pitsensas

Voici le rapport de OTM: ========== PROCESSES ========== Process explorer.exe killed successfully! ========== REGISTRY ========== Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\\"ImagePath"|"%fystemRoot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\\"ImagePath"|"%fystemRoot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\\"ImagePath"|"%fystemRoot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\\"ImagePath"|"%fystemRoot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\\"ImagePath"|"%fystemRoot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\\"ImagePath"|"%fystemRoot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv\\"ImagePath"|"%fystemroot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv\\"ImagePath"|"%fystemroot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv\\"ImagePath"|"%fystemroot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv\\"ImagePath"|"%fystemroot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS\\"ImagePath"|"%fystemRoot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS\\"ImagePath"|"%fystemRoot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS\\"ImagePath"|"%fystemRoot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS\\"ImagePath"|"%fystemRoot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS\\"ImagePath"|"%fystemRoot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS\\"ImagePath"|"%fystemRoot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wuauserv\\"ImagePath"|"%fystemroot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wuauserv\\"ImagePath"|"%fystemroot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wuauserv\\"ImagePath"|"%fystemroot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wuauserv\\"ImagePath"|"%fystemroot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\"ImagePath"|"%fystemRoot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\"ImagePath"|"%fystemRoot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\"ImagePath"|"%fystemRoot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\"ImagePath"|"%fystemRoot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\"ImagePath"|"%fystemRoot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\"ImagePath"|"%fystemRoot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\"ImagePath"|"%fystemroot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\"ImagePath"|"%fystemroot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\"ImagePath"|"%fystemroot%\system32\svchost.exe -k netsvcs" /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\"ImagePath"|"%fystemroot%\system32\svchost.exe -k netsvcs" /E! ========== COMMANDS ========== OTM by OldTimer - Version 3.0.0.6 log created on 08302009_000924

Oui mon compte est en Administrateur. D'ailleurs le rapport de systemlock l'indique. SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 23:55 on 29/08/2009 by XXXXX (Administrator - Elevation successful) ========== regfind ========== Searching for "fystemroot" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" -=End Of File=-

Ca n'a pas coincé pour fusionner dans le registre mais après le redémarrage, j'ai toujours les erreurs dans l'observateurs d'événements, "regsvr32 wuaueng.dll" sort toujours une erreur et systemlock trouve toujours les clés "fystemroot" dans la base de registre. J'a essayé de modifier manuelelemnt un clé ([HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS] ) mais j'ai une erreur d'écriture !

Bonsoir, Désolé pour le délai mais come indiqué dans le rpemier emssage, c'est sur le PC d'un ami. - Erreur lors de la commande "regsvr32 wuaueng.dll" pour ré-enregistrer la DDL. - Ci-joint le rapport de systemLock: SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 23:01 on 29/08/2009 by XXXXX (Administrator - Elevation successful) ========== regfind ========== Searching for "fystemroot" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS] "ImagePath"="%fystemRoot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv] "ImagePath"="%fystemroot%\system32\svchost.exe -k netsvcs" -=End Of File=- Encore merci pour votre aide

- Oui c'est un windows authentique - Oui les 2 erreurs reviennent avec MBAM. - J'ai essayé la manip dans la base de registre en ajoutant l'utilisateur et donnant le contrôle total. Par contre, pour le SYSTEM, comme c'est grisé je ne sais pas désactiver le mécanisme d'héritage. J'ai même essayé avec le compte Administrateur et toujours l'erreur. D'avance merci

Ne fonctionne pas (erreur 0x80070005). De plus, l'analyse rapide de MBAM trouve 2 erreurs: Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. Malgré tout, toujours les problèmes avec "regsvr32 /u wuaueng.dll" et "Dial-a-fix" demeurent

Merci pour votre réponse rapide. Malheureusement, j'obtiens une erreur d'accès refusé (même en mode sans échec) sur le fichier C:\windows\system32\wuaueng.dll Et toujours les erreurs dans l'observateur d'événements. Une autre idée ? Peut-être supprimer le fichier avec Fileassassin de MBAM ?

Bonjour, Chez des amis, le PC est lent au démarrage (pas d'accès normal avant plusieurs minutes). En vérifiant dans l'observateur d'événements, il y a une erreur de fichiers introuvables pour les 2 services "Mises à jour automatiques" et "transfert intelligent en arrière-plan". J'ai essayé la procédure de réparation de ces 2 services (%windir%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %windir%\inf\au.inf ) et (%windir%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %windir%\inf\qmgr.inf ). Mais une erreur d'opération échouée apparaît. En vérifiant dans les services, le chemin me semble bizarre: %fystemroot%\system32\svchost.exe -k netsvcs Je pense donc que le PC est infecté. Je vous joins le rapport Hijackthis et attends vos indications des manips à effectuer. Slts Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:18:33, on 25/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Temp\scanner.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MàJ Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\Tempo Lancement MAJ.vbs" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: mbamservice - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 6403 bytes

Bonjour, Suite à l'apparition de pubs intempestives sur le PC d'un ami, j'ai passé un coup de Navilog1. Rapport cleannavi.txt: Fix Navipromo version 4.0.1 commencé le 29/07/2009 10:47:41,87 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 18.07.2009 à 11h00 par IL-MAFIOSO Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : Christophe ( Administrator ) BOOT : Normal boot Antivirus : avast! antivirus 4.8.1335 [VPS 090728-0] 4.8.1335 (Not Activated) C:\ (Local Disk) - NTFS - Total:116 Go (Free:71 Go) D:\ (Local Disk) - NTFS - Total:110 Go (Free:3 Go) E:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go) F:\ (CD or DVD) G:\ (CD or DVD) H:\ (Local Disk) - NTFS - Total:116 Go (Free:43 Go) I:\ (Local Disk) - NTFS - Total:78 Go (Free:57 Go) J:\ (Local Disk) - NTFS - Total:39 Go (Free:37 Go) K:\ (Local Disk) L:\ (USB) N:\ (USB) O:\ (USB) Recherche executée en mode normal Nettoyage exécuté au redémarrage de l'ordinateur C:\Program Files\Games-Attack supprimé ! C:\Documents and Settings\All Users\menudm~1\progra~1\Games-Attack supprimé ! c:\docume~1\alluse~1\applic~1\Games-Attack supprimé ! C:\Documents and Settings\Christophe\applic~1\Games-Attack supprimé ! c:\docume~1\christ~1\bureau\Games-Attack.lnk supprimé ! C:\WINDOWS\prefetch\ycogmms*.pf supprimé ! C:\Documents and Settings\Christophe\locals~1\applic~1\ycogmms.exe supprimé ! C:\Documents and Settings\Christophe\locals~1\applic~1\ycogmms.dat supprimé ! C:\Documents and Settings\Christophe\locals~1\applic~1\ycogmms_nav.dat supprimé ! C:\Documents and Settings\Christophe\locals~1\applic~1\ycogmms_navps.dat supprimé ! Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\Christophe\locals~1\Temp effectué ! *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Scan terminé 29/07/2009 11:07:16,70 *** Navilog1 a supprimé Games-Attack. J'ai donc poussé l'analyse un peu plus loin avec RSIT. Rapport log.txt: Logfile of random's system information tool 1.06 (written by random/random) Run by Christophe at 2009-07-29 12:24:10 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 73 GB (62%) free of 119 GB Total RAM: 1022 MB (51% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:24:11, on 29/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\CmUCReye.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Program Files\Medion Info Display\MdionLCM.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe C:\ScanPanel\ScnPanel.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Outlook Express\msimn.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Christophe\Bureau\RSIT.exe C:\Program Files\trend micro\Christophe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c " O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.habbo.fr/client" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129731383765 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131096353671 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://proformation.webex.com/client/T26L/webex/ieatgpc.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Google Update Service (gupdate1c9a88531d1888) (gupdate1c9a88531d1888) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 13779 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\Norton Security Scan for Christophe.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-11 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-25 669168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll [2004-03-22 385024] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-11 259696] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-09-23 7282688] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=NvMCTray.dll,NvTaskbarInit [] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-08-18 14820864] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632] "CmUCRRun"=C:\WINDOWS\system32\CmUCReye.exe [2005-10-12 241664] "CHotkey"=C:\WINDOWS\mHotkey.exe [2004-06-03 549376] "ledpointer"=C:\WINDOWS\CNYHKey.exe [2005-11-04 5577216] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952] "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-05 59392] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "MedionVFD"=C:\Program Files\Medion Info Display\MdionLCM.exe [2005-10-11 126976] "PCMService"=C:\Program Files\Home Cinema\PowerCinema\PCMService.exe [2005-11-01 139264] "AntivirusRegistration"=C:\Program Files\CA\Etrust Antivirus\Register.exe [2005-08-22 258048] "Realtime Monitor"=C:\PROGRA~1\CA\ETRUST~1\realmon.exe [2004-06-26 504080] "InstantOn"=C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe [2005-09-22 93640] "ASUS Camera ScreenSaver"=C:\WINDOWS\ASScrProlog.exe [2009-03-01 37232] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696] "AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-20 177472] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-01 68856] "Polar Sync"= [] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe [2009-04-29 468408] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE Ralink Wireless Utility.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe ScanPanel.lnk - C:\ScanPanel\ScnPanel.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Assistance à distance" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger" "C:\Program Files\AOL 9.0\AOL.exe"="C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0" "C:\Program Files\AOL 9.0\WAOL.exe"="C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0" "C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console" "C:\Program Files\Freeplayer\vlc\vlc.exe"="C:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Fichiers communs\AOL\1224522439\ee\aolsoftware.exe"="C:\Program Files\Fichiers communs\AOL\1224522439\ee\aolsoftware.exe:*:Enabled:AOL Shared Components" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\XBMC\XBMC.exe"="C:\Program Files\XBMC\XBMC.exe:*:Enabled:XBMC Media Center" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\UrbanTerror\ioUrbanTerror.exe"="C:\Program Files\UrbanTerror\ioUrbanTerror.exe:*:Disabled:ioUrbanTerror" "C:\Program Files\CA\Etrust Antivirus\Realmon.exe"="C:\Program Files\CA\Etrust Antivirus\Realmon.exe:*:Disabled:Realmon" "C:\Program Files\Staubli\CS8\s6.6.5\cs8.exe"="C:\Program Files\Staubli\CS8\s6.6.5\cs8.exe:*:Enabled:cs8" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Assistance à distance" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger" "C:\Program Files\AOL 9.0\AOL.exe"="C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0" "C:\Program Files\AOL 9.0\WAOL.exe"="C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0" "C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04e21ce4-3b79-11dc-ad93-00038a000015}] shell\AutoRun\command - K:\WinStressCopie.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{836f4582-c51e-11dd-ae8f-000000000000}] shell\AutoRun\command - K:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6b7d69d-880b-11dd-adbe-00038a000015}] shell\AutoRun\command - K:\setupSNK.exe ======List of files/folders created in the last 1 months====== 2009-07-29 12:22:59 ----D---- C:\Program Files\trend micro 2009-07-29 12:22:58 ----D---- C:\rsit 2009-07-29 10:47:41 ----A---- C:\cleannavi.txt 2009-07-29 10:47:13 ----D---- C:\Program Files\Navilog1 2009-07-24 20:20:45 ----D---- C:\Program Files\Safari 2009-07-24 20:18:35 ----D---- C:\Program Files\iPod 2009-07-24 20:18:24 ----D---- C:\Program Files\iTunes 2009-07-22 18:41:53 ----A---- C:\WINDOWS\ModemLog_Modem standard.txt 2009-07-15 19:55:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ 2009-07-15 19:55:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-07-15 19:54:23 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ 2009-07-03 18:28:45 ----D---- C:\Documents and Settings\Christophe\Application Data\Stäubli 2009-07-03 18:28:26 ----D---- C:\Documents and Settings\Christophe\Application Data\STAUBLI 2009-07-03 18:28:02 ----D---- C:\Program Files\STRATON 2009-07-03 18:27:19 ----D---- C:\Documents and Settings\All Users\Application Data\STAUBLI 2009-07-03 18:27:03 ----D---- C:\Program Files\Fichiers communs\STAUBLI 2009-07-03 18:27:03 ----D---- C:\Program Files\Fichiers communs\applicom 2009-07-03 18:26:56 ----D---- C:\Program Files\Staubli ======List of files/folders modified in the last 1 months====== 2009-07-29 12:22:59 ----RD---- C:\Program Files 2009-07-29 11:07:35 ----A---- C:\WINDOWS\ScnPanel.ini 2009-07-29 11:07:30 ----D---- C:\WINDOWS\system32\Lang 2009-07-29 11:07:30 ----D---- C:\WINDOWS\Prefetch 2009-07-29 11:07:26 ----D---- C:\WINDOWS\Temp 2009-07-29 11:07:12 ----D---- C:\WINDOWS\system32 2009-07-29 11:05:59 ----A---- C:\WINDOWS\ModemLog_Creatix V.92 Data Fax Modem.txt 2009-07-29 11:05:50 ----SD---- C:\WINDOWS\Tasks 2009-07-29 11:04:26 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-07-27 18:59:09 ----A---- C:\WINDOWS\NeroDigital.ini 2009-07-26 21:34:04 ----D---- C:\WINDOWS\system32\CatRoot2 2009-07-26 19:22:55 ----HD---- C:\WINDOWS\inf 2009-07-26 18:00:45 ----D---- C:\Program Files\Fichiers communs\Symantec Shared 2009-07-26 18:00:01 ----D---- C:\Program Files\Norton Security Scan 2009-07-24 20:21:38 ----D---- C:\Documents and Settings\Christophe\Application Data\Apple Computer 2009-07-24 20:21:01 ----SHD---- C:\WINDOWS\Installer 2009-07-24 20:18:32 ----D---- C:\Program Files\Fichiers communs\Apple 2009-07-23 14:30:17 ----D---- C:\Program Files\Microsoft Silverlight 2009-07-22 18:41:53 ----D---- C:\WINDOWS 2009-07-22 18:31:38 ----D---- C:\Program Files\mobile PhoneTools 2009-07-17 11:37:57 ----D---- C:\WINDOWS\network diagnostic 2009-07-15 19:55:45 ----HD---- C:\WINDOWS\$hf_mig$ 2009-07-15 19:55:43 ----A---- C:\WINDOWS\imsins.BAK 2009-07-15 19:55:42 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe 2009-07-03 18:27:03 ----D---- C:\Program Files\Fichiers communs ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-07-26 19915] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152] R2 INO_FLTR;INO_FLTR; \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys [] R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192] R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-10-17 826112] R3 AgereSoftModem;Creatix V.92 Data Fax Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-06-30 1094848] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152] R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver; C:\WINDOWS\system32\DRIVERS\cmiucr.SYS [2005-10-04 72320] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-08-19 3856896] R3 KS-959;Kingsun KS-959 USB Infrared Adapter; C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-20 19034] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-09-23 3524640] R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-05 5888] R3 RT2500USB;RT2500 USB Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-07-14 241536] R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2004-01-16 17408] S3 catchme;catchme; \??\C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files\Subagames\CrossFire\GameGuard\dump_wmimmc.sys [] S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-07-07 55216] S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-07-07 6576] S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-07-07 89872] S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-07-07 81728] S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-07-07 79488] S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys [] S3 ser2pl;USB Filter Driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2004-08-15 42752] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 uxddrv;Dynamically loaded UxdDrv; \??\C:\Documents and Settings\All Users\Bureau\WinStress\uxddrv.sys [] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe [2005-11-01 258146] R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe [2005-11-01 114784] R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe [2005-11-01 1073152] R2 InoRPC;eTrust Antivirus RPC Server; C:\Program Files\CA\eTrust Antivirus\InoRpc.exe [2004-06-26 139536] R2 InoRT;eTrust Antivirus Realtime Server; C:\Program Files\CA\eTrust Antivirus\InoRT.exe [2004-06-26 241936] R2 InoTask;eTrust Antivirus Job Server; C:\Program Files\CA\eTrust Antivirus\InoTask.exe [2004-06-26 254224] R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2005-07-24 53248] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-09-23 131139] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-10-28 167936] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496] R3 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 gupdate1c9a88531d1888;Google Update Service (gupdate1c9a88531d1888); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-19 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-03 183280] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-05-06 2785582] S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328] S3 WmcCdsLs;Aide de Windows Media Connect (WMC); C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF----------------- Rapport info.txt: info.txt logfile of random's system information tool 1.06 2009-07-29 12:23:09 ======Uninstall list====== -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" ALUpdate-->"C:\Program Files\ESTsoft\ALUpdate\unins000.exe" ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe" Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} AstraSlim SE-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E8177167-5AF4-42EC-AF20-18416E903F0F}\setup.exe" Asus_LCD_ScreenSaver-->"C:\WINDOWS\ASUS LCD ScreenSaver Uninstaller.exe" avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Cross Fire En-->"C:\Program Files\Subagames\CrossFire\unins000.exe" CS8 Emulator s6.6.5 [remove only]-->C:\Program Files\Staubli\CS8\s6.6.5\Uninstall.exe Dofus 1.25.0-->C:\Program Files\Dofus\uninstall.exe Dofus 1.26.0-->C:\Program Files\Dofus\uninstall.exe Dofus 1.27.0-->C:\Program Files\Dofus\uninstall.exe eMule-->"C:\Program Files\eMule\Uninstall.exe" Entropia Universe-->C:\Program Files\MindArk\Entropia Universe\Uninstall.exe Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF} Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.37\Installer\setup.exe" --uninstall --system-level Google Earth Plugin-->MsiExec.exe /I{B535B621-5559-11DE-A7A1-005056806466} Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466} HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D} iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944} Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} Le Seigneur des anneaux Online : Les Ombres d'Angmar v01.04.00.-->"C:\Program Files\Codemasters\Le Seigneur des anneaux Online\unins000.exe" Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LiveUpdate BVRP Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x40c Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office 2000 Small Business-->MsiExec.exe /I{0003040C-78E1-11D2-B60F-006097C998E7} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9} Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9} Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C} Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" mobile PhoneTools-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x40c MobileMe Control Panel-->MsiExec.exe /I{CADBCBBA-6CDD-4119-B5ED-4AE075B153E7} MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Fichiers communs\Symantec Shared\NSSSetup\{22563C5A-6C62-4AA6-9C62-E451153F69BE}_2_0_1\NSSSetup.exe" /X Norton Security Scan-->MsiExec.exe /X{22563C5A-6C62-4AA6-9C62-E451153F69BE} Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe PLC Studio [remove only]-->C:\Program Files\STRATON\Uninstall.exe Polar ProTrainer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF7DBA84-0A55-11D6-A0A6-6A7573736972}\setup.exe" -l0x40c QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68} Safari-->MsiExec.exe /I{2D6ED011-055B-4041-B198-BB903827EBFB} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Stäubli Robotics Studio 6.6-->C:\Program Files\Staubli\SRS 6.6\Uninstall.exe Urban Terror 4.1-->"C:\Program Files\UrbanTerror\unins000.exe" Wakfu-->C:\Program Files\Wakfu\uninstall.exe WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919} Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657} Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C} Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E} Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353} Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE ======Security center information====== AV: avast! antivirus 4.8.1335 [VPS 090728-0] ======System event log====== Computer Name: NOM-BB6702A456C Event Code: 7036 Message: Le service Google Software Updater est entré dans l'état : en cours d'exécution. Record Number: 14836 Source Name: Service Control Manager Time Written: 20090615080620.000000+120 Event Type: Informations User: Computer Name: NOM-BB6702A456C Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Google Software Updater. Record Number: 14835 Source Name: Service Control Manager Time Written: 20090615080620.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: NOM-BB6702A456C Event Code: 17 Message: Prêt pour l'installation : les mises à jour suivantes ont été téléchargées et sont prêtes pour l'installation. Pour les installer, un administrateur doit ouvrir une session sur cet ordinateur et suivre les instructions qui seront affichées par Windows : - Mise à jour de sécurité pour Windows XP (KB923561) Record Number: 14834 Source Name: Windows Update Agent Time Written: 20090615080538.000000+120 Event Type: Informations User: Computer Name: NOM-BB6702A456C Event Code: 7036 Message: Le service Google Software Updater est entré dans l'état : arrêté. Record Number: 14833 Source Name: Service Control Manager Time Written: 20090615080448.000000+120 Event Type: Informations User: Computer Name: NOM-BB6702A456C Event Code: 4201 Message: Le système a détecté que la carte réseau RT2500 USB Wireless LAN Card était connectée au réseau, et a lancé une opération normale sur la carte réseau. Record Number: 14832 Source Name: Tcpip Time Written: 20090615080447.000000+120 Event Type: Informations User: =====Application event log===== Computer Name: NOM-BB6702A456C Event Code: 1102 Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a Record Number: 8534 Source Name: .NET Runtime Optimization Service Time Written: 20090426161820.000000+120 Event Type: User: Computer Name: NOM-BB6702A456C Event Code: 1100 Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a Record Number: 8533 Source Name: .NET Runtime Optimization Service Time Written: 20090426161820.000000+120 Event Type: Informations User: Computer Name: NOM-BB6702A456C Event Code: 1102 Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a Record Number: 8532 Source Name: .NET Runtime Optimization Service Time Written: 20090426161820.000000+120 Event Type: User: Computer Name: NOM-BB6702A456C Event Code: 1100 Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a Record Number: 8531 Source Name: .NET Runtime Optimization Service Time Written: 20090426161820.000000+120 Event Type: Informations User: Computer Name: NOM-BB6702A456C Event Code: 1102 Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a Record Number: 8530 Source Name: .NET Runtime Optimization Service Time Written: 20090426161820.000000+120 Event Type: User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem;C:\PROGRA~1\CA\SHARED~1\SCANEN~1;C:\PROGRA~1\CA\ETRUST~1;C:\Program Files\ESTsoft\ALZip;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 4, GenuineIntel "PROCESSOR_REVISION"=0404 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "AVENGINE"=C:\PROGRA~1\CA\SHARED~1\SCANEN~1 "INOCULAN"=C:\PROGRA~1\CA\ETRUST~1 "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip -----------------EOF----------------- Je n'ai rien fait sans votre avis (plus expert que moi) même si j'ai vu toutes les ToolBar et la console Java pas à jour. Qu'en pensez-vous ? Pour la console Java, il semble que j'ai lu sur ce forum qu'il existe un petit soft très pratique qui permet de supprimer les anciennes versions de Java et d'isntaller la dernière version. Ai je rêvé ? D'avance merci pour votre aide A+

Bonjour, Cette carte Wifi de Alfa Network (AWUS036H) est réputée pour très bien capter les ondes WIFI car plus puissantes que la norme francaise (500mv au lieu de 100mv). Ma question: Est ce qu'elle est dangereuse pour la santé (car émission d'ondes plus fortes) ? Car si la norme francaise limite à 100mv, il y a bien une raison ! D'avance merci

Merci Angélique ! Ca remarche parfaitement grâce à toi

Bonjour, Depuis Démarrer -> Executer, je n'arrive plus à lancer msconfig.exe alors qu'il est bien présent physiquement dans C:\WINDOWS\PCHEALTH\HELPCTR\Binaries J'ai trouvé différents sujets et solutions mais le problème est toujours présent. J'ai fait les vérifications nécessaires, il ne semble pas que mon PC soit infecté (d'aileurs, c'est le seul problème que j'ai). Par contre, lorsque je copie msconfig.exe dans C:\WINDOWS, ca marche. je me suis plutôt orienter vers la déclaration de l'emplacement (surement dans la base de registre) Je ne trouve aucun résultat dans la base de registre en faisant rechercher "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe" Alors que pour le fichier helpctr.exe qui est aussi dans C:\WINDOWS\PCHEALTH\HELPCTR\Binaries (et qui se lance bien depuis Démarrer -> Executer), je trouve bien plusierus clés ("C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\Helpctr.exe") Y aurait-il une âme charitable qui puissse rechercher dans sa base de registre si une clé existe pour "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe" ? D'avance merci

Et le log.txt de RSIT: Logfile of random's system information tool 1.05 (written by random/random) Run by Administrateur at 2009-01-02 00:41:43 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 44 GB (37%) free of 118 GB Total RAM: 1023 MB (50% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:41:54, on 02/01/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\Program Files\trend micro\Administrateur.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_02) - O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.5.0_07) - O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - O17 - HKLM\System\CS1\Services\Tcpip\..\{11AB21C9-738E-4281-8FFC-E8688376C3F7}: NameServer = 80.10.246.1,80.10.246.139 O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe O23 - Service: Autodesk EDM Server - - C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 8290 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-12 7626752] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-07-12 86016] "LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168] "LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe [2006-05-03 36975] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-01 16208384] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152] "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] "LVCOMSX"=C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe [2006-11-15 244512] "nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-12-25 949376] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"=C:\PROGRA~1\Wanadoo\Shell.exe [2004-08-23 122880] "SweetIM"=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [2008-01-02 103712] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136] "msnmsgr"=~C:\Program Files\MSN Messenger\msnmsgr.exe /background [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Librarys Server] C:\WINDOWS\system32\csrss.exe [2004-08-19 6144] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Accélérateur de démarrage AutoCAD.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5vbxx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati5vbxx.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "legalnoticecaption"= "legalnoticetext"= [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\KONAMI\Pro Evolution Soccer 6\pes6.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 6\pes6.exe:*:Enabled:pes6.exe" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "C:\Program Files\MSN Messenger\usnsvc.exe"="C:\Program Files\MSN Messenger\usnsvc.exe:*:Enabled:usnsvc" "C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"="C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe:*:Enabled:LSSrvc" "C:\WINDOWS\system32\WgaTray.exe"="C:\WINDOWS\system32\WgaTray.exe:*:Enabled:WgaTray" "C:\WINDOWS\RTHDCPL.exe"="C:\WINDOWS\RTHDCPL.exe:*:Enabled:RTHDCPL" "C:\Program Files\Eset\nod32krn.exe"="C:\Program Files\Eset\nod32krn.exe:*:Enabled:nod32krn" "C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv" "C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe"="C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe:*:Enabled:sqlservr" "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe:*:Enabled:Communications_Helper" "C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe"="C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe:*:Enabled:NMIndexingService" "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe:*:Enabled:jusched" "C:\Program Files\Wanadoo\Toaster.exe"="C:\Program Files\Wanadoo\Toaster.exe:*:Enabled:Toaster" "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe:*:Enabled:QuickCam10" "C:\Program Files\Wanadoo\Inactivity.exe"="C:\Program Files\Wanadoo\Inactivity.exe:*:Enabled:Inactivity" "C:\Program Files\HP\HP Software Update\hpwuSchd2.exe"="C:\Program Files\HP\HP Software Update\hpwuSchd2.exe:*:Enabled:HPWuSchd2" "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe"="C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe:*:Enabled:Reader_sl" "C:\WINDOWS\system32\FTRTSVC.exe"="C:\WINDOWS\system32\FTRTSVC.exe:*:Enabled:FTRTSVC" "C:\Program Files\Wanadoo\ComComp.exe"="C:\Program Files\Wanadoo\ComComp.exe:*:Enabled:ComComp" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dd0c4ea-289b-11dc-aef1-8605c2ab9b60}] shell\AutoRun\command - L:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dbc9d04-d048-11dc-b15d-00192150d241}] shell\AutoRun\command - I:\Eautorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d72d3b59-b566-11dc-b120-00192150d241}] shell\AutoRun\command - K:\LaunchU3.exe -a ======File associations====== .scr - open - "" "%1" .scr - install - .scr - config - ======List of files/folders created in the last 1 months====== 2009-01-02 00:41:44 ----D---- C:\Program Files\trend micro 2009-01-02 00:41:43 ----D---- C:\rsit 2009-01-02 00:24:23 ----D---- C:\_OTMoveIt 2008-12-26 17:10:19 ----SHD---- C:\RECYCLER 2008-12-26 17:01:04 ----D---- C:\WINDOWS\temp 2008-12-26 17:01:03 ----A---- C:\ComboFix.txt 2008-12-26 16:53:24 ----A---- C:\WINDOWS\zip.exe 2008-12-26 16:53:24 ----A---- C:\WINDOWS\VFIND.exe 2008-12-26 16:53:24 ----A---- C:\WINDOWS\SWXCACLS.exe 2008-12-26 16:53:24 ----A---- C:\WINDOWS\SWSC.exe 2008-12-26 16:53:24 ----A---- C:\WINDOWS\SWREG.exe 2008-12-26 16:53:24 ----A---- C:\WINDOWS\sed.exe 2008-12-26 16:53:24 ----A---- C:\WINDOWS\NIRCMD.exe 2008-12-26 16:53:24 ----A---- C:\WINDOWS\grep.exe 2008-12-26 16:53:24 ----A---- C:\WINDOWS\fdsv.exe 2008-12-26 16:53:23 ----D---- C:\WINDOWS\ERDNT 2008-12-26 16:53:23 ----D---- C:\Qoobox 2008-12-25 16:48:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2008-12-25 16:42:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2008-12-25 16:39:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$ 2008-12-25 16:36:47 ----A---- C:\WINDOWS\system32\MRT.exe 2008-12-25 16:33:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$ 2008-12-25 16:30:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2008-12-25 16:30:19 ----A---- C:\WINDOWS\imsins.BAK 2008-12-25 16:30:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2008-12-25 16:05:54 ----D---- C:\Documents and Settings\Administrateur\Application Data\WinRAR 2008-12-25 16:04:18 ----D---- C:\WINDOWS\srchasst 2008-12-25 16:04:17 ----D---- C:\WINDOWS\msagent 2008-12-25 16:00:08 ----D---- C:\WINDOWS\ERUNT 2008-12-25 15:57:52 ----D---- C:\SDFix 2008-12-25 15:51:24 ----A---- C:\WINDOWS\system32\imon.dll 2008-12-25 15:33:42 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-12-25 15:29:33 ----A---- C:\WINDOWS\ntbtlog.txt 2008-12-25 15:13:31 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-12-25 15:05:25 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-12-25 15:05:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-12-25 15:05:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-12-25 13:10:38 ----D---- C:\Documents and Settings\All Users\Application Data\ESET 2008-12-25 13:07:09 ----RA---- C:\WINDOWS\system32\lvcoinst.ini 2008-12-25 13:07:09 ----RA---- C:\WINDOWS\system32\lvcoinst.dll 2008-12-25 13:07:03 ----RA---- C:\WINDOWS\system32\LVUI2RC.dll 2008-12-25 13:07:00 ----RA---- C:\WINDOWS\system32\LVUI2.dll 2008-12-25 13:06:54 ----RA---- C:\WINDOWS\system32\lvcodec2.dll 2008-12-25 12:56:57 ----D---- C:\Program Files\Fichiers communs\Logitech 2008-12-25 12:00:43 ----D---- C:\WINDOWS\system32\AlertModule 2008-12-25 12:00:36 ----A---- C:\WINDOWS\system32\IfHelper.dll 2008-12-25 12:00:36 ----A---- C:\WINDOWS\system32\FTRTSVC.exe 2008-12-25 11:57:50 ----D---- C:\Program Files\SAGEM 2008-12-24 19:40:23 ----A---- C:\VundoFix.txt 2008-12-07 15:48:09 ----A---- C:\osy.exe ======List of files/folders modified in the last 1 months====== 2009-01-02 00:41:54 ----D---- C:\WINDOWS\Prefetch 2009-01-02 00:41:44 ----D---- C:\Program Files 2009-01-02 00:35:16 ----D---- C:\Program Files\Wanadoo 2009-01-02 00:26:45 ----D---- C:\WINDOWS\system32\CatRoot2 2009-01-01 14:36:24 ----A---- C:\WINDOWS\NeroDigital.ini 2008-12-31 20:08:46 ----SHD---- C:\WINDOWS\Installer 2008-12-31 16:41:15 ----D---- C:\Documents and Settings\Administrateur\Application Data\LimeWire 2008-12-31 01:08:22 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-12-30 16:15:27 ----A---- C:\WINDOWS\ODBC.INI 2008-12-26 17:01:05 ----D---- C:\WINDOWS\system32 2008-12-26 17:01:04 ----D---- C:\WINDOWS 2008-12-26 16:58:30 ----A---- C:\WINDOWS\system.ini 2008-12-26 16:58:05 ----D---- C:\WINDOWS\system32\drivers 2008-12-26 16:57:20 ----D---- C:\WINDOWS\system32\config 2008-12-26 16:56:47 ----D---- C:\WINDOWS\AppPatch 2008-12-26 16:56:47 ----D---- C:\Program Files\Fichiers communs 2008-12-26 16:56:38 ----SD---- C:\WINDOWS\Tasks 2008-12-26 16:37:46 ----HD---- C:\Config.Msi 2008-12-25 20:00:38 ----D---- C:\Program Files\Eset 2008-12-25 16:48:53 ----HD---- C:\WINDOWS\inf 2008-12-25 16:41:45 ----A---- C:\WINDOWS\win.ini 2008-12-25 16:40:03 ----D---- C:\Program Files\Internet Explorer 2008-12-25 16:39:33 ----HD---- C:\WINDOWS\$hf_mig$ 2008-12-25 16:37:10 ----D---- C:\WINDOWS\system32\CatRoot 2008-12-25 16:36:50 ----D---- C:\WINDOWS\Debug 2008-12-25 16:04:18 ----D---- C:\WINDOWS\Help 2008-12-25 15:57:49 ----D---- C:\Temp 2008-12-25 15:56:32 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-25 13:06:48 ----D---- C:\WINDOWS\system 2008-12-25 13:05:16 ----D---- C:\Program Files\Fichiers communs\LogiShrd 2008-12-25 12:45:25 ----D---- C:\applications 2008-12-25 12:41:15 ----SHD---- C:\System Volume Information 2008-12-25 12:41:15 ----D---- C:\WINDOWS\system32\Restore 2008-12-25 11:57:49 ----HD---- C:\Program Files\InstallShield Installation Information 2008-12-25 11:57:43 ----D---- C:\Program Files\Fichiers communs\InstallShield 2008-12-25 11:41:46 ----D---- C:\Program Files\Windows Live Toolbar 2008-12-24 20:17:50 ----RSH---- C:\boot.ini 2008-12-22 18:54:47 ----D---- C:\Documents and Settings\Administrateur\Application Data\U3 2008-12-12 18:29:30 ----A---- C:\WINDOWS\system32\mshtml.dll 2008-12-09 16:23:59 ----A---- C:\WINDOWS\system32\97ab12fb-.txt ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848] R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-12-25 15424] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032] R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-12-25 512096] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-06-20 60800] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664] R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496] R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-06 4284928] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-06-20 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-06-20 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-12 3934592] R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-06-20 30080] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-06-20 17152] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-06-29 244864] S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [] S3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [] S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-11-11 40352] S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] S3 mbr;mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys [] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2006-11-11 933536] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000] S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320] S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336] S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2007-07-25 79136] R2 LVPrcSrv;Process Monitor; c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344] R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT; C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe [2008-05-23 9154560] R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-12-25 552064] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-12 155715] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920] S2 Autodesk Data Management Job Dispatch;Autodesk Data Management Job Dispatch; C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe [2006-03-09 40960] S2 Autodesk EDM Server;Autodesk EDM Server; C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe [2006-03-09 49152] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2007-06-23 72704] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT; C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [2005-05-03 323584] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMConnectCDS;Service Windows Media Connect; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 856064] -----------------EOF-----------------

Bonsoir et bonne année à tous, Mon oncle a enfin eu le temps de faire les actions demandées. Voici le rapport de OTMoveIt3 (en fichier image malheureusement mais je pense que l'on voit l'essentiel)

Analyse http://www.virustotal.com pour le fichier C:\ous.exe Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.73 2008.12.27 - AhnLab-V3 2008.12.25.0 2008.12.27 - AntiVir 7.9.0.45 2008.12.27 - Authentium 5.1.0.4 2008.12.27 - Avast 4.8.1281.0 2008.12.26 - AVG 8.0.0.199 2008.12.26 - BitDefender 7.2 2008.12.27 - CAT-QuickHeal 10.00 2008.12.27 - ClamAV 0.94.1 2008.12.27 - Comodo 826 2008.12.27 - DrWeb 4.44.0.09170 2008.12.27 - eSafe 7.0.17.0 2008.12.24 - eTrust-Vet 31.6.6276 2008.12.24 - Ewido 4.0 2008.12.27 - F-Prot 4.4.4.56 2008.12.26 - F-Secure 8.0.14332.0 2008.12.27 - Fortinet 3.117.0.0 2008.12.27 - GData 19 2008.12.27 - Ikarus T3.1.1.45.0 2008.12.27 - K7AntiVirus 7.10.568 2008.12.27 - Kaspersky 7.0.0.125 2008.12.27 - McAfee 5475 2008.12.26 - McAfee+Artemis 5475 2008.12.26 - Microsoft 1.4205 2008.12.27 - NOD32 3718 2008.12.26 - Norman 5.80.02 2008.12.26 - Panda 9.0.0.4 2008.12.27 - PCTools 4.4.2.0 2008.12.27 - Prevx1 V2 2008.12.27 - Rising 21.09.52.00 2008.12.27 - SecureWeb-Gateway 6.7.6 2008.12.27 - Sophos 4.37.0 2008.12.27 - Sunbelt 3.2.1809.2 2008.12.22 - Symantec 10 2008.12.27 - TheHacker 6.3.1.4.200 2008.12.26 - TrendMicro 8.700.0.1004 2008.12.26 - VBA32 3.12.8.10 2008.12.26 - ViRobot 2008.12.26.1536 2008.12.26 - VirusBuster 4.5.11.0 2008.12.26 - Information additionnelle File size: 1025 bytes MD5...: 67d89ff9e7dbba37e70465bca3ac91a0 SHA1..: 9b9c804cc76db97637fc1318329e4b5fffd16d39 SHA256: 3eeb3bc607ce2010711785661bfc43d85f64297fc52382b0b91d4341357864b6 SHA512: aa6a28135aa0b7814f8dcad39ac48d453fe6414ad40723a037c539da81d5c837 d1ec1476522cc99992e995d14477759622e36e011a6d2be1c5a70f5c7850e054 ssdeep: 12:0L+RFWekzAPD/Weocz4DzRxho/cGxPV5OP7KkyLcghVg3ZaGgLSu:0a/Wed7W eXz6xhoDxt8K/LYZyLSu PEiD..: - TrID..: File type identification Unknown! PEInfo: - ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares. Analyse http://www.virustotal.com pour le fichier C:\osy.exe a-squared 4.0.0.73 2008.12.27 - AhnLab-V3 2008.12.25.0 2008.12.27 - AntiVir 7.9.0.45 2008.12.27 - Authentium 5.1.0.4 2008.12.27 - Avast 4.8.1281.0 2008.12.26 - AVG 8.0.0.199 2008.12.26 - BitDefender 7.2 2008.12.27 - CAT-QuickHeal 10.00 2008.12.27 - ClamAV 0.94.1 2008.12.27 - Comodo 826 2008.12.27 - DrWeb 4.44.0.09170 2008.12.27 - eSafe 7.0.17.0 2008.12.24 - eTrust-Vet 31.6.6276 2008.12.24 - Ewido 4.0 2008.12.27 - F-Prot 4.4.4.56 2008.12.26 - F-Secure 8.0.14332.0 2008.12.27 - Fortinet 3.117.0.0 2008.12.27 - GData 19 2008.12.27 - Ikarus T3.1.1.45.0 2008.12.27 - K7AntiVirus 7.10.568 2008.12.27 - Kaspersky 7.0.0.125 2008.12.27 - McAfee 5475 2008.12.26 - McAfee+Artemis 5475 2008.12.26 - Microsoft 1.4205 2008.12.27 - NOD32 3718 2008.12.26 - Norman 5.80.02 2008.12.26 - Panda 9.0.0.4 2008.12.27 - PCTools 4.4.2.0 2008.12.27 - Prevx1 V2 2008.12.27 - Rising 21.09.52.00 2008.12.27 - SecureWeb-Gateway 6.7.6 2008.12.27 - Sophos 4.37.0 2008.12.27 - Sunbelt 3.2.1809.2 2008.12.22 - Symantec 10 2008.12.27 - TheHacker 6.3.1.4.200 2008.12.26 - TrendMicro 8.700.0.1004 2008.12.26 - VBA32 3.12.8.10 2008.12.26 - ViRobot 2008.12.26.1536 2008.12.26 - VirusBuster 4.5.11.0 2008.12.26 -

Rapport sur http://www.virustotal.com pour C:\msv2008.exe Pour les 2 autres fichiers (C:\osy.exe et C:\ous.exe) => pas de problème a-squared 4.0.0.73 2008.12.27 Riskware.Win32.VBInject!IK AhnLab-V3 2008.12.25.0 2008.12.27 Win-Trojan/Xema.29703 AntiVir 7.9.0.45 2008.12.27 TR/Dropper.Gen Authentium 5.1.0.4 2008.12.27 - Avast 4.8.1281.0 2008.12.26 Win32:Trojan-gen {Other} AVG 8.0.0.199 2008.12.26 Agent.AOQH BitDefender 7.2 2008.12.27 Trojan.Generic.1224858 CAT-QuickHeal 10.00 2008.12.27 Trojan.Agent.atkb ClamAV 0.94.1 2008.12.27 Trojan.VB-5381 Comodo 826 2008.12.27 TrojWare.Win32.Trojan.Agent.~CIJ DrWeb 4.44.0.09170 2008.12.27 - eSafe 7.0.17.0 2008.12.24 - eTrust-Vet 31.6.6276 2008.12.24 Win32/Hamweq.BQ Ewido 4.0 2008.12.27 - F-Prot 4.4.4.56 2008.12.24 - F-Secure 8.0.14332.0 2008.12.27 Trojan.Win32.Agent.atkb Fortinet 3.117.0.0 2008.12.27 W32/Agent.ATKB!tr GData 19 2008.12.27 Trojan.Generic.1224858 Ikarus T3.1.1.45.0 2008.12.27 VirTool.Win32.VBInject K7AntiVirus 7.10.568 2008.12.27 Trojan.Win32.Agent.atkb Kaspersky 7.0.0.125 2008.12.27 Trojan.Win32.Agent.atkb McAfee 5475 2008.12.26 Generic.dx McAfee+Artemis 5475 2008.12.26 Generic.dx Microsoft 1.4205 2008.12.27 Trojan:Win32/VB.IT NOD32 3718 2008.12.26 probably a variant of Win32/Agent Norman 5.80.02 2008.12.26 - Panda 9.0.0.4 2008.12.27 Trj/Agent.LCI PCTools 4.4.2.0 2008.12.27 Trojan.Agent!sd6 Prevx1 V2 2008.12.27 - Rising 21.09.52.00 2008.12.27 - SecureWeb-Gateway 6.7.6 2008.12.27 Trojan.Dropper.Gen Sophos 4.37.0 2008.12.27 Troj/Agent-ILI Sunbelt 3.2.1809.2 2008.12.22 - Symantec 10 2008.12.27 Trojan.Dropper TheHacker 6.3.1.4.200 2008.12.26 Trojan/Agent.atkb TrendMicro 8.700.0.1004 2008.12.26 TROJ_AGENT.YEA VBA32 3.12.8.10 2008.12.26 Trojan.Win32.Agent.atkb ViRobot 2008.12.26.1536 2008.12.26 Spyware.Agent.29703 VirusBuster 4.5.11.0 2008.12.26 - Information additionnelle File size: 29703 bytes MD5...: 119ed536ca742f319dd787ae72299ae7 SHA1..: 9a1d95bc87121d55ec013ea3f835cd4a961d9736 SHA256: 0aa80b2e31a0d9552987b767d9b3c5f62663d4589aae0c83d2a049df8209c30c SHA512: 7f6750f7c4cc390f5ecb639be393345db0d59869a655eaba77bac005822a5f78 f51608bb0413fba341f557de475debaebc6d4f0c06ad73a6b9b3ef036d7049d0 ssdeep: 384:tDiBg1Q+k+x/DM11FXPXNUa7RAP9gzhgwoHQZSk7iCf:bQ+k+BYFXPXWa7WU MH/JCf PEiD..: - TrID..: File type identification Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x401090 timedatestamp.....: 0x493c9c15 (Mon Dec 08 04:01:25 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1a7c 0x2000 4.10 365b502a8f383665b700fd8cfa948cae .data 0x3000 0x4b8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rsrc 0x4000 0x8c8 0x4407 7.17 0259211abcb8047f0aa3b5014ff50ab6 ( 1 imports ) > MSVBVM60.DLL: -, -, DllFunctionCall, __vbaExceptHandler, -, -, -, ProcCallEngine, -, -, -, -, - ( 0 exports ) ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=119ed536ca742f319dd787ae72299ae7' target='_blank'>http://www.threatexpert.com/report.aspx?md5=119ed536ca742f319dd787ae72299ae7</a> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=119ed536ca742f319dd787ae72299ae7' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=119ed536ca742f319dd787ae72299ae7</a> ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

Première analyse rapide Mbam : mbam-log-2008-12-25 (15-13-59).txt Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1544 Windows 5.1.2600 Service Pack 2 25/12/2008 15:13:59 mbam-log-2008-12-25 (15-13-59).txt Type de recherche: Examen rapide Eléments examinés: 28832 Temps écoulé: 7 minute(s), 38 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 5 Clé(s) du Registre infectée(s): 12 Valeur(s) du Registre infectée(s): 6 Elément(s) de données du Registre infecté(s): 5 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\zidoyowi.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\gerogije.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\sagujele.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\gepesiso.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ppeuml.dll (Trojan.Vundo) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a53864d-dbd6-4995-92ee-0b10d4f83df8} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6a53864d-dbd6-4995-92ee-0b10d4f83df8} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{097894f9-686a-4751-a069-9f8a50c41f13} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{097894f9-686a-4751-a069-9f8a50c41f13} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{097894f9-686a-4751-a069-9f8a50c41f13} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6a53864d-dbd6-4995-92ee-0b10d4f83df8} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9c88d685 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ruruzatuwe (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm9fbbe519 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zidoyowi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\zidoyowi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zidoyowi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\gepesiso.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\gepesiso.dll -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\ppeuml.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\sagujele.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\gepesiso.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\gerogije.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\zidoyowi.dll (Trojan.Vundo.H) -> Delete on reboot. Deuxième analyse rapide mbam-log-2008-12-25 (15-22-11).txt Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1544 Windows 5.1.2600 Service Pack 2 25/12/2008 15:22:11 mbam-log-2008-12-25 (15-22-11).txt Type de recherche: Examen rapide Eléments examinés: 26660 Temps écoulé: 1 minute(s), 8 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{097894f9-686a-4751-a069-9f8a50c41f13} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{097894f9-686a-4751-a069-9f8a50c41f13} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm9fbbe519 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ruruzatuwe (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Dernière analyse COMPLETE mbam-log-2008-12-25 (15-52-42).txt Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1544 Windows 5.1.2600 Service Pack 2 25/12/2008 15:52:42 mbam-log-2008-12-25 (15-52-42).txt Type de recherche: Examen complet (C:\|J:\|) Eléments examinés: 41870 Temps écoulé: 8 minute(s), 51 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Bonsoir, Je ne suis pas chez moi donc je ne peux pas encore transmettre tous les éléments. Pour VundoFix, il n'a rien trouvé Pour VirtumondebeGone, il a trouvé des problèmes et les a nettoyé (en particulier le fichier C:\Windows\system32\tuvngxp.dll) mais je n'ai pas gardé le rapport. Pour MalwareBytes' Anti-Malware, il a aussi trouvé des erreurs et je transmets le rapport dès que possible. A+ tard. PS: Pour HijackThis, puis "fixer" les lignes ci-dessous R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-583907252-1425521274-725345543-1005\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx (User '?') O4 - HKUS\S-1-5-21-583907252-1425521274-725345543-1005\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User '?')

Voici le log de ComboFix en MODE SANS ECHEC ComboFix 08-12-25.04 - Administrateur 2008-12-26 16:54:16.1 - NTFSx86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.804 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\combofix.exe [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\documents and settings\Invité\Application Data\HbTools c:\documents and settings\Invité\Application Data\HbTools\HbTools.log c:\documents and settings\KEV\Application Data\HbTools c:\documents and settings\KEV\Application Data\HbTools\HbTools.log c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29115 c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44228 c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\359b.dat c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\btntrans.idx c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\btntrans1.dat c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\business_promo.htm c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\cursors.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_weather.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\default.cdf c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz1.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz10.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz11.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz12.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz13.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz14.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz15.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz16.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz17.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz18.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz19.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz2.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz20.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz3.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz4.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz5.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz6.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz7.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz8.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz9.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemster.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsterie.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsteruk.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_jobsearch.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_premium.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_reun.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\gamesmenu.cdf c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\gamesMenu.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\hb_ie_menu.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\icons2.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\ie_games_icon.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\ie_video.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\more.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\new_games.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\progress.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\sales_buttons.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\t2_bg.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\tsd_bg.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\1\weathericon.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\cursors.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\default.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\gamesmenu.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hb_ie_menu.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ie_games_icon.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ie_video.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\more.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\progress.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\sales_buttons.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2reg.txt c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2reg.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HbTools\static\DownLoad\weathericon.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30104_emte10_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30104_emte11_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30104_emte12_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30104_emte13_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30104_emte14_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30104_emte19_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30104_emte20_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30104_emte21_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30104_emte9_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]30203lib_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102angel_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102bigluf_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102bigsmile_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102birthday_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102cheers_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102flo_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102good_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102jump_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102king_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102lough_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102luf_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102smile_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102smiled_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102sor_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102thanx_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]33102uhu_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]40103ahh_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]40103wow_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]40104_emi2_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]42102_1134_112_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]50103big_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]50103gig_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]50103hm_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]50103nomail_emoti_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]50103norm_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema15_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema16_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema17_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema18_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema19_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema20_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema21_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema24_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema25_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema26_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema30_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema33_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]60104_ema34_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]62802hippi_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]62802jumpie_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]80402argh_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]80402oops_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]80402ouch_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]82502no_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\[u]0[/u]82502yes_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_boring1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_confused_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_crying_ugly_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_fantastic_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_feel_better_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_gimme_break_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_heehee_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_hlopaet_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_ign_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_lol_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_no_comment_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_peace_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_smashing_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\110103_talk2thehand_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\block_sm.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\block_sm2.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\block_smli.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\block_smli2.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\blocked.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\blocked2.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_add-but.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_back-but.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_left_cut_enabled_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_left_enabled_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_left_pressed_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_middle_enabled_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_middle_pressed_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_right_cut_enabled_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_right_enabled_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\btn_right_pressed_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\business_promo.htm c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\buttondir.txt c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\components.cdf c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\css_cattree.css c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\css_flashpreview.css c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\css2_main.css c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\css2_pagingmodule.css c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\css2_topbuttons.css c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\delete.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\edit_clear_sound.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\edit_fs.htm c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\edit_select.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-511745-514279.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-backgrounds.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-bcards.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-ecards.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-edit.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-emoticons.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-estationery.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-funny.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-help.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-images.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-info.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-more.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-my.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-people.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-photo.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-tell.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-temp.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-temp_OI.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-text.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def-email-voice.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-def.cdf c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-premium-email-premium.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-premium-email-premium_OI.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-t1-bg.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\email-temp-bg.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\estatationery.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\flashpatch.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\flashpreview.htm c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\fs3.htm c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\hotbar_promo.htm c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_checked_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_close_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_close_pressed_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_edit_preview.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_edit_send.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_flash_preview.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_recently_used.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_remove_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_remove_pressed_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_sand-clock2.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_tell_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_tell_pressed_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_tree_null.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_unchecked_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\icon_unchecked_pressed_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\img_barlayout.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\img_barlayout2.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\img_barlayout4.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\img_corner_left.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\img_local_logo.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\js2_basetemplate.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\js2_hbgroups.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\js2_hbobject3.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\js2_hbobjectset3.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\js2_hotbarwrapper.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\js2_iteratorsandreaders3nf.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\js2_pagingmoduleobj3.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\js2_texts3.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\js2_xmltree3nf.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\layout.cdf c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\linkpathlegal.txt c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\more.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\n.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\nav_b_2.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\nav_bb_2.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\nav_f_2.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\nav_ff_2.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\progress.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\searchbtn.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\submit.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\tab_bg.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\tab_bga.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\tab_bgia.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\tab_l.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\tab_la.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\1\tab_lia.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\business_promo.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\buttondir.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\code.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\email-def.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\email-t1-bg.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\email-temp-bg.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\hotbar_promo.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\images.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\layout.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\linkpathlegal.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\localcontent.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\more.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\progress.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\tab_r.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\tab_ra.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\tab_ria.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\tree_dots.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\tree_minus.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\tree_plus.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\treedata_animations.xml c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\treedata_backgrounds.xml c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\treedata_ecards.xml c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\treedata_emoticons.xml c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\treedata_notifiers.xml c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\treedata_text.xml c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOI\static\DownLoad\treexml.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30104_emte10_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30104_emte11_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30104_emte12_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30104_emte13_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30104_emte14_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30104_emte19_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30104_emte20_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30104_emte21_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30104_emte9_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]30203lib_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102angel_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102bigluf_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102bigsmile_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102birthday_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102cheers_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102flo_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102good_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102jump_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102king_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102lough_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102luf_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102smile_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102smiled_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102sor_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102thanx_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]33102uhu_1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]40103ahh_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]40103wow_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]40104_emi2_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]42102_1134_112_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]50103big_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]50103gig_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]50103hm_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]50103nomail_emoti_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]50103norm_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema15_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema16_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema17_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema18_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema19_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema20_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema21_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema24_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema25_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema26_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema30_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema33_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]60104_ema34_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]62802hippi_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]62802jumpie_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]80402argh_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]80402oops_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]80402ouch_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]82502no_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\[u]0[/u]82502yes_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_boring1_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_confused_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_crying_ugly_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_fantastic_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_feel_better_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_gimme_break_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_heehee_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_hlopaet_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_ign_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_lol_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_no_comment_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_peace_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_smashing_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\110103_talk2thehand_prv.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\block_sm.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\block_sm2.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\block_smli.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\block_smli2.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\blocked.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\blocked2.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_add-but.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_back-but.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_left_cut_enabled_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_left_enabled_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_left_pressed_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_middle_enabled_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_middle_pressed_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_right_cut_enabled_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_right_enabled_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\btn_right_pressed_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\business_promo.htm c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\buttondir.txt c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\components.cdf c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\css_cattree.css c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\css_flashpreview.css c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\css2_main.css c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\css2_pagingmodule.css c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\css2_topbuttons.css c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\delete.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\edit_clear_sound.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\edit_fs.htm c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\edit_select.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511724-543450.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511724-548964.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511724-589306.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511724-591943.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511724-592579.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511724-598579.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511724-603763.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511724-9595.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511724-9696.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-511745-514279.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-backgrounds.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-bcards.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-ecards.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-emoticons.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-estationery.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-funny.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-help.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-images.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-info.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-more.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-my.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-new.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-new2.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-options.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-people.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-photo.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-tell.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-temp.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-text.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def-email-voice.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-def.cdf c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-premium-email-premium.mnu c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-t1-bg.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\email-temp-bg.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\estatationery.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\flashpatch.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\flashpreview.htm c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\fs3.htm c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\hotbar_promo.htm c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_checked_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_close_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_close_pressed_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_edit_preview.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_edit_send.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_flash_preview.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_recently_used.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_remove_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_remove_pressed_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_sand-clock2.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_tell_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_tell_pressed_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_tree_null.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_unchecked_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\icon_unchecked_pressed_1.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\img_barlayout.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\img_barlayout2.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\img_barlayout4.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\img_corner_left.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\img_local_logo.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\js2_basetemplate.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\js2_hbgroups.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\js2_hbobject3.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\js2_hbobjectset3.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\js2_hotbarwrapper.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\js2_iteratorsandreaders3nf.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\js2_pagingmoduleobj3.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\js2_texts3.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\js2_xmltree3nf.js c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\layout.cdf c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\linkpathlegal.txt c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\more.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\n.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\nav_b_2.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\nav_bb_2.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\nav_f_2.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\nav_ff_2.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\pro_hb_fo_word.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\progress.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\sales_buttons.res c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\searchbtn.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\submit.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tab_bg.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tab_bga.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tab_bgia.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tab_l.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tab_la.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tab_lia.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tab_r.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tab_ra.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tab_ria.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tree_dots.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tree_minus.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\tree_plus.gif c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\treedata_animations.xml c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\treedata_backgrounds.xml c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\treedata_ecards.xml c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\treedata_emoticons.xml c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\treedata_notifiers.xml c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\2\treedata_text.xml c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\business_promo.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\buttondir.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\code.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\email-def.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\email-t1-bg.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\email-temp-bg.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\hotbar_promo.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\images.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\layout.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\linkpathlegal.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\localcontent.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\more.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\pro_hb_fo_word.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\progress.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\sales_buttons.xip c:\documents and settings\KEV\Application Data\HbTools\v3.0\HostOL\static\DownLoad\treexml.xip c:\documents and settings\KEV\Application Data\HbTools_Icons c:\documents and settings\KEV\Application Data\HbTools_Icons\meetic.ico c:\documents and settings\KEV\Application Data\HbTools_Icons\Registryrepair.ico c:\documents and settings\KEV\Application Data\HbTools_Icons\wallpapere1.ico c:\documents and settings\KEV\Bureau\Free PC Wallpapers.lnk c:\documents and settings\KEV\Menu Démarrer\Programmes\Spyware-Secure c:\documents and settings\KEV\Menu Démarrer\Programmes\Spyware-Secure\Spyware-Secure.lnk c:\documents and settings\KEV\Menu Démarrer\Programmes\Spyware-Secure\Website.lnk c:\windows\pack.epk c:\windows\system32\eojpqlau.dll c:\windows\system32\gooaunjp.dll c:\windows\system32\jonesuke.dll c:\windows\system32\qloqxm.dll c:\windows\system32\terobila.dll c:\windows\system32\tubakile.dll c:\windows\system32\yosimanu.dll c:\windows\System32csrss.exe c:\windows\Tasks\swfovzsl.job . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-26 au 2008-12-26 )))))))))))))))))))))))))))))))))))) . 2008-12-25 16:30 . 2008-12-25 16:42 1,393 --a------ c:\windows\imsins.BAK 2008-12-25 16:21 . 2001-08-17 21:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys 2008-12-25 16:20 . 2004-08-03 22:41 404,990 --a--c--- c:\windows\system32\dllcache\slntamr.sys 2008-12-25 16:19 . 2001-08-23 17:18 899,914 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys 2008-12-25 16:18 . 2001-08-17 22:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys 2008-12-25 16:17 . 2004-08-19 16:09 1,737,856 --a--c--- c:\windows\system32\dllcache\mtxparhd.dll 2008-12-25 16:16 . 2001-08-23 17:00 728,554 --a--c--- c:\windows\system32\dllcache\ltck000c.sys 2008-12-25 16:15 . 2004-08-03 22:41 1,041,536 --a--c--- c:\windows\system32\dllcache\hsfdpsp2.sys 2008-12-25 16:14 . 2001-08-23 17:46 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll 2008-12-25 16:13 . 2001-08-23 17:13 634,166 --a--c--- c:\windows\system32\dllcache\el656ct5.sys 2008-12-25 16:12 . 2001-08-17 20:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys 2008-12-25 16:11 . 2001-08-23 17:04 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys 2008-12-25 16:10 . 2001-08-23 17:46 105,472 --a--c--- c:\windows\system32\dllcache\binlsvc.dll 2008-12-25 16:09 . 2004-08-19 16:09 1,888,992 --a--c--- c:\windows\system32\dllcache\ati3duag.dll 2008-12-25 16:08 . 2001-08-17 21:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys 2008-12-25 16:04 . 2008-12-25 16:04 <REP> d-------- c:\windows\srchasst 2008-12-25 16:04 . 2008-12-25 16:04 <REP> d-------- c:\windows\msagent 2008-12-25 16:00 . 2008-12-25 16:00 <REP> d-------- c:\windows\ERUNT 2008-12-25 15:57 . 2008-12-25 16:10 <REP> d-------- C:\SDFix 2008-12-25 15:51 . 2008-12-25 15:50 512,096 --a------ c:\windows\system32\drivers\amon.sys 2008-12-25 15:51 . 2008-12-25 15:51 298,104 --a------ c:\windows\system32\imon.dll 2008-12-25 15:51 . 2008-12-25 15:50 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys 2008-12-25 15:50 . 2008-12-25 15:50 <REP> d-------- c:\temp\NOD32_v2.70_Anti-virus 2008-12-25 15:13 . 2008-12-25 15:59 <REP> d-------- c:\program files\Spybot - Search & Destroy 2008-12-25 15:05 . 2008-12-25 15:05 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-25 15:05 . 2008-12-25 15:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-25 15:05 . 2008-12-25 15:05 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2008-12-25 15:05 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-25 15:05 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-25 13:10 . 2008-12-25 13:10 <REP> d-------- c:\documents and settings\All Users\Application Data\ESET 2008-12-25 13:07 . 2006-11-11 04:47 527,136 -ra------ c:\windows\system32\LVUI2RC.dll 2008-12-25 13:07 . 2006-11-11 04:47 211,744 -ra------ c:\windows\system32\LVUI2.dll 2008-12-25 13:07 . 2006-11-11 04:45 121,632 -ra------ c:\windows\system32\lvcoinst.dll 2008-12-25 13:07 . 2006-11-11 03:31 42,594 -ra------ c:\windows\system32\lvcoinst.ini 2008-12-25 13:07 . 2006-11-11 04:48 40,352 -ra------ c:\windows\system32\drivers\LVUSBSta.sys 2008-12-25 13:07 . 2006-11-11 03:30 7,734 -ra------ c:\windows\system32\Repository.reg 2008-12-25 13:06 . 2006-11-11 04:43 933,536 -ra------ c:\windows\system32\drivers\LV302V32.SYS 2008-12-25 13:06 . 2006-11-11 04:44 264,992 -ra------ c:\windows\system32\lvcodec2.dll 2008-12-25 12:56 . 2008-12-25 13:08 <REP> d-------- c:\program files\Fichiers communs\Logitech 2008-12-25 12:28 . 2008-12-25 12:28 11,868,440 --a------ c:\temp\launch.exe 2008-12-25 12:00 . 2008-12-25 12:00 <REP> d-------- c:\windows\system32\AlertModule 2008-12-25 12:00 . 2004-08-23 14:49 40,960 --a------ c:\windows\system32\FTRTSVC.exe 2008-12-25 12:00 . 2005-10-06 14:55 36,864 --a------ c:\windows\system32\IfHelper.dll 2008-12-25 11:57 . 2008-12-25 11:57 <REP> d-------- c:\program files\SAGEM 2008-12-09 16:23 . 2008-12-09 16:23 25,088 --a------ c:\windows\system32\5 2008-12-08 16:21 . 2008-12-08 16:21 29,703 --a------ C:\msv2008.exe 2008-12-07 15:48 . 2008-12-08 19:37 1,025 --a------ C:\osy.exe 2008-11-30 22:30 . 2008-11-30 23:00 1,025 --a------ C:\ous.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-26 15:59 --------- d-----w c:\program files\Wanadoo 2008-12-25 19:00 --------- d-----w c:\program files\Eset 2008-12-25 14:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-25 12:05 --------- d-----w c:\program files\Fichiers communs\LogiShrd 2008-12-25 10:57 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-25 10:57 --------- d-----w c:\program files\Fichiers communs\InstallShield 2008-12-25 10:41 --------- d-----w c:\program files\Windows Live Toolbar 2008-12-22 17:54 --------- d-----w c:\documents and settings\Administrateur\Application Data\U3 2008-12-01 16:45 --------- d-----w c:\documents and settings\Administrateur\Application Data\LimeWire 2008-11-26 17:50 1,025 ----a-w C:\wnx.exe 2008-10-29 23:37 --------- d-----w c:\program files\Zylom Games 2008-02-25 19:37 15,397 ----a-w c:\program files\settings.dat 2007-08-22 11:37 53,864 ----a-w c:\documents and settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880] "SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 103712] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-12 86016] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168] "LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-25 949376] "nwiz"="nwiz.exe" [2006-07-12 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart17.exe [2006-03-05 11000] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Microsoft Librarys Server REG_SZ c:\windows\system32csrss.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5vbxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Librarys Server] --a------ 2004-08-19 17:09 6144 c:\windows\system32\csrss.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\pes6.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\MSN Messenger\\usnsvc.exe"= "c:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exe"= "c:\\WINDOWS\\system32\\WgaTray.exe"= "c:\\WINDOWS\\RTHDCPL.exe"= "c:\\Program Files\\Eset\\nod32krn.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= "c:\\Program Files\\Microsoft SQL Server\\MSSQL$AUTODESKVAULT\\Binn\\sqlservr.exe"= "c:\\Program Files\\Fichiers communs\\LogiShrd\\LComMgr\\Communications_Helper.exe"= "c:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMIndexingService.exe"= "c:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"= "c:\\Program Files\\Wanadoo\\Toaster.exe"= "c:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe"= "c:\\Program Files\\Wanadoo\\Inactivity.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwuSchd2.exe"= "c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe"= "c:\\WINDOWS\\system32\\FTRTSVC.exe"= "c:\\Program Files\\Wanadoo\\ComComp.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-25 15424] S0 ati5vbxx;ati5vbxx;c:\windows\system32\Drivers\ati5vbxx.sys [] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-25 38496] S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT [2005-05-03 323584] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dd0c4ea-289b-11dc-aef1-8605c2ab9b60}] \Shell\AutoRun\command - L:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dbc9d04-d048-11dc-b15d-00192150d241}] \Shell\AutoRun\command - I:\Eautorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d72d3b59-b566-11dc-b120-00192150d241}] \Shell\AutoRun\command - K:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe" . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-msnmsgr - ~c:\program files\MSN Messenger\msnmsgr.exe SafeBoot-ati4sxxx.sys SafeBoot-ati5tyxx.sys SafeBoot-ati6yfxx.sys MSConfigStartUp-msnmsgr - ~c:\program files\MSN Messenger\msnmsgr.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr mStart Page = hxxp://home.sweetim.com uInternet Connection Wizard,ShellNext = iexplore IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-26 16:58:15 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(804) c:\windows\system32\imon.dll c:\program files\Eset\pr_imon.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\rundll32.exe c:\progra~1\Wanadoo\GestionnaireInternet.exe c:\progra~1\Wanadoo\ComComp.exe c:\progra~1\Wanadoo\Toaster.exe c:\progra~1\Wanadoo\Inactivity.exe c:\progra~1\Wanadoo\PollingModule.exe c:\windows\system32\FTRTSVC.exe c:\program files\Fichiers communs\LightScribe\LSSrvc.exe c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe c:\program files\Eset\nod32krn.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe c:\progra~1\Wanadoo\Watch.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\windows\system32\ALERTM~1\ALERTM~1.EXE . ************************************************************************** . Heure de fin: 2008-12-26 17:01:02 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-26 16:00:59 Avant-CF: 48 234 196 992 octets libres Après-CF: 48,071,143,424 octets libres 784 --- E O F --- 2008-12-26 15:50:56 Pour ces 2 log, j'attends votre avis ! D'avance merci

Bonjour (et bonnes fêtes à tous) Pour résumé: Sur le PC de mon oncle, d'un seul coup, impossible de se connecter à Internet. En faisaint un scan avec Nod32, il y a indiqué que le fichier C:\Windows\system32\tuvngxp.dll était infecté par VIRTUMONDE. Donc comme je n'y suis pas longtemps, j'ai voulu faire vite et chercher sur Internet. Donc, j'ai passé: - VundoFix - Virtumondebegone - ComboFix - Malwarebytes' Anti-Malware - Spybot Donc après tout ceci, spybot détécte virtumonde.generic (2 clés de la base registre) mais ne peut pas le supprimer. J'ai quand même pu retrouver ma connexion Internet. Le fichier infecté d'origine (C:\Windows\system32\tuvngxp.dll) a été supprimé mais je pense que l'infection s'est installée ailleurs. Donc voici le dernier log de HijackThis (que j'ai renommé scanner.exe) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:36:22, on 26/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Outlook Express\msimn.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe C:\Documents and Settings\Administrateur\Bureau\scanner.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-583907252-1425521274-725345543-1005\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx (User '?') O4 - HKUS\S-1-5-21-583907252-1425521274-725345543-1005\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_02) - O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.5.0_07) - O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - O17 - HKLM\System\CS1\Services\Tcpip\..\{11AB21C9-738E-4281-8FFC-E8688376C3F7}: NameServer = 80.10.246.1,80.10.246.139 O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe O23 - Service: Autodesk EDM Server - - C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 9288 bytes Je pense que ces lignes là sont à "fixer" mais je préfére avoir votre avis avant: R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-583907252-1425521274-725345543-1005\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx (User '?') O4 - HKUS\S-1-5-21-583907252-1425521274-725345543-1005\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User '?') Je vais refaire un passage de combofix et vous transmettre le log !

La réponse est OUI Donc pour les fichiers *.wmv : 1) Cliquez sur Démarrer/Exécuter puis saisissez : regedit 2) Ouvrez HKEY_CLASSES_ROOT\VLC.wmv\shell. 3) Créez une clé nommée Open 2) Sélectionnez cette clé puis créez une clé nommée Command 3) Sélectionnez cette clé puis éditez la valeur (par défaut). 4) Saisissez comme données de la valeur ceci : "C:\Program Files\VideoLAN\VLC" --started-from-file "%1" A+

Bonjour, Sur ma livebox Inventel, je suis actuellement configurer en clé WEP (qui est indiqué sous la livebox). J'aimerais passer en WPA. Dans la console de gestion(http://192.168.1.1), je coche (Utilisé uniquement le WPA) mais jamais il m'est demandé de créer ma phrase WPA. Comment faire ? D'avance merci

De plus, de temps en temps, IE plante sans raison (même sans les modules complémentaires) en indiquant qu'il a rencontré une erreur inattendue Plus de détails: AppName: iexplore.exe AppVer: 7.0.6000.16640 ModName: unknown ModVer: 0.0.0.0 Offset: 01681f1f

Bonjour, Sous IE (j'ai la version 7 mais depuis plusieurs mois), j'ai remarqué que je n'ai plus accès à différentes touches (comme CTRL+C, CTRL+V, CTRL+X, SUPPR ) dans les champs des sites (par exemple le champ de recherche google ou même le champ où j'écris ce message). Pensant à une infection, j'ai fait une analyse avec HijackThis -> OK, avec trojan remover -> OK, Spybot -> OK, Ad-adware -> 2 trojans supprimés. Mais le problème est toujours existant. J'ai démarré sans les modules complémentaires mais toujours le problème J'ai désinstallé IE7 et le problème est aussi dans IE6. Donc j'ai ré-installé IE7 + mais rien à faire ! J'ai installé IE7 pro (qui est conseillé sur ce que j'ai lu par beaucoup de personnes) et j'ai pu configurer les touches CTRL+C, CTRL+V, CTRL+X (d'ailleurs, il m'était indiqué que ces touches étaient déjà configurées par IE) mais pas la touche SUPPR Quelqu'un aurait-il une idée ? D'avance merci PS: En éditant mon message pour apporter des infos supplémentaires, je pense que ce n'est pas une infectionm ais un mauvais réglage donc le message n'est peut-être pas dans la bonne section !

Bonjour, Comme j'ai un peu galéré pour trouver la solution à la lecture des vidéos dans Outlook Express avec VLC (message d'erreur: Aucun programme n'est associé à ce fichier pour exécuter cette action), je postes içi la solution. Je précise bien-sûr que les extensions des fichiers vidéos étaient associés à VLC (dans Options de dossiers) Procédures en prenant comme exemple les fichiers .AVI 1) Cliquez sur Démarrer/Exécuter puis saisissez : regedit 2) Ouvrez HKEY_CLASSES_ROOT\VLC.avi\shell. 3) Créez une clé nommée Open 2) Sélectionnez cette clé puis créez une clé nommée Command 3) Sélectionnez cette clé puis éditez la valeur (par défaut). 4) Saisissez comme données de la valeur ceci : "C:\Program Files\VideoLAN\VLC" --started-from-file "%1" J'ai créé un fichier .reg qui regroupe toutes les extensions vidéos de VLC mais je ne trouve pas comment poster un fichier. En espérant avoir pu aider quelques personnes ! A+