Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Rapport malwarebytes

Dernière réponse le 24 mar 2009 à 21:18:43 lilounet, le 21 mar 2009 à 23:03:20

Signaler ce message aux modérateurs

Bonjour,
voici le rapport malwarebytes :
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1882
Windows 5.1.2600 Service Pack 2

21/03/2009 13:56:27
mbam-log-2009-03-21 (13-56-25).txt

Type de recherche: Examen rapide
Eléments examinés: 89965
Temps écoulé: 49 minute(s), 24 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 54
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 330

Processus mémoire infecté(s):
C:\WINDOWS\Temp\BN4F.tmp (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\Temp\epz51.tmp (Backdoor.Bot) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\yiyizesa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ahjspezp.dll (Trojan.Fakealert) -> Delete on reboot.
C:\WINDOWS\system32\gtuyqke32.dll (Trojan.Fakealert) -> Delete on reboot.
C:\WINDOWS\system32\rzzait.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gtuyqke.dll (Trojan.Fakealert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a81e45f8-284c-40ba-97fb-86cd890b99ad} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a81e45f8-284c-40ba-97fb-86cd890b99ad} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ahjspezp (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gtuyqke (Trojan.Fakealert) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{515a492c-64eb-4dad-ac83-4a2a19ac815f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\slidershow.slidershowctrl (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{96edcf67-4637-4288-9a0d-4282ebf26d62} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{13e3ff74-b861-4e69-b223-43d711686832} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de85a67a-3f04-4aba-a10b-a37b220afb70} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3794345d-c731-4fbb-8471-73ddc8dffdd2} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5e2402a0-5f99-4188-b30d-d8743996b340} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5e2402a0-5f99-4188-b30d-d8743996b340} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e2402a0-5f99-4188-b30d-d8743996b340} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\slidershow.slidershowctrl.1 (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati3ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati3ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ati3ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati3ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati4ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati4ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ati4ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati4ehxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati5svxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati5svxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ati5svxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati5svxx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati6dgxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati6dgxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati6dgxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ati6dgxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati6dgxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\luckytender (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nup (Rootkit.SpamTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sewivayuva (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nidle (Virus.Virut) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yiyizesa.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yiyizesa.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\yiyizesa.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Vundo.H) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Vundo.H) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efccuvnm -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\nidle (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\m (Trojan.Agent) -> Delete on reboot.
C:\Program Files\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\LuckyTender (Adware.LuckyTender) -> Quarantined and deleted successfully.
C:\Program Files\LuckyTender\1.3.1 (Adware.LuckyTender) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\dscsheua.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\auehscsd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fispnhru.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urhnpsif.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fkrasafk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kfasarkf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ghihbaog.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\goabhihg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hbhkpqem.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\meqpkhbh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hbtppgjs.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sjgpptbh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hfywfxvn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvxfwyfh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hqawclto.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\otlcwaqh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imagtxbk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbxtgami.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lirsjgws.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\swgjsril.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwwpqcgm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mgcqpwwm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ofyudevb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bveduyfo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reglgvsc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csvglger.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sktvsonx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xnosvtks.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\suqtlglh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hlgltqus.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tayreojk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kjoeryat.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbtelupt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpuletbv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vryoxvft.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tfvxoyrv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xguwwtle.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eltwwugx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xtesnwrl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lrwnsetx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zujepalu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sodikoji.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\31146692.Evt (Rootkit.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\46788388.Evt (Rootkit.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\57280112.Evt (Rootkit.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yiyizesa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ahjspezp.dll (Trojan.Fakealert) -> Delete on reboot.
C:\WINDOWS\system32\gtuyqke32.dll (Trojan.Fakealert) -> Delete on reboot.
C:\WINDOWS\Temp\BN4F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rzzait.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\Temp\epz51.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gtuyqke.dll (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmon.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\services.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\LuckyTender\1.3.1\LuckyTender.dll (Adware.LuckyTender) -> Quarantined and deleted successfully.
C:\WINDOWS\instsp1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahjspezp32.dll (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcCuVnM.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gimemula.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\miluduri.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\totanozi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crypts.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kvoujget.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvUNdCr.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\systemntmi.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati3ehxx.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati4ehxx.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati5svxx.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati6dgxx.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Drivers\nup.sys (Rootkit.SpamTool) -> Quarantined and deleted successfully.
C:\cxfagn.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\desae.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\flirxnj.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\itamcndf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\jttgds.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ujbptob.exe (Backdoor.Rustock) -> Quarantined and deleted successfully.
C:\userinit.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Local Settings\Temp\BN6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Local Settings\Temp\oqu7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Local Settings\Temp\rfv8.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Local Settings\Temp\BNB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Local Settings\Temp\sanD.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Local Settings\Temp\IXP003.TMP\EROIGN~1.EXE (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1094991843exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1294428211exe. 1372 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1692125440exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1766846932exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1817359968exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1886590610exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2070791974exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\316752exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\371961032exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\763647696exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\809754593exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\939979307exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\974286259exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\afb45.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ahb42.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ald43.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hns23.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hnt4B.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\htx4D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hws33.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hxu2C.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iaq24.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\idlF.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ifv34.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ipt21.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iro12.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\itt44.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iuc49.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jax48.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jbc8.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jdw3E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jhhA.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jur10.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jxj1E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kpw2D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\krf19.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kvwA.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lzu23.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mgi22.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN20.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN21.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN22.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN23.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN24.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN25.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN26.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN27.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN29.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN30.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN31.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\smk3D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sqo1E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\svf34.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tej49.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tgr9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tjoB.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tobF.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\toe13.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tqrF.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ttw44.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ucb7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ugr1A.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\urm17.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BND.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bnf25.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\brm15.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\byc4F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bzm3C.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cat15.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cbl4C.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cfb18.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cie2C.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cmb36.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\csxA.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dhn19.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dklB.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dnq4A.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ecs43.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\emnE.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\eru28.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fiv36.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fmz25.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fyn3D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fzc3B.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gko27.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gtp15.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\njw26.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nobE.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nve3A.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nwt1E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nxe4E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oea1A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ono40.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\opz35.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\osf26.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\osu2C.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pbo4A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pdk35.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pec39.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pey2A.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ptu3F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qad20.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qha27.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qmk1D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qoa16.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qxaD.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rgf38.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\riy1B.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sab22.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ayg32.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN32.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hcf8.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\moq4.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\uug10.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN33.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN34.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN35.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN36.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN37.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN38.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN39.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN40.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN41.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN42.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN43.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN44.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN45.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN46.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN47.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN48.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN49.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN50.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vgi2F.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\viy47.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vje35.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vjg3E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vtx46.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wet2E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wiy52.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wln30.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xab39.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xbzB.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xms3F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xzh6.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ycq16.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ykl2F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ynv42.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yzw2E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\zdk4E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\zhw14.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\zxr41.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\azk3F.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bfc1F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN10.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN11.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN12.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN13.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN14.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN15.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN16.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN17.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN18.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN19.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\{0d39b496-0b8a-4dde-94f5-ebe19f923e50} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\{5c255c8a-e604-49b4-9d64-90988571cecb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\CPIF0T2N\installl[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\CPIF0T2N\nyfa32[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\J6FX9KF7\nyfa32[43].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\J6FX9KF7\nyfa32[44].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\1130115.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\1255104.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\1798936.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\1871871.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\350013.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\375009.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\400275.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\408797.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\492337.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\494080.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\496574.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\540186.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\599892.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\605390.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\614763.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\655332.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\714527.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\753132.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\755856.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\856201.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\880866.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\nidle\nidle.exe9ku (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32\user.ds.cla (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32\local.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain32\user.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\LuckyTender\uninst.exe (Adware.LuckyTender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rs32net.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twex.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService.NT AUTHORITY.000\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN28.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vokowena.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnliFuv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\restore.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Configuration: Windows XP
Firefox 3.0.7

Meilleures réponses pour « rapport malwarebytes » dans :

Rapport Malwarebytes sur antispycheck (Résolu) Voir

Rapport malwarebytes (Résolu) Voir

Rapport Malwarebytes' (Résolu) Voir

Comment faire un rapport de stage ? Voir

Mise à jour automatique MalwareBytes' VoirMalwareByte’s Anti-Malware est un bon logiciel pour retirer les infections : Lien L'astuce suivante concerne la version gratuite de MBAM. Comment faire pour que MBAM se mette à jour automatiquement ? Pour Windows XP Cliquer sur Menu...

Rapport malwarebytes Voir

QUELQU'UN POUR LIRE RAPPORT MALWAREBYTES???!! Voir

Télécharger Malwarebytes Voir

Posez votre question Répondre

Destrio5, le 21 mar 2009 à 23:05:20

Salut,

Tu collectionnes les infections ?

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

Répondre à Destrio5

loloetseb, le 21 mar 2009 à 23:06:44

Jamais vu autant d'infection sur un rapport Mbam

Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...

-> laisse faire le scan et ne touche pas au PC ...

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

Répondre à loloetseb

lilounet, le 21 mar 2009 à 23:21:33

Voici le rapport info.txt :
info.txt logfile of random's system information tool 1.06 2009-03-21 14:11:51

======Uninstall list======

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->D:\Program Files\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe MPEG Encoder-->MsiExec.exe /I{9811A185-3D3D-11D6-9E14-00036D172B00}
Adobe Premiere 6.0-->C:\WINDOWS\UNIN040C.EXE -f"d:\adobe 6.0\DeIsL1.isu" -c"d:\adobe 6.0\Uninst.dll"
Adobe Premiere 6.5-->C:\WINDOWS\UNIN040C.EXE -f"d:\program files\DeIsL1.isu" -c"d:\program files\Uninst.dll"
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe® Photoshop® Album Edition Découverte 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Advanced RealMedia Export Plug-in for Premiere 6.0-->d:\adobe 6.0\Plug-ins\RNCompiler\rnuninst.exe RealNetworks|RNCompiler|6.0
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c
Ask Toolbar-->rundll32 C:\PROGRA~1\AskTBar\bar\2.bin\AskTBar.dll,O
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Blancco - File Shredder-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{BED24E2B-C79C-4948-863F-D211FD6088AA}\Blancco_File_Shredder.exe" REMOVE=TRUE MODIFY=FALSE
Blancco - File Shredder-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{BED24E2B-C79C-4948-863F-D211FD6088AA}\Blancco_File_Shredder.exe
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x000c
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Easy-WebPrint-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
eMule Plus 1.2d-->"D:\eMule\unins000.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
FeedReader-->"C:\Program Files\FeedReader30\unins000.exe"
Free Mp3 Wma Converter V 1.7.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
FUJIFILM FinePixViewer S Ver.2.1-->C:\Program Files\InstallShield Installation Information\{88B32652-CAE0-4909-A463-5840D2689D93}\SETUP.EXE -runfromtemp -l0x040c -removeonly
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
LaCie Backup Software v1.5.2378-->MsiExec.exe /I{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}
Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA}
Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 7 Ultra Edition-->MsiExec.exe /X{847CAE64-4CD2-4B2D-AF00-978FF5431036}
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-20CX-4294-TL10-U4U0-UKE2-MMT7-AHWX"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Premium Booster-->C:\Program Files\Premium Booster\Uninstall Premium Booster.exe
Programme de gestion Camera de Logitech®-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
QUAD Registry Cleaner v.1.5.67-->C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\uninst.exe
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -removeonly
Registry Easy v4.9-->"C:\Program Files\Registry Easy\unins000.exe"
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
TC Native Essentials 2.02-->C:\PROGRA~1\TCWorks\TCNATI~1\UninstallTCEssentials.exe C:\PROGRA~1\TCWorks\TCNATI~1\INSTALL.LOG
Uniblue RegistryBooster 2-->"C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VirtuaGirl HD-->C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Start Menu\Programs\VirtuaGirl HD\uninstall.lnk
VLC media player 0.9.6-->D:\VLC\uninstall.exe
Win AVI HelixSDK-->"D:\WinAVI Video Converter\HelixSDK\unins000.exe"
WinAVI Video Converter 8.0-->"D:\WinAVI Video Converter\unins000.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: Kaspersky Anti-Virus (disabled)

======System event log======

Computer Name: LILOUNET-MJIZK9
Event Code: 7001
Message: The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Record Number: 4924
Source Name: Service Control Manager
Time Written: 20090319090126.000000-480
Event Type: error
User:

Computer Name: LILOUNET-MJIZK9
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the ICF service to connect.

Record Number: 4923
Source Name: Service Control Manager
Time Written: 20090319090126.000000-480
Event Type: error
User:

Computer Name: LILOUNET-MJIZK9
Event Code: 10010
Message: The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register with DCOM within the required timeout.

Record Number: 4905
Source Name: DCOM
Time Written: 20090319075253.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: LILOUNET-MJIZK9
Event Code: 10010
Message: The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register with DCOM within the required timeout.

Record Number: 4904
Source Name: DCOM
Time Written: 20090319075145.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: LILOUNET-MJIZK9
Event Code: 10010
Message: The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register with DCOM within the required timeout.

Record Number: 4903
Source Name: DCOM
Time Written: 20090319074821.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: LILOUNET-MJIZK9
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 42
Source Name: WinMgmt
Time Written: 20090124082642.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LILOUNET-MJIZK9
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 41
Source Name: WinMgmt
Time Written: 20090124082637.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LILOUNET-MJIZK9
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 40
Source Name: WinMgmt
Time Written: 20090124082637.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LILOUNET-MJIZK9
Event Code: 1000
Message: Faulting application rundll32.exe, version 5.1.2600.2180, faulting module , version 0.0.0.0, fault address 0x00000000.

Record Number: 7
Source Name: Application Error
Time Written: 20090123054630.000000-480
Event Type: error
User:

Computer Name: LILOUNET-MJIZK9
Event Code: 1002
Message: Hanging application emule.exe, version 0.49.1.27, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 3
Source Name: Application Hang
Time Written: 20090123051820.000000-480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=DSREPAIR

-----------------EOF-----------------

Répondre à lilounet

lilounet, le 21 mar 2009 à 23:22:39

Et le rapport log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by lilou at 2009-03-21 14:20:26
Microsoft Windows XP Professional Service Pack 2
System drive C: has 15 GB (45%) free of 32 GB
Total RAM: 510 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:35, on 18/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
D:\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Hotbar\bin\10.2.232.0\Weather.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Desktop\RSIT.exe
C:\Program Files\trend micro\lilou.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (file missing)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\10.2.232.0\Weather.exe" -auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher S.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
End of file - 7959 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AC57F93E91B88A4E.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\oapvtthv.job
C:\WINDOWS\tasks\Schedule Task Weekly.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D39B496-0B8A-4DDE-94F5-EBE19F923E50}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}]
Hotbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
Ask Search Assistant BHO - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL [2008-12-20 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL [2008-12-20 245760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll []
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Ask Toolbar - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL [2008-12-20 245760]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=D:\iTunesHelper.exe [2008-11-20 290088]
"Adobe Photo Downloader"=D:\3.0\Apps\apdproxy.exe [2005-06-23 57344]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"sewivayuva"=C:\WINDOWS\system32\zujepalu.dll,s []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 1273488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2005-07-20 794632]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe boot []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-02-01 21898024]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2007-06-27 152872]
"LaCie Backup"=C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe [2006-07-06 2596864]
"QUAD Windows service"=C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe [2009-03-16 13840384]
"QUAD Scheduler"=C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe []
"RegistryBooster 2 d’Uniblue "=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [2007-11-21 1902592]
"ObjUp"=C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\STOREF~1\bitsgreat.exe []

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" rzzait.dll,C:\WINDOWS\system32\yiyizesa.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
"notification packages"=scecli
C:\WINDOWS\system32\yiyizesa.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6dgxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati6dgxx.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"ConsentPromptBehaviorAdmin"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=157

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\iTunes.exe"="D:\iTunes.exe:*:Enabled:iTunes"
"D:\eMule\emule.exe"="D:\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:RPC"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ce2e942-e136-11dc-a28c-806d6172696f}]
shell\AutoRun\command - F:\setup.exe

======List of files/folders created in the last 2 months======

65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\vajetezo.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\vabofoka.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\tekijowe.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\nozutiki.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\neyikine.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\nehalofu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\mofelise.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\howiduga.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\dudumese.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\dahurawa.dll
2009-03-21 14:11:38 ----D---- C:\rsit
2009-03-21 13:59:09 ----A---- C:\avenger.txt
2009-03-21 13:19:39 ----A---- C:\WINDOWS\system32\mstinit.dll
2009-03-21 13:12:29 ----A---- C:\WINDOWS\system32\ban_list.txt
2009-03-21 12:52:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-21 05:40:22 ----AH---- C:\WINDOWS\system32\BIT65.tmp
2009-03-19 11:40:13 ----D---- C:\Program Files\vghd
2009-03-19 11:40:12 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\vghd
2009-03-19 10:59:46 ----D---- C:\Program Files\Premium Booster
2009-03-19 10:34:13 ----D---- C:\Program Files\Registry Easy
2009-03-19 10:31:51 ----SH---- C:\WINDOWS\system32\wagegeda.dll
2009-03-19 10:13:41 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\bat glue time dash
2009-03-19 10:12:07 ----D---- C:\Program Files\storefunklong
2009-03-19 10:12:07 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\storefunklong
2009-03-19 09:48:27 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\QUAD Backups
2009-03-19 09:41:07 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\Uniblue
2009-03-19 09:40:54 ----D---- C:\Program Files\Uniblue
2009-03-19 06:26:42 ----D---- C:\Program Files\CCleaner
2009-03-15 12:59:29 ----D---- C:\Program Files\QUAD Utilities
2009-03-14 10:32:57 ----D---- C:\Program Files\HDDGURU LLF Tool
2009-03-11 13:43:01 ----D---- C:\WINDOWS\Temp
2009-03-11 13:42:20 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\Blancco
2009-03-11 13:39:30 ----HD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{BED24E2B-C79C-4948-863F-D211FD6088AA}
2009-03-11 13:39:23 ----D---- C:\Program Files\Common Files\Blancco
2009-03-11 13:39:23 ----D---- C:\Program Files\Blancco
2009-03-07 11:09:54 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-03-07 11:09:54 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-03-07 11:09:54 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-03-07 10:57:09 ----D---- C:\Muestras
2009-03-07 10:57:08 ----A---- C:\InfoSat.txt
2009-03-03 15:28:48 ----D---- C:\WINDOWS\Prefetch
2009-03-03 15:11:16 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-03-03 14:53:06 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-03-03 14:53:06 ----A---- C:\WINDOWS\system32\irclass.dll
2009-03-03 14:51:33 ----RA---- C:\WINDOWS\SET11B.tmp
2009-03-03 14:51:28 ----RA---- C:\WINDOWS\SET10F.tmp
2009-03-03 14:51:26 ----RA---- C:\WINDOWS\SET10C.tmp
2009-02-27 11:31:05 ----A---- C:\WINDOWS\tjbzuwli.exe
2009-02-27 10:44:35 ----A---- C:\WINDOWS\system32\wm16tokl.dll
2009-02-27 10:44:35 ----A---- C:\WINDOWS\system32\sys16u.dll
2009-02-27 10:44:09 ----A---- C:\WINDOWS\jrfbwsrf.exe
2009-02-27 02:10:28 ----A---- C:\WINDOWS\system32\progman.dll
2009-02-27 02:10:28 ----A---- C:\WINDOWS\system32\print.dll
2009-02-24 13:51:33 ----A---- C:\WINDOWS\system32\hhs3ijndfd.dll
2009-02-23 13:11:58 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2009-02-22 05:48:41 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-22 05:46:26 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-02-22 05:40:26 ----D---- C:\Program Files\Microsoft Sync Framework
2009-02-21 04:25:58 ----ASH---- C:\WINDOWS\system32\ysgudjqp.ini
2009-02-20 02:40:42 ----ASH---- C:\WINDOWS\system32\hnnbxqwx.ini
2009-02-18 03:05:36 ----ASH---- C:\WINDOWS\system32\fipxlpcd.ini
2009-02-12 03:04:57 ----ASH---- C:\WINDOWS\system32\pkpnnijn.ini
2009-02-11 03:04:37 ----ASH---- C:\WINDOWS\system32\pmrjagpo.ini
2009-02-10 09:29:27 ----ASH---- C:\WINDOWS\system32\nnbklnrn.ini
2009-02-09 05:36:33 ----ASH---- C:\WINDOWS\system32\dxowhmps.ini
2009-02-08 08:53:46 ----D---- C:\Program Files\directx
2009-02-07 04:57:20 ----ASH---- C:\WINDOWS\system32\nvyopugm.ini
2009-02-06 18:52:40 ----A---- C:\WINDOWS\system32\sirenacm.dll
2009-02-03 16:55:35 ----ASH---- C:\WINDOWS\system32\ubiuyvue.ini
2009-02-01 13:12:46 ----ASH---- C:\WINDOWS\system32\uepasqox.ini
2009-01-31 14:25:52 ----D---- C:\Archivos de programa
2009-01-30 14:08:21 ----ASH---- C:\WINDOWS\system32\ysafiqei.ini
2009-01-28 03:51:16 ----ASH---- C:\WINDOWS\system32\epaxhafn.ini
2009-01-27 14:39:43 ----ASH---- C:\WINDOWS\system32\frjkevfh.ini
2009-01-27 12:44:08 ----D---- C:\Program Files\Ahead
2009-01-26 14:38:17 ----ASH---- C:\WINDOWS\system32\oqabtscl.ini
2009-01-25 11:36:19 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-25 11:35:45 ----A---- C:\WINDOWS\system32\RtNicProp32.dll
2009-01-25 11:35:43 ----D---- C:\Program Files\Realtek
2009-01-24 08:31:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-24 08:25:25 ----D---- C:\Program Files\ComPlus Applications
2009-01-24 08:13:51 ----RA---- C:\WINDOWS\SET11A.tmp
2009-01-24 08:13:47 ----RA---- C:\WINDOWS\SET10E.tmp
2009-01-24 08:13:44 ----RA---- C:\WINDOWS\SET10B.tmp
2009-01-24 05:15:54 ----A---- C:\WINDOWS\system32\honjflnd.dll
2009-01-23 23:51:13 ----D---- C:\WINDOWS\addins
2009-01-23 16:02:27 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
2009-01-23 15:46:30 ----A---- C:\WINDOWS\system32\2f2d971c-.txt
2009-01-23 15:46:11 ----ASH---- C:\WINDOWS\system32\MnVuCcfe.ini2
2009-01-23 15:46:09 ----ASH---- C:\WINDOWS\system32\MnVuCcfe.ini
2009-01-23 15:35:06 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\Babylon
2009-01-23 13:29:47 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\LuckyTender
2009-01-22 12:38:51 ----A---- C:\WINDOWS\system32\gohnkfqb.dll

======List of files/folders modified in the last 2 months======

2009-03-21 14:20:27 ----D---- C:\Program Files\trend micro
2009-03-21 14:12:13 ----D---- C:\Program Files\Mozilla Firefox
2009-03-21 13:59:11 ----D---- C:\WINDOWS\system32
2009-03-21 13:59:11 ----D---- C:\Avenger
2009-03-21 13:59:10 ----HD---- C:\WINDOWS\system32\drivers
2009-03-21 13:55:37 ----RD---- C:\Program Files
2009-03-21 13:55:10 ----D---- C:\WINDOWS
2009-03-21 13:54:13 ----D---- C:\WINDOWS\system32\config
2009-03-21 13:18:51 ----A---- C:\WINDOWS\explorer.exe
2009-03-21 13:18:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-21 13:18:50 ----A---- C:\WINDOWS\system32\sfc_os.dll
2009-03-21 12:52:59 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-21 12:35:24 ----A---- C:\WINDOWS\system32\svchost.exe
2009-03-21 05:40:11 ----D---- C:\WINDOWS\Minidump
2009-03-21 05:35:32 ----HD---- C:\Config.Msi
2009-03-21 05:35:27 ----SHD---- C:\WINDOWS\Installer
2009-03-21 05:28:37 ----A---- C:\WINDOWS\OEWABLog.txt
2009-03-19 10:22:58 ----SD---- C:\WINDOWS\Tasks
2009-03-12 13:32:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-12 05:19:52 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\Skype
2009-03-12 05:19:29 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\skypePM
2009-03-12 05:17:13 ----HD---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\drivers
2009-03-12 05:08:43 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-03-12 05:08:42 ----D---- C:\WINDOWS\setup.pss
2009-03-11 13:39:23 ----D---- C:\Program Files\Common Files
2009-03-07 11:10:06 ----D---- C:\WINDOWS\Help
2009-03-07 11:09:58 ----HD---- C:\WINDOWS\inf
2009-03-06 14:08:47 ----D---- C:\Program Files\eMule
2009-03-05 10:20:25 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\MSN6
2009-03-05 10:18:18 ----A---- C:\WINDOWS\ModemLog_Best Data Data Fax Modem.txt
2009-03-05 10:04:22 ----A---- C:\WINDOWS\system.ini
2009-03-05 08:28:43 ----D---- C:\WINDOWS\security
2009-03-05 08:28:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-04 10:34:08 ----D---- C:\Program Files\Common Files\Adobe
2009-03-04 10:28:44 ----D---- C:\WINDOWS\system32\Restore
2009-03-03 15:33:31 ----D---- C:\WINDOWS\Registration
2009-03-03 15:32:06 ----A---- C:\WINDOWS\setuplog.txt
2009-03-03 15:29:01 ----SHD---- C:\System Volume Information
2009-03-03 15:13:04 ----A---- C:\WINDOWS\ODBCINST.INI
2009-03-03 15:12:13 ----D---- C:\WINDOWS\system32\ias
2009-03-03 15:11:21 ----RD---- C:\WINDOWS\Web
2009-03-03 15:11:02 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-03-03 15:10:40 ----A---- C:\WINDOWS\win.ini
2009-03-03 15:10:26 ----D---- C:\WINDOWS\srchasst
2009-03-03 15:09:34 ----D---- C:\WINDOWS\system32\oobe
2009-03-03 15:09:19 ----D---- C:\Program Files\Windows Media Player
2009-03-03 15:09:18 ----D---- C:\Program Files\NetMeeting
2009-03-03 15:09:16 ----D---- C:\Program Files\Common Files\Services
2009-03-03 15:09:11 ----D---- C:\Program Files\Outlook Express
2009-03-03 15:08:47 ----D---- C:\Program Files\Movie Maker
2009-03-03 15:08:23 ----D---- C:\Program Files\Common Files\System
2009-03-03 15:08:09 ----D---- C:\Program Files\Internet Explorer
2009-03-03 15:06:54 ----D---- C:\WINDOWS\system32\Com
2009-03-03 15:06:13 ----D---- C:\Program Files\Windows Media Connect 2
2009-03-03 15:05:53 ----D---- C:\WINDOWS\Cursors
2009-03-03 15:05:46 ----D---- C:\Program Files\Windows NT
2009-03-03 15:05:30 ----D---- C:\WINDOWS\system32\wbem
2009-03-03 15:04:05 ----SH---- C:\boot.ini
2009-03-03 14:53:53 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-03 14:52:54 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
2009-03-03 06:46:51 ----D---- C:\WINDOWS\system32\Setup
2009-03-03 06:46:51 ----D---- C:\WINDOWS\system
2009-03-03 06:46:40 ----D---- C:\WINDOWS\system32\usmt
2009-03-03 06:46:28 ----D---- C:\WINDOWS\AppPatch
2009-03-03 06:46:17 ----D---- C:\WINDOWS\mui
2009-03-03 06:46:09 ----D---- C:\WINDOWS\system32\en
2009-03-03 06:46:03 ----D---- C:\WINDOWS\ime
2009-03-03 06:46:03 ----D---- C:\WINDOWS\ehome
2009-03-03 06:46:01 ----RSD---- C:\WINDOWS\Fonts
2009-03-03 06:46:01 ----D---- C:\WINDOWS\Media
2009-03-03 06:45:46 ----D---- C:\WINDOWS\PeerNet
2009-03-03 06:45:30 ----D---- C:\WINDOWS\system32\npp
2009-03-03 06:45:23 ----D---- C:\WINDOWS\msagent
2009-03-03 06:43:09 ----D---- C:\WINDOWS\twain_32
2009-03-03 06:42:49 ----D---- C:\WINDOWS\system32\icsxml
2009-03-03 06:42:07 ----D---- C:\WINDOWS\system32\1033
2009-03-03 06:40:37 ----D---- C:\WINDOWS\Driver Cache
2009-03-01 06:54:20 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-27 10:05:27 ----SHD---- C:\RECYCLER
2009-02-25 13:55:06 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-24 05:02:54 ----SD---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\Microsoft
2009-02-23 11:50:08 ----A---- C:\WINDOWS\imsins.BAK
2009-02-22 11:41:28 ----RSD---- C:\WINDOWS\assembly
2009-02-22 11:41:28 ----D---- C:\WINDOWS\Microsoft.NET
2009-02-22 05:47:16 ----D---- C:\Program Files\Microsoft
2009-02-22 05:44:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-22 05:44:29 ----D---- C:\Program Files\Windows Live
2009-02-22 05:40:29 ----D---- C:\WINDOWS\WinSxS
2009-02-22 05:39:18 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-02-22 05:02:45 ----D---- C:\WINDOWS\system32\DirectX
2009-02-20 14:37:13 ----SD---- C:\WINDOWS\system32\Microsoft
2009-02-17 12:00:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-08 08:54:28 ----D---- C:\Program Files\Adobe
2009-02-08 08:48:39 ----D---- C:\Documents and Settings
2009-02-02 12:16:11 ----A---- C:\WINDOWS\system32\act_log.txt
2009-01-29 07:01:35 ----D---- C:\Program Files\Common Files\Ahead
2009-01-23 05:46:32 ----D---- C:\Program Files\Bonjour

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2006-04-16 37376]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2006-04-16 60800]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 G400;G400; C:\WINDOWS\System32\DRIVERS\G400m.sys [2001-08-17 322432]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2006-04-16 61824]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-03 163584]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-12-02 118656]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2005-10-15 31744]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-05 57984]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S1 ethdnamh;ethdnamh; C:\WINDOWS\system32\drivers\ethdnamh.sys [2009-03-05 135584]
S2 asc3550p;asc3550p; C:\WINDOWS\system32\drivers\asc3550p.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2006-04-16 10880]
S3 netrcacm;RCA USB Digital Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\netrcacm.sys [2003-04-02 20648]
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2005-05-27 1317152]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2005-10-15 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-03 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2009-03-21 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 NBService;NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-11-06 38912]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-03-21 14336]

-----------------EOF-----------------

Répondre à lilounet

gen-hackman, le 21 mar 2009 à 23:23:50

Bonsoir c'est bien ca dresse toute la liste de l'infection Vundo (les dlls , les fichiers .ini.....etc.....)

:) ®© ----™g3и-н@¢км@и™---- ©®

Répondre à gen-hackman

Destrio5, le 21 mar 2009 à 23:24:10

Olala...

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

Répondre à Destrio5

lilounet, le 22 mar 2009 à 00:27:26

Voici le rapport combofix : (en vous remerciant encore mille fois pour votre aide...!)

ComboFix 09-03-19.02 - lilou 2009-03-21 15:05:36.3 - NTFSx86 DSREPAIR
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.280 [GMT -8:00]
Lancé depuis: c:\documents and settings\lilou.LILOUNET-MJIZK9\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\documents and settings\All Users.WINDOWS\Application Data\HotbarSA
c:\documents and settings\All Users.WINDOWS\Application Data\HotbarSA\HotbarSA.dat
c:\documents and settings\All Users.WINDOWS\Application Data\HotbarSA\HotbarSA_kyf.dat
c:\documents and settings\All Users.WINDOWS\Application Data\HotbarSA\HotbarSAAbout.mht
c:\documents and settings\All Users.WINDOWS\Application Data\HotbarSA\HotbarSAau.dat
c:\documents and settings\All Users.WINDOWS\Application Data\HotbarSA\HotbarSAEULA.mht
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Hotbar
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Hotbar\About Hotbar.lnk
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Hotbar\Reset Cursor.lnk
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Hotbar\Uninstall Hotbar.lnk
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Hotbar\Weather.lnk
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\drivers\downld
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u30104_emte10_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u30104_emte11_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u30104_emte12_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u30104_emte13_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u30104_emte14_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u30104_emte19_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u30104_emte20_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u30104_emte21_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u30104_emte9_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u30203lib_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u33102angel_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u33102bigluf_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u33102bigsmile_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u33102birthday_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u33102cheers_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u33102flo_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u33102good_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u33102jump_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u33102king_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u33102lough_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u33102luf_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u33102smile_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u33102smiled_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u33102sor_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u33102thanx_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u33102uhu_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u40103ahh_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u40103wow_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u40104_emi2_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u42102_1134_112_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u50103big_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u50103gig_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u50103hm_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u50103nomail_emoti_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u50103norm_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u60104_ema15_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u60104_ema16_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u60104_ema17_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u60104_ema18_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u60104_ema19_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u60104_ema20_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u60104_ema21_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u60104_ema24_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u60104_ema25_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u60104_ema26_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u60104_ema30_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u60104_ema33_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u60104_ema34_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u62802hippi_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u62802jumpie_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u80402argh_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u80402oops_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u80402ouch_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u82502no_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\[u]0/u82502yes_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\110103_boring1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\110103_confused_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\110103_crying_ugly_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\110103_fantastic_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\110103_feel_better_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\110103_gimme_break_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\110103_heehee_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\110103_hlopaet_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\110103_ign_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\110103_lol_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\110103_no_comment_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\110103_peace_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\110103_smashing_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\110103_talk2thehand_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\block_sm.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\block_sm2.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\block_smli.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\block_smli2.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\blocked.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\blocked2.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\btn_add-but.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\btn_back-but.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\btn_left_cut_enabled_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\btn_left_enabled_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\btn_left_pressed_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\btn_middle_enabled_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\btn_middle_pressed_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\btn_right_cut_enabled_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\btn_right_enabled_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\btn_right_pressed_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\business_promo.htm
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\buttondir.txt
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\components.cdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\css_cattree.css
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\css_flashpreview.css
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\css2_main.css
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\css2_pagingmodule.css
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\css2_topbuttons.css
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\delete.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\edit_clear_sound.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\edit_fs.htm
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\edit_select.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-511745-514279.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-email-backgrounds.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-email-bcards.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-email-ecards.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-email-edit.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-email-emoticons.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-email-estationery.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-email-funny.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-email-help.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-email-images.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-email-info.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-email-more.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-email-my.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-email-people.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-email-photo.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-email-tell.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-email-temp.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-email-temp_OI.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-email-text.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def-email-voice.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-def.cdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-premium-email-premium.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-premium-email-premium_OI.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-t1-bg.res
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\email-temp-bg.res
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\estatationery.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\flashpatch.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\flashpreview.htm
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\fs3.htm
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\hotbar_promo.htm
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\icon_checked_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\icon_close_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\icon_close_pressed_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\icon_edit_preview.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\icon_edit_send.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\icon_flash_preview.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\icon_recently_used.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\icon_remove_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\icon_remove_pressed_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\icon_sand-clock2.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\icon_tell_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\icon_tell_pressed_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\icon_tree_null.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\icon_unchecked_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\icon_unchecked_pressed_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\img_barlayout.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\img_barlayout2.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\img_barlayout4.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\img_corner_left.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\img_local_logo.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\js2_basetemplate.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\js2_hbgroups.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\js2_hbobject3.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\js2_hbobjectset3.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\js2_hotbarwrapper.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\js2_iteratorsandreaders3nf.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\js2_pagingmoduleobj3.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\js2_texts3.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\js2_xmltree3nf.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\layout.cdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\linkpathlegal.txt
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\more.res
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\n.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\nav_b_2.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\nav_bb_2.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\nav_f_2.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\nav_ff_2.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\progress.res
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\searchbtn.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\submit.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\tab_bg.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\tab_bga.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\tab_bgia.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\tab_l.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\tab_la.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\tab_lia.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\tab_r.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\tab_ra.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\tab_ria.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\tree_dots.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\tree_minus.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\tree_plus.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\treedata_animations.xml
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\treedata_backgrounds.xml
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\treedata_ecards.xml
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\treedata_emoticons.xml
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\treedata_notifiers.xml
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\1\treedata_text.xml
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u30104_emte10_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u30104_emte11_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u30104_emte12_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u30104_emte13_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u30104_emte14_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u30104_emte19_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u30104_emte20_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u30104_emte21_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u30104_emte9_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u30203lib_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u33102angel_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u33102bigluf_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u33102bigsmile_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u33102birthday_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u33102cheers_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u33102flo_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u33102good_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u33102jump_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u33102king_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u33102lough_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u33102luf_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u33102smile_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u33102smiled_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u33102sor_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u33102thanx_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u33102uhu_1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u40103ahh_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u40103wow_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u40104_emi2_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u42102_1134_112_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u50103big_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u50103gig_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u50103hm_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u50103nomail_emoti_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u50103norm_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u60104_ema15_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u60104_ema16_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u60104_ema17_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u60104_ema18_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u60104_ema19_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u60104_ema20_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u60104_ema21_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u60104_ema24_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u60104_ema25_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u60104_ema26_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u60104_ema30_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u60104_ema33_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u60104_ema34_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u62802hippi_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u62802jumpie_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u80402argh_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u80402oops_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u80402ouch_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u82502no_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\[u]0/u82502yes_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\110103_boring1_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\110103_confused_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\110103_crying_ugly_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\110103_fantastic_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\110103_feel_better_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\110103_gimme_break_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\110103_heehee_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\110103_hlopaet_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\110103_ign_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\110103_lol_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\110103_no_comment_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\110103_peace_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\110103_smashing_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\110103_talk2thehand_prv.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\block_sm.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\block_sm2.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\block_smli.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\block_smli2.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\blocked.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\blocked2.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\btn_add-but.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\btn_back-but.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\btn_left_cut_enabled_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\btn_left_enabled_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\btn_left_pressed_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\btn_middle_enabled_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\btn_middle_pressed_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\btn_right_cut_enabled_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\btn_right_enabled_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\btn_right_pressed_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\business_promo.htm
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\buttondir.txt
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\components.cdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\css_cattree.css
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\css_flashpreview.css
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\css2_main.css
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\css2_pagingmodule.css
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\css2_topbuttons.css
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\delete.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\edit_clear_sound.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\edit_fs.htm
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\edit_select.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-511745-514279.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-email-backgrounds.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-email-bcards.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-email-ecards.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-email-edit.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-email-emoticons.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-email-estationery.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-email-funny.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-email-help.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-email-images.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-email-info.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-email-more.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-email-my.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-email-people.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-email-photo.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-email-tell.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-email-temp.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-email-temp_OI.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-email-text.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def-email-voice.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-def.cdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-premium-email-premium.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-premium-email-premium_OI.mnu
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-t1-bg.res
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\email-temp-bg.res
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\estatationery.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\flashpatch.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\flashpreview.htm
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\fs3.htm
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\hotbar_promo.htm
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\icon_checked_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\icon_close_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\icon_close_pressed_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\icon_edit_preview.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\icon_edit_send.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\icon_flash_preview.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\icon_recently_used.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\icon_remove_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\icon_remove_pressed_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\icon_sand-clock2.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\icon_tell_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\icon_tell_pressed_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\icon_tree_null.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\icon_unchecked_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\icon_unchecked_pressed_1.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\img_barlayout.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\img_barlayout2.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\img_barlayout4.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\img_corner_left.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\img_local_logo.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\js2_basetemplate.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\js2_hbgroups.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\js2_hbobject3.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\js2_hbobjectset3.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\js2_hotbarwrapper.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\js2_iteratorsandreaders3nf.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\js2_pagingmoduleobj3.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\js2_texts3.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\js2_xmltree3nf.js
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\layout.cdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\linkpathlegal.txt
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\more.res
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\n.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\nav_b_2.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\nav_bb_2.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\nav_f_2.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\nav_ff_2.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\progress.res
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\searchbtn.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\submit.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\tab_bg.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\tab_bga.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\tab_bgia.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\tab_l.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\tab_la.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\tab_lia.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\tab_r.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\tab_ra.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\tab_ria.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\tree_dots.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\tree_minus.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\tree_plus.gif
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\treedata_animations.xml
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\treedata_backgrounds.xml
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\treedata_ecards.xml
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\treedata_emoticons.xml
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\treedata_notifiers.xml
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\2\treedata_text.xml
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\DownLoad\business_promo.xip
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\DownLoad\buttondir.xip
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\DownLoad\code.xip
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\DownLoad\email-def.xip
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\DownLoad\email-t1-bg.xip
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\DownLoad\email-temp-bg.xip
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\DownLoad\hotbar_promo.xip
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\DownLoad\images.xip
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\DownLoad\layout.xip
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\DownLoad\linkpathlegal.xip
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\DownLoad\localcontent.xip
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\DownLoad\more.xip
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\DownLoad\progress.xip
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\HostWD\static\DownLoad\treexml.xip
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\1054344.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056126.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\1057982.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383356.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387273.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\1390720.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\1390732.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\1391092.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\1395464.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\1396605.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\1475969.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\1675022.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\171042.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\1885453.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\192162.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\2292545.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\2406151.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\2457655.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\2684075.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\2899630.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\2899670.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\2904096.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\292413.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\3248874.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\3251993.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\32639.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\3404705.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\3500228.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\3740853.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\3746066.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\3750949.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\3752022.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\3756244.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\3781275.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\3786166.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\3786291.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\3893245.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\3894398.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\443896.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\566217.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\608910.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\617202.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\627350.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\661916.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\73887.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\745387.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\806451.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\892976.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\941965.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\998013.sdf
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000003674
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000013401
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000023749
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000023840
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000023894
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000024063
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000024104
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000024268
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000024375
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000024690
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000024721
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000024749
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000024810
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000024874
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000024911
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000025015
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000025065
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000025211
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000025311
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000025635
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000025650
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000025764
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000025974
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000025975
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026054
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026058
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026149
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026151
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026235
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026267
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026286
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026287
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026525
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026997
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000027037
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000027873
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000029204
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000029227
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000029230
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000029251
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000030596
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000031802
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000032521
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000032930
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000032977
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000033027
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000033079
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000044868
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000051643
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052008
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052118
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052228
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052451
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052645
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052678
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052875
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000053072
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000053091
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000053498
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000054391
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000054461
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000054900
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000055034
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000055462
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000057533
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000057972
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000058289
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000059264
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000059410
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000059452
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000059457
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000059554
c:\documents and settings\lilou.LILOUNET-MJIZK9\Application Data\Hotbar\v3.0\Hotbar\dynamic\T

Répondre à lilounet

loloetseb, le 21 mar 2009 à 23:26:23

T'as vu genhackman,je t'ai pas mis le lien pour rien.J'ai jamais vu autant d'infection sur un rapport mbam.Bon Destrio,je te laisse le topic.Bon combofix

Répondre à loloetseb

nathandre, le 21 mar 2009 à 23:32:01

Il a 3 topics, c'est un peu le bordel

Répondre à nathandre

loloetseb, le 21 mar 2009 à 23:33:11

Ah ben faut en fermer 2 alors

Répondre à loloetseb

nathandre, le 21 mar 2009 à 23:33:59

Je ne suis pas modo

Répondre à nathandre

loloetseb, le 21 mar 2009 à 23:33:50

Tu fermes les deux autres nathandre

Répondre à loloetseb

nathandre, le 21 mar 2009 à 23:34:57

Je les ai signalé aux modérateurs, et bon courage destrio pour le topic

Répondre à nathandre

Destrio5, le 22 mar 2009 à 00:33:12

Le rapport est trop long, upload-le sur MediaFire :
http://www.commentcamarche.net/faq/sujet 16106 uploader un fichier sur mediafir

Répondre à Destrio5

gen-hackman, le 22 mar 2009 à 01:12:21

:) ®© ----™g3и-н@¢км@и™---- ©®

Répondre à gen-hackman

Destrio5, le 22 mar 2009 à 01:24:21

Le lien est bloqué, envoie-le moi en mp.

Répondre à Destrio5

lilounet, le 22 mar 2009 à 12:16:51

Que veux tu dire par mp ?

Répondre à lilounet

loloetseb, le 22 mar 2009 à 12:38:07

Mp : message privé.Tu cliques sur le pseudo de destrio et tu lui envoies en message privé

Répondre à loloetseb

Destrio5, le 22 mar 2009 à 14:06:28

J'ai bien reçu le rapport.

---> Fais analyser ce fichier : c:\windows\explorer.exe

---> Sur VirusTotal et poste le lien de l'analyse.

Répondre à Destrio5

lilounet30, le 22 mar 2009 à 14:14:28

Voici le resultat de l'analyse :

Fichier explorer.exe reçu le 2009.03.22 14:10:43 (CET)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.22 Heuristic.LOP
AhnLab-V3 5.0.0.2 2009.03.22 Win-Trojan/Patched.L
AntiVir 7.9.0.120 2009.03.21 -
Authentium 5.1.2.4 2009.03.21 -
Avast 4.8.1335.0 2009.03.21 -
AVG 8.5.0.283 2009.03.21 -
BitDefender 7.2 2009.03.22 -
CAT-QuickHeal 10.00 2009.03.21 -
ClamAV 0.94.1 2009.03.22 -
Comodo 1080 2009.03.22 -
DrWeb 4.44.0.09170 2009.03.22 -
eSafe 7.0.17.0 2009.03.19 -
eTrust-Vet 31.6.6409 2009.03.20 -
F-Prot 4.4.4.56 2009.03.21 -
F-Secure 8.0.14470.0 2009.03.22 -
Fortinet 3.117.0.0 2009.03.22 -
GData 19 2009.03.22 -
Ikarus T3.1.1.48.0 2009.03.22 -
K7AntiVirus 7.10.678 2009.03.21 -
Kaspersky 7.0.0.125 2009.03.22 -
McAfee 5560 2009.03.21 -
McAfee+Artemis 5560 2009.03.21 -
McAfee-GW-Edition 6.7.6 2009.03.21 -
Microsoft 1.4502 2009.03.22 Worm:Win32/Mariofev.A
NOD32 3953 2009.03.21 -
Norman 6.00.06 2009.03.20 -
nProtect 2009.1.8.0 2009.03.22 -
Panda 10.0.0.10 2009.03.21 -
PCTools 4.4.2.0 2009.03.22 -
Prevx1 V2 2009.03.22 -
Rising 21.21.62.00 2009.03.22 Win32.Agent.dh
Sophos 4.39.0 2009.03.22 -
Sunbelt 3.2.1858.2 2009.03.21 -
Symantec 1.4.4.12 2009.03.22 -
TheHacker 6.3.3.3.287 2009.03.22 -
TrendMicro 8.700.0.1004 2009.03.22 -
VBA32 3.12.10.1 2009.03.22 suspected of MalwareScope.Trojan-Spy.BZub.1 (paranoid heuristics)
ViRobot 2009.3.20.1658 2009.03.20 -
VirusBuster 4.6.5.0 2009.03.21 -
Information additionnelle
File size: 1134596 bytes
MD5...: 76d7bd029706b4532282101d5f338317
SHA1..: c769439a60870e1c9787fe014ce2cf93a30587c3
SHA256: f450832c9ba77492f66663083ff0778bc15e2477a949025166d0356f1309ae7d
SHA512: 34ae40d01765b65f4bfee94565c374b7b59727623ff07e5d7edd735534cc9db1 a94d49aa0f6ebdb7fdd1b7623bbb5711d07cfeded5fb70025cd9d16de0061ddd
ssdeep: 12288:AlSDf0aQKEYnEC2kR8HoHWr2Rkf8I+skzas1/g/J/vIzWZ8sP+gRdv+:Kw 0bKE2ErVakf8I+sk31/g/J/gzSt+ 
PEiD..: -
TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1a50f timedatestamp.....: 0x4254fe83 (Thu Apr 07 09:33:55 2005) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x44749 0x44800 6.37 8b3da8f92e059ce9c0a43a982ef06d31 .data 0x46000 0x1db0 0x1800 1.30 6f7a8ca01bbf5135d058551b882fa235 .rsrc 0x48000 0xb2268 0xb2400 6.63 750b2b248f17d34baf15799f72b8d9de .reloc 0xfb000 0x1c6e4 0x1c804 7.94 3ac4aa9268186c98471c8f329391c415 ( 13 imports ) > ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW > BROWSEUI.dll: -, -, -, - > GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode > KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject > msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf > ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess > ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop > OLEAUT32.dll: -, - > SHDOCVW.dll: -, -, - > SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, - > SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, - > USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW > UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed ( 0 exports )

Répondre à lilounet30

Destrio5, le 22 mar 2009 à 14:43:27

Regarde si tu as un explorer.exe dans le dossier suivant : c:\windows\ServicePackFiles\i386\

Répondre à Destrio5

lilounet30, le 22 mar 2009 à 14:59:33

Je ne trouve pas le dossier C:\windows\ServicePackFiles\i386\ ...

Répondre à lilounet30

Destrio5, le 22 mar 2009 à 15:02:07

http://pagesperso-orange.fr/astwinds/astuces/fichiers_caches.html

Répondre à Destrio5

lilounet30, le 22 mar 2009 à 15:21:51

Meme en indiquant les fichiers caches, je ne trouve pas de dossier ServicePackFiles\i386 ...

Répondre à lilounet30

Destrio5, le 22 mar 2009 à 15:23:02

---> Télécharge SDFix (créé par AndyManchesta) sur ton Bureau.
- Double-clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
- Redémarre ton ordinateur en mode sans échec.

---> Pour redémarrer en mode sans échec :
- Redémarre ton PC.
- Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
- Dans le menu d'options avancées, choisis Mode sans échec.
- Choisis ta session.

---> Déroule la liste des instructions ci-dessous :
- Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer le script.
- Appuie sur Y pour commencer le processus de nettoyage.
- Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
- Appuie sur une touche pour redémarrer le PC.
- Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
- Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
- Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
- Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
- Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse.

Répondre à Destrio5

lilounet30, le 22 mar 2009 à 16:21:42

Voici le rapport SDFix :

[b]SDFix: Version 1.240 /b
Run by lilou on 22/03/2009 at 06:46

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services /b:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files /b:

Trojan Files Found:

C:\604918~1 - Deleted

Removing Temp Files

[b]ADS Check /b:

[b]Final Check /b:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 07:06:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services /b:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\Program Files\\eMule\\emule.exe"="D:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\iTunes.exe"="D:\\iTunes.exe:*:Enabled:iTunes"
"D:\\eMule\\emule.exe"="D:\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[b]Remaining Files /b:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes /b:

Sat 21 Mar 2009 3 A..H. --- "C:\WINDOWS\system32\BIT65.tmp"
Thu 19 Mar 2009 84,992 A.SH. --- "C:\WINDOWS\system32\dahurawa.dll"
Sat 21 Mar 2009 84,992 A.SH. --- "C:\WINDOWS\system32\dudumese.dll"
--- 84,992 A.SH. --- "C:\WINDOWS\system32\howiduga.dll"
--- 79,872 A.SH. --- "C:\WINDOWS\system32\mofelise.dll"
--- 79,872 A.SH. --- "C:\WINDOWS\system32\nehalofu.dll"
--- 79,872 A.SH. --- "C:\WINDOWS\system32\neyikine.dll"
Sat 21 Mar 2009 84,992 A.SH. --- "C:\WINDOWS\system32\nozutiki.dll"
Thu 19 Mar 2009 2,098 ..SH. --- "C:\WINDOWS\system32\wagegeda.dll"
Tue 4 Apr 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 17 May 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Fri 25 Jan 2008 4,348 A.SH. --- "C:\Documents and Settings2\All Users.WINDOWS\DRM\DRMv1.bak"
Tue 7 Feb 2006 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe"
Mon 25 Apr 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll"
Wed 18 Mar 2009 24,576 A.SH. --- "C:\WINDOWS\system32\drivers\nup.sys.000007D2.dll"
Sun 15 Mar 2009 24,576 A.SH. --- "C:\WINDOWS\system32\drivers\nup.sys.00000BB9.dll"
Thu 19 Mar 2009 26,112 A.SH. --- "C:\WINDOWS\system32\drivers\nup.sys.00000BBA.dll"
Fri 6 Mar 2009 22,016 A.SH. --- "C:\WINDOWS\system32\drivers\nup.sys.0000007C.dll"
Sat 7 Mar 2009 23,552 A.SH. --- "C:\WINDOWS\system32\drivers\nup.sys.0000007D.dll"
Sun 8 Mar 2009 23,552 A.SH. --- "C:\WINDOWS\system32\drivers\nup.sys.00000082.dll"
Tue 10 Mar 2009 18,944 A.SH. --- "C:\WINDOWS\system32\drivers\nup.sys.000003E9.dll"
Fri 21 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 6 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv02.tmp"

[b]Finished!/b

Répondre à lilounet30

Destrio5, le 22 mar 2009 à 16:42:11

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Choisis 3 months, clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

Répondre à Destrio5

lilounet30, le 22 mar 2009 à 17:47:41

Je ne sais pas si l'analyse s'est faite correctement car il y a eu un message :
C:\ProgramFiles\trendmicro\lilou.exe is not a valid Win32 application

Voici le rapport log.txt :
Logfile of random's system information tool 1.06 (written by random/random)
Run by lilou at 2009-03-22 08:41:44
Microsoft Windows XP Professional Service Pack 2
System drive C: has 16 GB (51%) free of 32 GB
Total RAM: 510 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:35, on 18/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
D:\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Hotbar\bin\10.2.232.0\Weather.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Desktop\RSIT.exe
C:\Program Files\trend micro\lilou.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (file missing)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\10.2.232.0\Weather.exe" -auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher S.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
End of file - 7959 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AC57F93E91B88A4E.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Schedule Task Weekly.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
Ask Search Assistant BHO - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL [2008-12-20 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL [2008-12-20 245760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll []
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Ask Toolbar - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL [2008-12-20 245760]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=D:\iTunesHelper.exe [2008-11-20 290088]
"Adobe Photo Downloader"=D:\3.0\Apps\apdproxy.exe [2005-06-23 57344]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-02-01 21898024]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2007-06-27 152872]
"LaCie Backup"=C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe [2006-07-06 2596864]
"RegistryBooster 2 d’Uniblue "=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [2007-11-21 1902592]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"ConsentPromptBehaviorAdmin"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"D:\iTunes.exe"="D:\iTunes.exe:*:Enabled:iTunes"
"D:\eMule\emule.exe"="D:\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 3 months======

65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\nozutiki.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\neyikine.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\nehalofu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\mofelise.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\howiduga.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\dudumese.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\dahurawa.dll
2009-03-22 07:05:45 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\WinRAR
2009-03-22 06:42:25 ----D---- C:\WINDOWS\ERUNT
2009-03-22 06:33:10 ----D---- C:\SDFix
2009-03-22 05:50:15 ----SHD---- C:\RECYCLER
2009-03-21 15:21:34 ----D---- C:\WINDOWS\temp
2009-03-21 15:21:24 ----A---- C:\ComboFix.txt
2009-03-21 14:30:18 ----A---- C:\Boot.bak
2009-03-21 14:28:38 ----D---- C:\cmdcons
2009-03-21 14:26:38 ----A---- C:\WINDOWS\zip.exe
2009-03-21 14:26:38 ----A---- C:\WINDOWS\VFIND.exe
2009-03-21 14:26:38 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-03-21 14:26:38 ----A---- C:\WINDOWS\SWSC.exe
2009-03-21 14:26:38 ----A---- C:\WINDOWS\SWREG.exe
2009-03-21 14:26:38 ----A---- C:\WINDOWS\sed.exe
2009-03-21 14:26:38 ----A---- C:\WINDOWS\NIRCMD.exe
2009-03-21 14:26:38 ----A---- C:\WINDOWS\grep.exe
2009-03-21 14:26:38 ----A---- C:\WINDOWS\fdsv.exe
2009-03-21 14:26:32 ----D---- C:\WINDOWS\ERDNT
2009-03-21 14:26:28 ----D---- C:\Qoobox
2009-03-21 14:11:38 ----D---- C:\rsit
2009-03-21 13:19:39 ----A---- C:\WINDOWS\system32\mstinit.dll
2009-03-21 12:52:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-21 05:40:22 ----AH---- C:\WINDOWS\system32\BIT65.tmp
2009-03-19 11:40:13 ----D---- C:\Program Files\vghd
2009-03-19 11:40:12 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\vghd
2009-03-19 10:59:46 ----D---- C:\Program Files\Premium Booster
2009-03-19 10:34:13 ----D---- C:\Program Files\Registry Easy
2009-03-19 10:31:51 ----SH---- C:\WINDOWS\system32\wagegeda.dll
2009-03-19 10:13:41 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\bat glue time dash
2009-03-19 10:12:07 ----D---- C:\Program Files\storefunklong
2009-03-19 10:12:07 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\storefunklong
2009-03-19 09:41:07 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\Uniblue
2009-03-19 09:40:54 ----D---- C:\Program Files\Uniblue
2009-03-19 06:26:42 ----D---- C:\Program Files\CCleaner
2009-03-14 10:32:57 ----D---- C:\Program Files\HDDGURU LLF Tool
2009-03-11 13:42:20 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\Blancco
2009-03-11 13:39:30 ----HD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{BED24E2B-C79C-4948-863F-D211FD6088AA}
2009-03-11 13:39:23 ----D---- C:\Program Files\Common Files\Blancco
2009-03-11 13:39:23 ----D---- C:\Program Files\Blancco
2009-03-07 11:09:54 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-03-07 11:09:54 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-03-07 11:09:54 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-03-03 15:28:48 ----D---- C:\WINDOWS\Prefetch
2009-03-03 15:11:16 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-03-03 14:53:06 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-03-03 14:53:06 ----A---- C:\WINDOWS\system32\irclass.dll
2009-03-03 14:51:33 ----RA---- C:\WINDOWS\SET11B.tmp
2009-03-03 14:51:28 ----RA---- C:\WINDOWS\SET10F.tmp
2009-03-03 14:51:26 ----RA---- C:\WINDOWS\SET10C.tmp
2009-02-27 11:31:05 ----A---- C:\WINDOWS\tjbzuwli.exe
2009-02-27 10:44:35 ----A---- C:\WINDOWS\system32\wm16tokl.dll
2009-02-27 10:44:35 ----A---- C:\WINDOWS\system32\sys16u.dll
2009-02-27 10:44:09 ----A---- C:\WINDOWS\jrfbwsrf.exe
2009-02-27 02:10:28 ----A---- C:\WINDOWS\system32\progman.dll
2009-02-27 02:10:28 ----A---- C:\WINDOWS\system32\print.dll
2009-02-23 13:11:58 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2009-02-22 05:48:41 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-22 05:46:26 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-02-22 05:40:26 ----D---- C:\Program Files\Microsoft Sync Framework
2009-02-08 08:53:46 ----D---- C:\Program Files\directx
2009-02-06 18:52:40 ----A---- C:\WINDOWS\system32\sirenacm.dll
2009-01-31 14:25:52 ----D---- C:\Archivos de programa
2009-01-27 12:44:08 ----D---- C:\Program Files\Ahead
2009-01-25 11:36:19 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-25 11:35:45 ----A---- C:\WINDOWS\system32\RtNicProp32.dll
2009-01-25 11:35:43 ----D---- C:\Program Files\Realtek
2009-01-24 08:31:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-24 08:25:25 ----D---- C:\Program Files\ComPlus Applications
2009-01-24 08:13:51 ----RA---- C:\WINDOWS\SET11A.tmp
2009-01-24 08:13:47 ----RA---- C:\WINDOWS\SET10E.tmp
2009-01-24 08:13:44 ----RA---- C:\WINDOWS\SET10B.tmp
2009-01-24 05:15:54 ----A---- C:\WINDOWS\system32\honjflnd.dll
2009-01-23 23:51:13 ----D---- C:\WINDOWS\addins
2009-01-23 16:02:27 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
2009-01-23 15:46:30 ----A---- C:\WINDOWS\system32\2f2d971c-.txt
2009-01-23 15:35:06 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\Babylon
2009-01-23 13:29:47 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\LuckyTender
2009-01-22 12:38:51 ----A---- C:\WINDOWS\system32\gohnkfqb.dll
2009-01-20 13:26:04 ----A---- C:\WINDOWS\system32\act_log.txt
2009-01-19 18:18:13 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\Leadertech
2009-01-18 22:58:48 ----D---- C:\Program Files\Adobe
2009-01-13 13:07:09 ----D---- C:\Program Files\eMule
2009-01-13 13:06:43 ----A---- C:\Program Files\eMule0.49b-Installer1.exe
2008-12-23 15:22:16 ----D---- C:\Program Files\Windows Media Components
2008-12-23 15:22:14 ----D---- C:\Program Files\Common Files\Vbox
2008-12-23 13:20:26 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\Download Manager

======List of files/folders modified in the last 3 months======

2009-03-22 08:41:45 ----D---- C:\Program Files\trend micro
2009-03-22 08:29:10 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\Skype
2009-03-22 07:19:31 ----D---- C:\Program Files\Mozilla Firefox
2009-03-22 07:02:49 ----D---- C:\WINDOWS
2009-03-22 06:45:24 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-22 06:35:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-22 03:14:05 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\skypePM
2009-03-21 15:21:38 ----HD---- C:\WINDOWS\system32\drivers
2009-03-21 15:21:38 ----D---- C:\WINDOWS\system32
2009-03-21 15:20:29 ----D---- C:\WINDOWS\repair
2009-03-21 15:17:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-21 15:12:38 ----A---- C:\WINDOWS\system.ini
2009-03-21 15:12:21 ----D---- C:\Avenger
2009-03-21 15:09:05 ----D---- C:\WINDOWS\system32\config
2009-03-21 15:07:55 ----D---- C:\WINDOWS\AppPatch
2009-03-21 15:07:46 ----D---- C:\Program Files\Common Files
2009-03-21 14:35:50 ----HD---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\drivers
2009-03-21 14:35:49 ----SD---- C:\WINDOWS\Tasks
2009-03-21 14:32:54 ----RD---- C:\Program Files
2009-03-21 14:30:18 ----RASH---- C:\boot.ini
2009-03-21 14:26:37 ----SHD---- C:\System Volume Information
2009-03-21 14:26:37 ----D---- C:\WINDOWS\system32\Restore
2009-03-21 13:18:51 ----A---- C:\WINDOWS\explorer.exe
2009-03-21 13:18:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-21 13:18:50 ----A---- C:\WINDOWS\system32\sfc_os.dll
2009-03-21 12:35:24 ----A---- C:\WINDOWS\system32\svchost.exe
2009-03-21 05:40:11 ----D---- C:\WINDOWS\Minidump
2009-03-21 05:35:32 ----HD---- C:\Config.Msi
2009-03-21 05:35:27 ----SHD---- C:\WINDOWS\Installer
2009-03-21 05:28:37 ----A---- C:\WINDOWS\OEWABLog.txt
2009-03-12 13:32:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-12 05:08:43 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-03-12 05:08:42 ----D---- C:\WINDOWS\setup.pss
2009-03-07 11:10:06 ----D---- C:\WINDOWS\Help
2009-03-07 11:09:58 ----HD---- C:\WINDOWS\inf
2009-03-05 10:20:25 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\MSN6
2009-03-05 10:18:18 ----A---- C:\WINDOWS\ModemLog_Best Data Data Fax Modem.txt
2009-03-05 08:28:43 ----D---- C:\WINDOWS\security
2009-03-05 08:28:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-04 10:34:08 ----D---- C:\Program Files\Common Files\Adobe
2009-03-03 15:33:31 ----D---- C:\WINDOWS\Registration
2009-03-03 15:32:06 ----A---- C:\WINDOWS\setuplog.txt
2009-03-03 15:13:04 ----A---- C:\WINDOWS\ODBCINST.INI
2009-03-03 15:12:13 ----D---- C:\WINDOWS\system32\ias
2009-03-03 15:11:21 ----RD---- C:\WINDOWS\Web
2009-03-03 15:11:02 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-03-03 15:10:40 ----A---- C:\WINDOWS\win.ini
2009-03-03 15:10:26 ----D---- C:\WINDOWS\srchasst
2009-03-03 15:09:34 ----D---- C:\WINDOWS\system32\oobe
2009-03-03 15:09:19 ----D---- C:\Program Files\Windows Media Player
2009-03-03 15:09:18 ----D---- C:\Program Files\NetMeeting
2009-03-03 15:09:16 ----D---- C:\Program Files\Common Files\Services
2009-03-03 15:09:11 ----D---- C:\Program Files\Outlook Express
2009-03-03 15:08:47 ----D---- C:\Program Files\Movie Maker
2009-03-03 15:08:23 ----D---- C:\Program Files\Common Files\System
2009-03-03 15:08:09 ----D---- C:\Program Files\Internet Explorer
2009-03-03 15:06:54 ----D---- C:\WINDOWS\system32\Com
2009-03-03 15:06:13 ----D---- C:\Program Files\Windows Media Connect 2
2009-03-03 15:05:53 ----D---- C:\WINDOWS\Cursors
2009-03-03 15:05:46 ----D---- C:\Program Files\Windows NT
2009-03-03 15:05:30 ----D---- C:\WINDOWS\system32\wbem
2009-03-03 14:53:53 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-03 14:52:54 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
2009-03-03 06:46:51 ----D---- C:\WINDOWS\system32\Setup
2009-03-03 06:46:51 ----D---- C:\WINDOWS\system
2009-03-03 06:46:40 ----D---- C:\WINDOWS\system32\usmt
2009-03-03 06:46:17 ----D---- C:\WINDOWS\mui
2009-03-03 06:46:09 ----D---- C:\WINDOWS\system32\en
2009-03-03 06:46:03 ----D---- C:\WINDOWS\ime
2009-03-03 06:46:03 ----D---- C:\WINDOWS\ehome
2009-03-03 06:46:01 ----RSD---- C:\WINDOWS\Fonts
2009-03-03 06:46:01 ----D---- C:\WINDOWS\Media
2009-03-03 06:45:46 ----D---- C:\WINDOWS\PeerNet
2009-03-03 06:45:30 ----D---- C:\WINDOWS\system32\npp
2009-03-03 06:45:23 ----D---- C:\WINDOWS\msagent
2009-03-03 06:43:09 ----D---- C:\WINDOWS\twain_32
2009-03-03 06:42:49 ----D---- C:\WINDOWS\system32\icsxml
2009-03-03 06:42:07 ----D---- C:\WINDOWS\system32\1033
2009-03-03 06:40:37 ----D---- C:\WINDOWS\Driver Cache
2009-02-25 13:55:06 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-24 05:02:54 ----SD---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\Microsoft
2009-02-23 11:50:08 ----A---- C:\WINDOWS\imsins.BAK
2009-02-22 11:41:28 ----RSD---- C:\WINDOWS\assembly
2009-02-22 11:41:28 ----D---- C:\WINDOWS\Microsoft.NET
2009-02-22 05:47:16 ----D---- C:\Program Files\Microsoft
2009-02-22 05:44:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-22 05:44:29 ----D---- C:\Program Files\Windows Live
2009-02-22 05:40:29 ----D---- C:\WINDOWS\WinSxS
2009-02-22 05:39:18 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-02-22 05:02:45 ----D---- C:\WINDOWS\system32\DirectX
2009-02-20 14:37:13 ----SD---- C:\WINDOWS\system32\Microsoft
2009-02-08 08:48:39 ----D---- C:\Documents and Settings
2009-01-29 07:01:35 ----D---- C:\Program Files\Common Files\Ahead
2009-01-23 05:46:32 ----D---- C:\Program Files\Bonjour
2009-01-18 22:59:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2009-01-11 06:40:53 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\dvdcss
2008-12-27 15:13:49 ----D---- C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Application Data\Nero
2008-12-27 11:52:09 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2006-04-16 37376]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2006-04-16 60800]
R3 catchme;catchme; \??\C:\DOCUME~1\LILOU~1.LIL\LOCALS~1\Temp\catchme.sys []
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 G400;G400; C:\WINDOWS\System32\DRIVERS\G400m.sys [2001-08-17 322432]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2006-04-16 61824]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-03 163584]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-12-02 118656]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-05 57984]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S1 ethdnamh;ethdnamh; C:\WINDOWS\system32\drivers\ethdnamh.sys [2009-03-05 135584]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2006-04-16 10880]
S3 netrcacm;RCA USB Digital Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\netrcacm.sys [2003-04-02 20648]
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2005-05-27 1317152]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2005-10-15 31744]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2005-10-15 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2009-03-21 14336]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-11-06 38912]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-03-21 14336]

-----------------EOF-----------------

Répondre à lilounet30

lilounet30, le 22 mar 2009 à 17:48:48

Et le rapport info.txt :

info.txt logfile of random's system information tool 1.06 2009-03-21 14:11:51

======Uninstall list======

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->D:\Program Files\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe MPEG Encoder-->MsiExec.exe /I{9811A185-3D3D-11D6-9E14-00036D172B00}
Adobe Premiere 6.0-->C:\WINDOWS\UNIN040C.EXE -f"d:\adobe 6.0\DeIsL1.isu" -c"d:\adobe 6.0\Uninst.dll"
Adobe Premiere 6.5-->C:\WINDOWS\UNIN040C.EXE -f"d:\program files\DeIsL1.isu" -c"d:\program files\Uninst.dll"
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe® Photoshop® Album Edition Découverte 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Advanced RealMedia Export Plug-in for Premiere 6.0-->d:\adobe 6.0\Plug-ins\RNCompiler\rnuninst.exe RealNetworks|RNCompiler|6.0
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c
Ask Toolbar-->rundll32 C:\PROGRA~1\AskTBar\bar\2.bin\AskTBar.dll,O
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Blancco - File Shredder-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{BED24E2B-C79C-4948-863F-D211FD6088AA}\Blancco_File_Shredder.exe" REMOVE=TRUE MODIFY=FALSE
Blancco - File Shredder-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{BED24E2B-C79C-4948-863F-D211FD6088AA}\Blancco_File_Shredder.exe
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x000c
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Easy-WebPrint-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
eMule Plus 1.2d-->"D:\eMule\unins000.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
FeedReader-->"C:\Program Files\FeedReader30\unins000.exe"
Free Mp3 Wma Converter V 1.7.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
FUJIFILM FinePixViewer S Ver.2.1-->C:\Program Files\InstallShield Installation Information\{88B32652-CAE0-4909-A463-5840D2689D93}\SETUP.EXE -runfromtemp -l0x040c -removeonly
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
LaCie Backup Software v1.5.2378-->MsiExec.exe /I{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}
Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA}
Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 7 Ultra Edition-->MsiExec.exe /X{847CAE64-4CD2-4B2D-AF00-978FF5431036}
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-20CX-4294-TL10-U4U0-UKE2-MMT7-AHWX"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Premium Booster-->C:\Program Files\Premium Booster\Uninstall Premium Booster.exe
Programme de gestion Camera de Logitech®-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
QUAD Registry Cleaner v.1.5.67-->C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\uninst.exe
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -removeonly
Registry Easy v4.9-->"C:\Program Files\Registry Easy\unins000.exe"
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
TC Native Essentials 2.02-->C:\PROGRA~1\TCWorks\TCNATI~1\UninstallTCEssentials.exe C:\PROGRA~1\TCWorks\TCNATI~1\INSTALL.LOG
Uniblue RegistryBooster 2-->"C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VirtuaGirl HD-->C:\Documents and Settings\lilou.LILOUNET-MJIZK9\Start Menu\Programs\VirtuaGirl HD\uninstall.lnk
VLC media player 0.9.6-->D:\VLC\uninstall.exe
Win AVI HelixSDK-->"D:\WinAVI Video Converter\HelixSDK\unins000.exe"
WinAVI Video Converter 8.0-->"D:\WinAVI Video Converter\unins000.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: Kaspersky Anti-Virus (disabled)

======System event log======

Computer Name: LILOUNET-MJIZK9
Event Code: 7001
Message: The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Record Number: 4924
Source Name: Service Control Manager
Time Written: 20090319090126.000000-480
Event Type: error
User:

Computer Name: LILOUNET-MJIZK9
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the ICF service to connect.

Record Number: 4923
Source Name: Service Control Manager
Time Written: 20090319090126.000000-480
Event Type: error
User:

Computer Name: LILOUNET-MJIZK9
Event Code: 10010
Message: The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register with DCOM within the required timeout.

Record Number: 4905
Source Name: DCOM
Time Written: 20090319075253.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: LILOUNET-MJIZK9
Event Code: 10010
Message: The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register with DCOM within the required timeout.

Record Number: 4904
Source Name: DCOM
Time Written: 20090319075145.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: LILOUNET-MJIZK9
Event Code: 10010
Message: The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register with DCOM within the required timeout.

Record Number: 4903
Source Name: DCOM
Time Written: 20090319074821.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: LILOUNET-MJIZK9
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 42
Source Name: WinMgmt
Time Written: 20090124082642.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LILOUNET-MJIZK9
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 41
Source Name: WinMgmt
Time Written: 20090124082637.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LILOUNET-MJIZK9
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 40
Source Name: WinMgmt
Time Written: 20090124082637.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LILOUNET-MJIZK9
Event Code: 1000
Message: Faulting application rundll32.exe, version 5.1.2600.2180, faulting module , version 0.0.0.0, fault address 0x00000000.

Record Number: 7
Source Name: Application Error
Time Written: 20090123054630.000000-480
Event Type: error
User:

Computer Name: LILOUNET-MJIZK9
Event Code: 1002
Message: Hanging application emule.exe, version 0.49.1.27, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 3
Source Name: Application Hang
Time Written: 20090123051820.000000-480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=DSREPAIR

-----------------EOF-----------------

Répondre à lilounet30

Destrio5, le 22 mar 2009 à 18:20:01

--> Télécharge Lop S&D (par Eric_71 & Angeldark) sur ton Bureau.

--> Double-clique dessus pour lancer l'installation.

--> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci de Lop S&D et choisir Exécuter en tant qu'administrateur)

--> Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).

--> Patiente jusqu'à la fin du scan.

--> Poste le rapport généré (C:\lopR.txt).

Répondre à Destrio5

lilounet30, le 22 mar 2009 à 18:41:52

Voici le rapport lopR.txt :
(encore merci pour ton aide precieuse !)

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(TM) XP1700+ )
BIOS : Award Medallion BIOS v6.0
USER : lilou ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 8.0.0.506 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:31 Go (Free:16 Go)
D:\ (Local Disk) - NTFS - Total:76 Go (Free:43 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 22/03/2009| 9:28 )

--------------------\\ Listing des dossiers dans APPLIC~1

[01/04/2007|13:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/04/2006|02:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[01/11/2007|09:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[05/12/2007|08:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[29/04/2007|14:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[04/12/2007|13:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[28/12/2007|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[29/01/2007|14:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[24/12/2007|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[26/02/2007|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[08/04/2006|02:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PACE Anti-Piracy
[14/04/2006|04:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
[29/01/2007|14:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[09/05/2006|06:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[18/10/2007|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

[22/11/2008|10:14] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[11/03/2009|13:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\{BED24E2B-C79C-4948-863F-D211FD6088AA}
[18/01/2009|22:59] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe
[20/12/2008|14:47] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Ahead
[22/11/2008|10:08] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple
[22/11/2008|10:13] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
[14/12/2008|16:43] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\avg8
[06/12/2008|07:55] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\AVS4YOU
[23/01/2009|16:02] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Babylon
[21/03/2009|13:24] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\bat glue time dash
[23/02/2008|15:09] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\CanonBJ
[27/12/2008|11:52] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\DVD Shrink
[22/02/2008|13:43] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Grisoft
[23/02/2008|15:14] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\InstallShield
[26/02/2008|04:52] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Macromedia
[18/12/2008|12:15] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Malwarebytes
[22/02/2009|05:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft
[15/04/2008|02:34] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help
[23/02/2008|15:49] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\MSN6
[21/12/2008|09:43] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nero
[20/10/2008|06:06] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\NOS
[23/02/2008|15:14] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\ScanSoft
[23/02/2008|13:43] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Skype
[20/12/2008|18:54] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
[05/12/2008|11:51] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WLInstaller
[26/02/2008|09:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Yahoo! Companion

[09/03/2006|13:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[24/06/2008|13:58] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Microsoft

[13/12/2008|18:57] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\Adobe
[24/02/2008|06:31] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\AdobeUM
[21/12/2008|05:13] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\Ahead
[22/11/2008|10:14] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\Apple Computer
[05/12/2008|14:53] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\ArcSoft
[14/12/2008|16:36] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\AVGTOOLBAR
[06/12/2008|13:23] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\AVS4YOU
[23/01/2009|15:35] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\Babylon
[11/03/2009|13:42] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\Blancco
[15/12/2008|05:17] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\Canon
[23/12/2008|13:56] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\Download Manager
[21/03/2009|14:35] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\drivers
[11/01/2009|06:40] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\dvdcss
[03/06/2008|02:08] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\eMule
[09/06/2008|12:09] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\Feedreader
[15/11/2008|08:51] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\FUJIFILM
[22/02/2008|11:43] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\Identities
[22/10/2008|12:29] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\InstallShield
[28/06/2008|04:02] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\LaCie
[19/01/2009|18:18] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\Leadertech
[23/01/2009|13:29] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\LuckyTender
[26/02/2008|05:00] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\Macromedia
[18/12/2008|12:15] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\Malwarebytes
[24/02/2009|05:02] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\Microsoft
[15/07/2008|23:59] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\Mozilla
[05/03/2009|10:20] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\MSN6
[27/12/2008|15:13] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\Nero
[28/02/2008|06:54] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\Nero8
[23/02/2008|15:14] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\ScanSoft
[22/03/2009|09:23] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\Skype
[22/03/2009|03:14] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\skypePM
[21/03/2009|13:27] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\storefunklong
[01/04/2008|00:55] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\Sun
[19/03/2009|09:41] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\Uniblue
[19/03/2009|11:40] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\vghd
[16/11/2008|05:59] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\vlc
[22/03/2009|07:05] C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\WinRAR

[06/03/2007|14:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[01/11/2007|09:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[20/04/2006|13:24] C:\DOCUME~1\LOCALS~1\APPLIC~1\PACE Anti-Piracy

[21/02/2008|23:33] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Microsoft

[21/03/2009|05:28] C:\DOCUME~1\LOCALS~1.000\APPLIC~1\Identities
[22/12/2008|04:25] C:\DOCUME~1\LOCALS~1.000\APPLIC~1\Microsoft

[01/11/2007|09:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[21/02/2008|23:33] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\Microsoft

[14/12/2008|16:43] C:\DOCUME~1\NETWOR~1.000\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[21/03/2009 14:46][--a------] C:\WINDOWS\tasks\Schedule Task Weekly.job
[22/03/2009 09:00][--ah-----] C:\WINDOWS\tasks\AC57F93E91B88A4E.job
[09/01/2009 16:40][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[22/03/2009 06:58][--ah-----] C:\WINDOWS\tasks\SA.DAT
[23/08/2001 06:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( AC57F93E91B88A4E.job )=( c:\docume~1\lilou~1.lil\applic~1\storef~1\castmfcdclose.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[08/03/2007|17:04] C:\Program Files\ADMIN
[08/02/2009|08:54] C:\Program Files\Adobe
[28/01/2009|12:19] C:\Program Files\Ahead
[09/03/2006|13:35] C:\Program Files\Alwil Software
[20/12/2008|13:17] C:\Program Files\AskTBar
[11/03/2009|13:39] C:\Program Files\Blancco
[23/01/2009|05:46] C:\Program Files\Bonjour
[15/12/2008|04:54] C:\Program Files\Canon
[23/02/2008|15:09] C:\Program Files\CanonBJ
[19/03/2009|06:27] C:\Program Files\CCleaner
[21/03/2009|15:07] C:\Program Files\Common Files
[24/01/2009|08:25] C:\Program Files\ComPlus Applications
[08/02/2009|08:53] C:\Program Files\directx
[23/02/2008|06:14] C:\Program Files\DVD Shrink
[06/03/2009|14:08] C:\Program Files\eMule
[28/12/2007|09:58] C:\Program Files\Fichiers communs
[22/10/2008|12:30] C:\Program Files\FinePixViewerS
[29/02/2008|11:14] C:\Program Files\Free Audio Pack
[04/12/2007|13:13] C:\Program Files\Google
[14/03/2009|10:32] C:\Program Files\HDDGURU LLF Tool
[12/03/2009|13:32] C:\Program Files\InstallShield Installation Information
[03/03/2009|15:08] C:\Program Files\Internet Explorer
[22/11/2008|10:14] C:\Program Files\iPod
[22/11/2008|22:13] C:\Program Files\Java
[28/06/2008|04:02] C:\Program Files\LaCie
[21/02/2008|16:25] C:\Program Files\Logitech
[17/12/2008|01:04] C:\Program Files\Macromedia
[21/03/2009|12:53] C:\Program Files\Malwarebytes' Anti-Malware
[01/10/2008|02:13] C:\Program Files\Messenger
[22/02/2009|05:47] C:\Program Files\Microsoft
[19/10/2007|05:43] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[08/05/2006|13:25] C:\Program Files\microsoft frontpage
[15/04/2008|02:48] C:\Program Files\Microsoft Office
[22/02/2009|05:46] C:\Program Files\Microsoft Office Outlook Connector
[22/02/2009|05:48] C:\Program Files\Microsoft Silverlight
[25/02/2008|11:47] C:\Program Files\Microsoft SQL Server Compact Edition
[22/02/2009|05:40] C:\Program Files\Microsoft Sync Framework
[24/02/2009|05:09] C:\Program Files\Microsoft Windows OneCare Live
[09/05/2006|08:08] C:\Program Files\Microsoft.NET
[03/03/2009|15:08] C:\Program Files\Movie Maker
[22/03/2009|08:42] C:\Program Files\Mozilla Firefox
[02/12/2008|08:45] C:\Program Files\MSN
[09/03/2006|13:00] C:\Program Files\MSN Gaming Zone
[21/02/2008|15:55] C:\Program Files\MSN Messenger
[05/03/2007|18:03] C:\Program Files\MSXML 4.0
[21/02/2008|16:55] C:\Program Files\MSXML 6.0
[03/03/2009|15:09] C:\Program Files\NetMeeting
[20/10/2008|06:06] C:\Program Files\NOS
[21/02/2008|23:32] C:\Program Files\Online Services
[03/03/2009|15:09] C:\Program Files\Outlook Express
[08/03/2007|17:04] C:\Program Files\OUTLOOK.FR-FR
[08/03/2007|17:05] C:\Program Files\POWERPOINT.FR-FR
[19/03/2009|10:59] C:\Program Files\Premium Booster
[08/03/2007|17:05] C:\Program Files\PROPLUS.WW
[22/11/2008|10:12] C:\Program Files\QuickTime
[25/01/2009|11:35] C:\Program Files\Realtek
[19/03/2009|13:47] C:\Program Files\Registry Easy
[29/01/2007|14:17] C:\Program Files\ScanSoft
[09/03/2006|13:03] C:\Program Files\Services en ligne
[23/02/2008|13:43] C:\Program Files\Skype
[19/03/2009|10:12] C:\Program Files\storefunklong
[07/05/2007|14:06] C:\Program Files\TCWorks
[22/03/2009|08:44] C:\Program Files\trend micro
[19/03/2009|09:40] C:\Program Files\Uniblue
[09/03/2006|13:11] C:\Program Files\Uninstall Information
[08/03/2007|17:05] C:\Program Files\UPDATES
[19/03/2009|11:40] C:\Program Files\vghd
[22/02/2009|05:44] C:\Program Files\Windows Live
[18/10/2007|10:51] C:\Program Files\Windows Live Favorites
[20/12/2008|10:16] C:\Program Files\Windows Live SkyDrive
[23/12/2008|15:22] C:\Program Files\Windows Media Components
[03/03/2009|15:06] C:\Program Files\Windows Media Connect 2
[03/03/2009|15:09] C:\Program Files\Windows Media Player
[03/03/2009|15:05] C:\Program Files\Windows NT
[22/12/2008|05:00] C:\Program Files\Windows Sidebar
[22/02/2008|12:15] C:\Program Files\WindowsUpdate
[29/06/2008|01:33] C:\Program Files\WinRAR
[09/03/2006|13:37] C:\Program Files\WinZip
[09/03/2006|13:05] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[04/03/2009|10:34] C:\Program Files\Common Files\Adobe
[29/01/2009|07:01] C:\Program Files\Common Files\Ahead
[22/11/2008|10:14] C:\Program Files\Common Files\Apple
[06/12/2008|07:36] C:\Program Files\Common Files\AVSMedia
[16/12/2008|13:21] C:\Program Files\Common Files\BitDefender
[11/03/2009|13:39] C:\Program Files\Common Files\Blancco
[15/04/2008|02:48] C:\Program Files\Common Files\DESIGNER
[21/02/2008|16:25] C:\Program Files\Common Files\FotoWire
[23/02/2008|15:13] C:\Program Files\Common Files\InstallShield
[31/03/2008|13:01] C:\Program Files\Common Files\Java
[21/02/2008|16:23] C:\Program Files\Common Files\Logitech
[26/02/2008|04:54] C:\Program Files\Common Files\Macromedia
[22/02/2008|02:57] C:\Program Files\Common Files\Macrovision Shared
[10/06/2008|12:23] C:\Program Files\Common Files\Microsoft Shared
[21/02/2008|23:30] C:\Program Files\Common Files\MSSoap
[22/12/2008|06:26] C:\Program Files\Common Files\Nero
[21/02/2008|15:15] C:\Program Files\Common Files\ODBC
[23/02/2008|15:14] C:\Program Files\Common Files\ScanSoft Shared
[03/03/2009|15:09] C:\Program Files\Common Files\Services
[23/02/2008|13:43] C:\Program Files\Common Files\Skype
[21/02/2008|15:15] C:\Program Files\Common Files\SpeechEngines
[23/02/2008|06:58] C:\Program Files\Common Files\SWF Studio
[03/03/2009|15:08] C:\Program Files\Common Files\System
[23/12/2008|15:22] C:\Program Files\Common Files\Vbox
[20/12/2008|10:11] C:\Program Files\Common Files\Windows Live
[21/02/2008|15:41] C:\Program Files\Common Files\WindowsLiveInstaller
[16/12/2008|14:58] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 35 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\STOREF~1
C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\STOREF~1\cast mfcd close.exe
C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\STOREF~1\iwecwclg.exe

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\bat glue time dash
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\bat glue time dash\cdrom bash.dat
C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\storef~1
C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\storef~1\cast mfcd close.exe
C:\DOCUME~1\LILOU~1.LIL\APPLIC~1\storef~1\iwecwclg.exe
C:\Program Files\storef~1
C:\DOCUME~1\LILOU~1.LIL\Cookies\lilou@advertising[1].txt
C:\WINDOWS\Tasks\AC57F93E91B88A4E.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wave trust base]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\LILOU~1.LIL\\APPLIC~1\\STOREF~1\\bitsgreat.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 09:30:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa]

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\LILOU~1.LIL\Recent\Crack.lnk
C:\DOCUME~1\LILOU~1.LIL\Recent\Nero 9 Trial + Keygen + Serial + Patch.lnk
C:\DOCUME~1\ALLUSE~1.WIN\Documents\Counter-Strike KeyGen.exe
C:\DOCUME~1\ALLUSE~1.WIN\Documents\DivX 5.0 Pro KeyGen.exe
C:\DOCUME~1\ALLUSE~1.WIN\Documents\Microsoft Visual C++ KeyGen.exe
C:\DOCUME~1\ALLUSE~1.WIN\Documents\Microsoft Visual Studio KeyGen.exe
C:\DOCUME~1\ALLUSE~1.WIN\Documents\Norton Anti-Virus 2005 Enterprise Crack.exe
C:\DOCUME~1\ALLUSE~1.WIN\Documents\UT 2003 KeyGen.exe
C:\DOCUME~1\ALLUSE~1.WIN\Documents\Windows 2003 Advanced Server KeyGen.exe

[F:5][D:4]-> C:\DOCUME~1\LILOU~1.LIL\LOCALS~1\Temp
[F:80][D:0]-> C:\DOCUME~1\LILOU~1.LIL\Cookies
[F:494][D:4]-> C:\DOCUME~1\LILOU~1.LIL\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 22/03/2009| 9:32 - Option : [1]

--------------------\\ Fin du rapport a 9:32:42

Répondre à lilounet30

70 réponses 12 Suivant

Posez votre question Répondre