PC en rad : Virtumonde et Privacyremover
jjcasvc
-
jjcasvc -
jjcasvc -
Bonjour,
Le PC de mon fils est infecté : Message sur écran Virtumonde et Privacyremover. J'ai lu tous les messages du site sur ces saloperies mais je n'ai pas le temps d'agir, le PC s'arrête et redémarre au bout de 3 à 4 minutes . Que puis-je faire ?
Merci de votre aide
JJCASVC
Le PC de mon fils est infecté : Message sur écran Virtumonde et Privacyremover. J'ai lu tous les messages du site sur ces saloperies mais je n'ai pas le temps d'agir, le PC s'arrête et redémarre au bout de 3 à 4 minutes . Que puis-je faire ?
Merci de votre aide
JJCASVC
A voir également:
- PC en rad : Virtumonde et Privacyremover
- Reinitialiser pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Double ecran pc - Guide
- Forcer demarrage pc - Guide
13 réponses
Salut, voici le dernier Hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:10, on 28/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\HijackThis\SCAN.EXE.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:10, on 28/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\HijackThis\SCAN.EXE.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
bonjour
colle moi les rapports dans le meme message
1)Telecharges malwares bytes anti malwares :
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
2)telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.
parfois alerte comme quoi, sans la fonction administrateur le rapport ne peut pas etre complet .
a ce moment relance hijack avec un clique droit sur le raccourci et executer en tant qu administrateur.
colle moi les rapports dans le meme message
1)Telecharges malwares bytes anti malwares :
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
2)telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.
parfois alerte comme quoi, sans la fonction administrateur le rapport ne peut pas etre complet .
a ce moment relance hijack avec un clique droit sur le raccourci et executer en tant qu administrateur.
essaye en premier de te mettre en mode sans echec et regarde si ton ordi reboot.
puis va le telecharger si tu as une vitesse normal que quelques secondes.
apres le reboot fait l installation, puis la mise a jour, tout cela c est tres rapide. apres passe en mode sans echec et la fait le scan.
puis va le telecharger si tu as une vitesse normal que quelques secondes.
apres le reboot fait l installation, puis la mise a jour, tout cela c est tres rapide. apres passe en mode sans echec et la fait le scan.
Merci pour le tuyau. Après plusieurs tentives, reussi a démarrer en mode sans echec et lancé Malwarebytes
Voici le rapport :
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1186
Windows 5.1.2600 Service Pack 2
31/12/2002 13:31:01
mbam-log-2002-12-31 (13-31-01).txt
Type de recherche: Examen rapide
Eléments examinés: 47436
Temps écoulé: 2 minute(s), 49 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 31
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\bl.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\fuckj00.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\mswinudpmgr32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\sfdsg.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\ubspamn.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rlxf.dll (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\y.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\y3s.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\y6s.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\ys.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.cch (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\WINDOWS\ehSched.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\msvcrt2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\model.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcn7jj0eg97.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcn7jj0eg97.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcn7jj0eg97.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gkhtlcb_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gkhtlcb_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Voici le rapport :
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1186
Windows 5.1.2600 Service Pack 2
31/12/2002 13:31:01
mbam-log-2002-12-31 (13-31-01).txt
Type de recherche: Examen rapide
Eléments examinés: 47436
Temps écoulé: 2 minute(s), 49 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 31
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\bl.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\fuckj00.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\mswinudpmgr32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\sfdsg.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\ubspamn.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rlxf.dll (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\y.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\y3s.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\y6s.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\ys.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.cch (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\WINDOWS\ehSched.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\msvcrt2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\model.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcn7jj0eg97.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcn7jj0eg97.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcn7jj0eg97.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gkhtlcb_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gkhtlcb_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
refais la meme chose mais fait comme indique, un scan complet et pas rapide car il ne verifie pas toutes les zones de ton ordi et colle le rapport.merci.
Scan refait - Ai du retirer Avast car génais le scan. Voici nouveau rapport :
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1186
Windows 5.1.2600 Service Pack 2
31/12/2002 14:46:06
mbam-log-2002-12-31 (13-31-01).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 145186
Temps écoulé: 45 minute(s), 35 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\Sébastien\Local Settings\Temp\ginstall.dll (Adware.WebHancer) -> No action taken.
C:\Documents and Settings\Sébastien\Local Settings\Temp\eraseme_33307.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{7235EB7D-AB83-4608-88F9-B9267BA2B7DB}\RP0\A0000001.sys (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Sébastien\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Sébastien\Local Settings\Temp\.tt31.tmp.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Sébastien\Local Settings\Temp\.tt10.tmp.vbs (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Sébastien\Local Settings\Temp\.tt11.tmp.vbs (Trojan.FakeAlert) -> No action taken.
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1186
Windows 5.1.2600 Service Pack 2
31/12/2002 14:46:06
mbam-log-2002-12-31 (13-31-01).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 145186
Temps écoulé: 45 minute(s), 35 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\Sébastien\Local Settings\Temp\ginstall.dll (Adware.WebHancer) -> No action taken.
C:\Documents and Settings\Sébastien\Local Settings\Temp\eraseme_33307.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{7235EB7D-AB83-4608-88F9-B9267BA2B7DB}\RP0\A0000001.sys (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Sébastien\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Sébastien\Local Settings\Temp\.tt31.tmp.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Sébastien\Local Settings\Temp\.tt10.tmp.vbs (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Sébastien\Local Settings\Temp\.tt11.tmp.vbs (Trojan.FakeAlert) -> No action taken.
En plus du Scan précédent, voci le résulta Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:01:36, on 31/12/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Trend Micro\HijackThis\scan.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [WA6PV_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\DAEMON Tools SearchBar\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\DAEMON Tools SearchBar\whse.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gkhtlcb] c:\windows\system32\gkhtlcb.exe gkhtlcb
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:01:36, on 31/12/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Trend Micro\HijackThis\scan.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [WA6PV_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\DAEMON Tools SearchBar\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\DAEMON Tools SearchBar\whse.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gkhtlcb] c:\windows\system32\gkhtlcb.exe gkhtlcb
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
il reste plein d infection.c est pas du tout fini.
1)pour l instant tu n as pas du lire le tuto tu ne me poste pas les bons rapports de malware se sont ceux avant la suppression. as tu bien tout supprimer et vider ta quarantaine?
2)tu télécharge navilog1
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
1)pour l instant tu n as pas du lire le tuto tu ne me poste pas les bons rapports de malware se sont ceux avant la suppression. as tu bien tout supprimer et vider ta quarantaine?
2)tu télécharge navilog1
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
Rebonsoir totobetourne
Voici les résultats (enfin les bons j'espère)
Résultat malware (plus loin résultats Fixnavi et Hijackthis )
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1186
Windows 5.1.2600 Service Pack 2
01/01/2003 16:16:43
mbam-log-2003-01-01 (16-16-43).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 145260
Temps écoulé: 47 minute(s), 18 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{7235EB7D-AB83-4608-88F9-B9267BA2B7DB}\RP0\A0000148.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Résultat Fixnavi :(plus loin résultat Hijackthis)
Search Navipromo version 3.6.5 commencé le 01/01/2003 à 15:14:55,26
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Sébastien"
Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Sébastien\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Sébastien\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Sébastien\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Sébastien\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *
*** Recherche fichiers ***
C:\WINDOWS\pack.epk trouvé !
*** Recherche clés spécifiques dans le Registre ***
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
gkhtlcb.dat trouvé !
* Dans "C:\Documents and Settings\Sébastien\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
* Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 01/01/2003 à 15:23:03,64 ***
Enfin Résultat Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:15, on 01/01/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Voici les résultats (enfin les bons j'espère)
Résultat malware (plus loin résultats Fixnavi et Hijackthis )
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1186
Windows 5.1.2600 Service Pack 2
01/01/2003 16:16:43
mbam-log-2003-01-01 (16-16-43).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 145260
Temps écoulé: 47 minute(s), 18 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{7235EB7D-AB83-4608-88F9-B9267BA2B7DB}\RP0\A0000148.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Résultat Fixnavi :(plus loin résultat Hijackthis)
Search Navipromo version 3.6.5 commencé le 01/01/2003 à 15:14:55,26
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Sébastien"
Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Sébastien\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Sébastien\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Sébastien\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Sébastien\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *
*** Recherche fichiers ***
C:\WINDOWS\pack.epk trouvé !
*** Recherche clés spécifiques dans le Registre ***
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
gkhtlcb.dat trouvé !
* Dans "C:\Documents and Settings\Sébastien\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
* Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 01/01/2003 à 15:23:03,64 ***
Enfin Résultat Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:15, on 01/01/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Salut,
Arriver au menu principal, choisir l'option 2 et valider (nettoyage "automatique" ).
Le fix demandera ensuite de "redémarrer le PC", fermer toutes les fenêtres ouvertes
et appuyer sur une touche comme demandé.(si le PC ne redémarre pas automatiquement, le faire manuellement)
Au redémarrage du PC, choisir la session habituelle si nécessaire.
Patienter jusqu'au message : "Nettoyage Terminé le ..."
Le bureau revient, puis le bloc-note s'ouvre .
Sauvegarder ce rapport de manière à le retrouver, puis fermer le bloc-note ...
(Le rapport sera en outre sauvegardé à la racine du disque "C\:cleannavi.txt")
Postes ce rapport dans ta nouvelle réponse pour analyse et attends la suite ...
(PS : Si le bureau ne réapparaît pas, faire CTRL+ALT+SUPPR pour ouvrir le gestionnaire de tâches.
Choisir l'onglet processus. Cliquer en haut à gauche sur fichiers et choisir exécuter,
Taper explorer et valider.)
Arriver au menu principal, choisir l'option 2 et valider (nettoyage "automatique" ).
Le fix demandera ensuite de "redémarrer le PC", fermer toutes les fenêtres ouvertes
et appuyer sur une touche comme demandé.(si le PC ne redémarre pas automatiquement, le faire manuellement)
Au redémarrage du PC, choisir la session habituelle si nécessaire.
Patienter jusqu'au message : "Nettoyage Terminé le ..."
Le bureau revient, puis le bloc-note s'ouvre .
Sauvegarder ce rapport de manière à le retrouver, puis fermer le bloc-note ...
(Le rapport sera en outre sauvegardé à la racine du disque "C\:cleannavi.txt")
Postes ce rapport dans ta nouvelle réponse pour analyse et attends la suite ...
(PS : Si le bureau ne réapparaît pas, faire CTRL+ALT+SUPPR pour ouvrir le gestionnaire de tâches.
Choisir l'onglet processus. Cliquer en haut à gauche sur fichiers et choisir exécuter,
Taper explorer et valider.)
Bonsoir totobetourne,
Opération éffectuée, voici le résultat :
Clean Navipromo version 3.6.5 commencé le 23/09/2008 à 19:05:16,48
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Sébastien"
Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage exécuté au redémarrage de l'ordinateur
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\WINDOWS\System32" *
* Suppression dans "C:\Documents and Settings\Sébastien\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *
*** Suppression dossiers dans "C:\WINDOWS" ***
*** Suppression dossiers dans "C:\Program Files" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Sébastien\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Sébastien\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Sébastien\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" ***
*** Suppression fichiers ***
C:\WINDOWS\pack.epk supprimé !
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\S‚bastien\locals~1\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\WINDOWS\system32" *
gkhtlcb.dat trouvé !
Copie gkhtlcb.dat réalisée avec succès !
gkhtlcb.dat supprimé !
* Dans "C:\Documents and Settings\Sébastien\locals~1\applic~1" *
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !
*** Nettoyage terminé le 23/09/2008 à 19:11:32,10 ***
Opération éffectuée, voici le résultat :
Clean Navipromo version 3.6.5 commencé le 23/09/2008 à 19:05:16,48
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Sébastien"
Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage exécuté au redémarrage de l'ordinateur
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\WINDOWS\System32" *
* Suppression dans "C:\Documents and Settings\Sébastien\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *
*** Suppression dossiers dans "C:\WINDOWS" ***
*** Suppression dossiers dans "C:\Program Files" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Sébastien\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Sébastien\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Sébastien\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" ***
*** Suppression fichiers ***
C:\WINDOWS\pack.epk supprimé !
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\S‚bastien\locals~1\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\WINDOWS\system32" *
gkhtlcb.dat trouvé !
Copie gkhtlcb.dat réalisée avec succès !
gkhtlcb.dat supprimé !
* Dans "C:\Documents and Settings\Sébastien\locals~1\applic~1" *
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !
*** Nettoyage terminé le 23/09/2008 à 19:11:32,10 ***
rapport hijack tres ancien a ce qui est ecrit , fait attention .
Scan saved at 16:20:15, on 01/01/2003
Scan saved at 16:20:15, on 01/01/2003
Salut,
En fiat,non, le PC n'était pas réglé. A tout hasard, j'ai refait tourné, voici le rapport.
Que dois-je faire ensuite ?
Rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:20, on 24/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\SCAN.EXE.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
En fiat,non, le PC n'était pas réglé. A tout hasard, j'ai refait tourné, voici le rapport.
Que dois-je faire ensuite ?
Rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:20, on 24/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\SCAN.EXE.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
relance malwarebyte car je remarque que tout tes rapports on une date de 2003 ou 2002.
Bonsoir Totobetoune,
Voici résultat Malwarebytes du jour : Que faut il faire maintenant ? Merci
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1186
Windows 5.1.2600 Service Pack 2
25/09/2008 22:19:02
mbam-log-2008-09-25 (22-19-02).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 140071
Temps écoulé: 2 hour(s), 10 minute(s), 26 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Voici résultat Malwarebytes du jour : Que faut il faire maintenant ? Merci
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1186
Windows 5.1.2600 Service Pack 2
25/09/2008 22:19:02
mbam-log-2008-09-25 (22-19-02).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 140071
Temps écoulé: 2 hour(s), 10 minute(s), 26 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Salut,
Voici le rapport demandé : A plus
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:11:59, on 26/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\SCAN.EXE.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Voici le rapport demandé : A plus
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:11:59, on 26/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\SCAN.EXE.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
bonjour
pour faire avancer
Télécharges ToolBar S&D ( de Eric_71 ) :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )
!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!
* double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
* Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
* Choisis l'option 1 ( "recherche") et tapes "entrée" .
* Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
de son contenu dans ta prochaine réponse ...
( le rapport est en outre sauvegardé ici -> C:\TB.txt )
pour faire avancer
Télécharges ToolBar S&D ( de Eric_71 ) :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )
!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!
* double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
* Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
* Choisis l'option 1 ( "recherche") et tapes "entrée" .
* Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
de son contenu dans ta prochaine réponse ...
( le rapport est en outre sauvegardé ici -> C:\TB.txt )
Bonjour, merci pour le relais, voici le résultat du scan :
-----------\\ ToolBar S&D 1.2.1 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Sébastien ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
C:\ (Local Disk) - NTFS - Total : 161 Go Free : 60 Go
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (CD or DVD)
I:\ (USB)
"C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
Option : [1] ( 26/09/2008|17:28 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\Crawler
C:\Program Files\Crawler\Download
C:\Program Files\Crawler\Toolbar
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler
C:\DOCUME~1\INVIT~1\APPLIC~1\VMNToolbar
C:\DOCUME~1\INVIT~1\APPLIC~1\VMNToolbar\NewCfg
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\---Yahoo.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\01net.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\1px_dark.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\1px_green.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\1px_white.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\a.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\amazon.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\an.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrowB.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrowT.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrow_down.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrow_red.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrow_red2.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrow_up.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\autofill.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\avstate.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\b.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\background2.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bgmeteo_results.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bg_pub.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bg_ttl.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bottom.png
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bottom_left.png
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bottom_right.png
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\btn_close.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\btn_minus.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\btn_moreforecast.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\c.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\canalblog.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\cn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\d.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\dictionary2.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\dn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\downfile
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\DownloadCOM.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\dropdown.css
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\ErrorLog.txt
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\f.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_argentine.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_australia.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_brazil.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_canada.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_china.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_france.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_germany.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_greece.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_hongkong.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_india.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_indonesia.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_italy.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_japan.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_korea.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_mexico.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_netherlands.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_spain.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_sweeden.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_taiwan.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_uk.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_usa.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\fn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\g.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\gaming.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\gn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\gograph.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred0.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred0_5.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred1.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred1_5.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred2.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred2_5.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred3.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred3_5.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred4.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred4_5.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred5.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\help.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\hideremove.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\highlight.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\hn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_aquarius.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_aries.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_cancer.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_capricorn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_gemini.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_leo.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_libra.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_pisces.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_sagittarius.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_scorpio.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_taurus.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_virgo.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\i.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\IEtab1_7d.zip
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\in.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\ipsearch.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\j.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\jn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\k.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\kn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\l.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\left.png
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\ln.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\loading.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\login.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\logo.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\n.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt10338375
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt15450609
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt16377421
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt285238265
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt37223015
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt37262015
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt45662046
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt7371109
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89449734
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89450000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89451000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89452000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89453000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89454000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89455000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89456000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89457000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89458000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89459000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89460000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89461000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89462000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89463000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89464000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89465000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89466000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89467000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89468000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89469000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89470000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89471000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\new02.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\NewCfg
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\news.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\news.html
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\nn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\o.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\on.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\p.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\pestscanimg.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\pixsy.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\pn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\popup_off.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\popup_on.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\popup_ona.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\p_yahoo.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\q.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\qn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\r.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\relatedlinks.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\report.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\right.png
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rss.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rss.xsl
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rss1.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rsslib.js
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rssmenu1_7a.zip
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\s.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\search.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\search_fr.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\security.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sinfo.txt
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sinfo.txt13767562
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sinfo.txt90312031
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sinfo.txt90463156
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\siteinfo.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\slider.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\spacer.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red1.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red2.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red3.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red4.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red5.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\storage.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\t.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tabdataV3.js
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tablib.js
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tabwelcome_en.html
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tabwelcome_fr.html
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tab_icon.png
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\technorati.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\thes_search.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\Thumbs.db
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tools.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\top.png
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\top_left.png
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\top_right.png
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\translate.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\u.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\un.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\utf8.js
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\v.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\vmlib.js
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\vmntoolbartb1501.cfg
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\vn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\w.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\web.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\web_fr.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\wikipedia.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\wn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\x.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\xp_close_small.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\yahoo.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\yahoo_search.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\YouTube.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\z.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\zn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\zoom.bmp
C:\Program Files\VMNToolbar
C:\Program Files\VMNToolbar\install.ico
C:\Program Files\VMNToolbar\tbuninstall.exe
C:\Program Files\VMNToolbar\toolbar.ini
C:\Program Files\VMNToolbar\uninstall.exe
C:\Program Files\VMNToolbar\vmntoolbar.dll
C:\Program Files\Fichiers communs\WhenU
C:\Program Files\Fichiers communs\WhenU\DTAdapter.exe
C:\Program Files\Fichiers communs\WhenU\DTPlugin.dll
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.orange.fr/portail"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://fr.yahoo.com/"
"SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=60327"
"CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327"
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet002\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet002\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet002\Enum\Root\tdssserv]
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\SBASTI~1\Mes documents\Ma musique\electro\Cap'tain.2007.By.Maximus\(06) [Lunaman] Nutcracka (Stormtraxx remix).mp3
C:\DOCUME~1\SBASTI~1\Mes documents\Mes fichiers telecharger\Keygen Dreamweaver CS3.exe
1 - "C:\ToolBar SD\TB_1.txt" - 26/09/2008|17:29 - Option : [1]
-----------\\ Fin du rapport a 17:29:41,59
-----------\\ ToolBar S&D 1.2.1 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Sébastien ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
C:\ (Local Disk) - NTFS - Total : 161 Go Free : 60 Go
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (CD or DVD)
I:\ (USB)
"C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
Option : [1] ( 26/09/2008|17:28 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\Crawler
C:\Program Files\Crawler\Download
C:\Program Files\Crawler\Toolbar
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler
C:\DOCUME~1\INVIT~1\APPLIC~1\VMNToolbar
C:\DOCUME~1\INVIT~1\APPLIC~1\VMNToolbar\NewCfg
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\---Yahoo.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\01net.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\1px_dark.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\1px_green.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\1px_white.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\a.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\amazon.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\an.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrowB.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrowT.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrow_down.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrow_red.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrow_red2.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrow_up.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\autofill.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\avstate.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\b.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\background2.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bgmeteo_results.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bg_pub.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bg_ttl.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bottom.png
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bottom_left.png
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bottom_right.png
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\btn_close.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\btn_minus.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\btn_moreforecast.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\c.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\canalblog.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\cn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\d.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\dictionary2.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\dn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\downfile
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\DownloadCOM.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\dropdown.css
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\ErrorLog.txt
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\f.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_argentine.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_australia.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_brazil.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_canada.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_china.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_france.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_germany.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_greece.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_hongkong.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_india.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_indonesia.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_italy.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_japan.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_korea.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_mexico.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_netherlands.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_spain.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_sweeden.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_taiwan.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_uk.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_usa.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\fn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\g.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\gaming.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\gn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\gograph.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred0.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred0_5.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred1.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred1_5.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred2.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred2_5.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred3.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred3_5.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred4.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred4_5.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred5.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\help.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\hideremove.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\highlight.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\hn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_aquarius.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_aries.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_cancer.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_capricorn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_gemini.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_leo.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_libra.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_pisces.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_sagittarius.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_scorpio.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_taurus.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_virgo.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\i.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\IEtab1_7d.zip
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\in.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\ipsearch.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\j.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\jn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\k.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\kn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\l.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\left.png
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\ln.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\loading.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\login.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\logo.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\n.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt10338375
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt15450609
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt16377421
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt285238265
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt37223015
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt37262015
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt45662046
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt7371109
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89449734
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89450000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89451000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89452000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89453000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89454000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89455000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89456000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89457000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89458000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89459000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89460000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89461000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89462000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89463000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89464000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89465000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89466000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89467000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89468000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89469000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89470000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89471000
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\new02.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\NewCfg
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\news.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\news.html
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\nn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\o.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\on.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\p.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\pestscanimg.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\pixsy.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\pn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\popup_off.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\popup_on.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\popup_ona.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\p_yahoo.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\q.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\qn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\r.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\relatedlinks.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\report.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\right.png
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rss.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rss.xsl
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rss1.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rsslib.js
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rssmenu1_7a.zip
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\s.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\search.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\search_fr.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\security.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sinfo.txt
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sinfo.txt13767562
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sinfo.txt90312031
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sinfo.txt90463156
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\siteinfo.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\slider.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\spacer.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red1.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red2.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red3.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red4.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red5.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\storage.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\t.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tabdataV3.js
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tablib.js
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tabwelcome_en.html
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tabwelcome_fr.html
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tab_icon.png
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\technorati.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\thes_search.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\Thumbs.db
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tools.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\top.png
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\top_left.png
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\top_right.png
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\translate.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\u.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\un.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\utf8.js
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\v.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\vmlib.js
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\vmntoolbartb1501.cfg
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\vn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\w.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\web.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\web_fr.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\wikipedia.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\wn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\x.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\xp_close_small.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\yahoo.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\yahoo_search.gif
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\YouTube.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\z.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\zn.bmp
C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\zoom.bmp
C:\Program Files\VMNToolbar
C:\Program Files\VMNToolbar\install.ico
C:\Program Files\VMNToolbar\tbuninstall.exe
C:\Program Files\VMNToolbar\toolbar.ini
C:\Program Files\VMNToolbar\uninstall.exe
C:\Program Files\VMNToolbar\vmntoolbar.dll
C:\Program Files\Fichiers communs\WhenU
C:\Program Files\Fichiers communs\WhenU\DTAdapter.exe
C:\Program Files\Fichiers communs\WhenU\DTPlugin.dll
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.orange.fr/portail"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://fr.yahoo.com/"
"SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=60327"
"CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327"
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet002\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet002\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet002\Enum\Root\tdssserv]
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\SBASTI~1\Mes documents\Ma musique\electro\Cap'tain.2007.By.Maximus\(06) [Lunaman] Nutcracka (Stormtraxx remix).mp3
C:\DOCUME~1\SBASTI~1\Mes documents\Mes fichiers telecharger\Keygen Dreamweaver CS3.exe
1 - "C:\ToolBar SD\TB_1.txt" - 26/09/2008|17:29 - Option : [1]
-----------\\ Fin du rapport a 17:29:41,59
Salut,
Ok, voici le rapport après suppression dans toolbar sd :
-----------\\ ToolBar S&D 1.2.1 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Sébastien ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
C:\ (Local Disk) - NTFS - Total : 161 Go Free : 59 Go
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (CD or DVD)
I:\ (USB)
"C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
Option : [2] ( 28/09/2008|10:50 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\Crawler\Download
Supprime! - C:\Program Files\Crawler\Toolbar
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler
Supprime! - C:\DOCUME~1\INVIT~1\APPLIC~1\VMNToolbar\NewCfg
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\---Yahoo.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\01net.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\1px_dark.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\1px_green.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\1px_white.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\a.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\amazon.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\an.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrowB.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrowT.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrow_down.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrow_red.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrow_red2.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrow_up.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\autofill.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\avstate.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\b.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\background2.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bgmeteo_results.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bg_pub.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bg_ttl.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bottom.png
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bottom_left.png
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bottom_right.png
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\btn_close.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\btn_minus.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\btn_moreforecast.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\c.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\canalblog.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\cn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\d.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\dictionary2.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\dn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\downfile
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\DownloadCOM.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\dropdown.css
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\ErrorLog.txt
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\f.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_argentine.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_australia.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_brazil.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_canada.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_china.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_france.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_germany.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_greece.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_hongkong.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_india.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_indonesia.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_italy.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_japan.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_korea.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_mexico.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_netherlands.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_spain.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_sweeden.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_taiwan.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_uk.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_usa.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\fn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\g.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\gaming.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\gn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\gograph.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred0.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred0_5.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred1.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred1_5.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred2.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred2_5.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred3.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred3_5.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred4.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred4_5.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred5.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\help.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\hideremove.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\highlight.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\hn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_aquarius.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_aries.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_cancer.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_capricorn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_gemini.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_leo.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_libra.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_pisces.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_sagittarius.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_scorpio.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_taurus.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_virgo.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\i.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\IEtab1_7d.zip
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\in.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\ipsearch.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\j.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\jn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\k.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\kn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\l.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\left.png
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\ln.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\loading.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\login.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\logo.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\n.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt10338375
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt15450609
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt16377421
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt285238265
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt37223015
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt37262015
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt45662046
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt7371109
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89449734
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89450000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89451000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89452000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89453000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89454000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89455000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89456000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89457000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89458000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89459000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89460000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89461000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89462000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89463000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89464000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89465000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89466000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89467000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89468000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89469000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89470000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89471000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\new02.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\NewCfg
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\news.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\news.html
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\nn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\o.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\on.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\p.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\pestscanimg.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\pixsy.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\pn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\popup_off.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\popup_on.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\popup_ona.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\p_yahoo.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\q.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\qn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\r.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\relatedlinks.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\report.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\right.png
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rss.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rss.xsl
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rss1.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rsslib.js
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rssmenu1_7a.zip
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\s.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\search.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\search_fr.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\security.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sinfo.txt
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sinfo.txt13767562
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sinfo.txt90312031
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sinfo.txt90463156
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\siteinfo.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\slider.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\spacer.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red1.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red2.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red3.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red4.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red5.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\storage.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\t.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tabdataV3.js
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tablib.js
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tabwelcome_en.html
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tabwelcome_fr.html
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tab_icon.png
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\technorati.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\thes_search.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\Thumbs.db
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tools.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\top.png
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\top_left.png
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\top_right.png
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\translate.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\u.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\un.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\utf8.js
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\v.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\vmlib.js
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\vmntoolbartb1501.cfg
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\vn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\w.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\web.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\web_fr.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\wikipedia.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\wn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\x.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\xp_close_small.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\yahoo.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\yahoo_search.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\YouTube.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\z.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\zn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\zoom.bmp
Supprime! - C:\Program Files\VMNToolbar\install.ico
Supprime! - C:\Program Files\VMNToolbar\tbuninstall.exe
Supprime! - C:\Program Files\VMNToolbar\toolbar.ini
Supprime! - C:\Program Files\VMNToolbar\uninstall.exe
Supprime! - C:\Program Files\VMNToolbar\vmntoolbar.dll
Supprime! - C:\Program Files\Fichiers communs\WhenU\DTAdapter.exe
Supprime! - C:\Program Files\Fichiers communs\WhenU\DTPlugin.dll
Supprime! - C:\Program Files\Crawler
Supprime! - C:\DOCUME~1\INVIT~1\APPLIC~1\VMNToolbar
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar
Supprime! - C:\Program Files\VMNToolbar
Supprime! - C:\Program Files\Fichiers communs\WhenU
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.orange.fr/portail"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=60327"
"CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327"
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKLM\..\ControlSet002\Services\tdssserv]
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\SBASTI~1\Mes documents\Ma musique\electro\Cap'tain.2007.By.Maximus\(06) [Lunaman] Nutcracka (Stormtraxx remix).mp3
C:\DOCUME~1\SBASTI~1\Mes documents\Mes fichiers telecharger\Keygen Dreamweaver CS3.exe
1 - "C:\ToolBar SD\TB_1.txt" - 26/09/2008|17:29 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 28/09/2008|10:57 - Option : [2]
-----------\\ Fin du rapport a 10:57:26,68
Ok, voici le rapport après suppression dans toolbar sd :
-----------\\ ToolBar S&D 1.2.1 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Sébastien ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
C:\ (Local Disk) - NTFS - Total : 161 Go Free : 59 Go
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (CD or DVD)
I:\ (USB)
"C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
Option : [2] ( 28/09/2008|10:50 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\Crawler\Download
Supprime! - C:\Program Files\Crawler\Toolbar
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler
Supprime! - C:\DOCUME~1\INVIT~1\APPLIC~1\VMNToolbar\NewCfg
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\---Yahoo.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\01net.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\1px_dark.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\1px_green.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\1px_white.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\a.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\amazon.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\an.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrowB.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrowT.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrow_down.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrow_red.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrow_red2.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\arrow_up.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\autofill.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\avstate.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\b.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\background2.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bgmeteo_results.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bg_pub.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bg_ttl.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bottom.png
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bottom_left.png
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\bottom_right.png
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\btn_close.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\btn_minus.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\btn_moreforecast.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\c.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\canalblog.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\cn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\d.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\dictionary2.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\dn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\downfile
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\DownloadCOM.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\dropdown.css
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\ErrorLog.txt
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\f.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_argentine.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_australia.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_brazil.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_canada.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_china.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_france.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_germany.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_greece.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_hongkong.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_india.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_indonesia.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_italy.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_japan.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_korea.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_mexico.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_netherlands.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_spain.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_sweeden.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_taiwan.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_uk.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\flag_usa.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\fn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\g.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\gaming.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\gn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\gograph.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred0.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred0_5.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred1.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred1_5.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred2.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred2_5.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred3.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred3_5.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred4.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred4_5.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\graphred5.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\help.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\hideremove.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\highlight.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\hn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_aquarius.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_aries.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_cancer.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_capricorn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_gemini.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_leo.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_libra.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_pisces.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_sagittarius.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_scorpio.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_taurus.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\h_virgo.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\i.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\IEtab1_7d.zip
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\in.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\ipsearch.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\j.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\jn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\k.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\kn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\l.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\left.png
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\ln.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\loading.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\login.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\logo.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\n.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt10338375
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt15450609
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt16377421
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt285238265
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt37223015
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt37262015
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt45662046
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt7371109
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89449734
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89450000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89451000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89452000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89453000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89454000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89455000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89456000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89457000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89458000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89459000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89460000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89461000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89462000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89463000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89464000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89465000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89466000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89467000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89468000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89469000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89470000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt89471000
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\new02.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\NewCfg
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\news.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\news.html
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\nn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\o.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\on.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\p.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\pestscanimg.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\pixsy.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\pn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\popup_off.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\popup_on.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\popup_ona.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\p_yahoo.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\q.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\qn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\r.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\relatedlinks.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\report.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\right.png
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rss.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rss.xsl
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rss1.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rsslib.js
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\rssmenu1_7a.zip
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\s.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\search.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\search_fr.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\security.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sinfo.txt
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sinfo.txt13767562
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sinfo.txt90312031
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sinfo.txt90463156
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\siteinfo.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\slider.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\sn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\spacer.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red1.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red2.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red3.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red4.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\stars-red5.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\storage.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\t.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tabdataV3.js
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tablib.js
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tabwelcome_en.html
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tabwelcome_fr.html
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tab_icon.png
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\technorati.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\thes_search.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\Thumbs.db
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\tools.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\top.png
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\top_left.png
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\top_right.png
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\translate.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\u.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\un.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\utf8.js
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\v.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\vmlib.js
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\vmntoolbartb1501.cfg
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\vn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\w.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\web.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\web_fr.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\wikipedia.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\wn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\x.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\xp_close_small.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\yahoo.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\yahoo_search.gif
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\YouTube.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\z.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\zn.bmp
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar\zoom.bmp
Supprime! - C:\Program Files\VMNToolbar\install.ico
Supprime! - C:\Program Files\VMNToolbar\tbuninstall.exe
Supprime! - C:\Program Files\VMNToolbar\toolbar.ini
Supprime! - C:\Program Files\VMNToolbar\uninstall.exe
Supprime! - C:\Program Files\VMNToolbar\vmntoolbar.dll
Supprime! - C:\Program Files\Fichiers communs\WhenU\DTAdapter.exe
Supprime! - C:\Program Files\Fichiers communs\WhenU\DTPlugin.dll
Supprime! - C:\Program Files\Crawler
Supprime! - C:\DOCUME~1\INVIT~1\APPLIC~1\VMNToolbar
Supprime! - C:\DOCUME~1\SBASTI~1\APPLIC~1\VMNToolbar
Supprime! - C:\Program Files\VMNToolbar
Supprime! - C:\Program Files\Fichiers communs\WhenU
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.orange.fr/portail"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=60327"
"CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327"
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKLM\..\ControlSet002\Services\tdssserv]
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\SBASTI~1\Mes documents\Ma musique\electro\Cap'tain.2007.By.Maximus\(06) [Lunaman] Nutcracka (Stormtraxx remix).mp3
C:\DOCUME~1\SBASTI~1\Mes documents\Mes fichiers telecharger\Keygen Dreamweaver CS3.exe
1 - "C:\ToolBar SD\TB_1.txt" - 26/09/2008|17:29 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 28/09/2008|10:57 - Option : [2]
-----------\\ Fin du rapport a 10:57:26,68
bonjour
belle infection
A LIRE JUSQU'EN BAS
Télécharges ComboFix à partir d'un de ces liens :
En premier
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Et important, enregistre le sur le bureau.
Avant d'utiliser ComboFix :
? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
belle infection
A LIRE JUSQU'EN BAS
Télécharges ComboFix à partir d'un de ces liens :
En premier
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Et important, enregistre le sur le bureau.
Avant d'utiliser ComboFix :
? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Bonsoir Shion Ares,
J'espère que tu maitrises, car moi j'ai des sueurs froides à faire tout ce qui est dit dans le tutoriel
Enfin, voici le rapport de Combi , a bientôt pour la prochaine étape :
ComboFix 08-09-26.06 - S‚bastien 2008-09-27 19:16:31.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.490 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\S‚bastien\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Sébastien\Cookies\sébastien@bluestreak[1].txt
C:\Documents and Settings\Sébastien\Cookies\sébastien@edt02[2].txt
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA.cfg
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA0.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA1.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA2.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA3.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA4.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA5.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA6.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA7.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA8.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA9.che
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_TDSSserv
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-27 au 2008-09-27 ))))))))))))))))))))))))))))))))))))
.
2008-09-26 23:24 . 2008-09-26 23:24 <REP> d-------- C:\WINDOWS\LastGood
2008-09-26 20:59 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-26 20:59 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-26 20:59 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-26 20:56 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-26 20:26 . 2008-09-26 20:26 <REP> d-------- C:\WINDOWS\EHome
2008-09-26 17:28 . 2008-09-26 17:28 1,776 --a------ C:\Documents and Settings\Orph.egd
2008-09-26 17:27 . 2008-09-26 17:29 <REP> d-------- C:\ToolBar SD
2008-09-04 18:27 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 17:23 --------- d-----w C:\Program Files\Steam
2008-09-27 10:04 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\Spyware Terminator
2008-09-23 17:11 --------- d-----w C:\Program Files\Navilog1
2008-09-22 20:13 --------- d-----w C:\Program Files\Spyware Terminator
2008-09-20 19:02 98,304 ----a-w C:\WINDOWS\DUMP56da.tmp
2008-09-20 18:59 98,304 ----a-w C:\WINDOWS\DUMP631f.tmp
2008-09-20 18:53 98,304 ----a-w C:\WINDOWS\DUMP5c0a.tmp
2008-09-20 08:51 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\vmntoolbar
2008-09-20 08:51 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\MegauploadToolbar
2008-09-20 08:51 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\EoRezo
2008-09-20 08:49 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\skypePM
2008-09-09 23:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 23:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-08 17:32 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-04 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-09-04 13:18 4,364 ----a-w C:\Documents and Settings\Sébastien\Application Data\wklnhst.dat
2008-08-31 16:30 --------- d-----w C:\Program Files\Notepad++
2008-08-31 16:30 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\Notepad++
2008-08-28 07:11 --------- d-----w C:\Program Files\PartyGaming
2008-08-28 07:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 06:51 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\Mozilla
2008-08-25 20:10 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-20 21:25 --------- d-----w C:\Program Files\TmNationsForever
2008-07-25 17:08 98,304 ----a-w C:\WINDOWS\DUMP491e.tmp
2008-07-25 17:07 98,304 ----a-w C:\WINDOWS\DUMP48d0.tmp
2008-07-25 17:05 98,304 ----a-w C:\WINDOWS\DUMP4eeb.tmp
2008-07-25 17:04 98,304 ----a-w C:\WINDOWS\DUMP4f1a.tmp
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-12-12 15:12 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-01-12 20:51 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2002-12-31 19:07 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012002123120030101\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{06663B56-0D73-4f9f-BCC5-4AA941470AFD}"= "C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL" [2008-06-18 61440]
[HKEY_CLASSES_ROOT\clsid\{06663b56-0d73-4f9f-bcc5-4aa941470afd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-10-24 16:27 1918936 --a------ C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-10-24 1918936]
"{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}"= "C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-06-18 266240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-10-24 1918936]
"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= "C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-06-18 266240]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-04-14 1271032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-12 5562368]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-02-10 65536]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2002-12-31 1783808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Fichiers communs\logishrd\WUApp32.exe" [2007-05-11 441120]
C:\Documents and Settings\S‚bastien\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\SteamApps\\seb201192\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Steam\\SteamApps\\seb201192\\source dedicated server\\srcds.exe"=
"C:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15614:TCP"= 15614:TCP:NortonAV
"56170:TCP"= 56170:TCP:Pando P2P TCP Listening Port
"56170:UDP"= 56170:UDP:Pando P2P UDP Listening Port
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2002-12-31 141312]
R3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 217216]
R3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 17792]
S3 3xHybrid;Pinnacle PCTV 310i Stereo DVB-T;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-02 827008]
S3 NtApm;Pilote d'interface NT APM/hérité;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-23 9472]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 217088]
S3 x-tern;x-tern;C:\Documents and Settings\Sébastien\Bureau\[CheatDB] X-Tern 2008-02-14\x-tern.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4811ce06-af1c-11dc-a92e-00142a564064}]
\Shell\AutoRun\command - N:\start.exe
\Shell\iledefrance\command - N:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e6385a0-c73b-11dc-a974-00142a564064}]
\Shell\AutoRun\command - D:\start.exe
\Shell\iledefrance\command - D:\start.exe
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-Google Update - C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://orange.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Start Page = hxxp://fr.yahoo.com
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Recherche AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Crawler Search - tbr:iemenu
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe -
O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 19:22:22
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
"ImagePath"="\??\C:\Documents and Settings\Sébastien\Bureau\
[CheatDB] X-Tern 2008-02-14\x-tern.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\x-tern]
"ImagePath"="\??\C:\Documents and Settings\Sébastien\Bureau\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-09-27 19:27:25 - La machine a redémarré [S‚bastien]
ComboFix-quarantined-files.txt 2008-09-27 17:27:05
Avant-CF: 63ÿ427ÿ293ÿ184 octets libres
Après-CF: 63,733,379,072 octets libres
217 --- E O F --- 2008-09-27 01:01:03
J'espère que tu maitrises, car moi j'ai des sueurs froides à faire tout ce qui est dit dans le tutoriel
Enfin, voici le rapport de Combi , a bientôt pour la prochaine étape :
ComboFix 08-09-26.06 - S‚bastien 2008-09-27 19:16:31.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.490 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\S‚bastien\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Sébastien\Cookies\sébastien@bluestreak[1].txt
C:\Documents and Settings\Sébastien\Cookies\sébastien@edt02[2].txt
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA.cfg
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA0.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA1.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA2.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA3.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA4.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA5.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA6.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA7.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA8.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA9.che
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_TDSSserv
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-27 au 2008-09-27 ))))))))))))))))))))))))))))))))))))
.
2008-09-26 23:24 . 2008-09-26 23:24 <REP> d-------- C:\WINDOWS\LastGood
2008-09-26 20:59 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-26 20:59 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-26 20:59 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-26 20:56 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-26 20:26 . 2008-09-26 20:26 <REP> d-------- C:\WINDOWS\EHome
2008-09-26 17:28 . 2008-09-26 17:28 1,776 --a------ C:\Documents and Settings\Orph.egd
2008-09-26 17:27 . 2008-09-26 17:29 <REP> d-------- C:\ToolBar SD
2008-09-04 18:27 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 17:23 --------- d-----w C:\Program Files\Steam
2008-09-27 10:04 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\Spyware Terminator
2008-09-23 17:11 --------- d-----w C:\Program Files\Navilog1
2008-09-22 20:13 --------- d-----w C:\Program Files\Spyware Terminator
2008-09-20 19:02 98,304 ----a-w C:\WINDOWS\DUMP56da.tmp
2008-09-20 18:59 98,304 ----a-w C:\WINDOWS\DUMP631f.tmp
2008-09-20 18:53 98,304 ----a-w C:\WINDOWS\DUMP5c0a.tmp
2008-09-20 08:51 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\vmntoolbar
2008-09-20 08:51 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\MegauploadToolbar
2008-09-20 08:51 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\EoRezo
2008-09-20 08:49 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\skypePM
2008-09-09 23:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 23:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-08 17:32 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-04 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-09-04 13:18 4,364 ----a-w C:\Documents and Settings\Sébastien\Application Data\wklnhst.dat
2008-08-31 16:30 --------- d-----w C:\Program Files\Notepad++
2008-08-31 16:30 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\Notepad++
2008-08-28 07:11 --------- d-----w C:\Program Files\PartyGaming
2008-08-28 07:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 06:51 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\Mozilla
2008-08-25 20:10 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-20 21:25 --------- d-----w C:\Program Files\TmNationsForever
2008-07-25 17:08 98,304 ----a-w C:\WINDOWS\DUMP491e.tmp
2008-07-25 17:07 98,304 ----a-w C:\WINDOWS\DUMP48d0.tmp
2008-07-25 17:05 98,304 ----a-w C:\WINDOWS\DUMP4eeb.tmp
2008-07-25 17:04 98,304 ----a-w C:\WINDOWS\DUMP4f1a.tmp
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-12-12 15:12 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-01-12 20:51 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2002-12-31 19:07 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012002123120030101\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{06663B56-0D73-4f9f-BCC5-4AA941470AFD}"= "C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL" [2008-06-18 61440]
[HKEY_CLASSES_ROOT\clsid\{06663b56-0d73-4f9f-bcc5-4aa941470afd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-10-24 16:27 1918936 --a------ C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-10-24 1918936]
"{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}"= "C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-06-18 266240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-10-24 1918936]
"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= "C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-06-18 266240]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-04-14 1271032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-12 5562368]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-02-10 65536]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2002-12-31 1783808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Fichiers communs\logishrd\WUApp32.exe" [2007-05-11 441120]
C:\Documents and Settings\S‚bastien\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\SteamApps\\seb201192\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Steam\\SteamApps\\seb201192\\source dedicated server\\srcds.exe"=
"C:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15614:TCP"= 15614:TCP:NortonAV
"56170:TCP"= 56170:TCP:Pando P2P TCP Listening Port
"56170:UDP"= 56170:UDP:Pando P2P UDP Listening Port
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2002-12-31 141312]
R3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 217216]
R3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 17792]
S3 3xHybrid;Pinnacle PCTV 310i Stereo DVB-T;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-02 827008]
S3 NtApm;Pilote d'interface NT APM/hérité;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-23 9472]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 217088]
S3 x-tern;x-tern;C:\Documents and Settings\Sébastien\Bureau\[CheatDB] X-Tern 2008-02-14\x-tern.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4811ce06-af1c-11dc-a92e-00142a564064}]
\Shell\AutoRun\command - N:\start.exe
\Shell\iledefrance\command - N:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e6385a0-c73b-11dc-a974-00142a564064}]
\Shell\AutoRun\command - D:\start.exe
\Shell\iledefrance\command - D:\start.exe
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-Google Update - C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://orange.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Start Page = hxxp://fr.yahoo.com
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Recherche AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Crawler Search - tbr:iemenu
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe -
O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 19:22:22
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
"ImagePath"="\??\C:\Documents and Settings\Sébastien\Bureau\
[CheatDB] X-Tern 2008-02-14\x-tern.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\x-tern]
"ImagePath"="\??\C:\Documents and Settings\Sébastien\Bureau\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-09-27 19:27:25 - La machine a redémarré [S‚bastien]
ComboFix-quarantined-files.txt 2008-09-27 17:27:05
Avant-CF: 63ÿ427ÿ293ÿ184 octets libres
Après-CF: 63,733,379,072 octets libres
217 --- E O F --- 2008-09-27 01:01:03
Re-bonsoir,
Après relecture j'aperçois un grand rectangle noir dans le rapport que je viens de t'envoyer. Aussi le voici de nouveau.
A plus
ComboFix 08-09-26.06 - S‚bastien 2008-09-27 19:16:31.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.490 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\S‚bastien\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Sébastien\Cookies\sébastien@bluestreak[1].txt
C:\Documents and Settings\Sébastien\Cookies\sébastien@edt02[2].txt
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA.cfg
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA0.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA1.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA2.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA3.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA4.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA5.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA6.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA7.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA8.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA9.che
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_TDSSserv
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-27 au 2008-09-27 ))))))))))))))))))))))))))))))))))))
.
2008-09-26 23:24 . 2008-09-26 23:24 <REP> d-------- C:\WINDOWS\LastGood
2008-09-26 20:59 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-26 20:59 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-26 20:59 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-26 20:56 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-26 20:26 . 2008-09-26 20:26 <REP> d-------- C:\WINDOWS\EHome
2008-09-26 17:28 . 2008-09-26 17:28 1,776 --a------ C:\Documents and Settings\Orph.egd
2008-09-26 17:27 . 2008-09-26 17:29 <REP> d-------- C:\ToolBar SD
2008-09-04 18:27 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 17:23 --------- d-----w C:\Program Files\Steam
2008-09-27 10:04 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\Spyware Terminator
2008-09-23 17:11 --------- d-----w C:\Program Files\Navilog1
2008-09-22 20:13 --------- d-----w C:\Program Files\Spyware Terminator
2008-09-20 19:02 98,304 ----a-w C:\WINDOWS\DUMP56da.tmp
2008-09-20 18:59 98,304 ----a-w C:\WINDOWS\DUMP631f.tmp
2008-09-20 18:53 98,304 ----a-w C:\WINDOWS\DUMP5c0a.tmp
2008-09-20 08:51 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\vmntoolbar
2008-09-20 08:51 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\MegauploadToolbar
2008-09-20 08:51 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\EoRezo
2008-09-20 08:49 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\skypePM
2008-09-09 23:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 23:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-08 17:32 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-04 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-09-04 13:18 4,364 ----a-w C:\Documents and Settings\Sébastien\Application Data\wklnhst.dat
2008-08-31 16:30 --------- d-----w C:\Program Files\Notepad++
2008-08-31 16:30 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\Notepad++
2008-08-28 07:11 --------- d-----w C:\Program Files\PartyGaming
2008-08-28 07:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 06:51 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\Mozilla
2008-08-25 20:10 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-20 21:25 --------- d-----w C:\Program Files\TmNationsForever
2008-07-25 17:08 98,304 ----a-w C:\WINDOWS\DUMP491e.tmp
2008-07-25 17:07 98,304 ----a-w C:\WINDOWS\DUMP48d0.tmp
2008-07-25 17:05 98,304 ----a-w C:\WINDOWS\DUMP4eeb.tmp
2008-07-25 17:04 98,304 ----a-w C:\WINDOWS\DUMP4f1a.tmp
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-12-12 15:12 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-01-12 20:51 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2002-12-31 19:07 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012002123120030101\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{06663B56-0D73-4f9f-BCC5-4AA941470AFD}"= "C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL" [2008-06-18 61440]
[HKEY_CLASSES_ROOT\clsid\{06663b56-0d73-4f9f-bcc5-4aa941470afd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-10-24 16:27 1918936 --a------ C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-10-24 1918936]
"{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}"= "C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-06-18 266240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-10-24 1918936]
"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= "C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-06-18 266240]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-04-14 1271032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-12 5562368]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-02-10 65536]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2002-12-31 1783808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Fichiers communs\logishrd\WUApp32.exe" [2007-05-11 441120]
C:\Documents and Settings\S‚bastien\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\SteamApps\\seb201192\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Steam\\SteamApps\\seb201192\\source dedicated server\\srcds.exe"=
"C:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15614:TCP"= 15614:TCP:NortonAV
"56170:TCP"= 56170:TCP:Pando P2P TCP Listening Port
"56170:UDP"= 56170:UDP:Pando P2P UDP Listening Port
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2002-12-31 141312]
R3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 217216]
R3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 17792]
S3 3xHybrid;Pinnacle PCTV 310i Stereo DVB-T;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-02 827008]
S3 NtApm;Pilote d'interface NT APM/hérité;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-23 9472]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 217088]
S3 x-tern;x-tern;C:\Documents and Settings\Sébastien\Bureau\[CheatDB] X-Tern 2008-02-14\x-tern.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4811ce06-af1c-11dc-a92e-00142a564064}]
\Shell\AutoRun\command - N:\start.exe
\Shell\iledefrance\command - N:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e6385a0-c73b-11dc-a974-00142a564064}]
\Shell\AutoRun\command - D:\start.exe
\Shell\iledefrance\command - D:\start.exe
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-Google Update - C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://orange.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Start Page = hxxp://fr.yahoo.com
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Recherche AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Crawler Search - tbr:iemenu
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe -
O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 19:22:22
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
"ImagePath"="\??\C:\Documents and Settings\Sébastien\Bureau\
[CheatDB] X-Tern 2008-02-14\x-tern.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\x-tern]
"ImagePath"="\??\C:\Documents and Settings\Sébastien\Bureau\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-09-27 19:27:25 - La machine a redémarré [S‚bastien]
ComboFix-quarantined-files.txt 2008-09-27 17:27:05
Avant-CF: 63ÿ427ÿ293ÿ184 octets libres
Après-CF: 63,733,379,072 octets libres
217 --- E O F --- 2008-09-27 01:01:03
Après relecture j'aperçois un grand rectangle noir dans le rapport que je viens de t'envoyer. Aussi le voici de nouveau.
A plus
ComboFix 08-09-26.06 - S‚bastien 2008-09-27 19:16:31.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.490 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\S‚bastien\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Sébastien\Cookies\sébastien@bluestreak[1].txt
C:\Documents and Settings\Sébastien\Cookies\sébastien@edt02[2].txt
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA.cfg
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA0.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA1.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA2.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA3.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA4.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA5.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA6.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA7.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA8.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA9.che
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_TDSSserv
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-27 au 2008-09-27 ))))))))))))))))))))))))))))))))))))
.
2008-09-26 23:24 . 2008-09-26 23:24 <REP> d-------- C:\WINDOWS\LastGood
2008-09-26 20:59 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-26 20:59 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-26 20:59 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-26 20:56 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-26 20:26 . 2008-09-26 20:26 <REP> d-------- C:\WINDOWS\EHome
2008-09-26 17:28 . 2008-09-26 17:28 1,776 --a------ C:\Documents and Settings\Orph.egd
2008-09-26 17:27 . 2008-09-26 17:29 <REP> d-------- C:\ToolBar SD
2008-09-04 18:27 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 17:23 --------- d-----w C:\Program Files\Steam
2008-09-27 10:04 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\Spyware Terminator
2008-09-23 17:11 --------- d-----w C:\Program Files\Navilog1
2008-09-22 20:13 --------- d-----w C:\Program Files\Spyware Terminator
2008-09-20 19:02 98,304 ----a-w C:\WINDOWS\DUMP56da.tmp
2008-09-20 18:59 98,304 ----a-w C:\WINDOWS\DUMP631f.tmp
2008-09-20 18:53 98,304 ----a-w C:\WINDOWS\DUMP5c0a.tmp
2008-09-20 08:51 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\vmntoolbar
2008-09-20 08:51 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\MegauploadToolbar
2008-09-20 08:51 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\EoRezo
2008-09-20 08:49 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\skypePM
2008-09-09 23:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 23:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-08 17:32 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-04 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-09-04 13:18 4,364 ----a-w C:\Documents and Settings\Sébastien\Application Data\wklnhst.dat
2008-08-31 16:30 --------- d-----w C:\Program Files\Notepad++
2008-08-31 16:30 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\Notepad++
2008-08-28 07:11 --------- d-----w C:\Program Files\PartyGaming
2008-08-28 07:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 06:51 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\Mozilla
2008-08-25 20:10 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-20 21:25 --------- d-----w C:\Program Files\TmNationsForever
2008-07-25 17:08 98,304 ----a-w C:\WINDOWS\DUMP491e.tmp
2008-07-25 17:07 98,304 ----a-w C:\WINDOWS\DUMP48d0.tmp
2008-07-25 17:05 98,304 ----a-w C:\WINDOWS\DUMP4eeb.tmp
2008-07-25 17:04 98,304 ----a-w C:\WINDOWS\DUMP4f1a.tmp
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-12-12 15:12 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-01-12 20:51 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2002-12-31 19:07 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012002123120030101\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{06663B56-0D73-4f9f-BCC5-4AA941470AFD}"= "C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL" [2008-06-18 61440]
[HKEY_CLASSES_ROOT\clsid\{06663b56-0d73-4f9f-bcc5-4aa941470afd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-10-24 16:27 1918936 --a------ C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-10-24 1918936]
"{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}"= "C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-06-18 266240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-10-24 1918936]
"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= "C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-06-18 266240]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-04-14 1271032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-12 5562368]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-02-10 65536]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2002-12-31 1783808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Fichiers communs\logishrd\WUApp32.exe" [2007-05-11 441120]
C:\Documents and Settings\S‚bastien\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\SteamApps\\seb201192\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Steam\\SteamApps\\seb201192\\source dedicated server\\srcds.exe"=
"C:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15614:TCP"= 15614:TCP:NortonAV
"56170:TCP"= 56170:TCP:Pando P2P TCP Listening Port
"56170:UDP"= 56170:UDP:Pando P2P UDP Listening Port
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2002-12-31 141312]
R3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 217216]
R3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 17792]
S3 3xHybrid;Pinnacle PCTV 310i Stereo DVB-T;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-02 827008]
S3 NtApm;Pilote d'interface NT APM/hérité;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-23 9472]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 217088]
S3 x-tern;x-tern;C:\Documents and Settings\Sébastien\Bureau\[CheatDB] X-Tern 2008-02-14\x-tern.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4811ce06-af1c-11dc-a92e-00142a564064}]
\Shell\AutoRun\command - N:\start.exe
\Shell\iledefrance\command - N:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e6385a0-c73b-11dc-a974-00142a564064}]
\Shell\AutoRun\command - D:\start.exe
\Shell\iledefrance\command - D:\start.exe
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-Google Update - C:\Documents and Settings\Sébastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://orange.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Start Page = hxxp://fr.yahoo.com
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Recherche AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Crawler Search - tbr:iemenu
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe -
O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 19:22:22
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
"ImagePath"="\??\C:\Documents and Settings\Sébastien\Bureau\
[CheatDB] X-Tern 2008-02-14\x-tern.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\x-tern]
"ImagePath"="\??\C:\Documents and Settings\Sébastien\Bureau\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-09-27 19:27:25 - La machine a redémarré [S‚bastien]
ComboFix-quarantined-files.txt 2008-09-27 17:27:05
Avant-CF: 63ÿ427ÿ293ÿ184 octets libres
Après-CF: 63,733,379,072 octets libres
217 --- E O F --- 2008-09-27 01:01:03
Salut, sur les conseils de totobetourne, je t'envoie le dernier scan de combi, il m'indique n'avoir rien trouver sur mon dernier Hijack.
Merci de me tenir informé de la suite donner, bon courage ........
ComboFix 08-09-26.06 - S‚bastien 2008-09-28 17:03:51.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.524 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\S‚bastien\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Sébastien\Cookies\sébastien@bluestreak[1].txt
C:\Documents and Settings\Sébastien\Cookies\sébastien@edt02[2].txt
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA.cfg
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA0.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA1.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA2.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA3.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA4.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA5.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA6.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA7.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA8.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA9.che
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-28 ))))))))))))))))))))))))))))))))))))
.
2008-09-28 14:07 . 2008-09-28 14:10 5,376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-26 20:59 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-26 20:59 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-26 20:59 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-26 20:56 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-26 20:26 . 2008-09-26 20:26 <REP> d-------- C:\WINDOWS\EHome
2008-09-26 17:28 . 2008-09-28 10:56 1,272 --a------ C:\Documents and Settings\Orph.egd
2008-09-26 17:27 . 2008-09-28 10:57 <REP> d-------- C:\ToolBar SD
2008-09-04 18:27 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 12:13 --------- d-----w C:\Program Files\Steam
2008-09-28 12:10 72,066 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-09-28 12:10 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-09-28 11:42 --------- d-----w C:\Program Files\Spyware Terminator
2008-09-28 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-09-28 10:00 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\Spyware Terminator
2008-09-27 18:16 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\MegauploadToolbar
2008-09-27 18:15 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\EoRezo
2008-09-23 17:11 --------- d-----w C:\Program Files\Navilog1
2008-09-20 19:02 98,304 ----a-w C:\WINDOWS\DUMP56da.tmp
2008-09-20 18:59 98,304 ----a-w C:\WINDOWS\DUMP631f.tmp
2008-09-20 18:53 98,304 ----a-w C:\WINDOWS\DUMP5c0a.tmp
2008-09-20 08:49 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\skypePM
2008-09-09 23:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 23:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-08 17:32 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-04 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-09-04 13:18 4,364 ----a-w C:\Documents and Settings\Sébastien\Application Data\wklnhst.dat
2008-08-31 16:30 --------- d-----w C:\Program Files\Notepad++
2008-08-31 16:30 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\Notepad++
2008-08-28 07:11 --------- d-----w C:\Program Files\PartyGaming
2008-08-28 07:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 06:51 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\Mozilla
2008-08-25 20:10 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-20 21:25 --------- d-----w C:\Program Files\TmNationsForever
2008-07-25 17:08 98,304 ----a-w C:\WINDOWS\DUMP491e.tmp
2008-07-25 17:07 98,304 ----a-w C:\WINDOWS\DUMP48d0.tmp
2008-07-25 17:05 98,304 ----a-w C:\WINDOWS\DUMP4eeb.tmp
2008-07-25 17:04 98,304 ----a-w C:\WINDOWS\DUMP4f1a.tmp
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 68,808 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-12-12 15:12 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-01-12 20:51 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2002-12-31 19:07 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012002123120030101\index.dat
.
------- Sigcheck -------
2006-10-23 17:34 668672 efa0c2870cba1747809a13e09f35bf82 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll
2007-03-23 11:29 823296 375b58a68a016546535a84060092325c C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
2007-04-25 10:26 823808 47ddad237f60729dea2b9e0e2382b58f C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 16:14 824320 7201d19b81883b57d5ffe8ebb5a83e8b C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 11:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 01:22 825344 871ae10d6ae8877e9636ae5017953d52 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:42 825344 f4fd487241d3ac291046a22cebd2cf71 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:34 827392 5a0093f59b505c008ed0cee615563c72 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-23 09:19 827392 78d3d2b0be6ad3e6d82ccb115cf74310 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 17:40 827904 52589bae67dd9859724287372668690b C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2006-10-23 17:18 663040 6091fee2b68974683d52119a98be3564 C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
2004-08-05 14:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB925454_0$\wininet.dll
2006-10-23 17:34 668672 efa0c2870cba1747809a13e09f35bf82 C:\WINDOWS\ie7\wininet.dll
2006-11-07 22:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 10:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll
2007-02-27 15:26 822784 75de73e328e300caed5965faea2f5d3f C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 09:40 822784 2c138ab59e2ffa06e8952ae656e443c5 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 15:24 823808 2274862267d7445e7010d9af826e89c3 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 11:59 824832 f6dfceed3a7aa4c9eeb966d3f1adc70a C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:49 815616 2dbcc6065570d7822bfc7a7b22ca1489 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:08 824832 4fc90bece54fac81b0090b94e27bfb6b C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 14:58 826368 8e027981ddffa690d456fe18b37415a0 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 06:16 826368 02d6aabd5f5a32c61478b5cdfe50e4a8 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2008-06-23 18:28 817152 5f8a137bed66cb1150f139e4e6a6355c C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-04-14 04:33 670208 4a6e04ea20f48d750d9bfed8600d516b C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\wininet.dll
2008-06-23 18:28 817152 5f8a137bed66cb1150f139e4e6a6355c C:\WINDOWS\system32\wininet.dll
2008-06-23 18:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\explorer.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2008-04-14 04:34 112640 7e3defe771cb451b0ff630bfa435417e C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\wuauclt.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-27_19.26.32.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-05 12:00:00 352,256 ----a-w C:\WINDOWS\BricoPacks\SysFiles\10_cmdial32.dll
+ 2008-04-14 02:33:21 353,280 ----a-w C:\WINDOWS\BricoPacks\SysFiles\10_cmdial32.dll
+ 2005-08-20 09:30:00 2,085,888 ----a-w C:\WINDOWS\BricoPacks\SysFiles\118_shellstyle.dll
+ 2005-08-20 11:48:00 1,201,664 ----a-w C:\WINDOWS\BricoPacks\SysFiles\119_shellstyle.dll
- 2004-08-05 12:00:00 165,888 ----a-w C:\WINDOWS\BricoPacks\SysFiles\12_credui.dll
+ 2008-04-14 02:33:21 165,888 ----a-w C:\WINDOWS\BricoPacks\SysFiles\12_credui.dll
+ 2005-08-20 09:30:00 2,085,888 ----a-w C:\WINDOWS\BricoPacks\SysFiles\120_shellstyle.dll
+ 2005-08-20 11:48:00 1,201,664 ----a-w C:\WINDOWS\BricoPacks\SysFiles\121_shellstyle.dll
+ 2007-04-20 17:16:00 1,117,184 ----a-w C:\WINDOWS\BricoPacks\SysFiles\123_Shellstyle.dll
+ 2007-04-20 17:16:00 1,117,184 ----a-w C:\WINDOWS\BricoPacks\SysFiles\124_Shellstyle.dll
+ 2007-04-21 09:07:00 894,464 ----a-w C:\WINDOWS\BricoPacks\SysFiles\125_Shellstyle.dll
+ 2007-04-20 17:16:00 1,117,184 ----a-w C:\WINDOWS\BricoPacks\SysFiles\126_Shellstyle.dll
- 2007-06-13 13:22:28 1,037,312 ----a-w C:\WINDOWS\BricoPacks\SysFiles\14_explorer.exe
+ 2008-04-14 02:34:03 1,037,824 ----a-w C:\WINDOWS\BricoPacks\SysFiles\14_explorer.exe
- 2004-08-05 12:00:00 386,560 ----a-w C:\WINDOWS\BricoPacks\SysFiles\15_fontext.dll
+ 2008-04-14 02:33:24 386,560 ----a-w C:\WINDOWS\BricoPacks\SysFiles\15_fontext.dll
- 2004-08-05 12:00:00 768,512 ----a-w C:\WINDOWS\BricoPacks\SysFiles\17_helpctr.exe
+ 2008-04-14 02:34:06 769,024 ----a-w C:\WINDOWS\BricoPacks\SysFiles\17_helpctr.exe
- 2004-08-05 12:00:00 146,944 ----a-w C:\WINDOWS\BricoPacks\SysFiles\18_hotplug.dll
+ 2008-04-14 02:33:26 146,944 ----a-w C:\WINDOWS\BricoPacks\SysFiles\18_hotplug.dll
- 2004-08-05 12:00:00 98,304 ----a-w C:\WINDOWS\BricoPacks\SysFiles\2_ahui.exe
+ 2008-04-14 02:33:53 98,304 ----a-w C:\WINDOWS\BricoPacks\SysFiles\2_ahui.exe
- 2004-08-05 12:00:00 157,184 ----a-w C:\WINDOWS\BricoPacks\SysFiles\23_keymgr.dll
+ 2008-04-14 02:33:28 157,184 ----a-w C:\WINDOWS\BricoPacks\SysFiles\23_keymgr.dll
- 2004-08-05 12:00:00 221,696 ----a-w C:\WINDOWS\BricoPacks\SysFiles\24_logon.scr
+ 2008-04-14 02:34:32 221,696 ----a-w C:\WINDOWS\BricoPacks\SysFiles\24_logon.scr
- 2004-08-05 12:00:00 246,784 ----a-w C:\WINDOWS\BricoPacks\SysFiles\26_migwiz.exe
+ 2008-04-14 02:34:11 251,904 ----a-w C:\WINDOWS\BricoPacks\SysFiles\26_migwiz.exe
- 2004-08-05 12:00:00 216,064 ----a-w C:\WINDOWS\BricoPacks\SysFiles\28_moricons.dll
+ 2008-04-13 16:45:30 216,064 ----a-w C:\WINDOWS\BricoPacks\SysFiles\28_moricons.dll
- 2004-08-05 12:00:00 1,004,032 ----a-w C:\WINDOWS\BricoPacks\SysFiles\29_msgina.dll
+ 2008-04-14 02:33:31 1,007,104 ----a-w C:\WINDOWS\BricoPacks\SysFiles\29_msgina.dll
- 2007-10-30 23:23:48 3,590,656 ----a-w C:\WINDOWS\BricoPacks\SysFiles\30_mshtml.dll
+ 2008-06-24 08:28:24 3,592,192 ----a-w C:\WINDOWS\BricoPacks\SysFiles\30_mshtml.dll
- 2004-08-05 12:00:00 347,648 ----a-w C:\WINDOWS\BricoPacks\SysFiles\31_mspaint.exe
+ 2008-04-14 02:34:14 347,648 ----a-w C:\WINDOWS\BricoPacks\SysFiles\31_mspaint.exe
- 2004-08-05 12:00:00 281,600 ----a-w C:\WINDOWS\BricoPacks\SysFiles\32_mstask.dll
+ 2008-04-14 02:33:33 281,600 ----a-w C:\WINDOWS\BricoPacks\SysFiles\32_mstask.dll
- 2004-08-05 12:00:00 655,360 ----a-w C:\WINDOWS\BricoPacks\SysFiles\33_mstscax.dll
+ 2008-04-14 02:33:28 2,061,824 ----a-w C:\WINDOWS\BricoPacks\SysFiles\33_mstscax.dll
- 2004-08-05 12:00:00 91,648 ----a-w C:\WINDOWS\BricoPacks\SysFiles\34_mydocs.dll
+ 2008-04-14 02:33:34 91,648 ----a-w C:\WINDOWS\BricoPacks\SysFiles\34_mydocs.dll
- 2004-08-05 12:00:00 55,296 ----a-w C:\WINDOWS\BricoPacks\SysFiles\35_narrator.exe
+ 2008-04-14 02:34:14 55,296 ----a-w C:\WINDOWS\BricoPacks\SysFiles\35_narrator.exe
- 2004-08-05 12:00:00 144,896 ----a-w C:\WINDOWS\BricoPacks\SysFiles\37_netid.dll
+ 2008-04-14 02:33:34 144,896 ----a-w C:\WINDOWS\BricoPacks\SysFiles\37_netid.dll
- 2004-08-05 12:00:00 1,723,904 ----a-w C:\WINDOWS\BricoPacks\SysFiles\38_netshell.dll
+ 2008-04-14 02:33:35 1,719,808 ----a-w C:\WINDOWS\BricoPacks\SysFiles\38_netshell.dll
- 2004-08-05 12:00:00 251,392 ----a-w C:\WINDOWS\BricoPacks\SysFiles\39_newdev.dll
+ 2008-04-14 02:33:35 250,880 ----a-w C:\WINDOWS\BricoPacks\SysFiles\39_newdev.dll
- 2004-08-05 12:00:00 28,672 ----a-w C:\WINDOWS\BricoPacks\SysFiles\4_batmeter.dll
+ 2008-04-14 02:33:19 29,184 ----a-w C:\WINDOWS\BricoPacks\SysFiles\4_batmeter.dll
- 2004-08-05 12:00:00 70,656 ----a-w C:\WINDOWS\BricoPacks\SysFiles\40_notepad.exe
+ 2008-04-14 02:34:15 70,656 ----a-w C:\WINDOWS\BricoPacks\SysFiles\40_notepad.exe
- 2004-08-05 12:00:00 70,656 ----a-w C:\WINDOWS\BricoPacks\SysFiles\41_notepad.exe
+ 2008-04-14 02:34:15 70,656 ----a-w C:\WINDOWS\BricoPacks\SysFiles\41_notepad.exe
- 2004-08-05 12:00:00 145,920 ----a-w C:\WINDOWS\BricoPacks\SysFiles\42_ntshrui.dll
+ 2008-04-14 02:33:36 145,920 ----a-w C:\WINDOWS\BricoPacks\SysFiles\42_ntshrui.dll
- 2007-10-10 23:49:45 102,400 ----a-w C:\WINDOWS\BricoPacks\SysFiles\44_occache.dll
+ 2008-06-23 16:28:22 102,912 ----a-w C:\WINDOWS\BricoPacks\SysFiles\44_occache.dll
- 2004-08-05 12:00:00 578,560 ----a-w C:\WINDOWS\BricoPacks\SysFiles\46_printui.dll
+ 2008-04-14 02:33:38 578,560 ----a-w C:\WINDOWS\BricoPacks\SysFiles\46_printui.dll
- 2004-08-05 12:00:00 685,056 ----a-w C:\WINDOWS\BricoPacks\SysFiles\47_rasdlg.dll
+ 2008-04-14 02:33:39 685,568 ----a-w C:\WINDOWS\BricoPacks\SysFiles\47_rasdlg.dll
- 2004-08-05 12:00:00 153,088 ----a-w C:\WINDOWS\BricoPacks\SysFiles\48_regedit.exe
+ 2008-04-14 02:34:19 153,088 ----a-w C:\WINDOWS\BricoPacks\SysFiles\48_regedit.exe
- 2004-08-05 12:00:00 572,416 ----a-w C:\WINDOWS\BricoPacks\SysFiles\49_shdoclc.dll
+ 2008-04-14 02:00:59 572,416 ----a-w C:\WINDOWS\BricoPacks\SysFiles\49_shdoclc.dll
- 2006-10-23 15:34:35 1,022,976 ----a-w C:\WINDOWS\BricoPacks\SysFiles\5_browseui.dll
+ 2008-04-14 02:33:20 1,025,024 ----a-w C:\WINDOWS\BricoPacks\SysFiles\5_browseui.dll
- 2006-10-23 15:34:38 1,497,600 ----a-w C:\WINDOWS\BricoPacks\SysFiles\50_shdocvw.dll
+ 2008-04-14 02:33:41 1,499,136 ----a-w C:\WINDOWS\BricoPacks\SysFiles\50_shdocvw.dll
- 2007-10-25 16:43:25 8,516,608 ----a-w C:\WINDOWS\BricoPacks\SysFiles\51_shell32.dll
+ 2008-04-14 02:33:41 8,517,632 ----a-w C:\WINDOWS\BricoPacks\SysFiles\51_shell32.dll
- 2004-08-05 12:00:00 440,320 ----a-w C:\WINDOWS\BricoPacks\SysFiles\52_shimgvw.dll
+ 2008-04-14 02:33:41 440,320 ----a-w C:\WINDOWS\BricoPacks\SysFiles\52_shimgvw.dll
- 2006-10-23 15:34:38 474,624 ----a-w C:\WINDOWS\BricoPacks\SysFiles\53_shlwapi.dll
+ 2008-04-14 02:33:41 474,624 ----a-w C:\WINDOWS\BricoPacks\SysFiles\53_shlwapi.dll
- 2004-08-05 12:00:00 133,120 ----a-w C:\WINDOWS\BricoPacks\SysFiles\54_sndrec32.exe
+ 2008-04-14 02:34:22 133,120 ----a-w C:\WINDOWS\BricoPacks\SysFiles\54_sndrec32.exe
- 2004-08-05 12:00:00 122,368 ----a-w C:\WINDOWS\BricoPacks\SysFiles\56_stobject.dll
+ 2008-04-14 02:33:46 122,368 ----a-w C:\WINDOWS\BricoPacks\SysFiles\56_stobject.dll
- 2004-08-05 12:00:00 107,520 ----a-w C:\WINDOWS\BricoPacks\SysFiles\58_sysocmgr.exe
+ 2008-04-14 02:34:24 107,520 ----a-w C:\WINDOWS\BricoPacks\SysFiles\58_sysocmgr.exe
- 2004-08-05 12:00:00 1,005,056 ----a-w C:\WINDOWS\BricoPacks\SysFiles\59_syssetup.dll
+ 2008-04-14 02:33:46 1,013,248 ----a-w C:\WINDOWS\BricoPacks\SysFiles\59_syssetup.dll
- 2004-08-05 12:00:00 85,504 ----a-w C:\WINDOWS\BricoPacks\SysFiles\6_cabview.dll
+ 2008-04-14 02:33:20 85,504 ----a-w C:\WINDOWS\BricoPacks\SysFiles\6_cabview.dll
- 2004-08-05 12:00:00 143,360 ----a-w C:\WINDOWS\BricoPacks\SysFiles\60_taskmgr.exe
+ 2008-04-14 02:34:25 143,360 ----a-w C:\WINDOWS\BricoPacks\SysFiles\60_taskmgr.exe
- 2004-08-05 12:00:00 391,168 ----a-w C:\WINDOWS\BricoPacks\SysFiles\62_themeui.dll
+ 2008-04-14 02:33:46 391,168 ----a-w C:\WINDOWS\BricoPacks\SysFiles\62_themeui.dll
- 2007-10-10 23:49:45 105,984 ----a-w C:\WINDOWS\BricoPacks\SysFiles\64_url.dll
+ 2008-06-23 16:28:22 105,984 ----a-w C:\WINDOWS\BricoPacks\SysFiles\64_url.dll
- 2007-10-10 23:49:45 1,159,680 ----a-w C:\WINDOWS\BricoPacks\SysFiles\65_urlmon.dll
+ 2008-06-23 16:28:23 1,159,680 ----a-w C:\WINDOWS\BricoPacks\SysFiles\65_urlmon.dll
- 2007-10-10 23:49:45 232,960 ----a-w C:\WINDOWS\BricoPacks\SysFiles\66_webcheck.dll
+ 2008-06-23 16:28:23 233,472 ----a-w C:\WINDOWS\BricoPacks\SysFiles\66_webcheck.dll
- 2004-08-05 12:00:00 438,784 ----a-w C:\WINDOWS\BricoPacks\SysFiles\67_wiaacmgr.exe
+ 2008-04-14 02:34:27 438,784 ----a-w C:\WINDOWS\BricoPacks\SysFiles\67_wiaacmgr.exe
- 2004-08-05 12:00:00 594,432 ----a-w C:\WINDOWS\BricoPacks\SysFiles\68_wiashext.dll
+ 2008-04-14 02:33:48 594,432 ----a-w C:\WINDOWS\BricoPacks\SysFiles\68_wiashext.dll
- 2007-10-10 23:49:45 824,832 ----a-w C:\WINDOWS\BricoPacks\SysFiles\69_wininet.dll
+ 2008-06-23 16:28:23 826,368 ----a-w C:\WINDOWS\BricoPacks\SysFiles\69_wininet.dll
- 2004-08-05 12:00:00 773,632 ----a-w C:\WINDOWS\BricoPacks\SysFiles\70_WINNTBBU.DLL
+ 2008-04-14 02:32:53 764,416 ----a-w C:\WINDOWS\BricoPacks\SysFiles\70_WINNTBBU.DLL
- 2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\BricoPacks\SysFiles\71_winsrv.dll
+ 2008-04-14 02:33:48 293,888 ----a-w C:\WINDOWS\BricoPacks\SysFiles\71_winsrv.dll
- 2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\BricoPacks\SysFiles\73_wuauclt.exe
+ 2008-07-18 20:10:42 53,448 ----a-w C:\WINDOWS\BricoPacks\SysFiles\73_wuauclt.exe
- 2004-08-05 12:00:00 2,986,496 ----a-w C:\WINDOWS\BricoPacks\SysFiles\76_xpsp2res.dll
+ 2008-04-13 18:36:46 2,986,496 ----a-w C:\WINDOWS\BricoPacks\SysFiles\76_xpsp2res.dll
- 2004-08-05 12:00:00 340,480 ----a-w C:\WINDOWS\BricoPacks\SysFiles\77_zipfldr.dll
+ 2008-04-14 02:33:52 340,992 ----a-w C:\WINDOWS\BricoPacks\SysFiles\77_zipfldr.dll
- 2004-08-05 12:00:00 515,584 ----a-w C:\WINDOWS\BricoPacks\SysFiles\78_logonui.exe
+ 2008-04-14 02:34:09 515,584 ----a-w C:\WINDOWS\BricoPacks\SysFiles\78_logonui.exe
- 2004-08-05 12:00:00 65,536 ----a-w C:\WINDOWS\BricoPacks\SysFiles\8_cleanmgr.exe
+ 2008-04-14 02:33:57 65,536 ----a-w C:\WINDOWS\BricoPacks\SysFiles\8_cleanmgr.exe
- 2004-08-05 12:00:00 60,416 ----a-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
+ 2008-04-14 02:34:13 60,416 ----a-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
- 2004-08-05 12:00:00 2,534,400 ----a-w C:\WINDOWS\BricoPacks\SysFiles\81_msoeres.dll
+ 2008-04-14 02:02:34 2,534,400 ----a-w C:\WINDOWS\BricoPacks\SysFiles\81_msoeres.dll
- 2004-08-05 12:00:00 400,896 ----a-w C:\WINDOWS\BricoPacks\SysFiles\9_cmd.exe
+ 2008-04-14 02:33:57 401,408 ----a-w C:\WINDOWS\BricoPacks\SysFiles\9_cmd.exe
- 2004-08-05 12:00:00 219,648 ----a-w C:\WINDOWS\BricoPacks\SysFiles\Ux_uxtheme.dll
+ 2008-04-14 02:33:48 219,648 ----a-w C:\WINDOWS\BricoPacks\SysFiles\Ux_uxtheme.dll
- 2008-01-29 09:16:23 33,617 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\uninstall.exe
+ 2008-09-28 12:08:34 33,617 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\uninstall.exe
- 2004-08-05 12:00:00 457,728 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\10_cmdial32.dll
+ 2008-04-14 02:33:21 458,752 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\10_cmdial32.dll
- 2004-08-05 12:00:00 190,976 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\12_credui.dll
+ 2008-04-14 02:33:21 190,976 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\12_credui.dll
- 2007-06-13 13:22:28 979,456 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\14_explorer.exe
+ 2008-04-14 02:34:03 979,968 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\14_explorer.exe
- 2004-08-05 12:00:00 396,288 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\15_fontext.dll
+ 2008-04-14 02:33:24 396,288 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\15_fontext.dll
- 2004-08-05 12:00:00 764,928 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\17_helpctr.exe
+ 2008-04-14 02:34:06 765,440 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\17_helpctr.exe
- 2004-08-05 12:00:00 161,792 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\18_hotplug.dll
+ 2008-04-14 02:33:26 161,792 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\18_hotplug.dll
- 2004-08-05 12:00:00 101,376 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\2_ahui.exe
+ 2008-04-14 02:33:53 101,376 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\2_ahui.exe
- 2004-08-05 12:00:00 409,600 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\23_keymgr.dll
+ 2008-04-14 02:33:28 409,600 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\23_keymgr.dll
- 2004-08-05 12:00:00 3,128,320 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\24_logon.scr
+ 2008-04-14 02:34:32 3,128,320 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\24_logon.scr
- 2004-08-05 12:00:00 544,768 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\26_migwiz.exe
+ 2008-04-14 02:34:11 549,888 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\26_migwiz.exe
- 2004-08-05 12:00:00 380,416 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\28_moricons.dll
+ 2008-04-13 16:45:30 379,904 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\28_moricons.dll
- 2004-08-05 12:00:00 1,111,552 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\29_msgina.dll
+ 2008-04-14 02:33:31 1,114,624 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\29_msgina.dll
- 2007-10-30 23:23:48 3,863,552 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\30_mshtml.dll
+ 2008-06-24 08:28:24 3,865,088 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\30_mshtml.dll
- 2004-08-05 12:00:00 444,928 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\31_mspaint.exe
+ 2008-04-14 02:34:14 444,928 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\31_mspaint.exe
- 2004-08-05 12:00:00 328,192 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\32_mstask.dll
+ 2008-04-14 02:33:33 328,192 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\32_mstask.dll
- 2004-08-05 12:00:00 657,408 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\33_mstscax.dll
+ 2008-04-14 02:33:28 2,089,472 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\33_mstscax.dll
- 2004-08-05 12:00:00 86,528 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\34_mydocs.dll
+ 2008-04-14 02:33:34 86,528 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\34_mydocs.dll
- 2004-08-05 12:00:00 56,832 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\35_narrator.exe
+ 2008-04-14 02:34:14 56,832 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\35_narrator.exe
- 2004-08-05 12:00:00 153,088 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\37_netid.dll
+ 2008-04-14 02:33:34 153,088 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\37_netid.dll
- 2004-08-05 12:00:00 2,139,648 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\38_netshell.dll
+ 2008-04-14 02:33:35 2,135,552 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\38_netshell.dll
- 2004-08-05 12:00:00 416,256 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\39_newdev.dll
+ 2008-04-14 02:33:35 415,744 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\39_newdev.dll
- 2004-08-05 12:00:00 28,672 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\4_batmeter.dll
+ 2008-04-14 02:33:19 29,184 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\4_batmeter.dll
- 2004-08-05 12:00:00 156,672 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\40_notepad.exe
+ 2008-04-14 02:34:15 156,672 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\40_notepad.exe
- 2004-08-05 12:00:00 156,672 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\41_notepad.exe
+ 2008-04-14 02:34:15 156,672 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\41_notepad.exe
- 2004-08-05 12:00:00 233,984 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\42_ntshrui.dll
+ 2008-04-14 02:33:36 233,984 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\42_ntshrui.dll
- 2007-10-10 23:49:45 163,840 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\44_occache.dll
+ 2008-06-23 16:28:22 164,352 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\44_occache.dll
- 2004-08-05 12:00:00 758,784 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\46_printui.dll
+ 2008-04-14 02:33:38 758,784 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\46_printui.dll
- 2004-08-05 12:00:00 1,256,960 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\47_rasdlg.dll
+ 2008-04-14 02:33:39 1,257,472 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\47_rasdlg.dll
- 2004-08-05 12:00:00 230,912 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\48_regedit.exe
+ 2008-04-14 02:34:19 230,912 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\48_regedit.exe
- 2004-08-05 12:00:00 689,664 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\49_shdoclc.dll
+ 2008-04-14 02:00:59 689,664 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\49_shdoclc.dll
- 2006-10-23 15:34:35 1,021,440 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\5_browseui.dll
+ 2008-04-14 02:33:20 1,023,488 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\5_browseui.dll
- 2006-10-23 15:34:38 1,777,152 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\50_shdocvw.dll
+ 2008-04-14 02:33:41 1,778,688 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\50_shdocvw.dll
- 2007-10-25 16:43:25 12,930,560 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\51_shell32.dll
+ 2008-04-14 02:33:41 12,931,584 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\51_shell32.dll
- 2004-08-05 12:00:00 1,790,464 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\52_shimgvw.dll
+ 2008-04-14 02:33:41 1,790,464 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\52_shimgvw.dll
- 2006-10-23 15:34:38 499,200 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\53_shlwapi.dll
+ 2008-04-14 02:33:41 499,200 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\53_shlwapi.dll
- 2004-08-05 12:00:00 182,272 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\54_sndrec32.exe
+ 2008-04-14 02:34:22 182,272 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\54_sndrec32.exe
- 2004-08-05 12:00:00 147,968 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\56_stobject.dll
+ 2008-04-14 02:33:46 147,968 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\56_stobject.dll
- 2004-08-05 12:00:00 183,296 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\58_sysocmgr.exe
+ 2008-04-14 02:34:24 183,296 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\58_sysocmgr.exe
- 2004-08-05 12:00:00 1,261,568 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\59_syssetup.dll
+ 2008-04-14 02:33:46 1,269,760 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\59_syssetup.dll
- 2004-08-05 12:00:00 83,456 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\6_cabview.dll
+ 2008-04-14 02:33:20 83,456 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\6_cabview.dll
- 2004-08-05 12:00:00 189,440 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\60_taskmgr.exe
+ 2008-04-14 02:34:25 189,440 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\60_taskmgr.exe
- 2004-08-05 12:00:00 393,728 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\62_themeui.dll
+ 2008-04-14 02:33:46 393,728 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\62_themeui.dll
- 2007-10-10 23:49:45 62,464 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\64_url.dll
+ 2008-06-23 16:28:22 62,464 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\64_url.dll
- 2007-10-10 23:49:45 1,233,408 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\65_urlmon.dll
+ 2008-06-23 16:28:23 1,233,408 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\65_urlmon.dll
- 2007-10-10 23:49:45 393,728 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\66_webcheck.dll
+ 2008-06-23 16:28:23 394,240 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\66_webcheck.dll
- 2004-08-05 12:00:00 890,880 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\67_wiaacmgr.exe
+ 2008-04-14 02:34:27 890,368 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\67_wiaacmgr.exe
- 2004-08-05 12:00:00 774,656 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\68_wiashext.dll
+ 2008-04-14 02:33:48 774,656 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\68_wiashext.dll
- 2007-10-10 23:49:45 815,616 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\69_wininet.dll
+ 2008-06-23 16:28:23 817,152 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\69_wininet.dll
- 2004-08-05 12:00:00 773,120 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\70_WINNTBBU.DLL
+ 2008-04-14 02:32:53 763,904 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\70_WINNTBBU.DLL
- 2007-03-17 13:44:47 294,400 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\71_winsrv.dll
+ 2008-04-14 02:33:48 294,912 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\71_winsrv.dll
- 2007-07-30 17:19:16 68,440 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\73_wuauclt.exe
+ 2008-07-18 20:10:42 68,808 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\73_wuauclt.exe
- 2004-08-05 12:00:00 3,378,176 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\76_xpsp2res.dll
+ 2008-04-13 18:36:46 3,378,176 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\76_xpsp2res.dll
- 2004-08-05 12:00:00 907,776 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\77_zipfldr.dll
+ 2008-04-14 02:33:52 908,288 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\77_zipfldr.dll
- 2004-08-05 12:00:00 5,650,944 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\78_logonui.exe
+ 2008-04-14 02:34:09 5,650,944 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\78_logonui.exe
- 2004-08-05 12:00:00 110,080 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\8_cleanmgr.exe
+ 2008-04-14 02:33:57 110,080 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\8_cleanmgr.exe
- 2004-08-05 12:00:00 223,744 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\80_msimn.exe
+ 2008-04-14 02:34:13 223,744 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\80_msimn.exe
- 2004-08-05 12:00:00 2,534,400 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\81_msoeres.dll
+ 2008-04-14 02:02:34 2,534,400 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\81_msoeres.dll
- 2004-08-05 12:00:00 428,032 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\9_cmd.exe
+ 2008-04-14 02:33:57 428,032 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\9_cmd.exe
- 2008-01-29 09:17:29 219,648 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\Ux_uxtheme.dll
+ 2008-09-28 12:10:00 219,648 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\Ux_uxtheme.dll
- 2008-01-29 09:17:30 153,834 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
+ 2008-09-28 12:10:00 153,834 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
- 2008-04-14 02:34:15 70,656 ----a-w C:\WINDOWS\notepad.exe
+ 2008-04-14 02:34:15 156,672 ----a-w C:\WINDOWS\notepad.exe
- 2008-04-14 02:34:06 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
+ 2008-04-14 02:34:06 765,440 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
- 2008-04-14 02:34:19 153,088 ----a-w C:\WINDOWS\regedit.exe
+ 2008-04-14 02:34:19 230,912 ----a-w C:\WINDOWS\regedit.exe
- 2008-04-14 02:33:53 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
+ 2008-04-14 02:33:53 101,376 ----a-w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
- 2008-04-14 02:33:20 1,025,024 ------w C:\WINDOWS\ServicePackFiles\i386\browseui.dll
+ 2008-04-14 02:33:20 1,023,488 ----a-w C:\WINDOWS\ServicePackFiles\i386\browseui.dll
- 2008-04-14 02:33:20 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\cabview.dll
+ 2008-04-14 02:33:20 83,456 ----a-w C:\WINDOWS\ServicePackFiles\i386\cabview.dll
- 2008-04-14 02:33:57 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
+ 2008-04-14 02:33:57 110,080 ----a-w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
- 2008-04-14 02:33:57 401,408 ------w C:\WINDOWS\ServicePackFiles\i386\cmd.exe
+ 2008-04-14 02:33:57 428,032 ----a-w C:\WINDOWS\ServicePackFiles\i386\cmd.exe
- 2008-04-14 02:33:21 353,280 ------w C:\WINDOWS\ServicePackFiles\i386\cmdial32.dll
+ 2008-04-14 02:33:21 458,752 ----a-w C:\WINDOWS\ServicePackFiles\i386\cmdial32.dll
- 2008-04-14 02:33:21 165,888 ------w C:\WINDOWS\ServicePackFiles\i386\credui.dll
+ 2008-04-14 02:33:21 190,976 ----a-w C:\WINDOWS\ServicePackFiles\i386\credui.dll
- 2008-04-14 02:33:24 386,560 ------w C:\WINDOWS\ServicePackFiles\i386\fontext.dll
+ 2008-04-14 02:33:24 396,288 ----a-w C:\WINDOWS\ServicePackFiles\i386\fontext.dll
- 2008-04-14 02:34:06 769,024 ------w C:\WINDOWS\ServicePackFiles\i386\helpctr.exe
+ 2008-04-14 02:34:06 765,440 ----a-w C:\WINDOWS\ServicePackFiles\i386\helpctr.exe
- 2008-04-14 02:33:26 146,944 ------w C:\WINDOWS\ServicePackFiles\i386\hotplug.dll
+ 2008-04-14 02:33:26 161,792 ----a-w C:\WINDOWS\ServicePackFiles\i386\hotplug.dll
- 2008-04-14 02:33:28 157,184 ------w C:\WINDOWS\ServicePackFiles\i386\keymgr.dll
+ 2008-04-14 02:33:28 409,600 ----a-w C:\WINDOWS\ServicePackFiles\i386\keymgr.dll
- 2008-04-14 02:34:32 221,696 ------w C:\WINDOWS\ServicePackFiles\i386\logon.scr
+ 2008-04-14 02:34:32 3,128,320 ----a-w C:\WINDOWS\ServicePackFiles\i386\logon.scr
- 2008-04-14 02:34:09 515,584 ------w C:\WINDOWS\ServicePackFiles\i386\logonui.exe
+ 2008-04-14 02:34:09 5,650,944 ----a-w C:\WINDOWS\ServicePackFiles\i386\logonui.exe
- 2008-04-14 02:34:11 251,904 ------w C:\WINDOWS\ServicePackFiles\i386\migwiz.exe
+ 2008-04-14 02:34:11 549,888 ----a-w C:\WINDOWS\ServicePackFiles\i386\migwiz.exe
- 2008-04-13 16:45:30 216,064 ------w C:\WINDOWS\ServicePackFiles\i386\moricons.dll
+ 2008-04-13 16:45:30 379,904 ----a-w C:\WINDOWS\ServicePackFiles\i386\moricons.dll
- 2008-04-14 02:34:12 3,558,912 ------w C:\WINDOWS\ServicePackFiles\i386\moviemk.exe
+ 2004-08-05 12:00:00 3,676,160 ----a-w C:\WINDOWS\ServicePackFiles\i386\moviemk.exe
- 2008-04-14 02:33:31 1,007,104 ------w C:\WINDOWS\ServicePackFiles\i386\msgina.dll
+ 2008-04-14 02:33:31 1,114,624 ----a-w C:\WINDOWS\ServicePackFiles\i386\msgina.dll
- 2008-04-14 02:33:31 3,066,880 ------w C:\WINDOWS\ServicePackFiles\i386\mshtml.dll
+ 2008-06-24 08:28:24 3,865,088 ----a-w C:\WINDOWS\ServicePackFiles\i386\mshtml.dll
- 2008-04-14 02:34:13 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\msimn.exe
+ 2008-04-14 02:34:13 223,744 ----a-w C:\WINDOWS\ServicePackFiles\i386\msimn.exe
- 2008-04-14 02:34:14 347,648 ------w C:\WINDOWS\ServicePackFiles\i386\mspaint.exe
+ 2008-04-14 02:34:14 444,928 ----a-w C:\WINDOWS\ServicePackFiles\i386\mspaint.exe
- 2008-04-14 02:33:33 281,600 ------w C:\WINDOWS\ServicePackFiles\i386\mstask.dll
+ 2008-04-14 02:33:33 328,192 ----a-w C:\WINDOWS\ServicePackFiles\i386\mstask.dll
- 2008-04-14 02:33:34 91,648 ------w C:\WINDOWS\ServicePackFiles\i386\mydocs.dll
+ 2008-04-14 02:33:34 86,528 ----a-w C:\WINDOWS\ServicePackFiles\i386\mydocs.dll
- 2008-04-14 02:34:14 55,296 ------w C:\WINDOWS\ServicePackFiles\i386\narrator.exe
+ 2008-04-14 02:34:14 56,832 ----a-w C:\WINDOWS\ServicePackFiles\i386\narrator.exe
- 2008-04-14 02:33:34 144,896 ------w C:\WINDOWS\ServicePackFiles\i386\netid.dll
+ 2008-04-14 02:33:34 153,088 ----a-w C:\WINDOWS\ServicePackFiles\i386\netid.dll
- 2008-04-14 02:33:35 1,719,808 ------w C:\WINDOWS\ServicePackFiles\i386\netshell.dll
+ 2008-04-14 02:33:35 2,135,552 ----a-w C:\WINDOWS\ServicePackFiles\i386\netshell.dll
- 2008-04-14 02:33:35 250,880 ------w C:\WINDOWS\ServicePackFiles\i386\newdev.dll
+ 2008-04-14 02:33:35 415,744 ----a-w C:\WINDOWS\ServicePackFiles\i386\newdev.dll
- 2008-04-14 02:34:15 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\notepad.exe
+ 2008-04-14 02:34:15 156,672 ----a-w C:\WINDOWS\ServicePackFiles\i386\notepad.exe
- 2008-04-14 02:33:36 145,920 ------w C:\WINDOWS\ServicePackFiles\i386\ntshrui.dll
+ 2008-04-14 02:33:36 233,984 ----a-w C:\WINDOWS\ServicePackFiles\i386\ntshrui.dll
- 2008-04-14 02:33:38 97,280 ------w C:\WINDOWS\ServicePackFiles\i386\occache.dll
+ 2008-06-23 16:28:22 164,352 ----a-w C:\WINDOWS\ServicePackFiles\i386\occache.dll
- 2008-04-14 02:33:38 578,560 ------w C:\WINDOWS\ServicePackFiles\i386\printui.dll
+ 2008-04-14 02:33:38 758,784 ----a-w C:\WINDOWS\ServicePackFiles\i386\printui.dll
- 2008-04-14 02:33:39 685,568 ------w C:\WINDOWS\ServicePackFiles\i386\rasdlg.dll
+ 2008-04-14 02:33:39 1,257,472 ----a-w C:\WINDOWS\ServicePackFiles\i386\rasdlg.dll
- 2008-04-14 02:34:19 153,088 ------w C:\WINDOWS\ServicePackFiles\i386\regedit.exe
+ 2008-04-14 02:34:19 230,912 ----a-w C:\WINDOWS\ServicePackFiles\i386\regedit.exe
- 2008-04-14 02:00:59 572,416 ------w C:\WINDOWS\ServicePackFiles\i386\shdoclc.dll
+ 2008-04-14 02:00:59 689,664 ----a-w C:\WINDOWS\ServicePackFiles\i386\shdoclc.dll
- 2008-04-14 02:33:41 1,499,136 ------w C:\WINDOWS\ServicePackFiles\i386\shdocvw.dll
+ 2008-04-14 02:33:41 1,778,688 ----a-w C:\WINDOWS\ServicePackFiles\i386\shdocvw.dll
- 2008-04-14 02:33:41 8,517,632 ------w C:\WINDOWS\ServicePackFiles\i386\shell32.dll
+ 2008-04-14 02:33:41 12,931,584 ----a-w C:\WINDOWS\ServicePackFiles\i386\shell32.dll
- 2008-04-14 02:33:41 440,320 ------w C:\WINDOWS\ServicePackFiles\i386\shimgvw.dll
+ 2008-04-14 02:33:41 1,790,464 ----a-w C:\WINDOWS\ServicePackFiles\i386\shimgvw.dll
- 2008-04-14 02:33:41 474,624 ------w C:\WINDOWS\ServicePackFiles\i386\shlwapi.dll
+ 2008-04-14 02:33:41 499,200 ----a-w C:\WINDOWS\ServicePackFiles\i386\shlwapi.dll
- 2008-04-14 02:34:22 133,120 ------w C:\WINDOWS\ServicePackFiles\i386\sndrec32.exe
+ 2008-04-14 02:34:22 182,272 ----a-w C:\WINDOWS\ServicePackFiles\i386\sndrec32.exe
- 2008-04-14 02:33:46 122,368 ------w C:\WINDOWS\ServicePackFiles\i386\stobject.dll
+ 2008-04-14 02:33:46 147,968 ----a-w C:\WINDOWS\ServicePackFiles\i386\stobject.dll
- 2008-04-14 02:34:24 107,520 ------w C:\WINDOWS\ServicePackFiles\i386\sysocmgr.exe
+ 2008-04-14 02:34:24 183,296 ----a-w C:\WINDOWS\ServicePackFiles\i386\sysocmgr.exe
- 2008-04-14 02:33:46 1,013,248 ------w C:\WINDOWS\ServicePackFiles\i386\syssetup.dll
+ 2008-04-14 02:33:46 1,269,760 ----a-w C:\WINDOWS\ServicePackFiles\i386\syssetup.dll
- 2008-04-14 02:34:25 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\taskmgr.exe
+ 2008-04-14 02:34:25 189,440 ----a-w C:\WINDOWS\ServicePackFiles\i386\taskmgr.exe
- 2008-04-14 02:33:46 391,168 ------w C:\WINDOWS\ServicePackFiles\i386\themeui.dll
+ 2008-04-14 02:33:46 393,728 ----a-w C:\WINDOWS\ServicePackFiles\i386\themeui.dll
- 2008-04-14 02:33:48 37,888 ------w C:\WINDOWS\ServicePackFiles\i386\url.dll
+ 2008-06-23 16:28:22 62,464 ----a-w C:\WINDOWS\ServicePackFiles\i386\url.dll
- 2008-04-14 02:33:48 621,568 ------w C:\WINDOWS\ServicePackFiles\i386\urlmon.dll
+ 2008-06-23 16:28:23 1,233,408 ----a-w C:\WINDOWS\ServicePackFiles\i386\urlmon.dll
- 2008-04-14 02:33:48 219,648 ------w C:\WINDOWS\ServicePackFiles\i386\uxtheme.dll
+ 2008-09-28 12:10:00 219,648 ----a-w C:\WINDOWS\ServicePackFiles\i386\uxtheme.dll
- 2008-04-14 02:33:48 281,600 ------w C:\WINDOWS\ServicePackFiles\i386\webcheck.dll
+ 2008-06-23 16:28:23 394,240 ----a-w C:\WINDOWS\ServicePackFiles\i386\webcheck.dll
- 2008-04-14 02:34:27 438,784 ------w C:\WINDOWS\ServicePackFiles\i386\wiaacmgr.exe
+ 2008-04-14 02:34:27 890,368 ----a-w C:\WINDOWS\ServicePackFiles\i386\wiaacmgr.exe
- 2008-04-14 02:33:48 594,432 ------w C:\WINDOWS\ServicePackFiles\i386\wiashext.dll
+ 2008-04-14 02:33:48 774,656 ----a-w C:\WINDOWS\ServicePackFiles\i386\wiashext.dll
- 2008-04-14 02:32:53 764,416 ------w C:\WINDOWS\ServicePackFiles\i386\winntbbu.dll
+ 2008-04-14 02:32:53 763,904 ----a-w C:\WINDOWS\ServicePackFiles\i386\WINNTBBU.DLL
- 2008-04-14 02:33:48 293,888 ------w C:\WINDOWS\ServicePackFiles\i386\winsrv.dll
+ 2008-04-14 02:33:48 294,912 ----a-w C:\WINDOWS\ServicePackFiles\i386\winsrv.dll
- 2008-04-14 02:34:29 168,960 ------w C:\WINDOWS\ServicePackFiles\i386\wuauclt1.exe
+ 2005-05-26 02:16:30 295,704 ----a-w C:\WINDOWS\ServicePackFiles\i386\wuauclt1.exe
- 2008-04-13 17:39:24 2,897,920 ------w C:\WINDOWS\ServicePackFiles\i386\xpsp2res.dll
+ 2008-04-13 18:36:46 3,378,176 ----a-w C:\WINDOWS\ServicePackFiles\i386\xpsp2res.dll
- 2008-04-14 02:33:52 340,992 ------w C:\WINDOWS\ServicePackFiles\i386\zipfldr.dll
+ 2008-04-14 02:33:52 908,288 ----a-w C:\WINDOWS\ServicePackFiles\i386\zipfldr.dll
- 2008-04-14 02:33:53 98,304 ----a-w C:\WINDOWS\system32\ahui.exe
+ 2008-04-14 02:33:53 101,376 ----a-w C:\WINDOWS\system32\ahui.exe
- 2008-04-14 02:33:20 1,025,024 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-14 02:33:20 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2008-04-14 02:33:20 85,504 ----a-w C:\WINDOWS\system32\cabview.dll
+ 2008-04-14 02:33:20 83,456 ----a-w C:\WINDOWS\system32\cabview.dll
- 2008-04-14 02:33:57 65,536 ----a-w C:\WINDOWS\system32\cleanmgr.exe
+ 2008-04-14 02:33:57 110,080 ----a-w C:\WINDOWS\system32\cleanmgr.exe
- 2008-04-14 02:33:57 401,408 ----a-w C:\WINDOWS\system32\cmd.exe
+ 2008-04-14 02:33:57 428,032 ----a-w C:\WINDOWS\system32\cmd.exe
- 2008-04-14 02:33:21 353,280 ----a-w C:\WINDOWS\system32\cmdial32.dll
+ 2008-04-14 02:33:21 458,752 ----a-w C:\WINDOWS\system32\cmdial32.dll
- 2008-04-14 02:33:21 165,888 ----a-w C:\WINDOWS\system32\credui.dll
+ 2008-04-14 02:33:21 190,976 ----a-w C:\WINDOWS\system32\credui.dll
- 2004-08-05 12:00:00 657,408 -c--a-w C:\WINDOWS\system32\dllcache\mstscax.dll
+ 2008-04-14 02:33:28 2,089,472 -c--a-w C:\WINDOWS\system32\dllcache\mstscax.dll
- 2008-04-14 02:33:24 386,560 ----a-w C:\WINDOWS\system32\fontext.dll
+ 2008-04-14 02:33:24 396,288 ----a-w C:\WINDOWS\system32\fontext.dll
- 2008-04-14 02:33:26 146,944 ----a-w C:\WINDOWS\system32\hotplug.dll
+ 2008-04-14 02:33:26 161,792 ----a-w C:\WINDOWS\system32\hotplug.dll
- 2008-04-14 02:33:28 157,184 ----a-w C:\WINDOWS\system32\keymgr.dll
+ 2008-04-14 02:33:28 409,600 ----a-w C:\WINDOWS\system32\keymgr.dll
- 2008-04-14 02:34:32 221,696 ----a-w C:\WINDOWS\system32\logon.scr
+ 2008-04-14 02:34:32 3,128,320 ----a-w C:\WINDOWS\system32\logon.scr
- 2008-04-14 02:34:09 515,584 ----a-w C:\WINDOWS\system32\logonui.exe
+ 2008-04-14 02:34:09 5,650,944 ----a-w C:\WINDOWS\system32\logonui.exe
- 2008-04-13 16:45:30 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
+ 2008-04-13 16:45:30 379,904 ----a-w C:\WINDOWS\system32\moricons.dll
- 2008-04-14 02:33:31 1,007,104 ----a-w C:\WINDOWS\system32\msgina.dll
+ 2008-04-14 02:33:31 1,114,624 ----a-w C:\WINDOWS\system32\msgina.dll
- 2008-06-24 08:28:24 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-24 08:28:24 3,865,088 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-14 02:34:14 347,648 ----a-w C:\WINDOWS\system32\mspaint.exe
+ 2008-04-14 02:34:14 444,928 ----a-w C:\WINDOWS\system32\mspaint.exe
- 2008-04-14 02:33:33 281,600 ----a-w C:\WINDOWS\system32\mstask.dll
+ 2008-04-14 02:33:33 328,192 ----a-w C:\WINDOWS\system32\mstask.dll
- 2008-04-14 02:33:28 2,061,824 ----a-w C:\WINDOWS\system32\mstscax.dll
+ 2008-04-14 02:33:28 2,089,472 ----a-w C:\WINDOWS\system32\mstscax.dll
- 2008-04-14 02:33:34 91,648 ----a-w C:\WINDOWS\system32\mydocs.dll
+ 2008-04-14 02:33:34 86,528 ----a-w C:\WINDOWS\system32\mydocs.dll
- 2008-04-14 02:34:14 55,296 ----a-w C:\WINDOWS\system32\narrator.exe
+ 2008-04-14 02:34:14 56,832 ----a-w C:\WINDOWS\system32\narrator.exe
- 2008-04-14 02:33:34 144,896 ----a-w C:\WINDOWS\system32\netid.dll
+ 2008-04-14 02:33:34 153,088 ----a-w C:\WINDOWS\system32\netid.dll
- 2008-04-14 02:33:35 1,719,808 ----a-w C:\WINDOWS\system32\netshell.dll
+ 2008-04-14 02:33:35 2,135,552 ----a-w C:\WINDOWS\system32\netshell.dll
- 2008-04-14 02:33:35 250,880 ----a-w C:\WINDOWS\system32\newdev.dll
+ 2008-04-14 02:33:35 415,744 ----a-w C:\WINDOWS\system32\newdev.dll
- 2008-04-14 02:34:15 70,656 ----a-w C:\WINDOWS\system32\notepad.exe
+ 2008-04-14 02:34:15 156,672 ----a-w C:\WINDOWS\system32\notepad.exe
- 2008-04-14 02:33:36 145,920 ----a-w C:\WINDOWS\system32\ntshrui.dll
+ 2008-04-14 02:33:36 233,984 ----a-w C:\WINDOWS\system32\ntshrui.dll
- 2008-06-23 16:28:22 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-06-23 16:28:22 164,352 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-04-14 02:33:38 578,560 ----a-w C:\WINDOWS\system32\printui.dll
+ 2008-04-14 02:33:38 758,784 ----a-w C:\WINDOWS\system32\printui.dll
- 2008-04-14 02:33:39 685,568 ----a-w C:\WINDOWS\system32\rasdlg.dll
+ 2008-04-14 02:33:39 1,257,472 ----a-w C:\WINDOWS\system32\rasdlg.dll
- 2008-04-14 02:00:59 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
+ 2008-04-14 02:00:59 689,664 ----a-w C:\WINDOWS\system32\shdoclc.dll
- 2008-04-14 02:33:41 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-14 02:33:41 1,778,688 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-04-14 02:33:41 8,517,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2008-04-14 02:33:41 12,931,584 ----a-w C:\WINDOWS\system32\shell32.dll
- 2008-04-14 02:33:41 440,320 ----a-w C:\WINDOWS\system32\shimgvw.dll
+ 2008-04-14 02:33:41 1,790,464 ----a-w C:\WINDOWS\system32\shimgvw.dll
- 2008-04-14 02:33:41 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-14 02:33:41 499,200 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2008-04-14 02:34:22 133,120 ----a-w C:\WINDOWS\system32\sndrec32.exe
+ 2008-04-14 02:34:22 182,272 ----a-w C:\WINDOWS\system32\sndrec32.exe
- 2008-04-14 02:33:46 122,368 ----a-w C:\WINDOWS\system32\stobject.dll
+ 2008-04-14 02:33:46 147,968 ----a-w C:\WINDOWS\system32\stobject.dll
- 2008-04-14 02:34:24 107,520 ----a-w C:\WINDOWS\system32\sysocmgr.exe
+ 2008-04-14 02:34:24 183,296 ----a-w C:\WINDOWS\system32\sysocmgr.exe
- 2008-04-14 02:33:46 1,013,248 ----a-w C:\WINDOWS\system32\syssetup.dll
+ 2008-04-14 02:33:46 1,269,760 ----a-w C:\WINDOWS\system32\syssetup.dll
- 2008-04-14 02:34:25 143,360 ----a-w C:\WINDOWS\system32\taskmgr.exe
+ 2008-04-14 02:34:25 189,440 ----a-w C:\WINDOWS\system32\taskmgr.exe
- 2008-04-14 02:33:46 391,168 ----a-w C:\WINDOWS\system32\themeui.dll
+ 2008-04-14 02:33:46 393,728 ----a-w C:\WINDOWS\system32\themeui.dll
- 2008-06-23 16:28:22 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-06-23 16:28:22 62,464 ----a-w C:\WINDOWS\system32\url.dll
- 2008-06-23 16:28:23 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 16:28:23 1,233,408 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-04-14 02:34:11 251,904 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
+ 2008-04-14 02:34:11 549,888 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
- 2008-06-23 16:28:23 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-06-23 16:28:23 394,240 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-04-14 02:34:27 438,784 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
+ 2008-04-14 02:34:27 890,368 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
- 2008-04-14 02:33:48 594,432 ----a-w C:\WINDOWS\system32\wiashext.dll
+ 2008-04-14 02:33:48 774,656 ----a-w C:\WINDOWS\system32\wiashext.dll
- 2008-04-14 02:32:53 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
+ 2008-04-14 02:32:53 763,904 ----a-w C:\WINDOWS\system32\WINNTBBU.DLL
- 2008-04-14 02:33:48 293,888 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2008-04-14 02:33:48 294,912 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2008-04-13 18:36:46 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll
+ 2008-04-13 18:36:46 3,378,176 ----a-w C:\WINDOWS\system32\xpsp2res.dll
- 2008-04-14 02:33:52 340,992 ----a-w C:\WINDOWS\system32\zipfldr.dll
+ 2008-04-14 02:33:52 908,288 ----a-w C:\WINDOWS\system32\zipfldr.dll
+ 2008-09-28 12:12:26 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_768.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{06663B56-0D73-4f9f-BCC5-4AA941470AFD}"= "C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL" [2008-06-18 61440]
[HKEY_CLASSES_ROOT\clsid\{06663b56-0d73-4f9f-bcc5-4aa941470afd}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}"= "C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-06-18 266240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= "C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-06-18 266240]
[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-04-14 1271032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-12 5562368]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-02-10 65536]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2002-12-31 1783808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Fichiers communs\logishrd\WUApp32.exe" [2007-05-11 441120]
C:\Documents and Settings\S‚bastien\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\SteamApps\\seb201192\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Steam\\SteamApps\\seb201192\\source dedicated server\\srcds.exe"=
"C:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15614:TCP"= 15614:TCP:NortonAV
"56170:TCP"= 56170:TCP:Pando P2P TCP Listening Port
"56170:UDP"= 56170:UDP:Pando P2P UDP Listening Port
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2002-12-31 141312]
R3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 217216]
R3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 17792]
S3 3xHybrid;Pinnacle PCTV 310i Stereo DVB-T;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-02 827008]
S3 NtApm;Pilote d'interface NT APM/hérité;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-23 9472]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 217088]
S3 x-tern;x-tern;C:\Documents and Settings\Sébastien\Bureau\[CheatDB] X-Tern 2008-02-14\x-tern.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4811ce06-af1c-11dc-a92e-00142a564064}]
\Shell\AutoRun\command - N:\start.exe
\Shell\iledefrance\command - N:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e6385a0-c73b-11dc-a974-00142a564064}]
\Shell\AutoRun\command - D:\start.exe
\Shell\iledefrance\command - D:\start.exe
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://orange.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Window Title =
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Recherche AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Crawler Search - tbr:iemenu
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe -
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 17:05:44
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
"ImagePath"="\??\C:\Documents and Settings\Sébastien\Bureau\
[CheatDB] X-Tern 2008-02-14\x-tern.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\x-tern]
"ImagePath"="\??\C:\Documents and Settings\Sébastien\Bureau\
.
Heure de fin: 2008-09-28 17:07:00
ComboFix-quarantined-files.txt 2008-09-28 15:06:56
ComboFix2.txt 2008-09-27 17:27:26
Avant-CF: 63ÿ236ÿ673ÿ536 octets libres
Après-CF: 63,224,328,192 octets libres
691 --- E O F --- 2008-09-27 01:01:03
Merci de me tenir informé de la suite donner, bon courage ........
ComboFix 08-09-26.06 - S‚bastien 2008-09-28 17:03:51.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.524 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\S‚bastien\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Sébastien\Cookies\sébastien@bluestreak[1].txt
C:\Documents and Settings\Sébastien\Cookies\sébastien@edt02[2].txt
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA.cfg
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA0.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA1.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA2.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA3.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA4.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA5.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA6.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA7.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA8.che
C:\Documents and Settings\Sébastien\Local Settings\Temporary Internet Files\MUZAoDA9.che
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-28 ))))))))))))))))))))))))))))))))))))
.
2008-09-28 14:07 . 2008-09-28 14:10 5,376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-26 20:59 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-26 20:59 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-26 20:59 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-26 20:56 . 2008-09-26 20:59 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-26 20:26 . 2008-09-26 20:26 <REP> d-------- C:\WINDOWS\EHome
2008-09-26 17:28 . 2008-09-28 10:56 1,272 --a------ C:\Documents and Settings\Orph.egd
2008-09-26 17:27 . 2008-09-28 10:57 <REP> d-------- C:\ToolBar SD
2008-09-04 18:27 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 12:13 --------- d-----w C:\Program Files\Steam
2008-09-28 12:10 72,066 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-09-28 12:10 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-09-28 11:42 --------- d-----w C:\Program Files\Spyware Terminator
2008-09-28 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-09-28 10:00 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\Spyware Terminator
2008-09-27 18:16 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\MegauploadToolbar
2008-09-27 18:15 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\EoRezo
2008-09-23 17:11 --------- d-----w C:\Program Files\Navilog1
2008-09-20 19:02 98,304 ----a-w C:\WINDOWS\DUMP56da.tmp
2008-09-20 18:59 98,304 ----a-w C:\WINDOWS\DUMP631f.tmp
2008-09-20 18:53 98,304 ----a-w C:\WINDOWS\DUMP5c0a.tmp
2008-09-20 08:49 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\skypePM
2008-09-09 23:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 23:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-08 17:32 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-04 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-09-04 13:18 4,364 ----a-w C:\Documents and Settings\Sébastien\Application Data\wklnhst.dat
2008-08-31 16:30 --------- d-----w C:\Program Files\Notepad++
2008-08-31 16:30 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\Notepad++
2008-08-28 07:11 --------- d-----w C:\Program Files\PartyGaming
2008-08-28 07:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 06:51 --------- d-----w C:\Documents and Settings\Sébastien\Application Data\Mozilla
2008-08-25 20:10 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-20 21:25 --------- d-----w C:\Program Files\TmNationsForever
2008-07-25 17:08 98,304 ----a-w C:\WINDOWS\DUMP491e.tmp
2008-07-25 17:07 98,304 ----a-w C:\WINDOWS\DUMP48d0.tmp
2008-07-25 17:05 98,304 ----a-w C:\WINDOWS\DUMP4eeb.tmp
2008-07-25 17:04 98,304 ----a-w C:\WINDOWS\DUMP4f1a.tmp
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 68,808 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-12-12 15:12 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-01-12 20:51 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2002-12-31 19:07 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012002123120030101\index.dat
.
------- Sigcheck -------
2006-10-23 17:34 668672 efa0c2870cba1747809a13e09f35bf82 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll
2007-03-23 11:29 823296 375b58a68a016546535a84060092325c C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
2007-04-25 10:26 823808 47ddad237f60729dea2b9e0e2382b58f C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 16:14 824320 7201d19b81883b57d5ffe8ebb5a83e8b C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 11:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 01:22 825344 871ae10d6ae8877e9636ae5017953d52 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:42 825344 f4fd487241d3ac291046a22cebd2cf71 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:34 827392 5a0093f59b505c008ed0cee615563c72 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-23 09:19 827392 78d3d2b0be6ad3e6d82ccb115cf74310 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 17:40 827904 52589bae67dd9859724287372668690b C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2006-10-23 17:18 663040 6091fee2b68974683d52119a98be3564 C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
2004-08-05 14:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB925454_0$\wininet.dll
2006-10-23 17:34 668672 efa0c2870cba1747809a13e09f35bf82 C:\WINDOWS\ie7\wininet.dll
2006-11-07 22:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 10:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll
2007-02-27 15:26 822784 75de73e328e300caed5965faea2f5d3f C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 09:40 822784 2c138ab59e2ffa06e8952ae656e443c5 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 15:24 823808 2274862267d7445e7010d9af826e89c3 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 11:59 824832 f6dfceed3a7aa4c9eeb966d3f1adc70a C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:49 815616 2dbcc6065570d7822bfc7a7b22ca1489 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:08 824832 4fc90bece54fac81b0090b94e27bfb6b C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 14:58 826368 8e027981ddffa690d456fe18b37415a0 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 06:16 826368 02d6aabd5f5a32c61478b5cdfe50e4a8 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2008-06-23 18:28 817152 5f8a137bed66cb1150f139e4e6a6355c C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-04-14 04:33 670208 4a6e04ea20f48d750d9bfed8600d516b C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\wininet.dll
2008-06-23 18:28 817152 5f8a137bed66cb1150f139e4e6a6355c C:\WINDOWS\system32\wininet.dll
2008-06-23 18:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\explorer.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2008-04-14 04:34 112640 7e3defe771cb451b0ff630bfa435417e C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\wuauclt.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-27_19.26.32.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-05 12:00:00 352,256 ----a-w C:\WINDOWS\BricoPacks\SysFiles\10_cmdial32.dll
+ 2008-04-14 02:33:21 353,280 ----a-w C:\WINDOWS\BricoPacks\SysFiles\10_cmdial32.dll
+ 2005-08-20 09:30:00 2,085,888 ----a-w C:\WINDOWS\BricoPacks\SysFiles\118_shellstyle.dll
+ 2005-08-20 11:48:00 1,201,664 ----a-w C:\WINDOWS\BricoPacks\SysFiles\119_shellstyle.dll
- 2004-08-05 12:00:00 165,888 ----a-w C:\WINDOWS\BricoPacks\SysFiles\12_credui.dll
+ 2008-04-14 02:33:21 165,888 ----a-w C:\WINDOWS\BricoPacks\SysFiles\12_credui.dll
+ 2005-08-20 09:30:00 2,085,888 ----a-w C:\WINDOWS\BricoPacks\SysFiles\120_shellstyle.dll
+ 2005-08-20 11:48:00 1,201,664 ----a-w C:\WINDOWS\BricoPacks\SysFiles\121_shellstyle.dll
+ 2007-04-20 17:16:00 1,117,184 ----a-w C:\WINDOWS\BricoPacks\SysFiles\123_Shellstyle.dll
+ 2007-04-20 17:16:00 1,117,184 ----a-w C:\WINDOWS\BricoPacks\SysFiles\124_Shellstyle.dll
+ 2007-04-21 09:07:00 894,464 ----a-w C:\WINDOWS\BricoPacks\SysFiles\125_Shellstyle.dll
+ 2007-04-20 17:16:00 1,117,184 ----a-w C:\WINDOWS\BricoPacks\SysFiles\126_Shellstyle.dll
- 2007-06-13 13:22:28 1,037,312 ----a-w C:\WINDOWS\BricoPacks\SysFiles\14_explorer.exe
+ 2008-04-14 02:34:03 1,037,824 ----a-w C:\WINDOWS\BricoPacks\SysFiles\14_explorer.exe
- 2004-08-05 12:00:00 386,560 ----a-w C:\WINDOWS\BricoPacks\SysFiles\15_fontext.dll
+ 2008-04-14 02:33:24 386,560 ----a-w C:\WINDOWS\BricoPacks\SysFiles\15_fontext.dll
- 2004-08-05 12:00:00 768,512 ----a-w C:\WINDOWS\BricoPacks\SysFiles\17_helpctr.exe
+ 2008-04-14 02:34:06 769,024 ----a-w C:\WINDOWS\BricoPacks\SysFiles\17_helpctr.exe
- 2004-08-05 12:00:00 146,944 ----a-w C:\WINDOWS\BricoPacks\SysFiles\18_hotplug.dll
+ 2008-04-14 02:33:26 146,944 ----a-w C:\WINDOWS\BricoPacks\SysFiles\18_hotplug.dll
- 2004-08-05 12:00:00 98,304 ----a-w C:\WINDOWS\BricoPacks\SysFiles\2_ahui.exe
+ 2008-04-14 02:33:53 98,304 ----a-w C:\WINDOWS\BricoPacks\SysFiles\2_ahui.exe
- 2004-08-05 12:00:00 157,184 ----a-w C:\WINDOWS\BricoPacks\SysFiles\23_keymgr.dll
+ 2008-04-14 02:33:28 157,184 ----a-w C:\WINDOWS\BricoPacks\SysFiles\23_keymgr.dll
- 2004-08-05 12:00:00 221,696 ----a-w C:\WINDOWS\BricoPacks\SysFiles\24_logon.scr
+ 2008-04-14 02:34:32 221,696 ----a-w C:\WINDOWS\BricoPacks\SysFiles\24_logon.scr
- 2004-08-05 12:00:00 246,784 ----a-w C:\WINDOWS\BricoPacks\SysFiles\26_migwiz.exe
+ 2008-04-14 02:34:11 251,904 ----a-w C:\WINDOWS\BricoPacks\SysFiles\26_migwiz.exe
- 2004-08-05 12:00:00 216,064 ----a-w C:\WINDOWS\BricoPacks\SysFiles\28_moricons.dll
+ 2008-04-13 16:45:30 216,064 ----a-w C:\WINDOWS\BricoPacks\SysFiles\28_moricons.dll
- 2004-08-05 12:00:00 1,004,032 ----a-w C:\WINDOWS\BricoPacks\SysFiles\29_msgina.dll
+ 2008-04-14 02:33:31 1,007,104 ----a-w C:\WINDOWS\BricoPacks\SysFiles\29_msgina.dll
- 2007-10-30 23:23:48 3,590,656 ----a-w C:\WINDOWS\BricoPacks\SysFiles\30_mshtml.dll
+ 2008-06-24 08:28:24 3,592,192 ----a-w C:\WINDOWS\BricoPacks\SysFiles\30_mshtml.dll
- 2004-08-05 12:00:00 347,648 ----a-w C:\WINDOWS\BricoPacks\SysFiles\31_mspaint.exe
+ 2008-04-14 02:34:14 347,648 ----a-w C:\WINDOWS\BricoPacks\SysFiles\31_mspaint.exe
- 2004-08-05 12:00:00 281,600 ----a-w C:\WINDOWS\BricoPacks\SysFiles\32_mstask.dll
+ 2008-04-14 02:33:33 281,600 ----a-w C:\WINDOWS\BricoPacks\SysFiles\32_mstask.dll
- 2004-08-05 12:00:00 655,360 ----a-w C:\WINDOWS\BricoPacks\SysFiles\33_mstscax.dll
+ 2008-04-14 02:33:28 2,061,824 ----a-w C:\WINDOWS\BricoPacks\SysFiles\33_mstscax.dll
- 2004-08-05 12:00:00 91,648 ----a-w C:\WINDOWS\BricoPacks\SysFiles\34_mydocs.dll
+ 2008-04-14 02:33:34 91,648 ----a-w C:\WINDOWS\BricoPacks\SysFiles\34_mydocs.dll
- 2004-08-05 12:00:00 55,296 ----a-w C:\WINDOWS\BricoPacks\SysFiles\35_narrator.exe
+ 2008-04-14 02:34:14 55,296 ----a-w C:\WINDOWS\BricoPacks\SysFiles\35_narrator.exe
- 2004-08-05 12:00:00 144,896 ----a-w C:\WINDOWS\BricoPacks\SysFiles\37_netid.dll
+ 2008-04-14 02:33:34 144,896 ----a-w C:\WINDOWS\BricoPacks\SysFiles\37_netid.dll
- 2004-08-05 12:00:00 1,723,904 ----a-w C:\WINDOWS\BricoPacks\SysFiles\38_netshell.dll
+ 2008-04-14 02:33:35 1,719,808 ----a-w C:\WINDOWS\BricoPacks\SysFiles\38_netshell.dll
- 2004-08-05 12:00:00 251,392 ----a-w C:\WINDOWS\BricoPacks\SysFiles\39_newdev.dll
+ 2008-04-14 02:33:35 250,880 ----a-w C:\WINDOWS\BricoPacks\SysFiles\39_newdev.dll
- 2004-08-05 12:00:00 28,672 ----a-w C:\WINDOWS\BricoPacks\SysFiles\4_batmeter.dll
+ 2008-04-14 02:33:19 29,184 ----a-w C:\WINDOWS\BricoPacks\SysFiles\4_batmeter.dll
- 2004-08-05 12:00:00 70,656 ----a-w C:\WINDOWS\BricoPacks\SysFiles\40_notepad.exe
+ 2008-04-14 02:34:15 70,656 ----a-w C:\WINDOWS\BricoPacks\SysFiles\40_notepad.exe
- 2004-08-05 12:00:00 70,656 ----a-w C:\WINDOWS\BricoPacks\SysFiles\41_notepad.exe
+ 2008-04-14 02:34:15 70,656 ----a-w C:\WINDOWS\BricoPacks\SysFiles\41_notepad.exe
- 2004-08-05 12:00:00 145,920 ----a-w C:\WINDOWS\BricoPacks\SysFiles\42_ntshrui.dll
+ 2008-04-14 02:33:36 145,920 ----a-w C:\WINDOWS\BricoPacks\SysFiles\42_ntshrui.dll
- 2007-10-10 23:49:45 102,400 ----a-w C:\WINDOWS\BricoPacks\SysFiles\44_occache.dll
+ 2008-06-23 16:28:22 102,912 ----a-w C:\WINDOWS\BricoPacks\SysFiles\44_occache.dll
- 2004-08-05 12:00:00 578,560 ----a-w C:\WINDOWS\BricoPacks\SysFiles\46_printui.dll
+ 2008-04-14 02:33:38 578,560 ----a-w C:\WINDOWS\BricoPacks\SysFiles\46_printui.dll
- 2004-08-05 12:00:00 685,056 ----a-w C:\WINDOWS\BricoPacks\SysFiles\47_rasdlg.dll
+ 2008-04-14 02:33:39 685,568 ----a-w C:\WINDOWS\BricoPacks\SysFiles\47_rasdlg.dll
- 2004-08-05 12:00:00 153,088 ----a-w C:\WINDOWS\BricoPacks\SysFiles\48_regedit.exe
+ 2008-04-14 02:34:19 153,088 ----a-w C:\WINDOWS\BricoPacks\SysFiles\48_regedit.exe
- 2004-08-05 12:00:00 572,416 ----a-w C:\WINDOWS\BricoPacks\SysFiles\49_shdoclc.dll
+ 2008-04-14 02:00:59 572,416 ----a-w C:\WINDOWS\BricoPacks\SysFiles\49_shdoclc.dll
- 2006-10-23 15:34:35 1,022,976 ----a-w C:\WINDOWS\BricoPacks\SysFiles\5_browseui.dll
+ 2008-04-14 02:33:20 1,025,024 ----a-w C:\WINDOWS\BricoPacks\SysFiles\5_browseui.dll
- 2006-10-23 15:34:38 1,497,600 ----a-w C:\WINDOWS\BricoPacks\SysFiles\50_shdocvw.dll
+ 2008-04-14 02:33:41 1,499,136 ----a-w C:\WINDOWS\BricoPacks\SysFiles\50_shdocvw.dll
- 2007-10-25 16:43:25 8,516,608 ----a-w C:\WINDOWS\BricoPacks\SysFiles\51_shell32.dll
+ 2008-04-14 02:33:41 8,517,632 ----a-w C:\WINDOWS\BricoPacks\SysFiles\51_shell32.dll
- 2004-08-05 12:00:00 440,320 ----a-w C:\WINDOWS\BricoPacks\SysFiles\52_shimgvw.dll
+ 2008-04-14 02:33:41 440,320 ----a-w C:\WINDOWS\BricoPacks\SysFiles\52_shimgvw.dll
- 2006-10-23 15:34:38 474,624 ----a-w C:\WINDOWS\BricoPacks\SysFiles\53_shlwapi.dll
+ 2008-04-14 02:33:41 474,624 ----a-w C:\WINDOWS\BricoPacks\SysFiles\53_shlwapi.dll
- 2004-08-05 12:00:00 133,120 ----a-w C:\WINDOWS\BricoPacks\SysFiles\54_sndrec32.exe
+ 2008-04-14 02:34:22 133,120 ----a-w C:\WINDOWS\BricoPacks\SysFiles\54_sndrec32.exe
- 2004-08-05 12:00:00 122,368 ----a-w C:\WINDOWS\BricoPacks\SysFiles\56_stobject.dll
+ 2008-04-14 02:33:46 122,368 ----a-w C:\WINDOWS\BricoPacks\SysFiles\56_stobject.dll
- 2004-08-05 12:00:00 107,520 ----a-w C:\WINDOWS\BricoPacks\SysFiles\58_sysocmgr.exe
+ 2008-04-14 02:34:24 107,520 ----a-w C:\WINDOWS\BricoPacks\SysFiles\58_sysocmgr.exe
- 2004-08-05 12:00:00 1,005,056 ----a-w C:\WINDOWS\BricoPacks\SysFiles\59_syssetup.dll
+ 2008-04-14 02:33:46 1,013,248 ----a-w C:\WINDOWS\BricoPacks\SysFiles\59_syssetup.dll
- 2004-08-05 12:00:00 85,504 ----a-w C:\WINDOWS\BricoPacks\SysFiles\6_cabview.dll
+ 2008-04-14 02:33:20 85,504 ----a-w C:\WINDOWS\BricoPacks\SysFiles\6_cabview.dll
- 2004-08-05 12:00:00 143,360 ----a-w C:\WINDOWS\BricoPacks\SysFiles\60_taskmgr.exe
+ 2008-04-14 02:34:25 143,360 ----a-w C:\WINDOWS\BricoPacks\SysFiles\60_taskmgr.exe
- 2004-08-05 12:00:00 391,168 ----a-w C:\WINDOWS\BricoPacks\SysFiles\62_themeui.dll
+ 2008-04-14 02:33:46 391,168 ----a-w C:\WINDOWS\BricoPacks\SysFiles\62_themeui.dll
- 2007-10-10 23:49:45 105,984 ----a-w C:\WINDOWS\BricoPacks\SysFiles\64_url.dll
+ 2008-06-23 16:28:22 105,984 ----a-w C:\WINDOWS\BricoPacks\SysFiles\64_url.dll
- 2007-10-10 23:49:45 1,159,680 ----a-w C:\WINDOWS\BricoPacks\SysFiles\65_urlmon.dll
+ 2008-06-23 16:28:23 1,159,680 ----a-w C:\WINDOWS\BricoPacks\SysFiles\65_urlmon.dll
- 2007-10-10 23:49:45 232,960 ----a-w C:\WINDOWS\BricoPacks\SysFiles\66_webcheck.dll
+ 2008-06-23 16:28:23 233,472 ----a-w C:\WINDOWS\BricoPacks\SysFiles\66_webcheck.dll
- 2004-08-05 12:00:00 438,784 ----a-w C:\WINDOWS\BricoPacks\SysFiles\67_wiaacmgr.exe
+ 2008-04-14 02:34:27 438,784 ----a-w C:\WINDOWS\BricoPacks\SysFiles\67_wiaacmgr.exe
- 2004-08-05 12:00:00 594,432 ----a-w C:\WINDOWS\BricoPacks\SysFiles\68_wiashext.dll
+ 2008-04-14 02:33:48 594,432 ----a-w C:\WINDOWS\BricoPacks\SysFiles\68_wiashext.dll
- 2007-10-10 23:49:45 824,832 ----a-w C:\WINDOWS\BricoPacks\SysFiles\69_wininet.dll
+ 2008-06-23 16:28:23 826,368 ----a-w C:\WINDOWS\BricoPacks\SysFiles\69_wininet.dll
- 2004-08-05 12:00:00 773,632 ----a-w C:\WINDOWS\BricoPacks\SysFiles\70_WINNTBBU.DLL
+ 2008-04-14 02:32:53 764,416 ----a-w C:\WINDOWS\BricoPacks\SysFiles\70_WINNTBBU.DLL
- 2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\BricoPacks\SysFiles\71_winsrv.dll
+ 2008-04-14 02:33:48 293,888 ----a-w C:\WINDOWS\BricoPacks\SysFiles\71_winsrv.dll
- 2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\BricoPacks\SysFiles\73_wuauclt.exe
+ 2008-07-18 20:10:42 53,448 ----a-w C:\WINDOWS\BricoPacks\SysFiles\73_wuauclt.exe
- 2004-08-05 12:00:00 2,986,496 ----a-w C:\WINDOWS\BricoPacks\SysFiles\76_xpsp2res.dll
+ 2008-04-13 18:36:46 2,986,496 ----a-w C:\WINDOWS\BricoPacks\SysFiles\76_xpsp2res.dll
- 2004-08-05 12:00:00 340,480 ----a-w C:\WINDOWS\BricoPacks\SysFiles\77_zipfldr.dll
+ 2008-04-14 02:33:52 340,992 ----a-w C:\WINDOWS\BricoPacks\SysFiles\77_zipfldr.dll
- 2004-08-05 12:00:00 515,584 ----a-w C:\WINDOWS\BricoPacks\SysFiles\78_logonui.exe
+ 2008-04-14 02:34:09 515,584 ----a-w C:\WINDOWS\BricoPacks\SysFiles\78_logonui.exe
- 2004-08-05 12:00:00 65,536 ----a-w C:\WINDOWS\BricoPacks\SysFiles\8_cleanmgr.exe
+ 2008-04-14 02:33:57 65,536 ----a-w C:\WINDOWS\BricoPacks\SysFiles\8_cleanmgr.exe
- 2004-08-05 12:00:00 60,416 ----a-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
+ 2008-04-14 02:34:13 60,416 ----a-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
- 2004-08-05 12:00:00 2,534,400 ----a-w C:\WINDOWS\BricoPacks\SysFiles\81_msoeres.dll
+ 2008-04-14 02:02:34 2,534,400 ----a-w C:\WINDOWS\BricoPacks\SysFiles\81_msoeres.dll
- 2004-08-05 12:00:00 400,896 ----a-w C:\WINDOWS\BricoPacks\SysFiles\9_cmd.exe
+ 2008-04-14 02:33:57 401,408 ----a-w C:\WINDOWS\BricoPacks\SysFiles\9_cmd.exe
- 2004-08-05 12:00:00 219,648 ----a-w C:\WINDOWS\BricoPacks\SysFiles\Ux_uxtheme.dll
+ 2008-04-14 02:33:48 219,648 ----a-w C:\WINDOWS\BricoPacks\SysFiles\Ux_uxtheme.dll
- 2008-01-29 09:16:23 33,617 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\uninstall.exe
+ 2008-09-28 12:08:34 33,617 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\uninstall.exe
- 2004-08-05 12:00:00 457,728 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\10_cmdial32.dll
+ 2008-04-14 02:33:21 458,752 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\10_cmdial32.dll
- 2004-08-05 12:00:00 190,976 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\12_credui.dll
+ 2008-04-14 02:33:21 190,976 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\12_credui.dll
- 2007-06-13 13:22:28 979,456 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\14_explorer.exe
+ 2008-04-14 02:34:03 979,968 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\14_explorer.exe
- 2004-08-05 12:00:00 396,288 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\15_fontext.dll
+ 2008-04-14 02:33:24 396,288 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\15_fontext.dll
- 2004-08-05 12:00:00 764,928 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\17_helpctr.exe
+ 2008-04-14 02:34:06 765,440 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\17_helpctr.exe
- 2004-08-05 12:00:00 161,792 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\18_hotplug.dll
+ 2008-04-14 02:33:26 161,792 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\18_hotplug.dll
- 2004-08-05 12:00:00 101,376 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\2_ahui.exe
+ 2008-04-14 02:33:53 101,376 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\2_ahui.exe
- 2004-08-05 12:00:00 409,600 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\23_keymgr.dll
+ 2008-04-14 02:33:28 409,600 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\23_keymgr.dll
- 2004-08-05 12:00:00 3,128,320 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\24_logon.scr
+ 2008-04-14 02:34:32 3,128,320 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\24_logon.scr
- 2004-08-05 12:00:00 544,768 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\26_migwiz.exe
+ 2008-04-14 02:34:11 549,888 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\26_migwiz.exe
- 2004-08-05 12:00:00 380,416 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\28_moricons.dll
+ 2008-04-13 16:45:30 379,904 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\28_moricons.dll
- 2004-08-05 12:00:00 1,111,552 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\29_msgina.dll
+ 2008-04-14 02:33:31 1,114,624 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\29_msgina.dll
- 2007-10-30 23:23:48 3,863,552 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\30_mshtml.dll
+ 2008-06-24 08:28:24 3,865,088 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\30_mshtml.dll
- 2004-08-05 12:00:00 444,928 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\31_mspaint.exe
+ 2008-04-14 02:34:14 444,928 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\31_mspaint.exe
- 2004-08-05 12:00:00 328,192 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\32_mstask.dll
+ 2008-04-14 02:33:33 328,192 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\32_mstask.dll
- 2004-08-05 12:00:00 657,408 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\33_mstscax.dll
+ 2008-04-14 02:33:28 2,089,472 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\33_mstscax.dll
- 2004-08-05 12:00:00 86,528 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\34_mydocs.dll
+ 2008-04-14 02:33:34 86,528 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\34_mydocs.dll
- 2004-08-05 12:00:00 56,832 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\35_narrator.exe
+ 2008-04-14 02:34:14 56,832 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\35_narrator.exe
- 2004-08-05 12:00:00 153,088 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\37_netid.dll
+ 2008-04-14 02:33:34 153,088 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\37_netid.dll
- 2004-08-05 12:00:00 2,139,648 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\38_netshell.dll
+ 2008-04-14 02:33:35 2,135,552 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\38_netshell.dll
- 2004-08-05 12:00:00 416,256 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\39_newdev.dll
+ 2008-04-14 02:33:35 415,744 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\39_newdev.dll
- 2004-08-05 12:00:00 28,672 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\4_batmeter.dll
+ 2008-04-14 02:33:19 29,184 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\4_batmeter.dll
- 2004-08-05 12:00:00 156,672 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\40_notepad.exe
+ 2008-04-14 02:34:15 156,672 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\40_notepad.exe
- 2004-08-05 12:00:00 156,672 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\41_notepad.exe
+ 2008-04-14 02:34:15 156,672 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\41_notepad.exe
- 2004-08-05 12:00:00 233,984 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\42_ntshrui.dll
+ 2008-04-14 02:33:36 233,984 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\42_ntshrui.dll
- 2007-10-10 23:49:45 163,840 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\44_occache.dll
+ 2008-06-23 16:28:22 164,352 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\44_occache.dll
- 2004-08-05 12:00:00 758,784 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\46_printui.dll
+ 2008-04-14 02:33:38 758,784 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\46_printui.dll
- 2004-08-05 12:00:00 1,256,960 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\47_rasdlg.dll
+ 2008-04-14 02:33:39 1,257,472 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\47_rasdlg.dll
- 2004-08-05 12:00:00 230,912 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\48_regedit.exe
+ 2008-04-14 02:34:19 230,912 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\48_regedit.exe
- 2004-08-05 12:00:00 689,664 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\49_shdoclc.dll
+ 2008-04-14 02:00:59 689,664 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\49_shdoclc.dll
- 2006-10-23 15:34:35 1,021,440 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\5_browseui.dll
+ 2008-04-14 02:33:20 1,023,488 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\5_browseui.dll
- 2006-10-23 15:34:38 1,777,152 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\50_shdocvw.dll
+ 2008-04-14 02:33:41 1,778,688 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\50_shdocvw.dll
- 2007-10-25 16:43:25 12,930,560 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\51_shell32.dll
+ 2008-04-14 02:33:41 12,931,584 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\51_shell32.dll
- 2004-08-05 12:00:00 1,790,464 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\52_shimgvw.dll
+ 2008-04-14 02:33:41 1,790,464 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\52_shimgvw.dll
- 2006-10-23 15:34:38 499,200 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\53_shlwapi.dll
+ 2008-04-14 02:33:41 499,200 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\53_shlwapi.dll
- 2004-08-05 12:00:00 182,272 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\54_sndrec32.exe
+ 2008-04-14 02:34:22 182,272 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\54_sndrec32.exe
- 2004-08-05 12:00:00 147,968 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\56_stobject.dll
+ 2008-04-14 02:33:46 147,968 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\56_stobject.dll
- 2004-08-05 12:00:00 183,296 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\58_sysocmgr.exe
+ 2008-04-14 02:34:24 183,296 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\58_sysocmgr.exe
- 2004-08-05 12:00:00 1,261,568 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\59_syssetup.dll
+ 2008-04-14 02:33:46 1,269,760 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\59_syssetup.dll
- 2004-08-05 12:00:00 83,456 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\6_cabview.dll
+ 2008-04-14 02:33:20 83,456 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\6_cabview.dll
- 2004-08-05 12:00:00 189,440 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\60_taskmgr.exe
+ 2008-04-14 02:34:25 189,440 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\60_taskmgr.exe
- 2004-08-05 12:00:00 393,728 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\62_themeui.dll
+ 2008-04-14 02:33:46 393,728 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\62_themeui.dll
- 2007-10-10 23:49:45 62,464 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\64_url.dll
+ 2008-06-23 16:28:22 62,464 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\64_url.dll
- 2007-10-10 23:49:45 1,233,408 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\65_urlmon.dll
+ 2008-06-23 16:28:23 1,233,408 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\65_urlmon.dll
- 2007-10-10 23:49:45 393,728 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\66_webcheck.dll
+ 2008-06-23 16:28:23 394,240 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\66_webcheck.dll
- 2004-08-05 12:00:00 890,880 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\67_wiaacmgr.exe
+ 2008-04-14 02:34:27 890,368 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\67_wiaacmgr.exe
- 2004-08-05 12:00:00 774,656 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\68_wiashext.dll
+ 2008-04-14 02:33:48 774,656 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\68_wiashext.dll
- 2007-10-10 23:49:45 815,616 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\69_wininet.dll
+ 2008-06-23 16:28:23 817,152 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\69_wininet.dll
- 2004-08-05 12:00:00 773,120 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\70_WINNTBBU.DLL
+ 2008-04-14 02:32:53 763,904 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\70_WINNTBBU.DLL
- 2007-03-17 13:44:47 294,400 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\71_winsrv.dll
+ 2008-04-14 02:33:48 294,912 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\71_winsrv.dll
- 2007-07-30 17:19:16 68,440 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\73_wuauclt.exe
+ 2008-07-18 20:10:42 68,808 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\73_wuauclt.exe
- 2004-08-05 12:00:00 3,378,176 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\76_xpsp2res.dll
+ 2008-04-13 18:36:46 3,378,176 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\76_xpsp2res.dll
- 2004-08-05 12:00:00 907,776 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\77_zipfldr.dll
+ 2008-04-14 02:33:52 908,288 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\77_zipfldr.dll
- 2004-08-05 12:00:00 5,650,944 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\78_logonui.exe
+ 2008-04-14 02:34:09 5,650,944 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\78_logonui.exe
- 2004-08-05 12:00:00 110,080 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\8_cleanmgr.exe
+ 2008-04-14 02:33:57 110,080 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\8_cleanmgr.exe
- 2004-08-05 12:00:00 223,744 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\80_msimn.exe
+ 2008-04-14 02:34:13 223,744 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\80_msimn.exe
- 2004-08-05 12:00:00 2,534,400 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\81_msoeres.dll
+ 2008-04-14 02:02:34 2,534,400 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\81_msoeres.dll
- 2004-08-05 12:00:00 428,032 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\9_cmd.exe
+ 2008-04-14 02:33:57 428,032 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\9_cmd.exe
- 2008-01-29 09:17:29 219,648 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\Ux_uxtheme.dll
+ 2008-09-28 12:10:00 219,648 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\PackFiles\Ux_uxtheme.dll
- 2008-01-29 09:17:30 153,834 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
+ 2008-09-28 12:10:00 153,834 ----a-w C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
- 2008-04-14 02:34:15 70,656 ----a-w C:\WINDOWS\notepad.exe
+ 2008-04-14 02:34:15 156,672 ----a-w C:\WINDOWS\notepad.exe
- 2008-04-14 02:34:06 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
+ 2008-04-14 02:34:06 765,440 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
- 2008-04-14 02:34:19 153,088 ----a-w C:\WINDOWS\regedit.exe
+ 2008-04-14 02:34:19 230,912 ----a-w C:\WINDOWS\regedit.exe
- 2008-04-14 02:33:53 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
+ 2008-04-14 02:33:53 101,376 ----a-w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
- 2008-04-14 02:33:20 1,025,024 ------w C:\WINDOWS\ServicePackFiles\i386\browseui.dll
+ 2008-04-14 02:33:20 1,023,488 ----a-w C:\WINDOWS\ServicePackFiles\i386\browseui.dll
- 2008-04-14 02:33:20 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\cabview.dll
+ 2008-04-14 02:33:20 83,456 ----a-w C:\WINDOWS\ServicePackFiles\i386\cabview.dll
- 2008-04-14 02:33:57 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
+ 2008-04-14 02:33:57 110,080 ----a-w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
- 2008-04-14 02:33:57 401,408 ------w C:\WINDOWS\ServicePackFiles\i386\cmd.exe
+ 2008-04-14 02:33:57 428,032 ----a-w C:\WINDOWS\ServicePackFiles\i386\cmd.exe
- 2008-04-14 02:33:21 353,280 ------w C:\WINDOWS\ServicePackFiles\i386\cmdial32.dll
+ 2008-04-14 02:33:21 458,752 ----a-w C:\WINDOWS\ServicePackFiles\i386\cmdial32.dll
- 2008-04-14 02:33:21 165,888 ------w C:\WINDOWS\ServicePackFiles\i386\credui.dll
+ 2008-04-14 02:33:21 190,976 ----a-w C:\WINDOWS\ServicePackFiles\i386\credui.dll
- 2008-04-14 02:33:24 386,560 ------w C:\WINDOWS\ServicePackFiles\i386\fontext.dll
+ 2008-04-14 02:33:24 396,288 ----a-w C:\WINDOWS\ServicePackFiles\i386\fontext.dll
- 2008-04-14 02:34:06 769,024 ------w C:\WINDOWS\ServicePackFiles\i386\helpctr.exe
+ 2008-04-14 02:34:06 765,440 ----a-w C:\WINDOWS\ServicePackFiles\i386\helpctr.exe
- 2008-04-14 02:33:26 146,944 ------w C:\WINDOWS\ServicePackFiles\i386\hotplug.dll
+ 2008-04-14 02:33:26 161,792 ----a-w C:\WINDOWS\ServicePackFiles\i386\hotplug.dll
- 2008-04-14 02:33:28 157,184 ------w C:\WINDOWS\ServicePackFiles\i386\keymgr.dll
+ 2008-04-14 02:33:28 409,600 ----a-w C:\WINDOWS\ServicePackFiles\i386\keymgr.dll
- 2008-04-14 02:34:32 221,696 ------w C:\WINDOWS\ServicePackFiles\i386\logon.scr
+ 2008-04-14 02:34:32 3,128,320 ----a-w C:\WINDOWS\ServicePackFiles\i386\logon.scr
- 2008-04-14 02:34:09 515,584 ------w C:\WINDOWS\ServicePackFiles\i386\logonui.exe
+ 2008-04-14 02:34:09 5,650,944 ----a-w C:\WINDOWS\ServicePackFiles\i386\logonui.exe
- 2008-04-14 02:34:11 251,904 ------w C:\WINDOWS\ServicePackFiles\i386\migwiz.exe
+ 2008-04-14 02:34:11 549,888 ----a-w C:\WINDOWS\ServicePackFiles\i386\migwiz.exe
- 2008-04-13 16:45:30 216,064 ------w C:\WINDOWS\ServicePackFiles\i386\moricons.dll
+ 2008-04-13 16:45:30 379,904 ----a-w C:\WINDOWS\ServicePackFiles\i386\moricons.dll
- 2008-04-14 02:34:12 3,558,912 ------w C:\WINDOWS\ServicePackFiles\i386\moviemk.exe
+ 2004-08-05 12:00:00 3,676,160 ----a-w C:\WINDOWS\ServicePackFiles\i386\moviemk.exe
- 2008-04-14 02:33:31 1,007,104 ------w C:\WINDOWS\ServicePackFiles\i386\msgina.dll
+ 2008-04-14 02:33:31 1,114,624 ----a-w C:\WINDOWS\ServicePackFiles\i386\msgina.dll
- 2008-04-14 02:33:31 3,066,880 ------w C:\WINDOWS\ServicePackFiles\i386\mshtml.dll
+ 2008-06-24 08:28:24 3,865,088 ----a-w C:\WINDOWS\ServicePackFiles\i386\mshtml.dll
- 2008-04-14 02:34:13 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\msimn.exe
+ 2008-04-14 02:34:13 223,744 ----a-w C:\WINDOWS\ServicePackFiles\i386\msimn.exe
- 2008-04-14 02:34:14 347,648 ------w C:\WINDOWS\ServicePackFiles\i386\mspaint.exe
+ 2008-04-14 02:34:14 444,928 ----a-w C:\WINDOWS\ServicePackFiles\i386\mspaint.exe
- 2008-04-14 02:33:33 281,600 ------w C:\WINDOWS\ServicePackFiles\i386\mstask.dll
+ 2008-04-14 02:33:33 328,192 ----a-w C:\WINDOWS\ServicePackFiles\i386\mstask.dll
- 2008-04-14 02:33:34 91,648 ------w C:\WINDOWS\ServicePackFiles\i386\mydocs.dll
+ 2008-04-14 02:33:34 86,528 ----a-w C:\WINDOWS\ServicePackFiles\i386\mydocs.dll
- 2008-04-14 02:34:14 55,296 ------w C:\WINDOWS\ServicePackFiles\i386\narrator.exe
+ 2008-04-14 02:34:14 56,832 ----a-w C:\WINDOWS\ServicePackFiles\i386\narrator.exe
- 2008-04-14 02:33:34 144,896 ------w C:\WINDOWS\ServicePackFiles\i386\netid.dll
+ 2008-04-14 02:33:34 153,088 ----a-w C:\WINDOWS\ServicePackFiles\i386\netid.dll
- 2008-04-14 02:33:35 1,719,808 ------w C:\WINDOWS\ServicePackFiles\i386\netshell.dll
+ 2008-04-14 02:33:35 2,135,552 ----a-w C:\WINDOWS\ServicePackFiles\i386\netshell.dll
- 2008-04-14 02:33:35 250,880 ------w C:\WINDOWS\ServicePackFiles\i386\newdev.dll
+ 2008-04-14 02:33:35 415,744 ----a-w C:\WINDOWS\ServicePackFiles\i386\newdev.dll
- 2008-04-14 02:34:15 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\notepad.exe
+ 2008-04-14 02:34:15 156,672 ----a-w C:\WINDOWS\ServicePackFiles\i386\notepad.exe
- 2008-04-14 02:33:36 145,920 ------w C:\WINDOWS\ServicePackFiles\i386\ntshrui.dll
+ 2008-04-14 02:33:36 233,984 ----a-w C:\WINDOWS\ServicePackFiles\i386\ntshrui.dll
- 2008-04-14 02:33:38 97,280 ------w C:\WINDOWS\ServicePackFiles\i386\occache.dll
+ 2008-06-23 16:28:22 164,352 ----a-w C:\WINDOWS\ServicePackFiles\i386\occache.dll
- 2008-04-14 02:33:38 578,560 ------w C:\WINDOWS\ServicePackFiles\i386\printui.dll
+ 2008-04-14 02:33:38 758,784 ----a-w C:\WINDOWS\ServicePackFiles\i386\printui.dll
- 2008-04-14 02:33:39 685,568 ------w C:\WINDOWS\ServicePackFiles\i386\rasdlg.dll
+ 2008-04-14 02:33:39 1,257,472 ----a-w C:\WINDOWS\ServicePackFiles\i386\rasdlg.dll
- 2008-04-14 02:34:19 153,088 ------w C:\WINDOWS\ServicePackFiles\i386\regedit.exe
+ 2008-04-14 02:34:19 230,912 ----a-w C:\WINDOWS\ServicePackFiles\i386\regedit.exe
- 2008-04-14 02:00:59 572,416 ------w C:\WINDOWS\ServicePackFiles\i386\shdoclc.dll
+ 2008-04-14 02:00:59 689,664 ----a-w C:\WINDOWS\ServicePackFiles\i386\shdoclc.dll
- 2008-04-14 02:33:41 1,499,136 ------w C:\WINDOWS\ServicePackFiles\i386\shdocvw.dll
+ 2008-04-14 02:33:41 1,778,688 ----a-w C:\WINDOWS\ServicePackFiles\i386\shdocvw.dll
- 2008-04-14 02:33:41 8,517,632 ------w C:\WINDOWS\ServicePackFiles\i386\shell32.dll
+ 2008-04-14 02:33:41 12,931,584 ----a-w C:\WINDOWS\ServicePackFiles\i386\shell32.dll
- 2008-04-14 02:33:41 440,320 ------w C:\WINDOWS\ServicePackFiles\i386\shimgvw.dll
+ 2008-04-14 02:33:41 1,790,464 ----a-w C:\WINDOWS\ServicePackFiles\i386\shimgvw.dll
- 2008-04-14 02:33:41 474,624 ------w C:\WINDOWS\ServicePackFiles\i386\shlwapi.dll
+ 2008-04-14 02:33:41 499,200 ----a-w C:\WINDOWS\ServicePackFiles\i386\shlwapi.dll
- 2008-04-14 02:34:22 133,120 ------w C:\WINDOWS\ServicePackFiles\i386\sndrec32.exe
+ 2008-04-14 02:34:22 182,272 ----a-w C:\WINDOWS\ServicePackFiles\i386\sndrec32.exe
- 2008-04-14 02:33:46 122,368 ------w C:\WINDOWS\ServicePackFiles\i386\stobject.dll
+ 2008-04-14 02:33:46 147,968 ----a-w C:\WINDOWS\ServicePackFiles\i386\stobject.dll
- 2008-04-14 02:34:24 107,520 ------w C:\WINDOWS\ServicePackFiles\i386\sysocmgr.exe
+ 2008-04-14 02:34:24 183,296 ----a-w C:\WINDOWS\ServicePackFiles\i386\sysocmgr.exe
- 2008-04-14 02:33:46 1,013,248 ------w C:\WINDOWS\ServicePackFiles\i386\syssetup.dll
+ 2008-04-14 02:33:46 1,269,760 ----a-w C:\WINDOWS\ServicePackFiles\i386\syssetup.dll
- 2008-04-14 02:34:25 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\taskmgr.exe
+ 2008-04-14 02:34:25 189,440 ----a-w C:\WINDOWS\ServicePackFiles\i386\taskmgr.exe
- 2008-04-14 02:33:46 391,168 ------w C:\WINDOWS\ServicePackFiles\i386\themeui.dll
+ 2008-04-14 02:33:46 393,728 ----a-w C:\WINDOWS\ServicePackFiles\i386\themeui.dll
- 2008-04-14 02:33:48 37,888 ------w C:\WINDOWS\ServicePackFiles\i386\url.dll
+ 2008-06-23 16:28:22 62,464 ----a-w C:\WINDOWS\ServicePackFiles\i386\url.dll
- 2008-04-14 02:33:48 621,568 ------w C:\WINDOWS\ServicePackFiles\i386\urlmon.dll
+ 2008-06-23 16:28:23 1,233,408 ----a-w C:\WINDOWS\ServicePackFiles\i386\urlmon.dll
- 2008-04-14 02:33:48 219,648 ------w C:\WINDOWS\ServicePackFiles\i386\uxtheme.dll
+ 2008-09-28 12:10:00 219,648 ----a-w C:\WINDOWS\ServicePackFiles\i386\uxtheme.dll
- 2008-04-14 02:33:48 281,600 ------w C:\WINDOWS\ServicePackFiles\i386\webcheck.dll
+ 2008-06-23 16:28:23 394,240 ----a-w C:\WINDOWS\ServicePackFiles\i386\webcheck.dll
- 2008-04-14 02:34:27 438,784 ------w C:\WINDOWS\ServicePackFiles\i386\wiaacmgr.exe
+ 2008-04-14 02:34:27 890,368 ----a-w C:\WINDOWS\ServicePackFiles\i386\wiaacmgr.exe
- 2008-04-14 02:33:48 594,432 ------w C:\WINDOWS\ServicePackFiles\i386\wiashext.dll
+ 2008-04-14 02:33:48 774,656 ----a-w C:\WINDOWS\ServicePackFiles\i386\wiashext.dll
- 2008-04-14 02:32:53 764,416 ------w C:\WINDOWS\ServicePackFiles\i386\winntbbu.dll
+ 2008-04-14 02:32:53 763,904 ----a-w C:\WINDOWS\ServicePackFiles\i386\WINNTBBU.DLL
- 2008-04-14 02:33:48 293,888 ------w C:\WINDOWS\ServicePackFiles\i386\winsrv.dll
+ 2008-04-14 02:33:48 294,912 ----a-w C:\WINDOWS\ServicePackFiles\i386\winsrv.dll
- 2008-04-14 02:34:29 168,960 ------w C:\WINDOWS\ServicePackFiles\i386\wuauclt1.exe
+ 2005-05-26 02:16:30 295,704 ----a-w C:\WINDOWS\ServicePackFiles\i386\wuauclt1.exe
- 2008-04-13 17:39:24 2,897,920 ------w C:\WINDOWS\ServicePackFiles\i386\xpsp2res.dll
+ 2008-04-13 18:36:46 3,378,176 ----a-w C:\WINDOWS\ServicePackFiles\i386\xpsp2res.dll
- 2008-04-14 02:33:52 340,992 ------w C:\WINDOWS\ServicePackFiles\i386\zipfldr.dll
+ 2008-04-14 02:33:52 908,288 ----a-w C:\WINDOWS\ServicePackFiles\i386\zipfldr.dll
- 2008-04-14 02:33:53 98,304 ----a-w C:\WINDOWS\system32\ahui.exe
+ 2008-04-14 02:33:53 101,376 ----a-w C:\WINDOWS\system32\ahui.exe
- 2008-04-14 02:33:20 1,025,024 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-14 02:33:20 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2008-04-14 02:33:20 85,504 ----a-w C:\WINDOWS\system32\cabview.dll
+ 2008-04-14 02:33:20 83,456 ----a-w C:\WINDOWS\system32\cabview.dll
- 2008-04-14 02:33:57 65,536 ----a-w C:\WINDOWS\system32\cleanmgr.exe
+ 2008-04-14 02:33:57 110,080 ----a-w C:\WINDOWS\system32\cleanmgr.exe
- 2008-04-14 02:33:57 401,408 ----a-w C:\WINDOWS\system32\cmd.exe
+ 2008-04-14 02:33:57 428,032 ----a-w C:\WINDOWS\system32\cmd.exe
- 2008-04-14 02:33:21 353,280 ----a-w C:\WINDOWS\system32\cmdial32.dll
+ 2008-04-14 02:33:21 458,752 ----a-w C:\WINDOWS\system32\cmdial32.dll
- 2008-04-14 02:33:21 165,888 ----a-w C:\WINDOWS\system32\credui.dll
+ 2008-04-14 02:33:21 190,976 ----a-w C:\WINDOWS\system32\credui.dll
- 2004-08-05 12:00:00 657,408 -c--a-w C:\WINDOWS\system32\dllcache\mstscax.dll
+ 2008-04-14 02:33:28 2,089,472 -c--a-w C:\WINDOWS\system32\dllcache\mstscax.dll
- 2008-04-14 02:33:24 386,560 ----a-w C:\WINDOWS\system32\fontext.dll
+ 2008-04-14 02:33:24 396,288 ----a-w C:\WINDOWS\system32\fontext.dll
- 2008-04-14 02:33:26 146,944 ----a-w C:\WINDOWS\system32\hotplug.dll
+ 2008-04-14 02:33:26 161,792 ----a-w C:\WINDOWS\system32\hotplug.dll
- 2008-04-14 02:33:28 157,184 ----a-w C:\WINDOWS\system32\keymgr.dll
+ 2008-04-14 02:33:28 409,600 ----a-w C:\WINDOWS\system32\keymgr.dll
- 2008-04-14 02:34:32 221,696 ----a-w C:\WINDOWS\system32\logon.scr
+ 2008-04-14 02:34:32 3,128,320 ----a-w C:\WINDOWS\system32\logon.scr
- 2008-04-14 02:34:09 515,584 ----a-w C:\WINDOWS\system32\logonui.exe
+ 2008-04-14 02:34:09 5,650,944 ----a-w C:\WINDOWS\system32\logonui.exe
- 2008-04-13 16:45:30 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
+ 2008-04-13 16:45:30 379,904 ----a-w C:\WINDOWS\system32\moricons.dll
- 2008-04-14 02:33:31 1,007,104 ----a-w C:\WINDOWS\system32\msgina.dll
+ 2008-04-14 02:33:31 1,114,624 ----a-w C:\WINDOWS\system32\msgina.dll
- 2008-06-24 08:28:24 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-24 08:28:24 3,865,088 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-14 02:34:14 347,648 ----a-w C:\WINDOWS\system32\mspaint.exe
+ 2008-04-14 02:34:14 444,928 ----a-w C:\WINDOWS\system32\mspaint.exe
- 2008-04-14 02:33:33 281,600 ----a-w C:\WINDOWS\system32\mstask.dll
+ 2008-04-14 02:33:33 328,192 ----a-w C:\WINDOWS\system32\mstask.dll
- 2008-04-14 02:33:28 2,061,824 ----a-w C:\WINDOWS\system32\mstscax.dll
+ 2008-04-14 02:33:28 2,089,472 ----a-w C:\WINDOWS\system32\mstscax.dll
- 2008-04-14 02:33:34 91,648 ----a-w C:\WINDOWS\system32\mydocs.dll
+ 2008-04-14 02:33:34 86,528 ----a-w C:\WINDOWS\system32\mydocs.dll
- 2008-04-14 02:34:14 55,296 ----a-w C:\WINDOWS\system32\narrator.exe
+ 2008-04-14 02:34:14 56,832 ----a-w C:\WINDOWS\system32\narrator.exe
- 2008-04-14 02:33:34 144,896 ----a-w C:\WINDOWS\system32\netid.dll
+ 2008-04-14 02:33:34 153,088 ----a-w C:\WINDOWS\system32\netid.dll
- 2008-04-14 02:33:35 1,719,808 ----a-w C:\WINDOWS\system32\netshell.dll
+ 2008-04-14 02:33:35 2,135,552 ----a-w C:\WINDOWS\system32\netshell.dll
- 2008-04-14 02:33:35 250,880 ----a-w C:\WINDOWS\system32\newdev.dll
+ 2008-04-14 02:33:35 415,744 ----a-w C:\WINDOWS\system32\newdev.dll
- 2008-04-14 02:34:15 70,656 ----a-w C:\WINDOWS\system32\notepad.exe
+ 2008-04-14 02:34:15 156,672 ----a-w C:\WINDOWS\system32\notepad.exe
- 2008-04-14 02:33:36 145,920 ----a-w C:\WINDOWS\system32\ntshrui.dll
+ 2008-04-14 02:33:36 233,984 ----a-w C:\WINDOWS\system32\ntshrui.dll
- 2008-06-23 16:28:22 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-06-23 16:28:22 164,352 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-04-14 02:33:38 578,560 ----a-w C:\WINDOWS\system32\printui.dll
+ 2008-04-14 02:33:38 758,784 ----a-w C:\WINDOWS\system32\printui.dll
- 2008-04-14 02:33:39 685,568 ----a-w C:\WINDOWS\system32\rasdlg.dll
+ 2008-04-14 02:33:39 1,257,472 ----a-w C:\WINDOWS\system32\rasdlg.dll
- 2008-04-14 02:00:59 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
+ 2008-04-14 02:00:59 689,664 ----a-w C:\WINDOWS\system32\shdoclc.dll
- 2008-04-14 02:33:41 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-14 02:33:41 1,778,688 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-04-14 02:33:41 8,517,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2008-04-14 02:33:41 12,931,584 ----a-w C:\WINDOWS\system32\shell32.dll
- 2008-04-14 02:33:41 440,320 ----a-w C:\WINDOWS\system32\shimgvw.dll
+ 2008-04-14 02:33:41 1,790,464 ----a-w C:\WINDOWS\system32\shimgvw.dll
- 2008-04-14 02:33:41 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-14 02:33:41 499,200 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2008-04-14 02:34:22 133,120 ----a-w C:\WINDOWS\system32\sndrec32.exe
+ 2008-04-14 02:34:22 182,272 ----a-w C:\WINDOWS\system32\sndrec32.exe
- 2008-04-14 02:33:46 122,368 ----a-w C:\WINDOWS\system32\stobject.dll
+ 2008-04-14 02:33:46 147,968 ----a-w C:\WINDOWS\system32\stobject.dll
- 2008-04-14 02:34:24 107,520 ----a-w C:\WINDOWS\system32\sysocmgr.exe
+ 2008-04-14 02:34:24 183,296 ----a-w C:\WINDOWS\system32\sysocmgr.exe
- 2008-04-14 02:33:46 1,013,248 ----a-w C:\WINDOWS\system32\syssetup.dll
+ 2008-04-14 02:33:46 1,269,760 ----a-w C:\WINDOWS\system32\syssetup.dll
- 2008-04-14 02:34:25 143,360 ----a-w C:\WINDOWS\system32\taskmgr.exe
+ 2008-04-14 02:34:25 189,440 ----a-w C:\WINDOWS\system32\taskmgr.exe
- 2008-04-14 02:33:46 391,168 ----a-w C:\WINDOWS\system32\themeui.dll
+ 2008-04-14 02:33:46 393,728 ----a-w C:\WINDOWS\system32\themeui.dll
- 2008-06-23 16:28:22 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-06-23 16:28:22 62,464 ----a-w C:\WINDOWS\system32\url.dll
- 2008-06-23 16:28:23 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 16:28:23 1,233,408 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-04-14 02:34:11 251,904 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
+ 2008-04-14 02:34:11 549,888 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
- 2008-06-23 16:28:23 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-06-23 16:28:23 394,240 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-04-14 02:34:27 438,784 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
+ 2008-04-14 02:34:27 890,368 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
- 2008-04-14 02:33:48 594,432 ----a-w C:\WINDOWS\system32\wiashext.dll
+ 2008-04-14 02:33:48 774,656 ----a-w C:\WINDOWS\system32\wiashext.dll
- 2008-04-14 02:32:53 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
+ 2008-04-14 02:32:53 763,904 ----a-w C:\WINDOWS\system32\WINNTBBU.DLL
- 2008-04-14 02:33:48 293,888 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2008-04-14 02:33:48 294,912 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2008-04-13 18:36:46 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll
+ 2008-04-13 18:36:46 3,378,176 ----a-w C:\WINDOWS\system32\xpsp2res.dll
- 2008-04-14 02:33:52 340,992 ----a-w C:\WINDOWS\system32\zipfldr.dll
+ 2008-04-14 02:33:52 908,288 ----a-w C:\WINDOWS\system32\zipfldr.dll
+ 2008-09-28 12:12:26 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_768.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{06663B56-0D73-4f9f-BCC5-4AA941470AFD}"= "C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL" [2008-06-18 61440]
[HKEY_CLASSES_ROOT\clsid\{06663b56-0d73-4f9f-bcc5-4aa941470afd}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}"= "C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-06-18 266240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= "C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-06-18 266240]
[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-04-14 1271032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-12 5562368]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-02-10 65536]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2002-12-31 1783808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Fichiers communs\logishrd\WUApp32.exe" [2007-05-11 441120]
C:\Documents and Settings\S‚bastien\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\SteamApps\\seb201192\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Steam\\SteamApps\\seb201192\\source dedicated server\\srcds.exe"=
"C:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15614:TCP"= 15614:TCP:NortonAV
"56170:TCP"= 56170:TCP:Pando P2P TCP Listening Port
"56170:UDP"= 56170:UDP:Pando P2P UDP Listening Port
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2002-12-31 141312]
R3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 217216]
R3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 17792]
S3 3xHybrid;Pinnacle PCTV 310i Stereo DVB-T;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-02 827008]
S3 NtApm;Pilote d'interface NT APM/hérité;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-23 9472]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 217088]
S3 x-tern;x-tern;C:\Documents and Settings\Sébastien\Bureau\[CheatDB] X-Tern 2008-02-14\x-tern.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4811ce06-af1c-11dc-a92e-00142a564064}]
\Shell\AutoRun\command - N:\start.exe
\Shell\iledefrance\command - N:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e6385a0-c73b-11dc-a974-00142a564064}]
\Shell\AutoRun\command - D:\start.exe
\Shell\iledefrance\command - D:\start.exe
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://orange.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Window Title =
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Recherche AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Crawler Search - tbr:iemenu
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe -
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 17:05:44
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
"ImagePath"="\??\C:\Documents and Settings\Sébastien\Bureau\
[CheatDB] X-Tern 2008-02-14\x-tern.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\x-tern]
"ImagePath"="\??\C:\Documents and Settings\Sébastien\Bureau\
.
Heure de fin: 2008-09-28 17:07:00
ComboFix-quarantined-files.txt 2008-09-28 15:06:56
ComboFix2.txt 2008-09-27 17:27:26
Avant-CF: 63ÿ236ÿ673ÿ536 octets libres
Après-CF: 63,224,328,192 octets libres
691 --- E O F --- 2008-09-27 01:01:03
sur le hijack rien mais sur combo maintenant si tu en refais un il serait different mais je ne sais pas tout faire et il ne faut mieux pas vouloir tenter n importe quoi.
je te conseillerai de faire un nouveau rapport combofix pour que shion ares voit ce qu il en est maintenant que toolbar sd a passer la suppression qui n avait pas ete effectuee.
je te conseillerai de faire un nouveau rapport combofix pour que shion ares voit ce qu il en est maintenant que toolbar sd a passer la suppression qui n avait pas ete effectuee.
