND.041\FILE0031.CHK
C:\FOUND.041\FILE0032.CHK
C:\FOUND.041\FILE0033.CHK
C:\FOUND.041\FILE0034.CHK
C:\FOUND.041\FILE0035.CHK
C:\FOUND.041\FILE0036.CHK
C:\FOUND.041\FILE0037.CHK
C:\FOUND.041\FILE0038.CHK
C:\FOUND.041\FILE0039.CHK
C:\FOUND.041\FILE0040.CHK
C:\FOUND.041\FILE0041.CHK
C:\FOUND.041\FILE0042.CHK
C:\FOUND.041\FILE0043.CHK
C:\FOUND.041\FILE0044.CHK
C:\FOUND.041\FILE0045.CHK
C:\FOUND.041\FILE0046.CHK
C:\FOUND.041\FILE0047.CHK
C:\FOUND.041\FILE0048.CHK
C:\FOUND.041\FILE0049.CHK
C:\FOUND.041\FILE0050.CHK
C:\FOUND.041\FILE0051.CHK
C:\FOUND.041\FILE0052.CHK
C:\FOUND.041\FILE0053.CHK
C:\FOUND.041\FILE0054.CHK
C:\FOUND.041\FILE0055.CHK
C:\FOUND.041\FILE0056.CHK
C:\FOUND.041\FILE0057.CHK
C:\FOUND.041\FILE0058.CHK
C:\FOUND.041\FILE0059.CHK
C:\FOUND.041\FILE0060.CHK
C:\FOUND.041\FILE0061.CHK
C:\FOUND.041\FILE0062.CHK
C:\FOUND.041\FILE0063.CHK
C:\FOUND.041\FILE0064.CHK
C:\FOUND.041\FILE0065.CHK
C:\FOUND.041\FILE0066.CHK
C:\FOUND.041\FILE0067.CHK
C:\FOUND.041\FILE0068.CHK
C:\FOUND.041\FILE0069.CHK
C:\FOUND.041\FILE0070.CHK
C:\FOUND.041\FILE0071.CHK
C:\FOUND.041\FILE0072.CHK
C:\FOUND.041\FILE0073.CHK
C:\FOUND.041\FILE0074.CHK
C:\FOUND.041\FILE0075.CHK
C:\FOUND.041\FILE0076.CHK
C:\FOUND.041\FILE0077.CHK
C:\FOUND.041\FILE0078.CHK
C:\FOUND.041\FILE0079.CHK
C:\FOUND.041\FILE0080.CHK
C:\FOUND.041\FILE0081.CHK
C:\FOUND.041\FILE0082.CHK
C:\FOUND.041\FILE0083.CHK
C:\FOUND.041\FILE0084.CHK
C:\FOUND.041\FILE0085.CHK
C:\FOUND.041\FILE0086.CHK
C:\FOUND.041\FILE0087.CHK
C:\FOUND.041\FILE0088.CHK
C:\FOUND.041\FILE0089.CHK
C:\FOUND.041\FILE0090.CHK
C:\FOUND.041\FILE0091.CHK
C:\FOUND.041\FILE0092.CHK
C:\FOUND.041\FILE0093.CHK
C:\FOUND.041\FILE0094.CHK
C:\FOUND.041\FILE0095.CHK
C:\FOUND.041\FILE0096.CHK
C:\FOUND.041\FILE0097.CHK
C:\FOUND.041\FILE0098.CHK
C:\FOUND.041\FILE0099.CHK
C:\FOUND.041\FILE0100.CHK
C:\FOUND.041\FILE0101.CHK
C:\FOUND.041\FILE0102.CHK
C:\FOUND.041\FILE0103.CHK
C:\FOUND.041\FILE0104.CHK
C:\FOUND.041\FILE0105.CHK
C:\FOUND.041\FILE0106.CHK
C:\FOUND.041\FILE0107.CHK
C:\FOUND.041\FILE0108.CHK
C:\FOUND.041\FILE0109.CHK
C:\FOUND.041\FILE0110.CHK
C:\FOUND.041\FILE0111.CHK
C:\FOUND.041\FILE0112.CHK
C:\FOUND.041\FILE0113.CHK
C:\FOUND.041\FILE0114.CHK
C:\FOUND.041\FILE0115.CHK
C:\FOUND.041\FILE0116.CHK
C:\FOUND.041\FILE0117.CHK
C:\FOUND.041\FILE0118.CHK
C:\FOUND.041\FILE0119.CHK
C:\FOUND.041\FILE0120.CHK
C:\FOUND.041\FILE0121.CHK
C:\FOUND.041\FILE0122.CHK
C:\FOUND.041\FILE0123.CHK
C:\FOUND.041\FILE0124.CHK
C:\FOUND.041\FILE0125.CHK
C:\FOUND.041\FILE0126.CHK
C:\FOUND.041\FILE0127.CHK
C:\FOUND.041\FILE0128.CHK
C:\FOUND.041\FILE0129.CHK
C:\FOUND.041\FILE0130.CHK
C:\FOUND.041\FILE0131.CHK
C:\FOUND.041\FILE0132.CHK
C:\FOUND.041\FILE0133.CHK
C:\FOUND.041\FILE0134.CHK
C:\FOUND.041\FILE0135.CHK
C:\FOUND.041\FILE0136.CHK
C:\FOUND.041\FILE0137.CHK
C:\FOUND.041\FILE0138.CHK
C:\FOUND.041\FILE0139.CHK
C:\FOUND.041\FILE0140.CHK
C:\FOUND.041\FILE0141.CHK
C:\FOUND.041\FILE0142.CHK
C:\FOUND.041\FILE0143.CHK
C:\FOUND.041\FILE0144.CHK
C:\FOUND.041\FILE0145.CHK
C:\FOUND.041\FILE0146.CHK
C:\FOUND.041\FILE0147.CHK
C:\FOUND.041\FILE0148.CHK
C:\FOUND.041\FILE0149.CHK
C:\FOUND.041\FILE0150.CHK
C:\FOUND.041\FILE0151.CHK
C:\FOUND.041\FILE0152.CHK
C:\FOUND.041\FILE0153.CHK
C:\FOUND.041\FILE0154.CHK
C:\FOUND.041\FILE0155.CHK
C:\FOUND.041\FILE0156.CHK
C:\FOUND.041\FILE0157.CHK
C:\FOUND.041\FILE0158.CHK
C:\FOUND.041\FILE0159.CHK
C:\FOUND.041\FILE0160.CHK
C:\FOUND.041\FILE0161.CHK
C:\FOUND.041\FILE0162.CHK
C:\FOUND.041\FILE0163.CHK
C:\FOUND.041\FILE0164.CHK
C:\FOUND.041\FILE0165.CHK
C:\FOUND.041\FILE0166.CHK
C:\FOUND.041\FILE0167.CHK
C:\FOUND.041\FILE0168.CHK
C:\FOUND.041\FILE0169.CHK
C:\FOUND.041\FILE0170.CHK
C:\FOUND.041\FILE0171.CHK
C:\FOUND.041\FILE0172.CHK
C:\FOUND.041\FILE0173.CHK
C:\FOUND.041\FILE0174.CHK
C:\FOUND.041\FILE0175.CHK
C:\FOUND.041\FILE0176.CHK
C:\FOUND.041\FILE0177.CHK
C:\FOUND.041\FILE0178.CHK
C:\FOUND.041\FILE0179.CHK
C:\FOUND.041\FILE0180.CHK
C:\FOUND.041\FILE0181.CHK
C:\FOUND.041\FILE0182.CHK
C:\FOUND.041\FILE0183.CHK
C:\FOUND.041\FILE0184.CHK
C:\FOUND.041\FILE0185.CHK
C:\FOUND.041\FILE0186.CHK
C:\FOUND.041\FILE0187.CHK
C:\FOUND.041\FILE0188.CHK
C:\FOUND.041\FILE0189.CHK
C:\FOUND.041\FILE0190.CHK
C:\FOUND.041\FILE0191.CHK
C:\FOUND.041\FILE0192.CHK
C:\FOUND.041\FILE0193.CHK
C:\FOUND.041\FILE0194.CHK
C:\FOUND.041\FILE0195.CHK
C:\FOUND.041\FILE0196.CHK
C:\FOUND.041\FILE0197.CHK
C:\FOUND.041\FILE0198.CHK
C:\FOUND.041\FILE0199.CHK
C:\FOUND.041\FILE0200.CHK
C:\FOUND.041\FILE0201.CHK
C:\FOUND.041\FILE0202.CHK
C:\FOUND.041\FILE0203.CHK
C:\FOUND.041\FILE0204.CHK
C:\FOUND.041\FILE0205.CHK
C:\FOUND.041\FILE0206.CHK
C:\FOUND.041\FILE0207.CHK
C:\FOUND.041\FILE0208.CHK
C:\FOUND.041\FILE0209.CHK
C:\FOUND.041\FILE0210.CHK
C:\FOUND.041\FILE0211.CHK
C:\FOUND.041\FILE0212.CHK
C:\FOUND.041\FILE0213.CHK
C:\FOUND.041\FILE0214.CHK
C:\FOUND.041\FILE0215.CHK
C:\FOUND.041\FILE0216.CHK
C:\FOUND.041\FILE0217.CHK
C:\FOUND.041\FILE0218.CHK
C:\FOUND.041\FILE0219.CHK
C:\FOUND.041\FILE0220.CHK
C:\FOUND.041\FILE0221.CHK
C:\FOUND.041\FILE0222.CHK
C:\FOUND.041\FILE0223.CHK
C:\FOUND.041\FILE0224.CHK
C:\FOUND.041\FILE0225.CHK
C:\FOUND.041\FILE0226.CHK
C:\FOUND.041\FILE0227.CHK
C:\FOUND.041\FILE0228.CHK
C:\FOUND.041\FILE0229.CHK
C:\FOUND.041\FILE0230.CHK
C:\FOUND.041\FILE0231.CHK
C:\FOUND.041\FILE0232.CHK
C:\FOUND.041\FILE0233.CHK
C:\FOUND.041\FILE0234.CHK
C:\FOUND.041\FILE0235.CHK
C:\FOUND.041\FILE0236.CHK
C:\FOUND.041\FILE0237.CHK
C:\FOUND.041\FILE0238.CHK
C:\FOUND.041\FILE0239.CHK
C:\FOUND.041\FILE0240.CHK
C:\FOUND.041\FILE0241.CHK
C:\FOUND.041\FILE0242.CHK
C:\FOUND.041\FILE0243.CHK
C:\FOUND.041\FILE0244.CHK
C:\FOUND.041\FILE0245.CHK
C:\FOUND.041\FILE0246.CHK
C:\FOUND.041\FILE0247.CHK
C:\FOUND.041\FILE0248.CHK
C:\FOUND.041\FILE0249.CHK
C:\FOUND.041\FILE0250.CHK
C:\FOUND.041\FILE0251.CHK
C:\FOUND.041\FILE0252.CHK
C:\FOUND.041\FILE0253.CHK
C:\FOUND.041\FILE0254.CHK
C:\FOUND.041\FILE0255.CHK
C:\FOUND.041\FILE0256.CHK
C:\FOUND.041\FILE0257.CHK
C:\FOUND.041\FILE0258.CHK
C:\FOUND.041\FILE0259.CHK
C:\FOUND.041\FILE0260.CHK
C:\FOUND.041\FILE0261.CHK
C:\FOUND.041\FILE0262.CHK
C:\FOUND.041\FILE0263.CHK
C:\FOUND.041\FILE0264.CHK
C:\FOUND.041\FILE0265.CHK
C:\FOUND.041\FILE0266.CHK
C:\FOUND.041\FILE0267.CHK
C:\FOUND.041\FILE0268.CHK
C:\FOUND.041\FILE0269.CHK
C:\FOUND.041\FILE0270.CHK
C:\FOUND.041\FILE0271.CHK
C:\FOUND.041\FILE0272.CHK
C:\FOUND.041\FILE0273.CHK
C:\FOUND.041\FILE0274.CHK
C:\FOUND.041\FILE0275.CHK
C:\FOUND.041\FILE0276.CHK
C:\FOUND.041\FILE0277.CHK
C:\FOUND.041\FILE0278.CHK
C:\FOUND.041\FILE0279.CHK
C:\FOUND.041\FILE0280.CHK
C:\FOUND.041\FILE0281.CHK
C:\FOUND.041\FILE0282.CHK
C:\FOUND.041\FILE0283.CHK
C:\FOUND.041\FILE0284.CHK
C:\FOUND.041\FILE0285.CHK
C:\FOUND.041\FILE0286.CHK
C:\FOUND.041\FILE0287.CHK
C:\FOUND.041\FILE0288.CHK
C:\FOUND.041\FILE0289.CHK
C:\FOUND.041\FILE0290.CHK
C:\FOUND.041\FILE0291.CHK
C:\FOUND.041\FILE0292.CHK
C:\FOUND.041\FILE0293.CHK
C:\FOUND.041\FILE0294.CHK
C:\FOUND.041\FILE0295.CHK
C:\FOUND.041\FILE0296.CHK
C:\FOUND.041\FILE0297.CHK
C:\FOUND.041\FILE0298.CHK
C:\FOUND.041\FILE0299.CHK
C:\FOUND.041\FILE0300.CHK
C:\FOUND.041\FILE0301.CHK
C:\FOUND.041\FILE0302.CHK
C:\FOUND.041\FILE0303.CHK
C:\FOUND.041\FILE0304.CHK
C:\FOUND.041\FILE0305.CHK
C:\FOUND.041\FILE0306.CHK
C:\FOUND.041\FILE0307.CHK
C:\FOUND.041\FILE0308.CHK
C:\FOUND.041\FILE0309.CHK
C:\FOUND.041\FILE0310.CHK
C:\FOUND.041\FILE0311.CHK
C:\FOUND.041\FILE0312.CHK
C:\FOUND.041\FILE0313.CHK
C:\FOUND.041\FILE0314.CHK
C:\FOUND.041\FILE0315.CHK
C:\FOUND.041\FILE0316.CHK
C:\FOUND.041\FILE0317.CHK
C:\FOUND.041\FILE0318.CHK
C:\FOUND.041\FILE0319.CHK
C:\FOUND.041\FILE0320.CHK
C:\FOUND.041\FILE0321.CHK
C:\FOUND.041\FILE0322.CHK
C:\FOUND.041\FILE0323.CHK
C:\FOUND.041\FILE0324.CHK
C:\FOUND.041\FILE0325.CHK
C:\FOUND.041\FILE0326.CHK
C:\FOUND.041\FILE0327.CHK
C:\FOUND.041\FILE0328.CHK
C:\FOUND.041\FILE0329.CHK
C:\FOUND.041\FILE0330.CHK
C:\FOUND.041\FILE0331.CHK
C:\FOUND.041\FILE0332.CHK
C:\FOUND.041\FILE0333.CHK
C:\FOUND.041\FILE0334.CHK
C:\FOUND.041\FILE0335.CHK
C:\FOUND.041\FILE0336.CHK
C:\FOUND.041\FILE0337.CHK
C:\FOUND.041\FILE0338.CHK
C:\FOUND.041\FILE0339.CHK
C:\FOUND.041\FILE0340.CHK
C:\FOUND.041\FILE0341.CHK
C:\FOUND.041\FILE0342.CHK
C:\FOUND.041\FILE0343.CHK
C:\FOUND.041\FILE0344.CHK
C:\FOUND.041\FILE0345.CHK
C:\FOUND.041\FILE0346.CHK
C:\FOUND.041\FILE0347.CHK
C:\FOUND.041\FILE0348.CHK
C:\FOUND.041\FILE0349.CHK
C:\FOUND.041\FILE0350.CHK
C:\FOUND.041\FILE0351.CHK
C:\FOUND.041\FILE0352.CHK
C:\FOUND.041\FILE0353.CHK
C:\FOUND.041\FILE0354.CHK
C:\FOUND.041\FILE0355.CHK
C:\FOUND.041\FILE0356.CHK
C:\FOUND.041\FILE0357.CHK
C:\FOUND.041\FILE0358.CHK
C:\FOUND.041\FILE0359.CHK
C:\FOUND.041\FILE0360.CHK
C:\FOUND.041\FILE0361.CHK
C:\FOUND.041\FILE0362.CHK
C:\FOUND.041\FILE0363.CHK
C:\FOUND.041\FILE0364.CHK
C:\FOUND.041\FILE0365.CHK
C:\FOUND.041\FILE0366.CHK
C:\FOUND.041\FILE0367.CHK
C:\FOUND.041\FILE0368.CHK
C:\FOUND.041\FILE0369.CHK
C:\FOUND.041\FILE0370.CHK
C:\FOUND.041\FILE0371.CHK
C:\FOUND.041\FILE0372.CHK
C:\FOUND.041\FILE0373.CHK
C:\FOUND.041\FILE0374.CHK
C:\FOUND.041\FILE0375.CHK
C:\FOUND.041\FILE0376.CHK
C:\FOUND.041\FILE0377.CHK
C:\FOUND.041\FILE0378.CHK
C:\FOUND.041\FILE0379.CHK
C:\FOUND.041\FILE0380.CHK
C:\FOUND.041\FILE0381.CHK
C:\FOUND.041\FILE0382.CHK
C:\FOUND.041\FILE0383.CHK
C:\FOUND.041\FILE0384.CHK
C:\FOUND.041\FILE0385.CHK
C:\FOUND.041\FILE0386.CHK
C:\FOUND.041\FILE0387.CHK
C:\FOUND.041\FILE0388.CHK
C:\FOUND.041\FILE0389.CHK
C:\FOUND.041\FILE0390.CHK
C:\FOUND.041\FILE0391.CHK
C:\FOUND.041\FILE0392.CHK
C:\FOUND.041\FILE0393.CHK
C:\FOUND.041\FILE0394.CHK
C:\FOUND.041\FILE0395.CHK
C:\FOUND.041\FILE0396.CHK
C:\FOUND.041\FILE0397.CHK
C:\FOUND.041\FILE0398.CHK
C:\FOUND.041\FILE0399.CHK
C:\FOUND.041\FILE0400.CHK
C:\FOUND.041\FILE0401.CHK
C:\FOUND.041\FILE0402.CHK
C:\FOUND.041\FILE0403.CHK
C:\FOUND.041\FILE0404.CHK
C:\FOUND.041\FILE0405.CHK
C:\FOUND.041\FILE0406.CHK
C:\FOUND.041\FILE0407.CHK
C:\FOUND.041\FILE0408.CHK
C:\FOUND.041\FILE0409.CHK
C:\FOUND.041\FILE0410.CHK
C:\FOUND.041\FILE0411.CHK
C:\FOUND.041\FILE0412.CHK
C:\FOUND.041\FILE0413.CHK
C:\FOUND.041\FILE0414.CHK
C:\FOUND.041\FILE0415.CHK
C:\FOUND.041\FILE0416.CHK
C:\FOUND.041\FILE0417.CHK
C:\FOUND.041\FILE0418.CHK
C:\FOUND.041\FILE0419.CHK
C:\FOUND.041\FILE0420.CHK
C:\FOUND.041\FILE0421.CHK
C:\FOUND.041\FILE0422.CHK
C:\FOUND.041\FILE0423.CHK
C:\FOUND.041\FILE0424.CHK
C:\FOUND.041\FILE0425.CHK
C:\FOUND.041\FILE0426.CHK
C:\FOUND.041\FILE0427.CHK
C:\FOUND.041\FILE0428.CHK
C:\FOUND.041\FILE0429.CHK
C:\FOUND.041\FILE0430.CHK
C:\FOUND.041\FILE0431.CHK
C:\FOUND.041\FILE0432.CHK
C:\FOUND.041\FILE0433.CHK
C:\FOUND.041\FILE0434.CHK
C:\FOUND.041\FILE0435.CHK
C:\FOUND.041\FILE0436.CHK
C:\FOUND.041\FILE0437.CHK
C:\FOUND.041\FILE0438.CHK
C:\FOUND.041\FILE0439.CHK
C:\FOUND.041\FILE0440.CHK
C:\FOUND.041\FILE0441.CHK
C:\FOUND.041\FILE0442.CHK
C:\FOUND.041\FILE0443.CHK
C:\FOUND.041\FILE0444.CHK
C:\FOUND.041\FILE0445.CHK
C:\FOUND.041\FILE0446.CHK
C:\FOUND.041\FILE0447.CHK
C:\FOUND.041\FILE0448.CHK
C:\FOUND.041\FILE0449.CHK
C:\FOUND.041\FILE0450.CHK
C:\FOUND.041\FILE0451.CHK
C:\FOUND.041\FILE0452.CHK
C:\FOUND.041\FILE0453.CHK
C:\FOUND.041\FILE0454.CHK
C:\FOUND.041\FILE0455.CHK
C:\FOUND.041\FILE0456.CHK
C:\FOUND.041\FILE0457.CHK
C:\FOUND.041\FILE0458.CHK
C:\FOUND.041\FILE0459.CHK
C:\FOUND.041\FILE0460.CHK
C:\FOUND.041\FILE0461.CHK
C:\FOUND.041\FILE0462.CHK
C:\FOUND.041\FILE0463.CHK
C:\FOUND.041\FILE0464.CHK
C:\FOUND.041\FILE0465.CHK
C:\FOUND.041\FILE0466.CHK
C:\FOUND.041\FILE0467.CHK
C:\FOUND.041\FILE0468.CHK
C:\FOUND.041\FILE0469.CHK
C:\FOUND.041\FILE0470.CHK
C:\FOUND.041\FILE0471.CHK
C:\FOUND.041\FILE0472.CHK
C:\FOUND.041\FILE0473.CHK
C:\FOUND.041\FILE0474.CHK
C:\FOUND.041\FILE0475.CHK
C:\FOUND.041\FILE0476.CHK
C:\FOUND.041\FILE0477.CHK
C:\FOUND.041\FILE0478.CHK
C:\FOUND.041\FILE0479.CHK
C:\FOUND.041\FILE0480.CHK
C:\FOUND.041\FILE0481.CHK
C:\FOUND.041\FILE0482.CHK
C:\FOUND.041\FILE0483.CHK
C:\FOUND.041\FILE0484.CHK
C:\FOUND.041\FILE0485.CHK
C:\FOUND.041\FILE0486.CHK
C:\FOUND.041\FILE0487.CHK
C:\FOUND.041\FILE0488.CHK
C:\FOUND.041\FILE0489.CHK
C:\FOUND.041\FILE0490.CHK
C:\FOUND.041\FILE0491.CHK
C:\FOUND.041\FILE0492.CHK
C:\FOUND.041\FILE0493.CHK
C:\FOUND.041\FILE0494.CHK
C:\FOUND.041\FILE0495.CHK
C:\FOUND.041\FILE0496.CHK
C:\FOUND.041\FILE0497.CHK
C:\FOUND.041\FILE0498.CHK
C:\FOUND.041\FILE0499.CHK
C:\FOUND.041\FILE0500.CHK
C:\FOUND.041\FILE0501.CHK
C:\FOUND.041\FILE0502.CHK
C:\FOUND.041\FILE0503.CHK
C:\FOUND.041\FILE0504.CHK
C:\FOUND.041\FILE0505.CHK
C:\FOUND.041\FILE0506.CHK
C:\FOUND.041\FILE0507.CHK
C:\FOUND.041\FILE0508.CHK
C:\FOUND.041\FILE0509.CHK
C:\FOUND.041\FILE0510.CHK
C:\FOUND.041\FILE0511.CHK
C:\FOUND.041\FILE0512.CHK
C:\FOUND.041\FILE0513.CHK
C:\FOUND.041\FILE0514.CHK
C:\FOUND.041\FILE0515.CHK
C:\FOUND.041\FILE0516.CHK
C:\FOUND.041\FILE0517.CHK
C:\FOUND.041\FILE0518.CHK
C:\FOUND.041\FILE0519.CHK
C:\FOUND.041\FILE0520.CHK
C:\FOUND.041\FILE0521.CHK
C:\FOUND.041\FILE0522.CHK
C:\FOUND.041\FILE0523.CHK
C:\FOUND.041\FILE0524.CHK
C:\FOUND.041\FILE0525.CHK
C:\FOUND.041\FILE0526.CHK
C:\FOUND.041\FILE0527.CHK
C:\FOUND.041\FILE0528.CHK
C:\FOUND.041\FILE0529.CHK
C:\FOUND.041\FILE0530.CHK
C:\FOUND.041\FILE0531.CHK
C:\FOUND.041\FILE0532.CHK
C:\FOUND.041\FILE0533.CHK
C:\FOUND.041\FILE0534.CHK
C:\FOUND.041\FILE0535.CHK
C:\FOUND.041\FILE0536.CHK
C:\FOUND.041\FILE0537.CHK
C:\FOUND.041\FILE0538.CHK
C:\FOUND.041\FILE0539.CHK
C:\FOUND.041\FILE0540.CHK
C:\FOUND.041\FILE0541.CHK
C:\FOUND.041\FILE0542.CHK
C:\FOUND.041\FILE0543.CHK
C:\FOUND.041\FILE0544.CHK
C:\FOUND.041\FILE0545.CHK
C:\FOUND.041\FILE0546.CHK
C:\FOUND.041\FILE0547.CHK
C:\FOUND.041\FILE0548.CHK
C:\FOUND.041\FILE0549.CHK
C:\FOUND.041\FILE0550.CHK
C:\FOUND.041\FILE0551.CHK
C:\FOUND.041\FILE0552.CHK
C:\FOUND.041\FILE0553.CHK
C:\FOUND.041\FILE0554.CHK
C:\FOUND.041\FILE0555.CHK
C:\FOUND.041\FILE0556.CHK
C:\FOUND.041\FILE0557.CHK
C:\FOUND.041\FILE0558.CHK
C:\FOUND.041\FILE0559.CHK
C:\FOUND.041\FILE0560.CHK
C:\FOUND.041\FILE0561.CHK
C:\FOUND.041\FILE0562.CHK
C:\FOUND.041\FILE0563.CHK
C:\FOUND.041\FILE0564.CHK
C:\FOUND.041\FILE0565.CHK
C:\FOUND.041\FILE0566.CHK
C:\FOUND.041\FILE0567.CHK
C:\FOUND.041\FILE0568.CHK
C:\FOUND.041\FILE0569.CHK
C:\FOUND.041\FILE0570.CHK
C:\FOUND.041\FILE0571.CHK
C:\FOUND.041\FILE0572.CHK
C:\FOUND.041\FILE0573.CHK
C:\FOUND.041\FILE0574.CHK
C:\FOUND.041\FILE0575.CHK
C:\FOUND.041\FILE0576.CHK
C:\FOUND.041\FILE0577.CHK
C:\FOUND.041\FILE0578.CHK
C:\FOUND.041\FILE0579.CHK
C:\FOUND.041\FILE0580.CHK
C:\FOUND.041\FILE0581.CHK
C:\FOUND.041\FILE0582.CHK
C:\FOUND.041\FILE0583.CHK
C:\FOUND.041\FILE0584.CHK
C:\FOUND.041\FILE0585.CHK
C:\FOUND.041\FILE0586.CHK
C:\FOUND.041\FILE0587.CHK
C:\FOUND.041\FILE0588.CHK
C:\FOUND.041\FILE0589.CHK
C:\FOUND.041\FILE0590.CHK
C:\FOUND.041\FILE0591.CHK
C:\FOUND.041\FILE0592.CHK
C:\FOUND.041\FILE0593.CHK
C:\FOUND.041\FILE0594.CHK
C:\FOUND.041\FILE0595.CHK
C:\FOUND.041\FILE0596.CHK
C:\FOUND.041\FILE0597.CHK
C:\FOUND.041\FILE0598.CHK
C:\FOUND.041\FILE0599.CHK
C:\FOUND.041\FILE0600.CHK
C:\FOUND.041\FILE0601.CHK
C:\FOUND.041\FILE0602.CHK
C:\FOUND.041\FILE0603.CHK
C:\FOUND.041\FILE0604.CHK
C:\FOUND.041\FILE0605.CHK
C:\FOUND.041\FILE0606.CHK
C:\FOUND.041\FILE0607.CHK
C:\FOUND.041\FILE0608.CHK
C:\FOUND.041\FILE0609.CHK
C:\FOUND.041\FILE0610.CHK
C:\FOUND.041\FILE0611.CHK
C:\FOUND.041\FILE0612.CHK
C:\FOUND.041\FILE0613.CHK
C:\FOUND.041\FILE0614.CHK
C:\FOUND.041\FILE0615.CHK
C:\FOUND.041\FILE0616.CHK
C:\FOUND.041\FILE0617.CHK
C:\FOUND.041\FILE0618.CHK
C:\FOUND.041\FILE0619.CHK
C:\FOUND.041\FILE0620.CHK
C:\FOUND.041\FILE0621.CHK
C:\FOUND.041\FILE0622.CHK
C:\FOUND.041\FILE0623.CHK
C:\FOUND.041\FILE0624.CHK
C:\FOUND.041\FILE0625.CHK
C:\WINDOWS\system32\CatRoot_bak

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DMSKSSRH
-------\Service_DMSKSSRh

((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-21 au 2008-09-21 ))))))))))))))))))))))))))))))))))))
.

2008-09-19 00:04 . 2008-09-19 00:04 <REP> d-------- C:\Lop SD
2008-09-18 23:56 . 2008-09-18 23:56 <REP> d-------- C:\_OTMoveIt
2008-09-18 21:34 . 2008-09-18 21:34 <REP> d-------- C:\Program Files\Trend Micro
2008-09-18 20:28 . 2008-09-18 20:28 <REP> d-------- C:\Program Files\AxBx
2008-09-18 19:26 . 2008-09-18 19:26 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-18 19:26 . 2008-09-18 19:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-27 23:24 . 2008-08-27 23:24 0 --a------ C:\WINDOWS\nsreg.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-30 18:51 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
2008-06-30 18:51 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
2008-06-30 18:51 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 15:39 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 15:39 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:49 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2006-09-05 21:03 31 ----a-w C:\Documents and Settings\MAMAN\getfile.dat
2005-12-03 23:30 37 ----a-w C:\Documents and Settings\GUILHEM\getfile.dat
2005-06-08 17:53 37 ----a-w C:\Documents and Settings\AGNES\getfile.dat
.

((((((((((((((((((((((((((((( snapshot@2008-09-19_ 0.44.40.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule\tbSec1.dll" [2008-07-07 1569304]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2008-07-07 20:12 1569304 --a------ C:\Program Files\Secured_eMule\tbSec1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]
2007-12-23 12:26 394688 --a------ C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule\tbSec1.dll" [2008-07-07 1569304]
"{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 480704]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "C:\Program Files\Secured_eMule\tbSec1.dll" [2008-07-07 1569304]
"{196C3A46-4758-433D-A600-802C804AF39C}"= "C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll" [2007-12-23 480704]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzBufferZoneOverlay]
@="{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}"
[HKEY_CLASSES_ROOT\CLSID\{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}]
2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32\rlshellext.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzConfidentialOverlay]
@="{F594B094-8768-4632-8143-12852EBBD688}"
[HKEY_CLASSES_ROOT\CLSID\{F594B094-8768-4632-8143-12852EBBD688}]
2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32\rlshellext.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzForbiddenOverlay]
@="{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}"
[HKEY_CLASSES_ROOT\CLSID\{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}]
2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32\rlshellext.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzUnknownOverlay]
@="{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}"
[HKEY_CLASSES_ROOT\CLSID\{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}]
2006-11-09 16:07 1580032 --a------ C:\WINDOWS\System32\rlshellext.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhilipsLime"="C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" [2005-09-08 159744]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-05-08 190024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-02 1271032]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 3664944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-12 4112384]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 106496]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-12 81920]
"WooCnxMon"="C:\PROGRA~1\WANADOO\CnxMon.exe" [2004-05-13 24576]
"WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-05-13 24576]
"WOOTASKBARICON"="C:\PROGRA~1\WANADOO\TaskbarIcon.exe" [2004-05-13 49152]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Watch"="C:\PROGRA~1\MINITEL\Watch.exe" [2002-01-14 20480]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 286720]
"PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2005-09-14 512000]
"BufferZone"="C:\Program Files\BufferZone\CLIENTGUI.EXE" [2006-11-09 3274537]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" [2005-10-26 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" [2005-10-18 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 356352]
"nwiz"="nwiz.exe" [2004-07-12 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-10-08 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2004-07-12 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= MSNCleaner.exe
"2"= avp.exe
"3"= kav.esp
"4"= kav.eng
"5"= msconfig.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"C:\\Program Files\\Steam\\SteamApps\\will2708\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 70896]
R0 REDLIGHT;REDLIGHT;C:\WINDOWS\system32\drivers\REDLIGHT.SYS [2006-11-09 3924096]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-01 32807]
R2 BufferZoneSvc;BufferZone Service;C:\Program Files\BufferZone\ClntSvc.exe [2006-11-09 767481]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 48720]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-02 55424]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 16816]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 450560]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS [ ]
.
Contenu du dossier 'Tƒches planifi‚es'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 19:21:49
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Recherche de processus cach‚s ...

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

Recherche de fichiers cach‚s ...

Scan termin‚ avec succŠs
Fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs charg‚es dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\BufferZone\WINBORDER.DLL
.
------------------------ Autres processus actifs ------------------------
.
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\BACKWEB\6588780\PROGRAM\SERVIC~1.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSGK32ST.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\BACKWEB\6588780\PROGRAM\FSBWSYS.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSGK32.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\COMMON\FSMA32.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSSM32.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\COMMON\FSMB32.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\COMMON\FCH32.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSQH.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\COMMON\FAMEH32.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSRW.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\FWES\PROGRAM\FSDFWD.EXE
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSAV32.EXE
C:\PROGRAM FILES\WANADOO\CNXMON.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\PROGRAM FILES\ANTIVIRUSFIREWALL\BACKWEB\6588780\PROGRAM\FSPEX.EXE
C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
.
**************************************************************************
.
Heure de fin: 2008-09-21 19:30:02 - La machine a red‚marr‚
ComboFix-quarantined-files.txt 2008-09-21 17:29:30
ComboFix3.txt 2008-09-18 22:46:28
ComboFix2.txt 2008-09-19 16:13:20

Avant-CF: 83,080,740,864 octets libres
AprŠs-CF: 83,002,228,736 octets libres

1541 --- E O F --- 2008-09-10 22:08:50

Réponse 32 / 50

Ayayou Messages postés 44 Date d'inscription lundi 11 août 2008 Statut Membre Dernière intervention 13 mars 2015 1
21 sept. 2008 à 19:34

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:04, on 21/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BufferZone\ClntSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\BufferZone\CLIENTGUI.EXE
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\MINITEL\Watch.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [BufferZone] "C:\Program Files\BufferZone\CLIENTGUI.EXE" /STARTUP
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: e-Carte Bleue Banque Populaire.lnk = C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?0819bee09dea4e4d97d024ccef1008bc
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?0819bee09dea4e4d97d024ccef1008bc
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\ClntSvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Réponse 33 / 50

verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
21 sept. 2008 à 19:52

Est-ce qu'il y a des améliorations sur ton PC ?

1) Lance Hijackthis et tu choisis " Do a system scan only ".
Tu sélectionnes les lignes suivantes :

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)

Tu choisis l'option " Fixchecked" en bas de la page.

2) première chose, sur ton ordinateur, certains programmes sont interdits d'utilisation.
Ce sont :
MSNCleaner.exe , kaspersky ( qui n'est plus installé ) et l'utiliaire msconfig.exe

Est-ce volontaire ? pour par exemple que parmi les différents utilisateurs certains ne puissent pas les lancer.
Est-ce toi qui a installé cette restriction ?
Peux-tu essayer de les lancer ?
- MSNCleaner dans la liste des programmes ( peut-être ne le trouveras tu pas )
- msconfig : démarrer --> executer --> tape msconfig.exe
Ferme ensuite la fenêtre si elle s'ouvre.
Dis moi pour ces deux exécutables si ils se lancent.

3) J'aimerais que tu analyses un fichier

Tu vas sur le site de VirusTotal et tu vas pouvoir analyser le fichier.
https://www.virustotal.com/gui/

Copiez le chemin indiqué ci-dessous et le coller dans la zone à analyser.
Tu cliques ensuite sur envoyer le fichier.
Tu postes le rapport de l'analyse ( pour cela, tu sélectionnes la zone de résultat --> click droit --> copier )

Chemin : C:\WINDOWS\System32\rlshellext.dll

A+

Réponse 34 / 50

Ayayou Messages postés 44 Date d'inscription lundi 11 août 2008 Statut Membre Dernière intervention 13 mars 2015 1
21 sept. 2008 à 20:27

Oui ça a l'air d'aller mieux, j'ai plus la petite fenêtre qui s'affiche tout le temps ^^
Pour les logiciels bloqués, j'ai pas trouvé MSNCleaner, par contre j'ai pu lancer msconfig.exe
E pour l'analyse du fichier, dans la colonne résultat, il y a que des -

Réponse 35 / 50

verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
21 sept. 2008 à 20:31

Si il y a d'autres symptomes sur ton PC, dis les moi.

Pour cette manipulation, je te conseille de noter ou d'imprimer ce texte car la désinfection va se faire en mode sans échec et tu n'auras pas accès à Internet pour visualiser les consignes.
Autre astuce : Copie/colle le texte dans un fichier .txt que tu enregistres sur ton bureau. Tu le retrouveras alors sur ton bureau et en mode sans échec.

Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu l'installes. Choisis les options par défaut.
A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’exécuter .
Ne choisis que la mise à jour. Le logiciel sera lancé en mode sans échec.

Tu relances l'ordinateur en mode sans échec ( tapote la touche F8 après redémarrage ).
Tu choisis ton compte utilisateur.

Pour lancer MalwareBytes, double-clique sur le raccourci du bureau.

Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
Clique sur lancer l’examen.

A la fin de la recherche, Comme il est demandé, clique sur afficher les résultats de la recherche.
Choisis alors Supprimer la selection pour nettoyer les infections.
Tu postes le rapport dans ton prochain message.

Si tu ne le retrouves pas, ouvre MalwareBytes et regarde dans l’onglet Rapport/logs. Il y est.
Clique dessus et choisir ouvrir.

Le scan environ 50 mn.

A+

Réponse 36 / 50

Ayayou Messages postés 44 Date d'inscription lundi 11 août 2008 Statut Membre Dernière intervention 13 mars 2015 1
22 sept. 2008 à 18:39

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1186
Windows 5.1.2600 Service Pack 2

22/09/2008 06:23:16
mbam-log-2008-09-22 (06-23-16).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 186288
Temps écoulé: 7 hour(s), 9 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Secured_eMule\tbSec0.dll (Adware.Shopper) -> Quarantined and deleted successfully.

Réponse 37 / 50

verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
22 sept. 2008 à 19:25

On effectue une dernière vérifiaction, après je te donne les consignes de netteoyage.

Tu vas sur le site de Kaspersky:
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

Clique sur Demarrer Online-scanner ( en bas de page à droite ) pour commencer l'analyse.
Il te sera demandé d'installer un logiciel de Kaspersky, accepte.

A la fin de cette analyse, clique sur enregistrer le rapport.
Poste le contenu de ce rapport dans ton prochain message.

A+

Réponse 38 / 50

Ayayou Messages postés 44 Date d'inscription lundi 11 août 2008 Statut Membre Dernière intervention 13 mars 2015 1
22 sept. 2008 à 19:57

je clique sur demarrer onlive scanner, une fenêtre s'ouvre, mais après plus rien

Réponse 39 / 50

verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
22 sept. 2008 à 20:15

Je te mets un tuto.
Lis-le. Il y a peut-être des réglages sur ton PC à faire.

Si tu n'y arrives pas, tu feraus un scan avec nod32 :
https://www.eset.com/
A la fin, colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt

A+

Réponse 40 / 50

Ayayou Messages postés 44 Date d'inscription lundi 11 août 2008 Statut Membre Dernière intervention 13 mars 2015 1
22 sept. 2008 à 21:20

ya des cases avec "remove found threats" et "scan unwanted applications", je coche laquelle ?

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport

écrire un rapport de travail

1fichier.com et bloqueur de pub

impossible d'afficher le tableau dynamique sur un rapport existant

Accés au cloud