nimas83

Merci beaucoup, rien a signaler concernant ces fichiers firefox installé et configuré, spyware doc supprimé. tout est parfait, mon probleme est résolu. encore merci pour ta patience, tes conseils et le temps que tu consacré a mon problème merci !

merci pour tout ces bon conseils, je vais les appliquer sur le champs a tout hasard je poste le log de mon 2eme pc si tu voit quelque chose qui cloche n'hésites pas , merci : ComboFix 09-06-20.02 - n 20/06/2009 21:42.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3071.2502 [GMT 2:00] Lancé depuis: c:\documents and settings\n\Bureau\ComboFix.exe AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Pare-feu personnel d'ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\n\Application Data\.# c:\documents and settings\n\Application Data\.#\MBX@804@3837C8.### c:\documents and settings\n\Application Data\.#\MBX@804@3837D8.### c:\documents and settings\n\Application Data\.#\MBX@804@3837E8.### c:\windows\system32\ATIODCLI.exe c:\windows\system32\ATIODE.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-20 au 2009-06-20 )))))))))))))))))))))))))))))))))))) . 2009-06-20 16:45 . 2009-06-20 16:45 -------- d-----w- c:\windows\system32\xircom 2009-06-20 16:45 . 2009-06-20 16:45 -------- d-----w- c:\windows\system32\wbem\snmp 2009-06-20 16:45 . 2009-06-20 16:45 -------- d-----w- c:\program files\microsoft frontpage 2009-06-20 16:39 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-06-20 16:39 . 2009-02-23 08:11 130424 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-06-20 16:39 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-06-20 16:39 . 2009-06-20 16:40 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2009-06-20 16:39 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-06-20 16:39 . 2009-06-20 17:11 -------- d-----w- c:\program files\Spyware Doctor 2009-06-20 16:39 . 2009-06-20 16:39 -------- d-----w- c:\documents and settings\n\Application Data\PC Tools 2009-06-20 16:39 . 2009-06-20 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-06-19 18:41 . 2009-06-19 18:41 -------- d-----w- c:\documents and settings\n\Application Data\Malwarebytes 2009-06-19 18:41 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-19 18:41 . 2009-06-19 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-19 18:41 . 2009-06-19 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-19 18:41 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-19 07:55 . 2009-06-19 07:55 -------- d-----w- c:\documents and settings\n\Application Data\Notepad++ 2009-06-19 07:55 . 2009-06-19 07:55 -------- d-----w- c:\program files\Notepad++ 2009-06-19 07:51 . 2009-06-19 07:51 -------- d-----w- c:\documents and settings\n\Local Settings\Application Data\ESET 2009-06-19 07:46 . 2009-06-19 07:46 -------- d-----w- c:\program files\EasyPHP 3.0 2009-06-19 07:32 . 2009-06-19 18:51 -------- d-----w- c:\program files\FlashFXP 2009-06-19 07:32 . 2009-06-19 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\FlashFXP 2009-06-19 07:31 . 2009-06-19 07:31 -------- d-----w- c:\windows\IniCom Networks FlashFXP v3 7 6 2009-06-19 07:31 . 2009-06-19 07:31 -------- d-----w- c:\program files\IniCom Networks FlashFXP v3 7 6 2009-06-19 06:57 . 2008-04-13 14:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-06-19 06:57 . 2001-08-23 20:47 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-06-19 06:57 . 2008-04-13 22:33 159232 ----a-w- c:\windows\system32\ptpusd.dll 2009-06-19 06:29 . 2009-06-19 06:30 -------- d-----w- C:\h 2009-06-19 06:04 . 2009-06-19 06:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2009-06-18 09:36 . 2001-05-07 10:56 19805 ----a-r- c:\windows\system32\drivers\usbio.sys 2009-06-18 07:15 . 2009-06-18 07:19 -------- d-----w- C:\JEUX2 2009-06-18 07:13 . 2009-06-19 05:50 -------- d-----w- c:\documents and settings\n\Application Data\Desktopicon 2009-06-18 07:13 . 2009-06-18 07:13 -------- d-----w- c:\program files\Unlocker 2009-06-18 06:56 . 2009-06-18 07:14 -------- d-----w- C:\JEUX 2009-06-18 06:33 . 2009-06-18 06:33 -------- d-----w- c:\program files\MSXML 4.0 2009-06-18 06:33 . 2009-06-18 06:33 -------- d-----w- c:\program files\Datel 2009-06-17 22:55 . 2009-06-17 22:57 -------- d-----w- C:\VIDEOS 2009-06-17 22:09 . 2009-06-17 22:09 180224 ----a-w- c:\windows\system32\WinVd32.sys 2009-06-17 22:09 . 2009-06-17 22:09 7680 ----a-w- c:\windows\system32\WinFLsrv.exe 2009-06-17 22:09 . 2009-06-17 22:09 10752 ----a-w- c:\windows\system32\WinFLdrv.sys 2009-06-17 21:11 . 2009-06-17 21:11 -------- d-----w- c:\program files\Recuva 2009-06-16 17:27 . 2009-06-20 16:44 -------- d-----w- c:\documents and settings\n\Local Settings\Application Data\Eraser 2009-06-16 17:27 . 2009-06-16 17:27 -------- d--h--w- c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646} 2009-06-16 17:27 . 2007-12-31 09:46 2375336 ----a-w- c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe 2009-06-16 17:27 . 2009-06-16 17:27 -------- d-----w- c:\program files\Eraser 2009-06-15 22:02 . 2009-06-15 23:14 -------- d-----w- C:\perl 2009-06-15 20:55 . 2009-06-15 20:55 -------- d-----w- c:\program files\CCleaner 2009-06-15 20:54 . 2009-06-15 20:54 -------- d-----w- c:\program files\Trackbuster 2009-06-15 19:56 . 2009-06-18 21:42 -------- d-----w- c:\documents and settings\n\Application Data\dvdcss 2009-06-15 13:58 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-06-15 13:58 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll 2009-06-15 12:05 . 2009-06-15 12:05 -------- d-----w- c:\documents and settings\n\Application Data\Megaupload 2009-06-15 12:05 . 2009-06-15 12:05 -------- d-----w- c:\program files\vSoft 2009-06-15 12:05 . 2009-06-15 12:05 -------- d-----w- c:\program files\Megaupload 2009-06-15 12:04 . 2009-06-15 12:04 -------- d-----w- c:\documents and settings\n\Application Data\InstallShield 2009-06-15 09:42 . 2009-06-15 09:42 -------- d-----w- c:\program files\vtplus 2009-06-15 09:42 . 2007-07-10 20:28 65603 ----a-w- c:\windows\system32\hcwIRblast.dll 2009-06-15 09:42 . 2007-06-04 10:40 294912 ----a-w- c:\windows\system32\hcwzblast.dll 2009-06-15 09:42 . 2007-07-19 13:44 765952 ----a-w- c:\windows\system32\msvcp71d.dll 2009-06-15 09:42 . 2007-07-19 13:44 544768 ----a-w- c:\windows\system32\msvcr71d.dll 2009-06-15 09:42 . 2007-07-19 13:44 2179072 ----a-w- c:\windows\system32\mfc71d.dll 2009-06-15 09:42 . 1999-06-25 09:55 149504 ----a-w- c:\windows\system32\UNWISE.EXE 2009-06-15 09:42 . 2009-06-15 09:42 -------- d-----w- c:\program files\Fichiers communs\IviSDK 2009-06-15 09:41 . 2006-05-08 07:55 28672 ----a-w- c:\windows\system32\hcwsched.dll 2009-06-15 09:41 . 2006-05-08 07:54 65536 ----a-w- c:\windows\system32\dmcrypto.dll 2009-06-15 09:41 . 2006-01-25 15:38 69632 ----a-w- c:\windows\system32\3DES.dll 2009-06-15 09:41 . 2009-06-15 09:41 -------- d-----w- c:\windows\system32\hauppauge 2009-06-15 09:15 . 2008-04-13 14:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys 2009-06-15 09:15 . 2008-04-13 14:46 15232 ----a-w- c:\windows\system32\drivers\MPE.sys 2009-06-15 09:15 . 2008-04-13 14:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys 2009-06-15 09:15 . 2008-04-13 14:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys 2009-06-15 09:15 . 2008-04-13 14:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys 2009-06-15 09:15 . 2008-04-13 14:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS 2009-06-15 09:15 . 2008-04-13 14:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys 2009-06-15 09:15 . 2008-04-13 14:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys 2009-06-15 09:14 . 2008-04-13 22:33 54784 ----a-w- c:\windows\system32\vfwwdm32.dll 2009-06-15 09:14 . 2008-04-13 22:33 363520 ----a-w- c:\windows\system32\PsisDecd.dll 2009-06-15 09:14 . 2008-04-13 14:46 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys 2009-06-15 09:14 . 2007-03-26 16:46 827776 ----a-w- c:\windows\system32\drivers\HCW713x.sys 2009-06-15 09:14 . 2005-11-25 23:51 65536 ----a-w- c:\windows\system32\HCW713xMV.dll 2009-06-15 09:14 . 2009-06-15 09:14 -------- d-----w- C:\Hauppauge 2009-06-15 09:12 . 2009-06-15 09:13 -------- d-----w- c:\documents and settings\n\Application Data\vlc 2009-06-15 09:12 . 2009-06-15 09:12 -------- d-----w- c:\program files\VideoLAN 2009-06-15 09:11 . 2009-06-15 09:11 -------- d-----w- c:\documents and settings\n\Application Data\ImgBurn 2009-06-15 09:09 . 2009-06-18 21:40 -------- d-----w- c:\documents and settings\n\Application Data\GrabIt 2009-06-15 09:08 . 2009-06-15 09:08 -------- d-----w- c:\program files\Giganews Accelerator 2009-06-15 09:07 . 2009-06-15 09:07 -------- d-----w- c:\program files\GrabIt 2009-06-15 09:04 . 2009-06-15 09:04 -------- d-----w- c:\program files\AviSynth 2.5 2009-06-15 09:03 . 2009-06-15 09:03 -------- d-----w- c:\program files\Gabest 2009-06-15 09:03 . 2009-06-15 09:07 -------- d-----w- c:\program files\GordianKnot 2009-06-15 09:03 . 2009-06-15 09:03 -------- d-----w- c:\program files\YencPowerPostA&A11b_FR 2009-06-15 09:02 . 2009-06-15 09:02 -------- d-----w- c:\program files\VirtualDub-1.8.8 2009-06-15 09:01 . 2009-06-15 09:01 -------- d-----w- c:\documents and settings\n\Local Settings\Application Data\ACD Systems 2009-06-15 09:01 . 2009-06-15 09:01 -------- d-----w- c:\documents and settings\n\Application Data\ACD Systems 2009-06-15 09:01 . 2009-06-15 09:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems 2009-06-15 09:01 . 2009-06-15 09:01 -------- d-----w- c:\program files\Fichiers communs\ACD Systems 2009-06-15 09:01 . 2009-06-15 09:01 -------- d-----w- c:\program files\ACD Systems 2009-06-15 09:00 . 2009-06-15 09:00 -------- d-----w- c:\documents and settings\n\Local Settings\Application Data\Downloaded Installations 2009-06-15 08:55 . 2009-06-15 08:55 -------- d-----w- c:\documents and settings\n\Local Settings\Application Data\Adobe 2009-06-15 08:54 . 2009-06-15 08:54 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-06-15 08:53 . 2009-06-15 08:53 -------- d-----w- c:\program files\Microsoft Works 2009-06-15 08:52 . 2009-06-15 08:52 -------- d-----w- c:\program files\Microsoft.NET 2009-06-15 08:50 . 2009-06-15 08:50 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2009-06-15 08:50 . 2009-06-15 08:50 -------- d-----w- c:\windows\SHELLNEW 2009-06-15 08:50 . 2009-06-15 08:50 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-06-15 08:50 . 2009-06-15 08:50 -------- d-----w- c:\documents and settings\n\Local Settings\Application Data\Microsoft Help 2009-06-15 08:50 . 2009-06-15 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-15 08:49 . 2009-06-15 08:49 -------- d--h--r- C:\MSOCache 2009-06-15 08:44 . 2009-06-15 08:44 -------- d-----w- c:\program files\PowerISO 2009-06-15 08:16 . 2009-06-15 08:16 -------- d-sh--w- c:\documents and settings\n\IECompatCache 2009-06-15 08:16 . 2009-06-15 08:16 -------- d-sh--w- c:\documents and settings\n\PrivacIE 2009-06-15 06:03 . 2009-06-15 06:03 -------- d-sh--w- c:\documents and settings\n\IETldCache 2009-06-15 05:58 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-06-15 05:58 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-15 05:58 . 2009-06-15 05:58 -------- d-----w- c:\windows\ie8updates 2009-06-15 05:58 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-06-15 05:56 . 2009-06-15 05:58 -------- dc-h--w- c:\windows\ie8 2009-06-15 05:47 . 2009-06-15 09:09 68464 ----a-w- c:\documents and settings\n\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-15 05:47 . 2009-06-15 05:47 -------- d-----w- c:\documents and settings\n\Local Settings\Application Data\ATI 2009-06-15 05:47 . 2009-06-15 05:47 -------- d-----w- c:\documents and settings\n\Application Data\ATI 2009-06-15 05:47 . 2009-06-15 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2009-06-15 05:47 . 2009-06-15 05:47 -------- d-----w- c:\windows\system32\Lang 2009-06-15 05:46 . 2009-06-15 05:46 0 ----a-w- c:\windows\ativpsrm.bin 2009-06-15 05:44 . 2009-06-15 05:44 -------- d-----w- c:\documents and settings\n\Application Data\ESET 2009-06-15 05:44 . 2009-06-15 05:44 -------- d-----w- c:\program files\ESET . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-20 19:41 . 2009-06-14 23:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-20 16:45 . 2009-06-15 09:40 -------- d-----w- c:\program files\WinTV 2009-06-15 12:04 . 2009-06-15 05:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-14 11:19 . 2009-05-14 11:19 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys 2009-05-14 11:19 . 2009-05-14 11:19 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys 2009-05-14 11:19 . 2009-05-14 11:19 133000 ----a-w- c:\windows\system32\drivers\epfw.sys 2009-05-14 11:17 . 2009-05-14 11:17 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2009-05-14 11:11 . 2009-05-14 11:11 114472 ----a-w- c:\windows\system32\drivers\eamon.sys 2009-05-13 05:04 . 2008-12-20 22:47 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:33 . 2008-04-14 12:00 348672 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 03:30 . 2009-04-29 03:30 3643904 ----a-w- c:\windows\system32\drivers\ati2mtag.sys 2009-04-29 02:18 . 2009-04-29 02:18 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2009-04-29 02:17 . 2009-04-29 02:17 335872 ----a-w- c:\windows\system32\ati2dvag.dll 2009-04-29 02:07 . 2009-04-29 02:07 204800 ----a-w- c:\windows\system32\atipdlxx.dll 2009-04-29 02:06 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll 2009-04-29 02:06 . 2009-04-29 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe 2009-04-29 02:06 . 2009-04-29 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2009-04-29 02:06 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\ati2evxx.dll 2009-04-29 02:04 . 2009-04-29 02:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe 2009-04-29 02:03 . 2009-04-29 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL 2009-04-29 02:00 . 2009-04-29 02:00 311296 ----a-w- c:\windows\system32\atiiiexx.dll 2009-04-29 01:56 . 2009-04-29 01:56 2997536 ----a-w- c:\windows\system32\ati3duag.dll 2009-04-29 01:45 . 2009-04-29 01:45 11603968 ----a-w- c:\windows\system32\atioglxx.dll 2009-04-29 01:42 . 2009-04-29 01:42 2687872 ----a-w- c:\windows\system32\ativvaxx.dll 2009-04-29 01:42 . 2009-04-29 01:42 887724 ----a-w- c:\windows\system32\ativva6x.dat 2009-04-29 01:42 . 2009-04-29 01:42 3107788 ----a-w- c:\windows\system32\ativva5x.dat 2009-04-29 01:26 . 2009-04-29 01:26 49664 ----a-w- c:\windows\system32\atimpc32.dll 2009-04-29 01:26 . 2009-04-29 01:26 49664 ----a-w- c:\windows\system32\amdpcom32.dll 2009-04-29 01:22 . 2009-04-29 01:22 479232 ----a-w- c:\windows\system32\atikvmag.dll 2009-04-29 01:20 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalrt.dll 2009-04-29 01:20 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalcl.dll 2009-04-29 01:20 . 2009-04-29 01:20 135168 ----a-w- c:\windows\system32\atiadlxx.dll 2009-04-29 01:19 . 2009-04-29 01:19 17408 ----a-w- c:\windows\system32\atitvo32.dll 2009-04-29 01:19 . 2009-04-29 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2009-04-29 01:18 . 2009-04-29 01:18 3280896 ----a-w- c:\windows\system32\aticaldd.dll 2009-04-29 01:17 . 2009-04-29 01:17 303104 ----a-w- c:\windows\system32\atiok3x2.dll 2009-04-29 01:13 . 2009-04-29 01:13 630784 ----a-w- c:\windows\system32\ati2cqag.dll 2009-04-23 17:22 . 2009-06-15 05:27 141568 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys 2009-04-19 19:42 . 2009-04-10 00:16 1847936 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:53 . 2008-04-14 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-10 00:19 . 2001-08-23 22:47 77891 ----a-w- c:\windows\system32\usrmlnka.exe 2009-04-10 00:16 . 2009-04-10 00:16 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-04-10 00:16 . 2009-04-10 00:16 219648 ----a-w- c:\windows\system32\uxtheme.dll 2009-04-10 00:16 . 2009-04-10 00:16 142336 ----a-w- c:\windows\system32\sfc_os.dll 2009-04-10 00:16 . 2009-04-10 00:16 1013248 ----a-w- c:\windows\system32\syssetup.dll 2009-04-10 00:16 . 2009-04-10 00:16 938496 ----a-w- c:\windows\system32\wmnetmgr.dll 2009-04-10 00:16 . 2009-04-10 00:16 100864 ----a-w- c:\windows\system32\logagent.exe 2009-04-10 00:16 . 2009-04-10 00:16 144896 ----a-w- c:\windows\system32\schannel.dll 2009-04-10 00:16 . 2009-04-10 00:16 333952 ----a-w- c:\windows\system32\drivers\srv.sys 2009-04-10 00:16 . 2009-04-10 00:16 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-04-10 00:14 . 2009-06-14 23:20 691712 ----a-w- c:\windows\system32\inetcomm.dll 2009-04-10 00:14 . 2009-04-10 00:14 253952 ----a-w- c:\windows\system32\es.dll 2009-04-10 00:14 . 2009-04-10 00:14 203136 ----a-w- c:\windows\system32\drivers\RMCast.sys 2009-04-10 00:14 . 2009-04-10 00:14 414720 ----a-w- c:\windows\system32\msscp.dll 2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmvdmoe2.dll 2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmvdmod.dll 2009-04-10 00:13 . 2009-04-10 00:13 603648 ----a-w- c:\windows\system32\wmspdmod.dll 2009-04-10 00:13 . 2009-04-10 00:13 1329152 ----a-w- c:\windows\system32\wmspdmoe.dll 2009-04-10 00:13 . 2009-04-10 00:13 99840 ----a-w- c:\windows\system32\wmpshell.dll 2009-04-10 00:13 . 2009-04-10 00:13 8292352 ----a-w- c:\windows\system32\wmploc.dll 2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmsdmoe2.dll 2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmsdmod.dll 2009-04-10 00:13 . 2009-04-10 00:13 314880 ----a-w- c:\windows\system32\wmpdxm.dll 2009-04-10 00:13 . 2009-04-10 00:13 242688 ----a-w- c:\windows\system32\wmpasf.dll 2009-04-09 11:32 . 2009-04-09 11:32 89088 ----a-w- c:\documents and settings\n\Application Data\Desktopicon\eBayShortcuts.exe 2009-04-01 19:59 . 2009-04-01 19:59 188348 ----a-w- c:\windows\system32\atiicdxx.dat . ------- Sigcheck ------- [-] 2009-04-10 00:16 361600 DF70435F3D17C40D5CB15E6DC918342E c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Eraser RiskMonitor"="c:\program files\East-Tec Eraser 2009\Launch.exe" [2008-11-03 44192] "Eraser"="c:\program files\Eraser\eraser.exe" [2007-12-22 916240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "EPGServiceTool"="c:\progra~1\WinTV\EPG Services\System\EPGClient.exe" [2008-05-15 688128] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-12 17531392] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="shell32" [X] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2009-6-15 110647] Giganews Accelerator.lnk - c:\program files\Giganews Accelerator\GiganewsAccelerator.exe [2007-12-18 1085440] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [20/06/2009 18:39 130424] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 13:17 107256] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14/05/2009 13:17 731840] R2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [15/06/2009 11:42 437248] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [20/06/2009 18:39 348752] R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [18/06/2009 00:09 10752] R3 HCW713x;Hauppauge 713x VU PCI TV Card;c:\windows\system32\drivers\HCW713x.sys [15/06/2009 11:14 827776] R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [26/04/2007 01:53 25088] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15/06/2009 07:26 1684736] --- Autres Services/Pilotes en mémoire --- *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: {EBD60971-610C-4C4A-8A4A-561E9629E5F7} = 212.27.53.252,212.27.54.252 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-20 21:44 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\windows\system32\sys_drv.dat 7028 bytes c:\windows\system32\sys_drv_2.dat 6024 bytes Scan terminé avec succès Fichiers cachés: 2 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1308) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2009-06-20 21:45 ComboFix-quarantined-files.txt 2009-06-20 19:45 Avant-CF: 41 125 629 952 octets libres Après-CF: 41 159 073 792 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /noexecute=alwaysoff 302 --- E O F --- 2009-06-19 01:00

encore merci.... alors j'ai fait ce que tu m'a demandé et apparament les fichiers addons.dat et le dossier PrintSpooler et son contenu ont bien disparut et ne sont pas revenu, c'est déja une première victoire, a toi de me dire au vu du log si tout est bon encore mille merci !! voici le log ComboFix 09-06-19.01 - Steph 20/06/2009 21:15.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3070.2542 [GMT 2:00] Lancé depuis: c:\documents and settings\Steph\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Steph\Bureau\CFScript.txt AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Pare-feu personnel d'ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} FILE :: "c:\windows\LimeWireWin.exe" "c:\windows\system32\Wmpupdate.exe" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Steph\Application Data\LimeWire c:\program files\PrintSpooler c:\program files\Spyware Doctor c:\documents and settings\Steph\Application Data\addons.dat c:\documents and settings\Steph\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\auth.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\caps.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\composer.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\directory.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\editor.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\find.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\intl.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\jar.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\locale.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\oji.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\pippki.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\places.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\pref.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\profile.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\storage.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\update.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\widget.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\crashreporter.exe c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\crashreporter.ini c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\dependentlibs.list c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\freebl3.chk c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\freebl3.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\greprefs\all.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\js3250.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\LICENSE c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\modules\debug.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\modules\utils.js c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\mozctl.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\mozctlx.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\msvcr71.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\nspr4.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\nss3.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\nssckbi.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\nssutil3.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\platform.ini c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\plc4.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\plds4.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\README.txt c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\arrow.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\designmode.css c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\forms.css c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\grabber.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\html.css c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\html\folder.png c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\language.properties c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\mathml.css c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\quirk.css c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\svg.css c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\ua.css c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\viewsource.css c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\smime3.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\softokn3.chk c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\softokn3.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\sqlite3.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\ssl3.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\updater.exe c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\version.properties c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\xpcom.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\xpcshell.exe c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\xpidl.exe c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\xpt_link.exe c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\xul.dll c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\xulrunner.exe c:\documents and settings\Steph\Application Data\LimeWire\createtimes.cache c:\documents and settings\Steph\Application Data\LimeWire\downloads.dat c:\documents and settings\Steph\Application Data\LimeWire\fileurns.cache c:\documents and settings\Steph\Application Data\LimeWire\gnutella.net c:\documents and settings\Steph\Application Data\LimeWire\installation.props c:\documents and settings\Steph\Application Data\LimeWire\library.dat c:\documents and settings\Steph\Application Data\LimeWire\library5.dat c:\documents and settings\Steph\Application Data\LimeWire\limewire.props c:\documents and settings\Steph\Application Data\LimeWire\mojito.props c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\.autoreg c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_ c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_ c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_ c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_ c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\3816C1E5d01 c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01 c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01 c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01 c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01 c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01 c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01 c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\cert8.db c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\compreg.dat c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\cookies.sqlite c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\downloads.sqlite c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\extensions.cache c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\extensions.ini c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\history.dat c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\key3.db c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\permissions.sqlite c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\places.sqlite c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\places.sqlite-journal c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\pluginreg.dat c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\prefs.js c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\secmod.db c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\XPC.mfl c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\xpti.dat c:\documents and settings\Steph\Application Data\LimeWire\promotion\promodb.properties c:\documents and settings\Steph\Application Data\LimeWire\promotion\promodb.script c:\documents and settings\Steph\Application Data\LimeWire\responses.cache c:\documents and settings\Steph\Application Data\LimeWire\simpp.xml c:\documents and settings\Steph\Application Data\LimeWire\spam.dat c:\documents and settings\Steph\Application Data\LimeWire\tables.props c:\documents and settings\Steph\Application Data\LimeWire\ttdata.cache c:\documents and settings\Steph\Application Data\LimeWire\ttroot.cache c:\documents and settings\Steph\Application Data\LimeWire\version.xml c:\documents and settings\Steph\Application Data\LimeWire\versions.props c:\documents and settings\Steph\Application Data\LimeWire\xml\data\video.sxml3 c:\program files\PrintSpooler\logg.dat c:\program files\PrintSpooler\printspool.exe c:\program files\Spyware Doctor\Alert.exe c:\program files\Spyware Doctor\alert.wav c:\program files\Spyware Doctor\avdb\av10-000.vdb c:\program files\Spyware Doctor\avdb\BLST.bin c:\program files\Spyware Doctor\avdb\info.dbsdk c:\program files\Spyware Doctor\avdb\SFS2.bin c:\program files\Spyware Doctor\avdb\vdb.xml c:\program files\Spyware Doctor\avengine\PCTAVEng.dll c:\program files\Spyware Doctor\avengine\SDAVgate.dll c:\program files\Spyware Doctor\BH.dll c:\program files\Spyware Doctor\bpo-sdhelp.chm c:\program files\Spyware Doctor\cdialogs.dll c:\program files\Spyware Doctor\ChineseSimp.lng c:\program files\Spyware Doctor\ChineseTrad.lng c:\program files\Spyware Doctor\commhlpr.dll c:\program files\Spyware Doctor\commlib.dll c:\program files\Spyware Doctor\CommLibLite.dll c:\program files\Spyware Doctor\commom.dll c:\program files\Spyware Doctor\csi-sdhelp.chm c:\program files\Spyware Doctor\csi-sdhelp_pr.chm c:\program files\Spyware Doctor\ctr-sdhelp.chm c:\program files\Spyware Doctor\cze-sdhelp.chm c:\program files\Spyware Doctor\Czech.lng c:\program files\Spyware Doctor\dan-sdhelp.chm c:\program files\Spyware Doctor\Danish.lng c:\program files\Spyware Doctor\deu-sdhelp.chm c:\program files\Spyware Doctor\Deutsch.lng c:\program files\Spyware Doctor\drvctl.exe c:\program files\Spyware Doctor\Dutch.lng c:\program files\Spyware Doctor\eng-sdhelp.chm c:\program files\Spyware Doctor\English.lng c:\program files\Spyware Doctor\EnglishBritish.lng c:\program files\Spyware Doctor\esp-sdhelp.chm c:\program files\Spyware Doctor\euk-sdhelp.chm c:\program files\Spyware Doctor\filehlpr.dll c:\program files\Spyware Doctor\FileStorage.sdp c:\program files\Spyware Doctor\fin-sdhelp.chm c:\program files\Spyware Doctor\Finnish.lng c:\program files\Spyware Doctor\fre-sdhelp.chm c:\program files\Spyware Doctor\French.lng c:\program files\Spyware Doctor\gre-sdhelp.chm c:\program files\Spyware Doctor\Greek.lng c:\program files\Spyware Doctor\history\syslog.dad c:\program files\Spyware Doctor\history\syslog.das c:\program files\Spyware Doctor\history\userlog.dad c:\program files\Spyware Doctor\history\userlog.das c:\program files\Spyware Doctor\homepage.url c:\program files\Spyware Doctor\html\SiteBlockResp_SD_ChineseSimp.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_ChineseTrad.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Czech.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Danish.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Deutsch.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Dutch.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_English.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_EnglishBritish.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Finnish.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_French.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Greek.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Italian.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Japanese.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Korean.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Norwegian.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Polski.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Portuguese.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_PortugueseBrazilian.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Russian.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Spanish.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Swedish.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Thai.html c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Turkish.html c:\program files\Spyware Doctor\html\SiteBlockResp_SDR_ChineseSimp.html c:\program files\Spyware Doctor\IDBLib.sdp c:\program files\Spyware Doctor\Immunizer.sdp c:\program files\Spyware Doctor\inethlpr.dll c:\program files\Spyware Doctor\InnoHelpers.dll c:\program files\Spyware Doctor\ita-sdhelp.chm c:\program files\Spyware Doctor\Italian.lng c:\program files\Spyware Doctor\jap-sdhelp.chm c:\program files\Spyware Doctor\Japanese.lng c:\program files\Spyware Doctor\KDSInterface.txt c:\program files\Spyware Doctor\klg.dat c:\program files\Spyware Doctor\kor-sdhelp.chm c:\program files\Spyware Doctor\Korean.lng c:\program files\Spyware Doctor\Languages.xml c:\program files\Spyware Doctor\Localizer.sdp c:\program files\Spyware Doctor\LuLng\ChineseSimp.lng c:\program files\Spyware Doctor\LuLng\ChineseTrad.lng c:\program files\Spyware Doctor\LuLng\Czech.lng c:\program files\Spyware Doctor\LuLng\Danish.lng c:\program files\Spyware Doctor\LuLng\Deutsch.lng c:\program files\Spyware Doctor\LuLng\Dutch.lng c:\program files\Spyware Doctor\LuLng\English.lng c:\program files\Spyware Doctor\LuLng\EnglishBritish.lng c:\program files\Spyware Doctor\LuLng\Finnish.lng c:\program files\Spyware Doctor\LuLng\French.lng c:\program files\Spyware Doctor\LuLng\Greek.lng c:\program files\Spyware Doctor\LuLng\Italian.lng c:\program files\Spyware Doctor\LuLng\Japanese.lng c:\program files\Spyware Doctor\LuLng\Korean.lng c:\program files\Spyware Doctor\LuLng\Norwegian.lng c:\program files\Spyware Doctor\LuLng\Polski.lng c:\program files\Spyware Doctor\LuLng\Portuguese.lng c:\program files\Spyware Doctor\LuLng\PortugueseBrazilian.lng c:\program files\Spyware Doctor\LuLng\Russian.lng c:\program files\Spyware Doctor\LuLng\Spanish.lng c:\program files\Spyware Doctor\LuLng\Swedish.lng c:\program files\Spyware Doctor\LuLng\Thai.lng c:\program files\Spyware Doctor\LuLng\Turkish.lng c:\program files\Spyware Doctor\ned-sdhelp.chm c:\program files\Spyware Doctor\NetworkLayer\blacklistlsp.txt c:\program files\Spyware Doctor\NetworkLayer\blacklistlsp.txt.sig c:\program files\Spyware Doctor\NetworkLayer\InstSGTool.dll c:\program files\Spyware Doctor\NetworkLayer\Microsoft.VC80.CRT.manifest c:\program files\Spyware Doctor\NetworkLayer\msvcm80.dll c:\program files\Spyware Doctor\NetworkLayer\msvcp80.dll c:\program files\Spyware Doctor\NetworkLayer\msvcr80.dll c:\program files\Spyware Doctor\NetworkLayer\PCTCFFix.exe c:\program files\Spyware Doctor\NetworkLayer\PCTCFHook.dll c:\program files\Spyware Doctor\NetworkLayer\PCTLsp.dll c:\program files\Spyware Doctor\NetworkLayer\PCTSecUtility.dll c:\program files\Spyware Doctor\NetworkLayer\PluginDllSG.dll c:\program files\Spyware Doctor\NfyMan.sdp c:\program files\Spyware Doctor\nor-sdhelp.chm c:\program files\Spyware Doctor\Norwegian.lng c:\program files\Spyware Doctor\PCTGMhk.dll c:\program files\Spyware Doctor\PCTMime.dll c:\program files\Spyware Doctor\PCToolsComponents.bpl c:\program files\Spyware Doctor\PCTResetSD.exe c:\program files\Spyware Doctor\pctsAuxs.exe c:\program files\Spyware Doctor\PCTSDInj32.sys c:\program files\Spyware Doctor\pctsGui.exe c:\program files\Spyware Doctor\pctsSvc.exe c:\program files\Spyware Doctor\pctsTray.exe c:\program files\Spyware Doctor\PCTWSC.dll c:\program files\Spyware Doctor\PDialogs.dll c:\program files\Spyware Doctor\plugins\Behavior.sdp c:\program files\Spyware Doctor\plugins\Browsers.SDP c:\program files\Spyware Doctor\plugins\cookie.sdp c:\program files\Spyware Doctor\plugins\email.sdp c:\program files\Spyware Doctor\plugins\grAV.sdp c:\program files\Spyware Doctor\plugins\grfiles.SDP c:\program files\Spyware Doctor\plugins\grImmunizer.SDP c:\program files\Spyware Doctor\plugins\grregistry.SDP c:\program files\Spyware Doctor\plugins\KLGuard.SDP c:\program files\Spyware Doctor\plugins\Network.SDP c:\program files\Spyware Doctor\plugins\Process.SDP c:\program files\Spyware Doctor\plugins\ScriptEngine.SDP c:\program files\Spyware Doctor\plugins\SDNET.SDP c:\program files\Spyware Doctor\plugins\Site.sdp c:\program files\Spyware Doctor\plugins\StartUp.SDP c:\program files\Spyware Doctor\pol-sdhelp.chm c:\program files\Spyware Doctor\Polski.lng c:\program files\Spyware Doctor\por-sdhelp.chm c:\program files\Spyware Doctor\Portuguese.lng c:\program files\Spyware Doctor\PortugueseBrazilian.lng c:\program files\Spyware Doctor\PWindow.dll c:\program files\Spyware Doctor\quarantine.sdp c:\program files\Spyware Doctor\RebootManager.sdp c:\program files\Spyware Doctor\RefDB.bin6 c:\program files\Spyware Doctor\RegHelper.dll c:\program files\Spyware Doctor\rtl100.bpl c:\program files\Spyware Doctor\rus-sdhelp.chm c:\program files\Spyware Doctor\Russian.lng c:\program files\Spyware Doctor\scaneng.sdp c:\program files\Spyware Doctor\SDContextExt.dll c:\program files\Spyware Doctor\sdcore.dll c:\program files\Spyware Doctor\sdextra.sdp c:\program files\Spyware Doctor\SDInfo.sdp c:\program files\Spyware Doctor\sdinvoker.exe c:\program files\Spyware Doctor\sdloader.exe c:\program files\Spyware Doctor\sdnet\MANIFEST.1 c:\program files\Spyware Doctor\SDNetPlugin.dll c:\program files\Spyware Doctor\SDNetPlugin.ini c:\program files\Spyware Doctor\SDNetPlugin.txt c:\program files\Spyware Doctor\sdSTasks.def c:\program files\Spyware Doctor\sdwvhlp.dll c:\program files\Spyware Doctor\Settings.cfg c:\program files\Spyware Doctor\Settings.sdp c:\program files\Spyware Doctor\SH.dll c:\program files\Spyware Doctor\smum32.dll c:\program files\Spyware Doctor\SOFactory.sdp c:\program files\Spyware Doctor\Spanish.lng c:\program files\Spyware Doctor\Sqlite3DB.dll c:\program files\Spyware Doctor\stasks.sdp c:\program files\Spyware Doctor\SUErrorLog.txt c:\program files\Spyware Doctor\swe-sdhelp.chm c:\program files\Spyware Doctor\Swedish.lng c:\program files\Spyware Doctor\SysAccess.dll c:\program files\Spyware Doctor\SystemMonitor.sdp c:\program files\Spyware Doctor\TFEngine\MsvcRedist.msi c:\program files\Spyware Doctor\TFEngine\TFAPI.dll c:\program files\Spyware Doctor\TFEngine\TFCfg.dll c:\program files\Spyware Doctor\TFEngine\TFDBM.dll c:\program files\Spyware Doctor\TFEngine\TFE.dll c:\program files\Spyware Doctor\TFEngine\TFExt.dll c:\program files\Spyware Doctor\TFEngine\TFExtCli.dll c:\program files\Spyware Doctor\TFEngine\TfFsMon.sys c:\program files\Spyware Doctor\TFEngine\TfKbMon.sys c:\program files\Spyware Doctor\TFEngine\TFLog.dll c:\program files\Spyware Doctor\TFEngine\TFMisc.dll c:\program files\Spyware Doctor\TFEngine\TFMon.dll c:\program files\Spyware Doctor\TFEngine\TfNetMon.sys c:\program files\Spyware Doctor\TFEngine\TFNI.dll c:\program files\Spyware Doctor\TFEngine\TFO.dll c:\program files\Spyware Doctor\TFEngine\TFQT.dll c:\program files\Spyware Doctor\TFEngine\TFRK.dll c:\program files\Spyware Doctor\TFEngine\TFScan.dll c:\program files\Spyware Doctor\TFEngine\TFServer.dll c:\program files\Spyware Doctor\TFEngine\TFService.exe c:\program files\Spyware Doctor\TFEngine\TFSF.dll c:\program files\Spyware Doctor\TFEngine\TfSysMon.sys c:\program files\Spyware Doctor\TFEngine\TFTM.dll c:\program files\Spyware Doctor\TFEngine\TFUndo.dll c:\program files\Spyware Doctor\TFEngine\TFWAH.dll c:\program files\Spyware Doctor\TFEngine\TFWS.dll c:\program files\Spyware Doctor\tha-sdhelp.chm c:\program files\Spyware Doctor\Thai.lng c:\program files\Spyware Doctor\TransactionResults\Transaction36.xml c:\program files\Spyware Doctor\TransactionResults\Transaction37.xml c:\program files\Spyware Doctor\tur-sdhelp.chm c:\program files\Spyware Doctor\Turkish.lng c:\program files\Spyware Doctor\ugLng\ChineseSimp.lng c:\program files\Spyware Doctor\ugLng\ChineseTrad.lng c:\program files\Spyware Doctor\ugLng\Czech.lng c:\program files\Spyware Doctor\ugLng\Danish.lng c:\program files\Spyware Doctor\ugLng\Deutsch.lng c:\program files\Spyware Doctor\ugLng\Dutch.lng c:\program files\Spyware Doctor\ugLng\English.lng c:\program files\Spyware Doctor\ugLng\EnglishBritish.lng c:\program files\Spyware Doctor\ugLng\Finnish.lng c:\program files\Spyware Doctor\ugLng\French.lng c:\program files\Spyware Doctor\ugLng\Greek.lng c:\program files\Spyware Doctor\ugLng\Italian.lng c:\program files\Spyware Doctor\ugLng\Japanese.lng c:\program files\Spyware Doctor\ugLng\Korean.lng c:\program files\Spyware Doctor\ugLng\Norwegian.lng c:\program files\Spyware Doctor\ugLng\Polski.lng c:\program files\Spyware Doctor\ugLng\Portuguese.lng c:\program files\Spyware Doctor\ugLng\PortugueseBrazilian.lng c:\program files\Spyware Doctor\ugLng\Russian.lng c:\program files\Spyware Doctor\ugLng\Spanish.lng c:\program files\Spyware Doctor\ugLng\Swedish.lng c:\program files\Spyware Doctor\ugLng\Thai.lng c:\program files\Spyware Doctor\ugLng\Turkish.lng c:\program files\Spyware Doctor\ugLng\Ukrainian.lng c:\program files\Spyware Doctor\UmInject32.exe c:\program files\Spyware Doctor\unins000.dat c:\program files\Spyware Doctor\unins000.exe c:\program files\Spyware Doctor\unins000.msg c:\program files\Spyware Doctor\Update.exe c:\program files\Spyware Doctor\UpdateHlpr.dll c:\program files\Spyware Doctor\Upgrade.exe c:\program files\Spyware Doctor\upgrade.ini c:\program files\Spyware Doctor\vcl100.bpl c:\program files\Spyware Doctor\whitelist.sdp c:\program files\Spyware Doctor\wlDefines.cfg c:\windows\LimeWireWin.exe c:\windows\system32\Wmpupdate.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_sdAuxService -------\Service_sdAuxService ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-20 au 2009-06-20 )))))))))))))))))))))))))))))))))))) . 2009-06-20 18:46 . 2009-06-20 18:46 -------- d-----w- c:\documents and settings\Steph\Application Data\Desktopicon 2009-06-20 18:46 . 2009-06-20 18:46 -------- d-----w- c:\program files\Unlocker 2009-06-20 14:33 . 2009-06-20 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-06-20 14:33 . 2009-06-20 14:33 -------- d-----w- c:\documents and settings\Steph\Application Data\Yahoo! 2009-06-20 14:33 . 2009-06-20 14:33 -------- d-----w- c:\program files\Yahoo! 2009-06-20 06:04 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-06-20 06:04 . 2009-06-20 06:24 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-06-20 06:04 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-06-20 06:04 . 2009-06-20 06:05 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2009-06-20 06:04 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-06-20 06:04 . 2009-06-20 06:04 -------- d-----w- c:\documents and settings\Steph\Application Data\PC Tools 2009-06-20 06:04 . 2009-06-20 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-06-19 19:09 . 2009-06-19 19:09 -------- d-----w- c:\documents and settings\Steph\Local Settings\Application Data\ESET 2009-06-19 16:44 . 2009-06-19 16:44 -------- d-----w- c:\windows\system32\xircom 2009-06-19 16:44 . 2009-06-19 16:44 -------- d-----w- c:\windows\system32\wbem\snmp 2009-06-19 16:44 . 2009-06-19 16:44 -------- d-----w- c:\program files\microsoft frontpage 2009-06-19 16:33 . 2009-06-19 16:33 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-19 16:31 . 2009-06-19 16:31 -------- d-----w- c:\documents and settings\Steph\Application Data\Malwarebytes 2009-06-19 16:31 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-19 16:31 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-19 16:31 . 2009-06-19 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-19 16:31 . 2009-06-19 16:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-19 15:56 . 2009-06-19 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-06-18 18:48 . 2009-06-18 18:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-06-17 10:55 . 2009-06-17 10:55 -------- d-----w- c:\windows\Sun 2009-06-10 17:24 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-06-10 17:24 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-04 09:08 . 2008-04-13 14:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys 2009-06-04 09:08 . 2008-04-13 14:46 15232 ----a-w- c:\windows\system32\drivers\MPE.sys 2009-06-04 09:08 . 2008-04-13 14:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys 2009-06-04 09:08 . 2008-04-13 14:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys 2009-06-04 09:08 . 2008-04-13 14:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys 2009-06-04 09:08 . 2008-04-13 14:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS 2009-06-04 09:08 . 2008-04-13 14:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys 2009-06-04 09:08 . 2008-04-13 14:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys 2009-06-04 09:07 . 2008-11-11 11:49 247968 ----a-r- c:\windows\system32\drivers\AF9035BDA.sys 2009-06-04 09:07 . 2008-09-01 08:36 356 ----a-r- c:\windows\system32\AF15IrTbl.bin 2009-06-04 09:07 . 2008-04-13 22:33 54784 ----a-w- c:\windows\system32\vfwwdm32.dll 2009-06-04 09:07 . 2008-04-13 22:33 363520 ----a-w- c:\windows\system32\PsisDecd.dll 2009-06-04 09:07 . 2008-04-13 14:46 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys 2009-06-04 08:40 . 2009-06-04 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\TerraTec 2009-06-04 08:40 . 2009-06-04 09:02 -------- d-----w- c:\program files\Fichiers communs\TerraTec 2009-06-04 08:40 . 2009-06-04 08:40 -------- d-----w- c:\program files\TerraTec 2009-06-04 08:39 . 2009-06-04 08:39 -------- d-----w- c:\documents and settings\Steph\Application Data\TerraTec 2009-06-04 05:48 . 2009-06-04 05:48 -------- d-----w- c:\documents and settings\Steph\Application Data\HP 2009-05-31 10:18 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll 2009-05-31 10:18 . 2008-04-07 03:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll 2009-05-27 16:35 . 2009-05-27 16:49 -------- d-----w- c:\documents and settings\Steph\Application Data\FrostWire 2009-05-27 16:22 . 2009-05-27 16:22 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-27 16:22 . 2009-05-27 16:22 -------- d-----w- c:\program files\Java 2009-05-27 16:22 . 2009-05-27 16:22 152576 ----a-w- c:\documents and settings\Steph\Application Data\Sun\Java\jre1.6.0_11\lzma.dll 2009-05-27 16:20 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2009-05-27 16:03 . 2009-05-27 16:20 -------- d-----w- c:\program files\eMule 2009-05-26 13:46 . 2009-05-26 13:46 -------- d-----w- c:\program files\Jetico . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-20 19:11 . 2009-05-18 19:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-20 07:13 . 2009-04-13 17:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-20 06:46 . 2009-04-13 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier 2009-06-12 12:10 . 2008-04-14 12:00 81626 ----a-w- c:\windows\system32\perfc00C.dat 2009-06-12 12:10 . 2008-04-14 12:00 503628 ----a-w- c:\windows\system32\perfh00C.dat 2009-06-11 11:33 . 2009-04-13 18:19 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-06-11 11:33 . 2009-04-13 18:19 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-06-10 17:43 . 2009-04-13 18:24 153920 ----a-w- c:\documents and settings\Steph\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-10 17:40 . 2009-04-13 18:28 1625008 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-06-10 17:39 . 2009-04-14 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-10 17:36 . 2009-04-14 06:14 -------- d-----w- c:\program files\Microsoft Works 2009-06-09 10:52 . 2009-04-13 18:14 -------- d-----w- c:\documents and settings\Steph\Application Data\GrabIt 2009-06-08 10:10 . 2009-05-19 08:11 -------- d-----w- c:\program files\Electronic Arts 2009-05-31 10:18 . 2009-04-13 18:18 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-05-19 17:31 . 2009-05-19 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts 2009-05-19 08:14 . 2009-05-19 08:14 10134 ----a-r- c:\documents and settings\Steph\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-05-19 08:14 . 2009-05-19 08:14 -------- d-----w- c:\program files\Microsoft WSE 2009-05-15 09:40 . 2009-05-15 09:40 -------- d-----w- c:\program files\CCleaner 2009-05-14 21:03 . 2009-05-14 21:03 -------- d-----w- c:\documents and settings\Steph\Application Data\ImgBurn 2009-05-14 19:04 . 2009-05-14 19:04 -------- d-----w- c:\program files\ImgBurn 2009-05-13 13:28 . 2009-04-13 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2009-05-13 05:04 . 2008-12-20 22:47 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-11 08:52 . 2009-04-13 18:05 -------- d-----w- c:\program files\GrabIt 2009-05-07 15:33 . 2008-04-14 12:00 348672 ----a-w- c:\windows\system32\localspl.dll 2009-05-04 15:34 . 2009-04-23 16:18 -------- d-----w- c:\documents and settings\Steph\Application Data\Nero 2009-04-27 08:18 . 2009-04-27 08:18 -------- d-----w- c:\program files\Pochette Express 2 2009-04-27 07:03 . 2009-04-25 17:28 -------- d-----w- c:\program files\Microsoft Silverlight 2009-04-25 18:08 . 2009-04-13 18:09 -------- d-----w- c:\program files\Google 2009-04-23 15:33 . 2009-04-23 15:15 -------- d-----w- c:\program files\Fichiers communs\Nero 2009-04-23 15:25 . 2009-04-23 15:15 -------- d-----w- c:\program files\Nero 2009-04-23 15:24 . 2009-04-23 15:24 -------- d-----w- c:\program files\Windows Sidebar 2009-04-23 15:21 . 2009-04-23 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2009-04-23 13:51 . 2009-04-14 17:40 -------- d-----w- c:\documents and settings\Steph\Application Data\dvdcss 2009-04-23 11:43 . 2009-04-23 11:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\agi 2009-04-23 11:42 . 2009-04-23 11:42 339968 ----a-w- c:\windows\system32\pythoncom25.dll 2009-04-23 11:42 . 2009-04-23 11:42 2117632 ----a-w- c:\windows\system32\python25.dll 2009-04-23 11:42 . 2009-04-23 11:42 114688 ----a-w- c:\windows\system32\pywintypes25.dll 2009-04-19 19:42 . 2009-04-10 00:16 1847936 ----a-w- c:\windows\system32\win32k.sys 2009-04-16 12:30 . 2009-04-16 12:30 97248 ----a-w- c:\windows\system32\drivers\snapman.sys 2009-04-15 14:53 . 2008-04-14 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-14 06:28 . 2009-04-14 06:19 158818 ----a-w- c:\windows\hpoins15.dat 2009-04-13 18:28 . 2009-04-13 18:28 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-04-13 18:20 . 2009-04-13 17:09 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-04-13 18:19 . 2009-04-13 18:19 8 --sh--r- c:\documents and settings\All Users\Application Data\C3BED7BE0E.sys 2009-04-13 18:19 . 2009-04-13 18:19 8 --sh--r- c:\documents and settings\All Users\Application Data\C3BED7BE0E.sys 2009-04-13 17:43 . 2009-04-13 17:43 0 ----a-w- c:\windows\ativpsrm.bin 2009-04-13 17:07 . 2009-04-13 17:07 21892 ----a-w- c:\windows\system32\emptyregdb.dat 2009-04-10 00:19 . 2001-08-23 22:47 77891 ----a-w- c:\windows\system32\usrmlnka.exe 2009-04-10 00:16 . 2009-04-10 00:16 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-04-10 00:16 . 2009-04-10 00:16 219648 ----a-w- c:\windows\system32\uxtheme.dll 2009-04-10 00:16 . 2009-04-10 00:16 142336 ----a-w- c:\windows\system32\sfc_os.dll 2009-04-10 00:16 . 2009-04-10 00:16 1013248 ----a-w- c:\windows\system32\syssetup.dll 2009-04-10 00:16 . 2009-04-10 00:16 938496 ----a-w- c:\windows\system32\wmnetmgr.dll 2009-04-10 00:16 . 2009-04-10 00:16 100864 ----a-w- c:\windows\system32\logagent.exe 2009-04-10 00:16 . 2009-04-10 00:16 144896 ----a-w- c:\windows\system32\schannel.dll 2009-04-10 00:16 . 2009-04-10 00:16 333952 ----a-w- c:\windows\system32\drivers\srv.sys 2009-04-10 00:16 . 2009-04-10 00:16 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-04-10 00:14 . 2009-04-13 17:07 691712 ----a-w- c:\windows\system32\inetcomm.dll 2009-04-10 00:14 . 2009-04-10 00:14 253952 ----a-w- c:\windows\system32\es.dll 2009-04-10 00:14 . 2009-04-10 00:14 203136 ----a-w- c:\windows\system32\drivers\RMCast.sys 2009-04-10 00:14 . 2009-04-10 00:14 414720 ----a-w- c:\windows\system32\msscp.dll 2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmvdmoe2.dll 2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmvdmod.dll 2009-04-10 00:13 . 2009-04-10 00:13 603648 ----a-w- c:\windows\system32\wmspdmod.dll 2009-04-10 00:13 . 2009-04-10 00:13 1329152 ----a-w- c:\windows\system32\wmspdmoe.dll 2009-04-10 00:13 . 2009-04-10 00:13 99840 ----a-w- c:\windows\system32\wmpshell.dll 2009-04-10 00:13 . 2009-04-10 00:13 8292352 ----a-w- c:\windows\system32\wmploc.dll 2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmsdmoe2.dll 2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmsdmod.dll 2009-04-10 00:13 . 2009-04-10 00:13 314880 ----a-w- c:\windows\system32\wmpdxm.dll 2009-04-10 00:13 . 2009-04-10 00:13 242688 ----a-w- c:\windows\system32\wmpasf.dll 2009-04-09 11:32 . 2009-04-09 11:32 89088 ----a-w- c:\documents and settings\Steph\Application Data\Desktopicon\eBayShortcuts.exe 2009-03-30 15:13 . 2009-04-13 17:30 5063168 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys 2009-03-27 09:22 . 2009-04-13 17:30 17567744 ----a-w- c:\windows\RTHDCPL.EXE 2009-03-25 14:33 . 2009-03-25 14:33 21083176 ----a-w- c:\documents and settings\All Users\Application Data\Corel\Downloads\540225279_410012\1235587639613\PSPPX2ULRAW200904DEFIGS.exe . ------- Sigcheck ------- [-] 2009-04-10 00:16 361600 DF70435F3D17C40D5CB15E6DC918342E c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2009-06-20_16.43.46 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-20 19:23 . 2009-06-20 19:23 16384 c:\windows\Temp\Perflib_Perfdata_6fc.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-16 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400] "BCWipeTM Startup"="c:\program files\Jetico\BCWipe\BCWipeTM.exe" [2008-09-04 545520] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-18 68592] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="shell32" [X] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= "c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [20/06/2009 08:04 130936] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14:23 106208] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [06/02/2009 14:23 727720] S3 AF9035BDA;Cinergy T-Stick service;c:\windows\system32\drivers\AF9035BDA.sys [04/06/2009 11:07 247968] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [14/04/2009 11:21 1684736] S3 DFE528TX;D-Link DFE-528TX PCI Adapter;c:\windows\system32\drivers\DLKRTL.SYS [20/04/2009 22:21 45568] S3 ovt530;Webcam Classic;c:\windows\system32\Drivers\ov530vid.sys --> c:\windows\system32\Drivers\ov530vid.sys [?] S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\bcswap.sys [14/05/2009 12:23 91496] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-20 21:23 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(712) c:\windows\system32\Ati2evxx.dll c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'explorer.exe'(3908) c:\program files\Google\Quick Search Box\bin\1.1.1038.9122\qsb.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe c:\program files\Fichiers communs\Protexis\License Service\PsiService_2.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Heure de fin: 2009-06-20 21:26 - La machine a redémarré ComboFix-quarantined-files.txt 2009-06-20 19:26 ComboFix2.txt 2009-06-20 16:47 Avant-CF: 294 490 390 528 octets libres Après-CF: 294 345 134 080 octets libres 884 --- E O F --- 2009-06-12 05:15

Merci pour ton aide J'ai fait scanner le fichier qui semble très suspect en effet (je l'avais pas vu celui la!) mais a la fin je n'ai pas trouvé de rapport que je puisse mettre sous forme de txt car il n'affiche pas un tableau comme sur le lien de ton tuto mais affiche un logo de chaque antivirus suivi du résultat voici 2009-06-20 Rien trouvé 2009-06-19 Rien trouvé 2009-06-20 Backdoor.Win32.Poison!IK 2009-06-20 Backdoor.Win32.Poison 2009-06-19 Rien trouvé 2009-06-20 Rien trouvé 2009-06-20 Rien trouvé 2009-06-20 Rien trouvé 2009-06-20 TR/Dropper.Gen 2009-06-19 Rien trouvé 2009-06-20 Rien trouvé 2009-06-20 Bck/Poison.F 2009-06-20 Rien trouvé 2009-06-19 Rien trouvé 2009-06-20 Rien trouvé 2009-06-20 Mal/Generic-A 2009-06-20 Rien trouvé 2009-06-19 Rien trouvé 2009-06-19 Rien trouvé 2009-06-19 Rien trouvé j'ai un lien permanent concernant mon scan http://virusscan.jotti.org/fr/scanresult/8...65958b45bd34523 merci pour ton aide je me rappelle aussi de ce site dans le meme genre, je ne sais pas ce que tu en pense http://www.virustotal.com/fr/ résultat Fichier printspool.exe reçu le 2009.06.20 18:19:16 (UTC) Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 10/41 (24.4%) en train de charger les informations du serveur... Votre fichier est dans la file d'attente, en position: 4. L'heure estimée de démarrage est entre 81 et 116 secondes. Ne fermez pas la fenêtre avant la fin de l'analyse. L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats. Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier. Votre fichier est, en ce moment, en cours d'analyse par VirusTotal, les résultats seront affichés au fur et à mesure de leur génération. Formaté Impression des résultats Votre fichier a expiré ou n'existe pas. Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie. Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. Email: Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.18 2009.06.20 Backdoor.Win32.Poison!IK AhnLab-V3 5.0.0.2 2009.06.20 Win-Trojan/Poison.49252.B AntiVir 7.9.0.193 2009.06.20 TR/Dropper.Gen Antiy-AVL 2.0.3.1 2009.06.19 - Authentium 5.1.2.4 2009.06.20 - Avast 4.8.1335.0 2009.06.19 - AVG 8.5.0.339 2009.06.20 - BitDefender 7.2 2009.06.20 - CAT-QuickHeal 10.00 2009.06.19 - ClamAV 0.94.1 2009.06.20 - Comodo 1381 2009.06.20 - DrWeb 5.0.0.12182 2009.06.20 - eSafe 7.0.17.0 2009.06.18 - eTrust-Vet 31.6.6570 2009.06.19 - F-Prot 4.4.4.56 2009.06.19 - F-Secure 8.0.14470.0 2009.06.19 - Fortinet 3.117.0.0 2009.06.19 - GData 19 2009.06.20 - Ikarus T3.1.1.59.0 2009.06.20 Backdoor.Win32.Poison Jiangmin 11.0.706 2009.06.20 - K7AntiVirus 7.10.768 2009.06.19 - Kaspersky 7.0.0.125 2009.06.20 - McAfee 5652 2009.06.20 - McAfee+Artemis 5652 2009.06.20 Artemis!ACC2F6258D20 McAfee-GW-Edition 6.7.6 2009.06.20 Trojan.Dropper.Gen Microsoft 1.4803 2009.06.20 VirTool:Win32/VBInject.gen!AN NOD32 4173 2009.06.20 - Norman 6.01.09 2009.06.19 - nProtect 2009.1.8.0 2009.06.20 - Panda 10.0.0.16 2009.06.20 Bck/Poison.F PCTools 4.4.2.0 2009.06.20 - Prevx 3.0 2009.06.20 Medium Risk Malware Rising 21.34.52.00 2009.06.20 - Sophos 4.42.0 2009.06.20 Mal/Generic-A Sunbelt 3.2.1858.2 2009.06.20 - Symantec 1.4.4.12 2009.06.20 - TheHacker 6.3.4.3.350 2009.06.20 - TrendMicro 8.950.0.1094 2009.06.20 - VBA32 3.12.10.7 2009.06.20 - ViRobot 2009.6.19.1796 2009.06.19 - VirusBuster 4.6.5.0 2009.06.19 - Information additionnelle File size: 200704 bytes MD5...: acc2f6258d20da5451b591169af9ade1 SHA1..: 866980ac0a7f34aa00c39b46ddc089b3be4074b2 SHA256: 4a2e9eba77c738bb789b5b8db90a97f2fa16a5d7a58b660a000a7c7ccbf77b30 ssdeep: 3072:qr096Y+xS79OJWH4PfJablz6vSMMLct2l1SW:U04YNiog4blzMyct2eW PEiD..: - TrID..: File type identification Win32 Executable Microsoft Visual Basic 6 (90.9%) Win32 Executable Generic (6.1%) Generic Win/DOS Executable (1.4%) DOS Executable Generic (1.4%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x14a0 timedatestamp.....: 0x494d1ffd (Sat Dec 20 16:40:29 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .TEXT 0x1000 0x3504 0x4000 5.16 e1e01c09a55f6e57e9de68234cf6c421 .DATA 0x5000 0x3c8 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110 .RSRC 0x6000 0x7ae8 0x2b000 5.63 4508cbdad6cd6f6bd7b8ee1e0d6ead51 ( 1 imports ) > MSVBVM60.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaAryMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, -, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaVarIndexLoad, _CIsin, __vbaErase, -, __vbaVarZero, -, __vbaChkstk, -, __vbaFileClose, __vbaGenerateBoundsError, __vbaGet3, __vbaAryConstruct2, DllFunctionCall, _adj_fpatan, __vbaRedim, __vbaRecUniToAnsi, __vbaUI1I2, _CIsqrt, __vbaExceptHandler, -, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, __vbaUbound, __vbaStrVarVal, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, -, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaAryLock, __vbaVarAdd, __vbaStrToAnsi, __vbaVarDup, __vbaFpI2, __vbaFpI4, _CIatan, __vbaAryCopy, __vbaStrMove, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaI4ErrVar, __vbaFreeStr, - ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set - Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=531CCCF20061CAD210BF0317868B1A006A53EAB3' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=531CCCF20061CAD210BF0317868B1A006A53EAB3</a>

Bonjour a tous, voici mon probleme : Hier j'ai reçu un mail d'ebay m'indiquant que le password de mon compte avait eté bloqué en gro s a cause d'une tentative de piratage Ce n'est pas du phishing, aucun lien sur lequel il fallait cliquer et le mail venait bien d'ebay j'ai trouvé et supprimer quelque trojan/virus avec le logiciel malwarebytes, mais j'en ai un qui persite detecté par spyware doctor, il s'appele backdoor.bifrose et se caractérise par la prsense d'un fichier addons.datdans le dossier C:\Documents and Settings\Steph\Application Data quand spyware doctor le supprime il réaparait après un redemarage j'ai fait un scan avec hijackthis et combofix, voici les logs merci pour votre aide : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:16:05, on 20/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\Documents and Settings\Steph\Bureau\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [bCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup O4 - HKLM\..\Run: [WMP Update] C:\WINDOWS\system32\Wmpupdate.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 11556 bytes --------------------------------------------------- ComboFix 09-06-19.01 - Steph 20/06/2009 18:37.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3070.2475 [GMT 2:00] Lancé depuis: c:\documents and settings\Steph\Bureau\ComboFix.exe AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Pare-feu personnel d'ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . D:\resycled c:\documents and settings\Steph\Application Data\addons.dat c:\program files\hp\digital imaging\bin\hpqddcmn.dll c:\windows\system32\AutoRun.inf d:\resycled\boot.com . ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-20 au 2009-06-20 )))))))))))))))))))))))))))))))))))) . 2009-06-20 14:33 . 2009-06-20 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-06-20 14:33 . 2009-06-20 14:33 -------- d-----w- c:\documents and settings\Steph\Application Data\Yahoo! 2009-06-20 14:33 . 2009-06-20 14:33 -------- d-----w- c:\program files\Yahoo! 2009-06-20 06:04 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-06-20 06:04 . 2009-06-20 06:24 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-06-20 06:04 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-06-20 06:04 . 2009-06-20 06:05 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2009-06-20 06:04 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-06-20 06:04 . 2009-06-20 06:28 -------- d-----w- c:\program files\Spyware Doctor 2009-06-20 06:04 . 2009-06-20 06:04 -------- d-----w- c:\documents and settings\Steph\Application Data\PC Tools 2009-06-20 06:04 . 2009-06-20 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-06-19 19:09 . 2009-06-19 19:09 -------- d-----w- c:\documents and settings\Steph\Local Settings\Application Data\ESET 2009-06-19 16:44 . 2009-06-19 16:44 -------- d-----w- c:\windows\system32\xircom 2009-06-19 16:44 . 2009-06-19 16:44 -------- d-----w- c:\windows\system32\wbem\snmp 2009-06-19 16:44 . 2009-06-19 16:44 -------- d-----w- c:\program files\microsoft frontpage 2009-06-19 16:33 . 2009-06-19 16:33 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-19 16:31 . 2009-06-19 16:31 -------- d-----w- c:\documents and settings\Steph\Application Data\Malwarebytes 2009-06-19 16:31 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-19 16:31 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-19 16:31 . 2009-06-19 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-19 16:31 . 2009-06-19 16:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-19 15:56 . 2009-06-19 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-06-18 18:48 . 2009-06-18 18:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-06-17 10:55 . 2009-06-17 10:55 -------- d-----w- c:\windows\Sun 2009-06-10 17:24 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-06-10 17:24 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-04 09:08 . 2008-04-13 14:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys 2009-06-04 09:08 . 2008-04-13 14:46 15232 ----a-w- c:\windows\system32\drivers\MPE.sys 2009-06-04 09:08 . 2008-04-13 14:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys 2009-06-04 09:08 . 2008-04-13 14:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys 2009-06-04 09:08 . 2008-04-13 14:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys 2009-06-04 09:08 . 2008-04-13 14:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS 2009-06-04 09:08 . 2008-04-13 14:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys 2009-06-04 09:08 . 2008-04-13 14:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys 2009-06-04 09:07 . 2008-11-11 11:49 247968 ----a-r- c:\windows\system32\drivers\AF9035BDA.sys 2009-06-04 09:07 . 2008-09-01 08:36 356 ----a-r- c:\windows\system32\AF15IrTbl.bin 2009-06-04 09:07 . 2008-04-13 22:33 54784 ----a-w- c:\windows\system32\vfwwdm32.dll 2009-06-04 09:07 . 2008-04-13 22:33 363520 ----a-w- c:\windows\system32\PsisDecd.dll 2009-06-04 09:07 . 2008-04-13 14:46 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys 2009-06-04 08:40 . 2009-06-04 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\TerraTec 2009-06-04 08:40 . 2009-06-04 09:02 -------- d-----w- c:\program files\Fichiers communs\TerraTec 2009-06-04 08:40 . 2009-06-04 08:40 -------- d-----w- c:\program files\TerraTec 2009-06-04 08:39 . 2009-06-04 08:39 -------- d-----w- c:\documents and settings\Steph\Application Data\TerraTec 2009-06-04 05:48 . 2009-06-04 05:48 -------- d-----w- c:\documents and settings\Steph\Application Data\HP 2009-05-31 10:18 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll 2009-05-31 10:18 . 2008-04-07 03:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll 2009-05-27 16:35 . 2009-05-27 16:49 -------- d-----w- c:\documents and settings\Steph\Application Data\FrostWire 2009-05-27 16:22 . 2009-05-27 16:32 -------- d-----w- c:\documents and settings\Steph\Application Data\LimeWire 2009-05-27 16:22 . 2009-05-27 16:22 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-27 16:22 . 2009-05-27 16:22 -------- d-----w- c:\program files\Java 2009-05-27 16:22 . 2009-05-27 16:22 152576 ----a-w- c:\documents and settings\Steph\Application Data\Sun\Java\jre1.6.0_11\lzma.dll 2009-05-27 16:21 . 2009-06-18 16:14 200704 ----a-w- c:\windows\system32\Wmpupdate.exe 2009-05-27 16:21 . 2009-05-07 09:56 19672576 ----a-w- c:\windows\LimeWireWin.exe 2009-05-27 16:20 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2009-05-27 16:03 . 2009-05-27 16:20 -------- d-----w- c:\program files\eMule 2009-05-26 13:46 . 2009-05-26 13:46 -------- d-----w- c:\program files\Jetico . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-20 16:43 . 2009-05-18 19:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-20 07:13 . 2009-04-13 17:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-20 06:46 . 2009-04-13 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier 2009-06-12 12:10 . 2008-04-14 12:00 81626 ----a-w- c:\windows\system32\perfc00C.dat 2009-06-12 12:10 . 2008-04-14 12:00 503628 ----a-w- c:\windows\system32\perfh00C.dat 2009-06-11 11:33 . 2009-04-13 18:19 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-06-11 11:33 . 2009-04-13 18:19 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-06-10 17:43 . 2009-04-13 18:24 153920 ----a-w- c:\documents and settings\Steph\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-10 17:40 . 2009-04-13 18:28 1625008 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-06-10 17:39 . 2009-04-14 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-10 17:36 . 2009-04-14 06:14 -------- d-----w- c:\program files\Microsoft Works 2009-06-09 10:52 . 2009-04-13 18:14 -------- d-----w- c:\documents and settings\Steph\Application Data\GrabIt 2009-06-08 10:10 . 2009-05-19 08:11 -------- d-----w- c:\program files\Electronic Arts 2009-05-31 10:18 . 2009-04-13 18:18 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-05-19 17:31 . 2009-05-19 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts 2009-05-19 08:14 . 2009-05-19 08:14 10134 ----a-r- c:\documents and settings\Steph\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-05-19 08:14 . 2009-05-19 08:14 -------- d-----w- c:\program files\Microsoft WSE 2009-05-15 09:40 . 2009-05-15 09:40 -------- d-----w- c:\program files\CCleaner 2009-05-14 21:03 . 2009-05-14 21:03 -------- d-----w- c:\documents and settings\Steph\Application Data\ImgBurn 2009-05-14 19:04 . 2009-05-14 19:04 -------- d-----w- c:\program files\ImgBurn 2009-05-13 13:28 . 2009-04-13 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2009-05-13 05:04 . 2008-12-20 22:47 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-11 08:52 . 2009-04-13 18:05 -------- d-----w- c:\program files\GrabIt 2009-05-07 15:33 . 2008-04-14 12:00 348672 ----a-w- c:\windows\system32\localspl.dll 2009-05-04 15:34 . 2009-04-23 16:18 -------- d-----w- c:\documents and settings\Steph\Application Data\Nero 2009-04-27 08:18 . 2009-04-27 08:18 -------- d-----w- c:\program files\Pochette Express 2 2009-04-27 07:03 . 2009-04-25 17:28 -------- d-----w- c:\program files\Microsoft Silverlight 2009-04-25 18:08 . 2009-04-13 18:09 -------- d-----w- c:\program files\Google 2009-04-23 15:33 . 2009-04-23 15:15 -------- d-----w- c:\program files\Fichiers communs\Nero 2009-04-23 15:25 . 2009-04-23 15:15 -------- d-----w- c:\program files\Nero 2009-04-23 15:24 . 2009-04-23 15:24 -------- d-----w- c:\program files\Windows Sidebar 2009-04-23 15:21 . 2009-04-23 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2009-04-23 13:51 . 2009-04-14 17:40 -------- d-----w- c:\documents and settings\Steph\Application Data\dvdcss 2009-04-23 11:43 . 2009-04-23 11:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\agi 2009-04-23 11:42 . 2009-04-23 11:42 339968 ----a-w- c:\windows\system32\pythoncom25.dll 2009-04-23 11:42 . 2009-04-23 11:42 2117632 ----a-w- c:\windows\system32\python25.dll 2009-04-23 11:42 . 2009-04-23 11:42 114688 ----a-w- c:\windows\system32\pywintypes25.dll 2009-04-19 19:42 . 2009-04-10 00:16 1847936 ----a-w- c:\windows\system32\win32k.sys 2009-04-16 12:30 . 2009-04-16 12:30 97248 ----a-w- c:\windows\system32\drivers\snapman.sys 2009-04-15 14:53 . 2008-04-14 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-14 06:28 . 2009-04-14 06:19 158818 ----a-w- c:\windows\hpoins15.dat 2009-04-13 18:28 . 2009-04-13 18:28 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-04-13 18:20 . 2009-04-13 17:09 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-04-13 18:19 . 2009-04-13 18:19 8 --sh--r- c:\documents and settings\All Users\Application Data\C3BED7BE0E.sys 2009-04-13 18:19 . 2009-04-13 18:19 8 --sh--r- c:\documents and settings\All Users\Application Data\C3BED7BE0E.sys 2009-04-13 17:43 . 2009-04-13 17:43 0 ----a-w- c:\windows\ativpsrm.bin 2009-04-13 17:07 . 2009-04-13 17:07 21892 ----a-w- c:\windows\system32\emptyregdb.dat 2009-04-10 00:19 . 2001-08-23 22:47 77891 ----a-w- c:\windows\system32\usrmlnka.exe 2009-04-10 00:16 . 2009-04-10 00:16 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-04-10 00:16 . 2009-04-10 00:16 219648 ----a-w- c:\windows\system32\uxtheme.dll 2009-04-10 00:16 . 2009-04-10 00:16 142336 ----a-w- c:\windows\system32\sfc_os.dll 2009-04-10 00:16 . 2009-04-10 00:16 1013248 ----a-w- c:\windows\system32\syssetup.dll 2009-04-10 00:16 . 2009-04-10 00:16 938496 ----a-w- c:\windows\system32\wmnetmgr.dll 2009-04-10 00:16 . 2009-04-10 00:16 100864 ----a-w- c:\windows\system32\logagent.exe 2009-04-10 00:16 . 2009-04-10 00:16 144896 ----a-w- c:\windows\system32\schannel.dll 2009-04-10 00:16 . 2009-04-10 00:16 333952 ----a-w- c:\windows\system32\drivers\srv.sys 2009-04-10 00:16 . 2009-04-10 00:16 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-04-10 00:14 . 2009-04-13 17:07 691712 ----a-w- c:\windows\system32\inetcomm.dll 2009-04-10 00:14 . 2009-04-10 00:14 253952 ----a-w- c:\windows\system32\es.dll 2009-04-10 00:14 . 2009-04-10 00:14 203136 ----a-w- c:\windows\system32\drivers\RMCast.sys 2009-04-10 00:14 . 2009-04-10 00:14 414720 ----a-w- c:\windows\system32\msscp.dll 2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmvdmoe2.dll 2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmvdmod.dll 2009-04-10 00:13 . 2009-04-10 00:13 603648 ----a-w- c:\windows\system32\wmspdmod.dll 2009-04-10 00:13 . 2009-04-10 00:13 1329152 ----a-w- c:\windows\system32\wmspdmoe.dll 2009-04-10 00:13 . 2009-04-10 00:13 99840 ----a-w- c:\windows\system32\wmpshell.dll 2009-04-10 00:13 . 2009-04-10 00:13 8292352 ----a-w- c:\windows\system32\wmploc.dll 2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmsdmoe2.dll 2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmsdmod.dll 2009-04-10 00:13 . 2009-04-10 00:13 314880 ----a-w- c:\windows\system32\wmpdxm.dll 2009-04-10 00:13 . 2009-04-10 00:13 242688 ----a-w- c:\windows\system32\wmpasf.dll 2009-03-30 15:13 . 2009-04-13 17:30 5063168 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys 2009-03-27 09:22 . 2009-04-13 17:30 17567744 ----a-w- c:\windows\RTHDCPL.EXE 2009-03-25 14:33 . 2009-03-25 14:33 21083176 ----a-w- c:\documents and settings\All Users\Application Data\Corel\Downloads\540225279_410012\1235587639613\PSPPX2ULRAW200904DEFIGS.exe . ------- Sigcheck ------- [-] 2009-04-10 00:16 361600 DF70435F3D17C40D5CB15E6DC918342E c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-16 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400] "BCWipeTM Startup"="c:\program files\Jetico\BCWipe\BCWipeTM.exe" [2008-09-04 545520] "WMP Update"="c:\windows\system32\Wmpupdate.exe" [2009-06-18 200704] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-18 68592] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="shell32" [X] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= "c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [20/06/2009 08:04 130936] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14:23 106208] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [06/02/2009 14:23 727720] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [20/06/2009 08:04 348752] R3 DFE528TX;D-Link DFE-528TX PCI Adapter;c:\windows\system32\drivers\DLKRTL.SYS [20/04/2009 22:21 45568] S3 AF9035BDA;Cinergy T-Stick service;c:\windows\system32\drivers\AF9035BDA.sys [04/06/2009 11:07 247968] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [14/04/2009 11:21 1684736] S3 ovt530;Webcam Classic;c:\windows\system32\Drivers\ov530vid.sys --> c:\windows\system32\Drivers\ov530vid.sys [?] S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\bcswap.sys [14/05/2009 12:23 91496] --- Autres Services/Pilotes en mémoire --- *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F3F255F4-1AEB-1DF7-1AE8-64986D17E0AF}] c:\program files\PrintSpooler\printspool.exe s . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-20 18:43 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run WMP Update = c:\windows\system32\Wmpupdate.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(772) c:\windows\system32\Ati2evxx.dll c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'explorer.exe'(504) c:\program files\Spyware Doctor\pctgmhk.dll c:\program files\Google\Quick Search Box\bin\1.1.1038.9122\qsb.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe c:\program files\Fichiers communs\Protexis\License Service\PsiService_2.exe c:\program files\Spyware Doctor\pctsSvc.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Internet Explorer\iexplore.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Heure de fin: 2009-06-20 18:47 - La machine a redémarré ComboFix-quarantined-files.txt 2009-06-20 16:47 Avant-CF: 291 835 105 280 octets libres Après-CF: 294 138 740 736 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /noexecute=alwaysoff 282 --- E O F --- 2009-06-12 05:15