Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  PRODUITS


|||-  

Trojan persistant

 

21 utilisateurs inconnus
Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

Trojan persistant

Prévenir les modérateurs en cas d'abus 
lejorker
lejorker
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 29/12/2009 à 11:48:13  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour,
 j'ai un trojan détecté par Avast (et a squared free), mais les manips proposés (suppression), n'ont pas permis d'arrêter les symptomes, navigation lente sur explorer, plantage incessant. Les différentes recherches de virus ne donnent rien. Le trojan a disparu mais semble toujours actif...
 Je suis un peu novice, et c'est mon pc pro, donc les boules!!
 Quelqu'un peut-il me guider un instant, milles merci!
 Guillaume. :rale:

il fait froid ici......
  1. homepage
jeanmimigab
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 29/12/2009 à 12:19:20  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello:  lejorker

 commence par cela stp...

 [:puces:4] télécharges Malwarebytes >>ici
 [:puces:4] pour t'aider     un super tuto de bobette marlow à lire avant le scan.
 [:puces:4] choisis "exécuter un examen rapide" et à la fin du scan , coches tous les éléments trouvés,et cliques sur supprimer la sélection.
 [:puces:4] et ensuite postes moi le rapport stp.

 puis...

 télécharge la dernière version d'hijackthis,tuto et téléchargement sur ce lien

 exécute le suivant les instructions du tuto,à la fin du scan un rapport sera créer,enregistre le sur ton bureau pour le retrouver plus facilement et poste le dans ta prochaine réponse stp.

 :salut:


---------------
Notre ami
(Publicité)
lejorker
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 01/01/2010 à 16:11:36  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:salut:
 C de pire en pire. Malware ne s'exécute pas jusqu'à son terme sans un bon plantage systématique, comme si on voulait l'empêcher de finir et sauvegarder le rapport...
 Je vais voir ce que ça donne avec hijack.
 Merci, et bonne année!!

lejorker
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 01/01/2010 à 16:12:54  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 16:12:12, on 01/01/2010
 Platform: Windows XP SP3 (WinNT 5.01.2600)
 MSIE: Internet Explorer v8.00 (8.00.6001.18702)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\Program Files\Fingerprint Sensor\AtService.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 C:\Program Files\Alwil Software\Avast4\ashServ.exe
 C:\WINDOWS\system32\spoolsv.ex​e
 c:\drivers\audio\r205445\stacs​v.exe
 C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
 C:\WINDOWS\Explorer.EXE
 C:\Program Files\DellTPad\Apoint.exe
 C:\Program Files\IDT\WDM\sttray.exe
 C:\WINDOWS\system32\AESTFltr.e​xe
 C:\WINDOWS\system32\hkcmd.exe
 C:\WINDOWS\system32\igfxpers.e​xe
 C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
 C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint​.exe
 C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
 C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.​exe
 C:\WINDOWS\system32\igfxsrvc.e​xe
 C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
 C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatus​Service.exe
 C:\Program Files\DellTPad\ApMsgFwd.exe
 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
 C:\Program Files\Java\jre6\bin\jusched.ex​e
 C:\Program Files\HP\HP UT\bin\hppusg.exe
 C:\PROGRA~1\ALWILS~1\Avast4\as​hDisp.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Fichiers communs\InstallShield\UpdateSe​rvice\ISUSPM.exe
 C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 C:\PROGRA~1\MI3AA1~1\wcescomm.​exe
 C:\Program Files\DellTPad\HidFind.exe
 C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe
 C:\Program Files\DellTPad\Apntex.exe
 C:\PROGRA~1\MI3AA1~1\rapimgr.e​xe
 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
 C:\Program Files\a-squared Free\a2service.exe
 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
 C:\Program Files\Broadcom\MgmtAgent\BrcmM​gmtAgent.exe
 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 C:\Program Files\Java\jre6\bin\jqs.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
 c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
 C:\WINDOWS\system32\SearchInde​xer.exe
 C:\Program Files\Internet Explorer\iexplore.exe
 C:\Program Files\Internet Explorer\iexplore.exe
 C:\Program Files\Windows Live\Toolbar\wltuser.exe
 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 C:\WINDOWS\system32\wbem\wmiap​srv.exe
 C:\WINDOWS\Microsoft.NET\Frame​work\v3.0\Windows Communication Foundation\infocard.exe
 C:\WINDOWS\system32\SearchProt​ocolHost.exe
 C:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e

 R1 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://fr.yahoo.com/?fr=fp-yie8
 R1 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://www.live.com
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://fr.yahoo.com/?fr=fp-yie8
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Search_U​RL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Search,Default_Page_U​RL = http://g.uk.msn.com/USREL/7
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Local Page =
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Local Page =
 R1 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo!
 R1 - HKCU\Software\Microsoft\Window​s\CurrentVersion\Internet Settings,ProxyServer = :0
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - C:\Program Files\Yahoo!\Companion\Install​s\cpn\yt.dll
 R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2​B1E416D} - (no file)
 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695E​CA05670} - C:\Program Files\Yahoo!\Companion\Install​s\cpn\yt.dll
 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578​C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\​AcroIEHelperShim.dll
 O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988​571CECB} - (no file)
 O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80​E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
 O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3A​AC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
 O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-51647​60863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF105​77473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
 O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B​5AD205D} - C:\Program Files\Google\GoogleToolbarNoti​fier\5.4.4525.1752\swg.dll
 O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A03​0DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
 O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02​E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B​7C5AC242193BB3E.dll
 O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C​1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
 O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94E​C1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
 O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE​594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs​\ie\jqs_plugin.dll
 O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7A​C245081} - C:\Program Files\Yahoo!\Companion\Install​s\cpn\YTSingleInstance.dll
 O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D​3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - C:\Program Files\Yahoo!\Companion\Install​s\cpn\yt.dll
 O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A03​0DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
 O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-00902​7A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
 O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
 O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.​exe
 O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr​.exe /NoDlg
 O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.e​xe
 O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
 O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.e​xe
 O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
 O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint​.exe"
 O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
 O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
 O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.​exe
 O4 - HKLM\..\Run: [SecureUpgrade] "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe"
 O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe​"
 O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatus​Service.exe
 O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.ex​e"
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM​.exe"
 O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\as​hDisp.exe
 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateSe​rvice\ISUSPM.exe" -scheduler
 O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIV​ERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SAD.tmp" /EF "HKCU"
 O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe​"
 O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm​.exe"
 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
 O4 - Global Startup: Bluetooth.lnk = ?
 O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
 O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
 O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Off​ice12\EXCEL.EXE/3000
 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
 O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCD​DC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExten​sion.dll
 O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCD​DC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExten​sion.dll
 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04​FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.​dll
 O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04​FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.​dll
 O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04​FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.​dll
 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B0​3F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpd​ate.exe
 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C5​71A8263} - C:\PROGRA~1\MICROS~2\Office12\​REFIEBAR.DLL
 O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A25​5F085E1} - (no file)
 O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4​460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
 O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4​460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA​91D2FC3} (MUWebControl Class) - http://update.microsoft.com/mi [...] 6975523562
 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11​451AFC5} (OnlineScanner Control) - http://download.eset.com/speci [...] canner.cab
 O16 - DPF: {A2030DF6-FA3E-4308-8BA0-90171​83AE3FD} (IPLWebV3 Control) - http://61.49.1.101/gc2/weblib.cab
 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
 O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
 O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 O23 - Service: Broadcom Management Agent (BrcmMgmtAgent) - Broadcom Corporation - C:\Program Files\Broadcom\MgmtAgent\BrcmM​gmtAgent.exe
 O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
 O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
 O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
 O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe
 O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1​150\Intel 32\IDriverT.exe
 O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
 O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.e​xe
 O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
 O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r205445\stacs​v.exe
 O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
 O23 - Service: NTRU TSS v1.2.1.28 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
 O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

 --
 End of file - 15606 bytes

il fait froid ici......
  1. homepage
jeanmimigab
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 01/01/2010 à 23:50:57  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello:

 hummm, ça sent pas bon...

 fait cela stp...

 désactive ton Anti-virus le temps de faire ces manipulations.

 >>Télécharge Winsockxpfix sur ton bureau et passe à la suite.

 ==============================​==============================​============

 Télécharge Combofix sur ton Bureau (et pas ailleurs)en le renommant avant qu'il n'atterrisse sur ton bureau.
 pour cela fait un clic droit sur Combofix.exe ,choisie "enregistrer la cible du lien sous..." et renomme le en lejorker.exe  pour l'emplacement choisie ton bureau et clic sur "enregistrer"
 


 Double clique lejorker.exe(le fichier télécharger) et suis les instructions indiquées.
 Si combofix te demande l'autorisation d'installer la console de récupération, acceptes.
 Lorsque le scan sera complet, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
 NOTE : Le rapport se trouve également ici : C:\Combofix.txt

 [:fml:8] Note : Ne pas cliquer dans la fenêtre de Combofix durant l'analyse ; ceci provoquerait le gel du programme.



 ==============================​==============================​============

 si a tout hasard ta connexion internet n'est plus active après le redémarrage du pc fait cela pour la réparer...
 

 Fait un double clic sur l'icône  http://nsa05.casimages.com/img​/2009/02/17/090217091037421071​.png de WinsockXPFix.


 >>clique sur "Fix"  > et si ton pc ne redémarre pas,redémarre le manuellement.


---------------
Notre ami
(Publicité)
lejorker
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 02/01/2010 à 18:08:17  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello:
 Ci joint le rapport.
 Merci.
 ComboFix 10-01-01.05 - Guillaume Desbrosses 02/01/2010  17:53:10.1.2 - x86
 Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.200​3.1479 [GMT 1:00]
 Lancé depuis: c:\documents and settings\Guillaume Desbrosses\Bureau\lejorker.exe
 AV: avast! antivirus 4.8.1368 [VPS 100102-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293​FD8233D}
 .

 ((((((((((((((((((((((((((((((​((((((   Autres suppressions   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .

 C:\install.exe
 c:\windows\Downloaded Program Files\Install.inf
 c:\windows\EventSystem.log

 .
 original MBR restored successfully !
 .
 (((((((((((((((((((((((((((((   Fichiers créés du 2009-12-02 au 2010-01-02  ))))))))))))))))))))))))))))))​))))))
 .

 2010-01-02 16:33 . 2010-01-02 16:35 -------- d-----w- C:\lejorker
 2010-01-02 15:54 . 2010-01-02 15:54 -------- d-----w- c:\documents and settings\HelpAssistant\Applica​tion Data\Uniblue
 2010-01-02 15:53 . 2010-01-02 15:53 -------- d-----w- c:\documents and settings\HelpAssistant\Applica​tion Data\Malwarebytes
 2009-12-29 09:56 . 2009-12-29 09:56 -------- d-----w- c:\documents and settings\Guillaume Desbrosses\Application Data\Malwarebytes
 2009-12-29 09:56 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mb​amswissarmy.sys
 2009-12-29 09:56 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mb​am.sys
 2009-12-29 09:56 . 2009-12-29 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
 2009-12-29 09:55 . 2010-01-01 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
 2009-12-29 09:45 . 2009-12-29 09:45 -------- d-----w- c:\program files\Trend Micro
 2009-12-29 08:08 . 2009-12-29 08:08 -------- d-----w- c:\program files\ESET
 2009-12-29 07:53 . 2009-12-29 07:53 -------- d-----w- c:\documents and settings\Guillaume Desbrosses\Application Data\Uniblue
 2009-12-21 23:42 . 2009-12-22 17:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
 2009-12-21 23:42 . 2009-12-22 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
 2009-12-21 12:29 . 2009-12-21 12:29 -------- d-----w- c:\documents and settings\HelpAssistant\Applica​tion Data\Fighters
 2009-12-21 12:29 . 2009-12-21 12:29 -------- d-----w- c:\documents and settings\HelpAssistant\Applica​tion Data\Common Toolkit Suite
 2009-12-19 19:09 . 2009-12-19 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
 2009-12-19 19:08 . 2009-12-21 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\clp
 2009-12-19 19:07 . 2009-12-11 12:44 2969208 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SPYWAREfighter.e​xe
 2009-12-19 19:07 . 2009-12-22 17:17 -------- d-----w- c:\program files\Fighters
 2009-12-19 19:07 . 2009-12-22 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite
 2009-12-19 19:06 . 2009-12-11 12:44 774792 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\53462D78\3​C94288E\swpro.dll
 2009-12-19 19:06 . 2009-12-11 12:44 2330248 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\6904C2BB\3​C94288E\sfhtml.dll
 2009-12-19 19:06 . 2009-12-11 12:44 574088 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\2C0CE245\3​C94288E\swproTray.exe
 2009-12-19 19:06 . 2009-12-11 12:34 659456 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\9D95263A\B​0EB1015\QtNetwork4.dll
 2009-12-19 19:06 . 2009-12-11 12:34 344064 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\9D95263A\B​0EB1015\QtXml4.dll
 2009-12-19 19:06 . 2009-12-11 12:34 2121728 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\9D95263A\B​0EB1015\QtCore4.dll
 2009-12-19 19:06 . 2009-07-02 01:51 101888 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\mIDEFunc.d​ll\mEXEFunc.dll
 2009-12-19 19:06 . 2009-07-02 01:51 508416 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\mDown.dll\​mDownExec.dll
 2009-12-19 19:06 . 2009-12-11 12:44 463496 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Toolkit\25C348B6​\7973EFCA\FighterSuiteClient.d​ll
 2009-12-19 19:06 . 2009-12-11 12:44 676488 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Toolkit\1EE46BE9​\7973EFCA\FighterSuiteService.​exe
 2009-12-19 19:06 . 2009-12-11 12:44 225928 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Toolkit\6C72E19E​\7973EFCA\FighterLauncher.exe
 2009-12-17 19:52 . 2009-12-31 13:24 -------- d-----w- c:\program files\a-squared Free
 2009-12-17 19:45 . 2009-12-17 19:45 -------- d-----w- C:\found.000
 2009-12-16 11:07 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\as​wTdi.sys
 2009-12-16 11:07 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\as​wRdr.sys
 2009-12-16 11:07 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aa​vmker4.sys
 2009-12-16 11:07 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\as​wSP.sys
 2009-12-16 11:07 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\as​wFsBlk.sys
 2009-12-16 11:07 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.sc​r
 2009-12-16 11:07 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\as​wmon.sys
 2009-12-16 11:07 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\as​wmon2.sys
 2009-12-16 11:07 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.ex​e
 2009-12-16 11:07 . 2009-12-16 11:07 -------- d-----w- c:\program files\Alwil Software
 2009-12-15 16:13 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\a​clayers.dll
 2009-12-13 22:39 . 2009-12-13 22:39 -------- d-----w- c:\documents and settings\HelpAssistant\UserDat​a
 2009-12-13 22:39 . 2009-12-13 22:39 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
 2009-12-13 22:38 . 2009-12-13 22:38 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacI​E
 2009-12-10 18:39 . 2009-12-10 18:39 -------- d-----w- c:\program files\Microsoft ActiveSync
 2009-12-10 18:00 . 2009-12-10 18:00 -------- d-----w- c:\documents and settings\Guillaume Desbrosses\Local Settings\Application Data\HP
 2009-12-10 17:50 . 2009-12-10 17:53 -------- d-----w- c:\program files\Readiris Pro 11 HP
 2009-12-10 16:40 . 2009-12-10 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
 2009-12-10 16:39 . 2009-12-10 16:39 -------- d-----w- c:\program files\Fichiers communs\HP
 2009-12-10 16:39 . 2009-12-10 16:39 -------- d-----w- c:\program files\Hewlett-Packard
 2009-12-10 16:39 . 2009-12-10 16:39 -------- d-----w- c:\program files\Fichiers communs\Hewlett-Packard
 2009-12-10 16:37 . 2009-12-10 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
 2009-12-10 16:37 . 2008-01-16 17:45 241664 ----a-w- c:\windows\system32\Spool\prtp​rocs\w32x86\hpzpp5k4.DLL
 2009-12-10 16:37 . 2008-09-26 23:37 665 ----a-r- c:\windows\system32\hppapr11.d​at
 2009-12-10 16:37 . 2008-09-26 23:37 331776 ----a-r- c:\windows\system32\hppcpr11.d​ll
 2009-12-10 16:37 . 2007-07-16 14:29 59928 ----a-w- c:\windows\system32\fxcompchan​nel.dll
 2009-12-10 16:37 . 2008-09-26 23:37 188416 ----a-r- c:\windows\system32\hppcew11.d​ll
 2009-12-10 16:37 . 2007-07-16 21:29 26136 ----a-r- c:\windows\system32\drivers\hp​fxgen.sys
 2009-12-10 16:37 . 2007-07-16 21:29 17432 ----a-r- c:\windows\system32\drivers\hp​fxbulk.sys
 2009-12-10 16:37 . 2009-06-26 17:43 770048 ----a-r- c:\windows\system32\hpptsp04.d​ll
 2009-12-10 16:37 . 2008-09-26 23:37 450560 ----a-r- c:\windows\system32\hppasc11.d​ll
 2009-12-10 16:37 . 2007-10-24 19:18 729088 ----a-r- c:\windows\system32\hpxp1312.d​ll
 2009-12-10 16:34 . 2009-12-10 16:47 -------- d-----w- c:\program files\HP
 2009-12-10 16:29 . 2009-12-10 16:47 200610 ----a-w- c:\windows\hppins11.dat
 2009-12-10 16:29 . 2009-08-03 23:28 5707 ------w- c:\windows\hppmdl11.dat
 2009-12-10 16:11 . 2009-12-10 16:11 -------- d-----w- c:\program files\Fichiers communs\SWF Studio
 2009-12-07 21:01 . 2009-12-07 21:01 -------- d-----w- c:\documents and settings\Guillaume Desbrosses\Local Settings\Application Data\Pentax
 2009-12-07 19:57 . 2009-12-07 19:57 -------- d-----w- c:\program files\PENTAX

 .
 ((((((((((((((((((((((((((((((​((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 2010-01-02 17:01 . 2009-03-10 15:33 0 ----a-w- c:\documents and settings\Guillaume Desbrosses\Local Settings\Application Data\WavXMapDrive.bat
 2010-01-01 21:17 . 2009-03-12 21:35 -------- d-----w- c:\program files\PokerStars
 2009-12-29 09:37 . 2009-12-19 19:05 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}
 2009-12-29 08:25 . 2009-07-10 19:32 -------- d-----w- c:\program files\pdfforge Toolbar
 2009-12-22 14:31 . 2008-04-25 12:46 592276 ----a-w- c:\windows\system32\perfh00C.d​at
 2009-12-22 14:31 . 2008-04-25 12:46 118436 ----a-w- c:\windows\system32\perfc00C.d​at
 2009-12-10 19:57 . 2009-03-07 10:29 82128 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
 2009-12-10 18:45 . 2009-03-07 10:04 82128 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
 2009-12-09 13:20 . 2009-03-07 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
 2009-11-26 08:44 . 2009-05-24 19:34 -------- d-----w- c:\program files\Extron
 2009-11-25 15:35 . 2009-11-25 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Extron
 2009-11-21 15:58 . 2008-04-25 12:46 471552 ----a-w- c:\windows\AppPatch\aclayers.d​ll
 2009-11-18 23:07 . 2009-03-16 10:16 -------- d-----w- c:\program files\Fichiers communs\Adobe
 2009-10-29 07:42 . 2008-04-25 12:46 916480 ----a-w- c:\windows\system32\wininet.dl​l
 2009-10-28 14:17 . 2009-12-13 22:32 97280 ----a-w- c:\documents and settings\HelpAssistant\Applica​tion Data\SMART Technologies Inc\Bridgit\BridgitCrashReport​er.exe
 2009-10-28 14:17 . 2009-10-28 14:17 97280 ----a-w- c:\documents and settings\Guillaume Desbrosses\Application Data\SMART Technologies Inc\Bridgit\BridgitCrashReport​er.exe
 2009-10-21 05:39 . 2008-04-25 12:46 75776 ----a-w- c:\windows\system32\strmfilt.d​ll
 2009-10-21 05:39 . 2008-04-25 12:46 25088 ----a-w- c:\windows\system32\httpapi.dl​l
 2009-10-20 16:20 . 2008-04-13 11:53 265728 ----a-w- c:\windows\system32\drivers\ht​tp.sys
 2009-10-13 10:33 . 2008-04-25 12:46 271360 ----a-w- c:\windows\system32\oakley.dll
 2009-10-12 13:39 . 2008-04-25 12:46 79872 ----a-w- c:\windows\system32\raschap.dl​l
 2009-10-12 13:39 . 2008-04-25 12:46 150528 ----a-w- c:\windows\system32\rastls.dll
 2009-10-11 20:40 . 2009-12-13 22:32 826856 ----a-w- c:\documents and settings\HelpAssistant\Applica​tion Data\MSNInstaller\msnauins.exe
 2009-10-11 20:40 . 2009-10-11 20:40 826856 ----a-w- c:\documents and settings\Guillaume Desbrosses\Application Data\MSNInstaller\msnauins.exe
 2009-10-07 07:22 . 2009-12-13 22:32 152576 ----a-w- c:\documents and settings\HelpAssistant\Applica​tion Data\Sun\Java\jre1.6.0_15\lzma​.dll
 2009-10-07 07:22 . 2009-10-07 07:22 152576 ----a-w- c:\documents and settings\Guillaume Desbrosses\Application Data\Sun\Java\jre1.6.0_15\lzma​.dll
 .

 ------- Sigcheck -------

 [-] 2009-04-24 . D24EA301E2B36C4E975FD216CA85D8​E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\T​CPIP.SYS
 [-] 2009-04-24 . D24EA301E2B36C4E975FD216CA85D8​E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TC​PIP.SYS
 [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C​8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\S​P3QFE\tcpip.sys
 [7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F7​33 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB95174​8$\tcpip.sys
 .
 ((((((((((((((((((((((((((((((​(((   Points de chargement Reg   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 .
 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 REGEDIT4

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
 2009-06-25 13:06 688640 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\Toolbar]
 "{B922D405-6D13-4A2B-AE89-08A0​30DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-06-25 688640]

 [HKEY_CLASSES_ROOT\clsid\{b922d​405-6d13-4a2b-ae89-08a030da440​2}]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\explorer\shelliconoverlayiden​tifiers\EnabledUnlockedFDEIcon​Overlay]
 @="{30D3C2AF-9709-4D05-9CF4-13​335F3C1E4A}"
 [HKEY_CLASSES_ROOT\CLSID\{30D3C​2AF-9709-4D05-9CF4-13335F3C1E4​A}]
 2008-11-09 18:10 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\explorer\shelliconoverlayiden​tifiers\UninitializedFdeIconOv​erlay]
 @="{CF08DA3E-C97D-4891-A66B-E3​9B28DD270F}"
 [HKEY_CLASSES_ROOT\CLSID\{CF08D​A3E-C97D-4891-A66B-E39B28DD270​F}]
 2008-11-09 18:10 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateSe​rvice\ISUSPM.exe" [2006-09-11 218032]
 "swg"="c:\program files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe​" [2009-06-08 39408]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-10-28 200704]
 "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-01 483420]
 "AESTFltr"="c:\windows\system3​2\AESTFltr.exe" [2008-12-01 471040]
 "IgfxTray"="c:\windows\system3​2\igfxtray.exe" [2008-09-17 150040]
 "HotKeysCmds"="c:\windows\syst​em32\hkcmd.exe" [2008-09-17 178712]
 "Persistence"="c:\windows\syst​em32\igfxpers.exe" [2008-09-17 150040]
 "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
 "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint​.exe" [2008-08-18 598016]
 "DellConnectionManager"="c:\pr​ogram files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-10-01 1454080]
 "ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-09-24 184320]
 "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.​exe" [2008-09-26 145408]
 "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-11-10 656696]
 "EmbassySecurityCheck"="c:\pro​gram files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe​" [2008-11-10 91448]
 "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatus​Service.exe" [2009-01-16 24576]
 "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
 "SunJavaUpdateSched"="c:\progr​am files\Java\jre6\bin\jusched.ex​e" [2009-07-25 149280]
 "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
 "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM​.exe" [2009-09-04 935288]
 "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
 "avast!"="c:\progra~1\ALWILS~1​\Avast4\ashDisp.exe" [2009-11-24 81000]

 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\Run]
 "CTFMON.EXE"="c:\windows\syste​m32\CTFMON.EXE" [2008-04-14 15360]

 c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
 Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
 Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2008-11-11 950048]
 HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
 Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 [hkey_local_machine\software\mi​crosoft\windows\currentversion​\explorer\ShellExecuteHooks]
 "{56F9679E-7826-4C84-81F3-5320​71A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\control\lsa]
 Authentication Packages REG_MULTI_SZ    msv1_0 wvauth

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\Wdf01000.sys]
 @="Driver"

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\AuthorizedApplicati​ons\List]
 "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
 "%windir%\\system32\\sessmgr.e​xe"=
 "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
 "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
 "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.ex​e"=
 "c:\\Program Files\\Bose\\ControlSpace 2.0\\bin\\CSDesigner.exe"=
 "c:\\Program Files\\Bose\\ControlSpace 2.0\\bin\\CSupdate.exe"=
 "c:\\Program Files\\Bose\\ControlSpace 2.200\\bin\\CSDesigner.exe"=
 "c:\\Program Files\\Bose\\ControlSpace 2.200\\bin\\CSupdate.exe"=
 "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254​.2.0/255.255.255.0:Enabled:Act​iveSync RAPI Manager
 "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.25​4.2.0/255.255.255.0:Enabled:Ac​tiveSync Connection Manager
 "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254​.2.0/255.255.255.0:Enabled:Act​iveSync Application

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\GloballyOpenPorts\L​ist]
 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.​255.0:Enabled:ActiveSync Service
 "65533:TCP"= 65533:TCP:Services
 "52344:TCP"= 52344:TCP:Services
 "3246:TCP"= 3246:TCP:Services
 "2479:TCP"= 2479:TCP:Services
 "3389:TCP"= 3389:TCP:Remote Desktop
 "1850:TCP"= 1850:TCP:Services

 R1 aswSP;avast! Self Protection;c:\windows\system32​\drivers\aswSP.sys [16/12/2009 12:07 114768]
 R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [17/12/2009 20:52 1858144]
 R2 aswFsBlk;aswFsBlk;c:\windows\s​ystem32\drivers\aswFsBlk.sys [16/12/2009 12:07 20560]
 R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [27/06/2008 14:47 1664248]
 R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmM​gmtAgent.exe [01/07/2008 19:57 110592]
 R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [04/09/2008 18:28 406808]
 R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [11/11/2008 16:00 451872]
 R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [01/10/2008 05:28 90112]
 R3 AESTAud;AE Audio Service;c:\windows\system32\dr​ivers\AESTAud.sys [07/03/2009 18:29 112128]
 R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\dr​ivers\IntcHdmi.sys [07/03/2009 18:29 110080]
 S3 {0C0E3393-0359-4FA2-8CDE55C356​820623};{0C0E3393-0359-4FA2-8C​DE55C356820623};\??\c:\windows​\TEMP\51.tmp --> c:\windows\TEMP\51.tmp [?]
 S3 {DFB6EA6A-AB24-4112-98D9810195​EC5105};{DFB6EA6A-AB24-4112-98​D9810195EC5105};c:\windows\Sys​tem32\svchost.exe -k netsvcs [25/04/2008 13:46 14336]
 S3 AVFSFilter;AVFSFilter;c:\windo​ws\system32\DRIVERS\avfsfilter​.sys --> c:\windows\system32\DRIVERS\av​fsfilter.sys [?]
 S3 MBAMSwissArmy;MBAMSwissArmy;c:​\windows\system32\drivers\mbam​swissarmy.sys [29/12/2009 10:56 38224]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\svchost]
 HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
 hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
 2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dl​l
 .
 .
 ------- Examen supplémentaire -------
 .
 uStart Page = hxxp://fr.yahoo.com/?fr=fp-yie​8
 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\​EXCEL.EXE/3000
 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
 IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
 DPF: {A2030DF6-FA3E-4308-8BA0-90171​83AE3FD} - hxxp://61.49.1.101/gc2/weblib.​cab
 .

 ******************************​******************************​**************
 Recherche de processus cachés ...

 Recherche d'éléments en démarrage automatique cachés ...

 Recherche de fichiers cachés ...

 Scan terminé avec succès
 Fichiers cachés:

 ******************************​******************************​**************

 [HKEY_LOCAL_MACHINE\System\Cont​rolSet001\Services\{0C0E3393-0​359-4FA2-8CDE55C356820623}]
 "ImagePath"="\??\c:\windows\TE​MP\51.tmp"

 [HKEY_LOCAL_MACHINE\System\Cont​rolSet001\Services\{DFB6EA6A-A​B24-4112-98D9810195EC5105}]
 "ServiceDll"="c:\docume~1\GUIL​LA~1\LOCALS~1\Temp\4D.tmp"
 .
 --------------------- DLLs chargées dans les processus actifs ---------------------

 - - - - - - - > 'lsass.exe'(672)
 c:\windows\system32\wvauth.dll

 - - - - - - - > 'explorer.exe'(5416)
 c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
 c:\windows\system32\btmmhook.d​ll
 c:\program files\Windows Desktop Search\deskbar.dll
 c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui
 c:\program files\Windows Desktop Search\dbres.dll
 c:\program files\Windows Desktop Search\wordwheel.dll
 c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mu​i
 c:\program files\Windows Desktop Search\msnlExtRes.dll
 c:\windows\system32\eappprxy.d​ll
 c:\windows\system32\webcheck.d​ll
 c:\windows\system32\WPDShServi​ceObj.dll
 c:\windows\system32\btncopy.dl​l
 c:\program files\Roxio\Drag-to-Disc\Shell​ex.dll
 c:\program files\Fichiers communs\Roxio Shared\9.0\DLLShared\DLAAPI_W.​DLL
 c:\program files\Roxio\Drag-to-Disc\Shell​Res.dll
 c:\windows\system32\PortableDe​viceTypes.dll
 c:\windows\system32\PortableDe​viceApi.dll
 .
 ------------------------ Autres processus actifs ------------------------
 .
 c:\program files\Alwil Software\Avast4\aswUpdSv.exe
 c:\program files\Alwil Software\Avast4\ashServ.exe
 c:\drivers\audio\r205445\stacs​v.exe
 c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
 c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
 c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 c:\program files\Java\jre6\bin\jqs.exe
 c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
 c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.ex​e
 c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
 c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
 c:\windows\system32\SearchInde​xer.exe
 c:\windows\system32\igfxsrvc.e​xe
 c:\program files\DellTPad\ApMsgFwd.exe
 c:\program files\DellTPad\HidFind.exe
 c:\program files\DellTPad\Apntex.exe
 c:\progra~1\MI3AA1~1\wcescomm.​exe
 c:\progra~1\MI3AA1~1\rapimgr.e​xe
 c:\program files\Alwil Software\Avast4\ashMaiSv.exe
 c:\program files\Alwil Software\Avast4\ashWebSv.exe
 c:\windows\system32\wbem\wmiap​srv.exe
 .
 ******************************​******************************​**************
 .
 Heure de fin: 2010-01-02  18:05:26 - La machine a redémarré
 ComboFix-quarantined-files.txt  2010-01-02 17:05

 Avant-CF: 95 026 302 976 octets libres
 Après-CF: 95 912 427 520 octets libres

 - - End Of File - - E3F224DAE6A4E494B547C1B37D0CE6​29

lejorker
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 02/01/2010 à 18:26:06  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:ouch:
 Rapport malware, pour info...
 Merci de me tenir au jus.
 Milles merci, Guillaume lejorker!

 Malwarebytes' Anti-Malware 1.43
 Version de la base de données: 3479
 Windows 5.1.2600 Service Pack 3
 Internet Explorer 8.0.6001.18702

 02/01/2010 18:24:28
 mbam-log-2010-01-02 (18-24-28).txt

 Type de recherche: Examen rapide
 Eléments examinés: 176466
 Temps écoulé: 9 minute(s), 59 second(s)

 Processus mémoire infecté(s): 0
 Module(s) mémoire infecté(s): 0
 Clé(s) du Registre infectée(s): 0
 Valeur(s) du Registre infectée(s): 0
 Elément(s) de données du Registre infecté(s): 0
 Dossier(s) infecté(s): 0
 Fichier(s) infecté(s): 0

 Processus mémoire infecté(s):
 (Aucun élément nuisible détecté)

 Module(s) mémoire infecté(s):
 (Aucun élément nuisible détecté)

 Clé(s) du Registre infectée(s):
 (Aucun élément nuisible détecté)

 Valeur(s) du Registre infectée(s):
 (Aucun élément nuisible détecté)

 Elément(s) de données du Registre infecté(s):
 (Aucun élément nuisible détecté)

 Dossier(s) infecté(s):
 (Aucun élément nuisible détecté)

 Fichier(s) infecté(s):
 (Aucun élément nuisible détecté)

il fait froid ici......
  1. homepage
jeanmimigab
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 02/01/2010 à 18:53:52  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello:

 tu es toujours infectés  :/  

 j'analyse le rapport combofix et te donne la suite  ;)


---------------
Notre ami
(Publicité)
il fait froid ici......
  1. homepage
jeanmimigab
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 02/01/2010 à 19:22:17  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello:

 fait cela stp...

 > crées un nouveau document texte sur ton bureau
 > pour cela clic-droit sur le bureau  >  Nouveau  > document texte >  copies et colles le contenu de la citation ci-dessous à l'intérieur

 



 
 KillAll::

 Folder::
 c:\documents and settings\HelpAssistant\Applica​tion Data\Fighters
 c:\documents and settings\HelpAssistant\Applica​tion Data\Common Toolkit Suite
 c:\documents and settings\All Users\Application Data\Fighters
 c:\documents and settings\All Users\Application Data\clp
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SPYWAREfighter.e​xe
 c:\program files\Fighters
 c:\documents and settings\All Users\Application Data\Common Toolkit Suite

 FCOPY::
 c:\windows\$hf_mig$\KB951748\S​P3QFE\tcpip.sys | c:\windows\system32\dllcache\T​CPIP.SYS
 c:\windows\$hf_mig$\KB951748\S​P3QFE\tcpip.sys | c:\windows\system32\drivers\TC​PIP.SYS

 Registry::
 [-HKEY_LOCAL_MACHINE\System\Con​trolSet001\Services\{0C0E3393-​0359-4FA2-8CDE55C356820623}]
 [-HKEY_LOCAL_MACHINE\System\Con​trolSet001\Services\{DFB6EA6A-​AB24-4112-98D9810195EC5105}]
 




 Respectes à la lettre la procédure d'enregistrement suivante,c'est très important

 > ensuite cliques sur "fichier" > "enregistrer sous..."
 > dans la fenêtre d'enregistrement choisis le bureau comme destination > dans type choisis "tous les fichiers" > et dans nom du fichier tape CFScript.txt  > ensuite cliques sur enregistrer et fermes le document texte.

 > fais un glisser/déposer(clic-gauche enfoncé sur CFScrit.txt et tu fais glisser) de ce fichier CFScript.txt sur le fichier ComboFix.exe(dans ton cas c'est "lejorker.exe" ) comme sur cette capture.

 http://jeanmimigab.perso.neuf.​fr/images/CFScript.gif

 > une fenêtre bleue va apparaître >>suis les instructions
 > patientes le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
 >  ne touches à rien tant que le scan n'est pas terminé  
 >  une fois le scan achevé, un rapport va s'afficher,postes son contenu dans ta prochaine réponse.
 >  si le rapport ne s'ouvre pas, il se trouve à cet emplacement C:\ComboFix.txt


 :salut:


---------------
Notre ami
lejorker
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 02/01/2010 à 19:44:44  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:bounce:
 Je pense que ça va mieux.
 Comment te remercier?
 Je surveillerai.
 A plus.

lejorker
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 02/01/2010 à 20:05:18  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut,
 j'ai fait la manip.
 Merci. :fume:
 ComboFix 10-01-01.05 - Guillaume Desbrosses 02/01/2010  19:49:58.2.2 - x86
 Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.200​3.1365 [GMT 1:00]
 Lancé depuis: c:\documents and settings\Guillaume Desbrosses\Bureau\lejorker.exe
 Commutateurs utilisés :: c:\documents and settings\Guillaume Desbrosses\Bureau\CFScript.txt​.txt
 AV: avast! antivirus 4.8.1368 [VPS 100102-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293​FD8233D}
 .

 ((((((((((((((((((((((((((((((​((((((   Autres suppressions   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .

 c:\documents and settings\All Users\Application Data\clp
 c:\documents and settings\All Users\Application Data\clp\clp.cid
 c:\documents and settings\All Users\Application Data\clp\PV03_AVP-001.lic
 c:\documents and settings\All Users\Application Data\Common Toolkit Suite
 c:\documents and settings\All Users\Application Data\Common Toolkit Suite\AVEngine\data
 c:\documents and settings\All Users\Application Data\Common Toolkit Suite\AVEngine\Logs\scan-2009-​12-20.1.log
 c:\documents and settings\All Users\Application Data\Common Toolkit Suite\AVEngine\Logs\scan-2009-​12-20.log
 c:\documents and settings\All Users\Application Data\Common Toolkit Suite\AVEngine\Logs\scan-2009-​12-21.1.log
 c:\documents and settings\All Users\Application Data\Common Toolkit Suite\AVEngine\Logs\scan-2009-​12-21.log
 c:\documents and settings\All Users\Application Data\Common Toolkit Suite\AVEngine\Logs\scan-2009-​12-22.1.log
 c:\documents and settings\All Users\Application Data\Common Toolkit Suite\AVEngine\Logs\scan-2009-​12-22.log
 c:\documents and settings\All Users\Application Data\Common Toolkit Suite\AVEngine\Logs\ScanServic​e.1.log
 c:\documents and settings\All Users\Application Data\Common Toolkit Suite\AVEngine\Logs\ScanServic​e.log
 c:\documents and settings\All Users\Application Data\Fighters
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_19_09_20​_27_23.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_20_09_13​_20_19.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_20_09_13​_26_38.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_20_09_14​_07_08.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_20_09_17​_52_50.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_20_09_20​_31_30.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_21_09_11​_09_36.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_21_09_11​_22_06.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_21_09_11​_56_05.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_21_09_11​_56_52.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_21_09_12​_04_53.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_21_09_14​_03_00.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_21_09_14​_43_49.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_21_09_15​_02_53.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_21_09_20​_26_12.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_21_09_21​_35_21.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_22_09_00​_37_07.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_22_09_10​_02_33.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_22_09_10​_51_48.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_22_09_15​_32_10.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_22_09_17​_37_47.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_22_09_17​_56_36.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_22_09_18​_52_30.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_22_09_19​_40_57.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_23_09_00​_38_34.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_23_09_01​_32_01.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_23_09_13​_13_57.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_23_09_14​_08_59.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_24_09_10​_17_15.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_26_09_15​_14_42.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_26_09_22​_42_29.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_28_09_01​_02_17.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_28_09_12​_21_08.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_29_09_09​_00_04.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_30_09_00​_21_14.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_December_31_09_13​_12_08.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_January_01_10_15_​25_38.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_January_01_10_16_​25_55.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\Backup_January_02_10_18_​35_43.reg
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05.bak
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\0002.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\01.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\02.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\03.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\04.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\1424_03_15sec_03.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\3.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\4.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\5960_142750819065_76140​9065_3351218_4768099_n.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\bigtits-hardcore-movie-​04.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\Bonsoir princesse.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\BOSCH_CCS800UltroSyst_C​atalog_CCS800Ultro_frFR_T44975​40875.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\clip01.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\clip02.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\clip03.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\clip04.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\compte_du_01_07.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\Facture_about_10M9.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\nn.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\pornstarxs_4861-2-3.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\Salut Bella.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\sexyemp82sample_1.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\sexyemp82sample_3.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\SMTrace.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\Votre transaction.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\vv.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\www.assholesurfers.com_​sample3.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_21_09_11​_56_05\ztod-whos-your-daddy-8-​12.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_23_09_01​_32_01.bak
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_23_09_01​_32_01\steph.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_26_09_22​_42_29.bak
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_26_09_22​_42_29\1yV5L2K3zBL3H1B.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_26_09_22​_42_29\a2scan_091217-205556.ln​k
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\B​ackup\SPfBak_December_26_09_22​_42_29\hs_err_pid5104.lnk
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_01_01_2010_15_20_48_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_01_01_2010_16_24_15_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_01_02_2010_18_34_38_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_19_2009_20_09_28_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_20_2009_02_00_01_A​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_20_2009_13_09_48_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_20_2009_13_21_30_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_20_2009_13_53_42_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_20_2009_17_12_17_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_20_2009_17_45_56_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_20_2009_20_25_22_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_21_2009_10_56_10_A​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_21_2009_11_16_53_A​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_21_2009_11_50_41_A​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_21_2009_11_56_14_A​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_21_2009_12_00_02_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_21_2009_13_28_56_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_21_2009_13_54_07_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_21_2009_14_34_25_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_21_2009_14_53_08_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_21_2009_15_00_35_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_21_2009_17_06_06_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_21_2009_20_03_02_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_21_2009_21_25_05_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_22_2009_00_34_31_A​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_22_2009_00_46_36_A​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_22_2009_01_34_58_A​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_22_2009_09_58_55_A​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_22_2009_10_48_11_A​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_22_2009_13_17_15_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_22_2009_15_26_44_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_22_2009_17_34_12_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_22_2009_17_49_21_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_22_2009_18_01_23_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_22_2009_18_09_36_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_22_2009_18_51_31_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_22_2009_19_39_58_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_23_2009_00_36_19_A​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_23_2009_01_31_02_A​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_23_2009_13_12_53_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_23_2009_14_07_53_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_24_2009_10_12_02_A​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_26_2009_15_13_18_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_26_2009_22_41_09_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_28_2009_01_00_56_A​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_28_2009_12_17_24_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_29_2009_08_58_12_A​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_30_2009_00_19_26_A​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\L​OGS\LOGS_12_31_2009_13_04_02_P​M.log
 c:\documents and settings\All Users\Application Data\Fighters\SLOW-PCfighter\T​ipofDay_FR.xml
 c:\documents and settings\HelpAssistant\Applica​tion Data\Common Toolkit Suite
 c:\documents and settings\HelpAssistant\Applica​tion Data\Common Toolkit Suite\CommonToolkitSuiteClient​.log.txt
 c:\documents and settings\HelpAssistant\Applica​tion Data\Common Toolkit Suite\FighterLauncher.log.txt
 c:\documents and settings\HelpAssistant\Applica​tion Data\Common Toolkit Suite\FighterSuiteClient.log.t​xt
 c:\documents and settings\HelpAssistant\Applica​tion Data\Fighters
 c:\documents and settings\HelpAssistant\Applica​tion Data\Fighters\SWPRO\FighterSui​teCfg.xml
 c:\documents and settings\HelpAssistant\Applica​tion Data\Fighters\SWPRO\Installer.​log.txt
 c:\documents and settings\HelpAssistant\Applica​tion Data\Fighters\SWPRO\SPYWAREfig​hter.log.txt
 c:\documents and settings\HelpAssistant\Applica​tion Data\Fighters\SWPRO\Tray.log.t​xt
 c:\program files\Fighters
 c:\program files\Fighters\SLOW-PCfighter\​CommonToolkitSuite.cts
 c:\program files\Fighters\SLOW-PCfighter\​CommonToolkitSuiteLight.dll
 c:\program files\Fighters\SLOW-PCfighter\​Languages\language_BG.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\Language_CS.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\Language_DA.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\Language_DE.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\Language_EL.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\language_EN-US.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\Language_EN.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\Language_ES.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\Language_FI.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\Language_FR.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\Language_HU.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\Language_IT.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\language_JA.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\Language_NL.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\Language_NO.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\Language_PL.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\Language_PT.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\Language_RU.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\Language_SV.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\Language_TH.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\language_TR.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\Language_TW.xml
 c:\program files\Fighters\SLOW-PCfighter\​Languages\Language_ZH.xml
 c:\program files\Fighters\SLOW-PCfighter\​SLOW-PCfighter.exe
 c:\program files\Fighters\SLOW-PCfighter\​Uninstall.exe
 c:\program files\Fighters\SLOW-PCfighter\​UpDates.exe

 .
 --------------- FCopy ---------------

 c:\windows\$hf_mig$\KB951748\S​P3QFE\tcpip.sys --> c:\windows\system32\dllcache\T​CPIP.SYS
 c:\windows\$hf_mig$\KB951748\S​P3QFE\tcpip.sys --> c:\windows\system32\drivers\TC​PIP.SYS
 .
 (((((((((((((((((((((((((((((   Fichiers créés du 2009-12-02 au 2010-01-02  ))))))))))))))))))))))))))))))​))))))
 .

 2010-01-02 16:49 . 2010-01-02 17:05 -------- d-----w- C:\lejorker17667l
 2010-01-02 16:33 . 2010-01-02 16:35 -------- d-----w- C:\lejorker
 2010-01-02 15:54 . 2010-01-02 15:54 -------- d-----w- c:\documents and settings\HelpAssistant\Applica​tion Data\Uniblue
 2010-01-02 15:53 . 2010-01-02 15:53 -------- d-----w- c:\documents and settings\HelpAssistant\Applica​tion Data\Malwarebytes
 2009-12-29 09:56 . 2009-12-29 09:56 -------- d-----w- c:\documents and settings\Guillaume Desbrosses\Application Data\Malwarebytes
 2009-12-29 09:56 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mb​amswissarmy.sys
 2009-12-29 09:56 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mb​am.sys
 2009-12-29 09:56 . 2009-12-29 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
 2009-12-29 09:55 . 2010-01-01 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
 2009-12-29 09:45 . 2009-12-29 09:45 -------- d-----w- c:\program files\Trend Micro
 2009-12-29 08:08 . 2009-12-29 08:08 -------- d-----w- c:\program files\ESET
 2009-12-29 07:53 . 2009-12-29 07:53 -------- d-----w- c:\documents and settings\Guillaume Desbrosses\Application Data\Uniblue
 2009-12-21 23:42 . 2009-12-22 17:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
 2009-12-21 23:42 . 2009-12-22 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
 2009-12-19 19:07 . 2009-12-11 12:44 2969208 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SPYWAREfighter.e​xe
 2009-12-19 19:06 . 2009-12-11 12:44 774792 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\53462D78\3​C94288E\swpro.dll
 2009-12-19 19:06 . 2009-12-11 12:44 2330248 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\6904C2BB\3​C94288E\sfhtml.dll
 2009-12-19 19:06 . 2009-12-11 12:44 574088 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\2C0CE245\3​C94288E\swproTray.exe
 2009-12-19 19:06 . 2009-12-11 12:34 659456 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\9D95263A\B​0EB1015\QtNetwork4.dll
 2009-12-19 19:06 . 2009-12-11 12:34 344064 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\9D95263A\B​0EB1015\QtXml4.dll
 2009-12-19 19:06 . 2009-12-11 12:34 2121728 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\9D95263A\B​0EB1015\QtCore4.dll
 2009-12-19 19:06 . 2009-07-02 01:51 101888 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\mIDEFunc.d​ll\mEXEFunc.dll
 2009-12-19 19:06 . 2009-07-02 01:51 508416 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\mDown.dll\​mDownExec.dll
 2009-12-19 19:06 . 2009-12-11 12:44 463496 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Toolkit\25C348B6​\7973EFCA\FighterSuiteClient.d​ll
 2009-12-19 19:06 . 2009-12-11 12:44 676488 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Toolkit\1EE46BE9​\7973EFCA\FighterSuiteService.​exe
 2009-12-19 19:06 . 2009-12-11 12:44 225928 -c--a-w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Toolkit\6C72E19E​\7973EFCA\FighterLauncher.exe
 2009-12-17 19:52 . 2010-01-02 17:43 -------- d-----w- c:\program files\a-squared Free
 2009-12-17 19:45 . 2009-12-17 19:45 -------- d-----w- C:\found.000
 2009-12-16 11:07 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\as​wTdi.sys
 2009-12-16 11:07 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\as​wRdr.sys
 2009-12-16 11:07 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aa​vmker4.sys
 2009-12-16 11:07 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\as​wSP.sys
 2009-12-16 11:07 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\as​wFsBlk.sys
 2009-12-16 11:07 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.sc​r
 2009-12-16 11:07 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\as​wmon.sys
 2009-12-16 11:07 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\as​wmon2.sys
 2009-12-16 11:07 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.ex​e
 2009-12-16 11:07 . 2009-12-16 11:07 -------- d-----w- c:\program files\Alwil Software
 2009-12-15 16:13 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\a​clayers.dll
 2009-12-13 22:39 . 2009-12-13 22:39 -------- d-----w- c:\documents and settings\HelpAssistant\UserDat​a
 2009-12-13 22:39 . 2009-12-13 22:39 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
 2009-12-13 22:38 . 2009-12-13 22:38 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacI​E
 2009-12-10 18:39 . 2009-12-10 18:39 -------- d-----w- c:\program files\Microsoft ActiveSync
 2009-12-10 18:00 . 2009-12-10 18:00 -------- d-----w- c:\documents and settings\Guillaume Desbrosses\Local Settings\Application Data\HP
 2009-12-10 17:50 . 2009-12-10 17:53 -------- d-----w- c:\program files\Readiris Pro 11 HP
 2009-12-10 16:40 . 2009-12-10 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
 2009-12-10 16:39 . 2009-12-10 16:39 -------- d-----w- c:\program files\Fichiers communs\HP
 2009-12-10 16:39 . 2009-12-10 16:39 -------- d-----w- c:\program files\Hewlett-Packard
 2009-12-10 16:39 . 2009-12-10 16:39 -------- d-----w- c:\program files\Fichiers communs\Hewlett-Packard
 2009-12-10 16:37 . 2009-12-10 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
 2009-12-10 16:37 . 2008-01-16 17:45 241664 ----a-w- c:\windows\system32\Spool\prtp​rocs\w32x86\hpzpp5k4.DLL
 2009-12-10 16:37 . 2008-09-26 23:37 665 ----a-r- c:\windows\system32\hppapr11.d​at
 2009-12-10 16:37 . 2008-09-26 23:37 331776 ----a-r- c:\windows\system32\hppcpr11.d​ll
 2009-12-10 16:37 . 2007-07-16 14:29 59928 ----a-w- c:\windows\system32\fxcompchan​nel.dll
 2009-12-10 16:37 . 2008-09-26 23:37 188416 ----a-r- c:\windows\system32\hppcew11.d​ll
 2009-12-10 16:37 . 2007-07-16 21:29 26136 ----a-r- c:\windows\system32\drivers\hp​fxgen.sys
 2009-12-10 16:37 . 2007-07-16 21:29 17432 ----a-r- c:\windows\system32\drivers\hp​fxbulk.sys
 2009-12-10 16:37 . 2009-06-26 17:43 770048 ----a-r- c:\windows\system32\hpptsp04.d​ll
 2009-12-10 16:37 . 2008-09-26 23:37 450560 ----a-r- c:\windows\system32\hppasc11.d​ll
 2009-12-10 16:37 . 2007-10-24 19:18 729088 ----a-r- c:\windows\system32\hpxp1312.d​ll
 2009-12-10 16:34 . 2009-12-10 16:47 -------- d-----w- c:\program files\HP
 2009-12-10 16:29 . 2009-12-10 16:47 200610 ----a-w- c:\windows\hppins11.dat
 2009-12-10 16:29 . 2009-08-03 23:28 5707 ------w- c:\windows\hppmdl11.dat
 2009-12-10 16:11 . 2009-12-10 16:11 -------- d-----w- c:\program files\Fichiers communs\SWF Studio
 2009-12-07 21:01 . 2009-12-07 21:01 -------- d-----w- c:\documents and settings\Guillaume Desbrosses\Local Settings\Application Data\Pentax
 2009-12-07 19:57 . 2009-12-07 19:57 -------- d-----w- c:\program files\PENTAX

 .
 ((((((((((((((((((((((((((((((​((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 2010-01-02 18:56 . 2009-03-10 15:33 0 ----a-w- c:\documents and settings\Guillaume Desbrosses\Local Settings\Application Data\WavXMapDrive.bat
 2010-01-02 17:29 . 2009-03-12 21:35 -------- d-----w- c:\program files\PokerStars
 2009-12-29 09:37 . 2009-12-19 19:05 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}
 2009-12-29 08:25 . 2009-07-10 19:32 -------- d-----w- c:\program files\pdfforge Toolbar
 2009-12-22 14:31 . 2008-04-25 12:46 592276 ----a-w- c:\windows\system32\perfh00C.d​at
 2009-12-22 14:31 . 2008-04-25 12:46 118436 ----a-w- c:\windows\system32\perfc00C.d​at
 2009-12-10 19:57 . 2009-03-07 10:29 82128 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
 2009-12-10 18:45 . 2009-03-07 10:04 82128 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
 2009-12-09 13:20 . 2009-03-07 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
 2009-11-26 08:44 . 2009-05-24 19:34 -------- d-----w- c:\program files\Extron
 2009-11-25 15:35 . 2009-11-25 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Extron
 2009-11-21 15:58 . 2008-04-25 12:46 471552 ----a-w- c:\windows\AppPatch\aclayers.d​ll
 2009-11-18 23:07 . 2009-03-16 10:16 -------- d-----w- c:\program files\Fichiers communs\Adobe
 2009-10-29 07:42 . 2008-04-25 12:46 916480 ------w- c:\windows\system32\wininet.dl​l
 2009-10-28 14:17 . 2009-12-13 22:32 97280 ----a-w- c:\documents and settings\HelpAssistant\Applica​tion Data\SMART Technologies Inc\Bridgit\BridgitCrashReport​er.exe
 2009-10-28 14:17 . 2009-10-28 14:17 97280 ----a-w- c:\documents and settings\Guillaume Desbrosses\Application Data\SMART Technologies Inc\Bridgit\BridgitCrashReport​er.exe
 2009-10-21 05:39 . 2008-04-25 12:46 75776 ----a-w- c:\windows\system32\strmfilt.d​ll
 2009-10-21 05:39 . 2008-04-25 12:46 25088 ----a-w- c:\windows\system32\httpapi.dl​l
 2009-10-20 16:20 . 2008-04-13 11:53 265728 ----a-w- c:\windows\system32\drivers\ht​tp.sys
 2009-10-13 10:33 . 2008-04-25 12:46 271360 ----a-w- c:\windows\system32\oakley.dll
 2009-10-12 13:39 . 2008-04-25 12:46 79872 ----a-w- c:\windows\system32\raschap.dl​l
 2009-10-12 13:39 . 2008-04-25 12:46 150528 ----a-w- c:\windows\system32\rastls.dll
 2009-10-11 20:40 . 2009-12-13 22:32 826856 ----a-w- c:\documents and settings\HelpAssistant\Applica​tion Data\MSNInstaller\msnauins.exe
 2009-10-11 20:40 . 2009-10-11 20:40 826856 ----a-w- c:\documents and settings\Guillaume Desbrosses\Application Data\MSNInstaller\msnauins.exe
 2009-10-07 07:22 . 2009-12-13 22:32 152576 ----a-w- c:\documents and settings\HelpAssistant\Applica​tion Data\Sun\Java\jre1.6.0_15\lzma​.dll
 2009-10-07 07:22 . 2009-10-07 07:22 152576 ----a-w- c:\documents and settings\Guillaume Desbrosses\Application Data\Sun\Java\jre1.6.0_15\lzma​.dll
 .

 ((((((((((((((((((((((((((((((​(((   Points de chargement Reg   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 .
 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 REGEDIT4

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
 2009-06-25 13:06 688640 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\Toolbar]
 "{B922D405-6D13-4A2B-AE89-08A0​30DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-06-25 688640]

 [HKEY_CLASSES_ROOT\clsid\{b922d​405-6d13-4a2b-ae89-08a030da440​2}]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\explorer\shelliconoverlayiden​tifiers\EnabledUnlockedFDEIcon​Overlay]
 @="{30D3C2AF-9709-4D05-9CF4-13​335F3C1E4A}"
 [HKEY_CLASSES_ROOT\CLSID\{30D3C​2AF-9709-4D05-9CF4-13335F3C1E4​A}]
 2008-11-09 18:10 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\explorer\shelliconoverlayiden​tifiers\UninitializedFdeIconOv​erlay]
 @="{CF08DA3E-C97D-4891-A66B-E3​9B28DD270F}"
 [HKEY_CLASSES_ROOT\CLSID\{CF08D​A3E-C97D-4891-A66B-E39B28DD270​F}]
 2008-11-09 18:10 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateSe​rvice\ISUSPM.exe" [2006-09-11 218032]
 "swg"="c:\program files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe​" [2009-06-08 39408]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-10-28 200704]
 "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-01 483420]
 "AESTFltr"="c:\windows\system3​2\AESTFltr.exe" [2008-12-01 471040]
 "IgfxTray"="c:\windows\system3​2\igfxtray.exe" [2008-09-17 150040]
 "HotKeysCmds"="c:\windows\syst​em32\hkcmd.exe" [2008-09-17 178712]
 "Persistence"="c:\windows\syst​em32\igfxpers.exe" [2008-09-17 150040]
 "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
 "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint​.exe" [2008-08-18 598016]
 "DellConnectionManager"="c:\pr​ogram files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-10-01 1454080]
 "ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-09-24 184320]
 "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.​exe" [2008-09-26 145408]
 "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-11-10 656696]
 "EmbassySecurityCheck"="c:\pro​gram files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe​" [2008-11-10 91448]
 "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatus​Service.exe" [2009-01-16 24576]
 "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
 "SunJavaUpdateSched"="c:\progr​am files\Java\jre6\bin\jusched.ex​e" [2009-07-25 149280]
 "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
 "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM​.exe" [2009-09-04 935288]
 "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
 "avast!"="c:\progra~1\ALWILS~1​\Avast4\ashDisp.exe" [2009-11-24 81000]

 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\Run]
 "CTFMON.EXE"="c:\windows\syste​m32\CTFMON.EXE" [2008-04-14 15360]

 c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
 Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
 Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2008-11-11 950048]
 HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
 Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 [hkey_local_machine\software\mi​crosoft\windows\currentversion​\explorer\ShellExecuteHooks]
 "{56F9679E-7826-4C84-81F3-5320​71A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\control\lsa]
 Authentication Packages REG_MULTI_SZ    msv1_0 wvauth

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\Wdf01000.sys]
 @="Driver"

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\AuthorizedApplicati​ons\List]
 "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
 "%windir%\\system32\\sessmgr.e​xe"=
 "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
 "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
 "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.ex​e"=
 "c:\\Program Files\\Bose\\ControlSpace 2.0\\bin\\CSDesigner.exe"=
 "c:\\Program Files\\Bose\\ControlSpace 2.0\\bin\\CSupdate.exe"=
 "c:\\Program Files\\Bose\\ControlSpace 2.200\\bin\\CSDesigner.exe"=
 "c:\\Program Files\\Bose\\ControlSpace 2.200\\bin\\CSupdate.exe"=
 "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254​.2.0/255.255.255.0:Enabled:Act​iveSync RAPI Manager
 "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.25​4.2.0/255.255.255.0:Enabled:Ac​tiveSync Connection Manager
 "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254​.2.0/255.255.255.0:Enabled:Act​iveSync Application

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\GloballyOpenPorts\L​ist]
 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.​255.0:Enabled:ActiveSync Service
 "65533:TCP"= 65533:TCP:Services
 "52344:TCP"= 52344:TCP:Services
 "3246:TCP"= 3246:TCP:Services
 "2479:TCP"= 2479:TCP:Services
 "3389:TCP"= 3389:TCP:Remote Desktop
 "1850:TCP"= 1850:TCP:Services

 R1 aswSP;avast! Self Protection;c:\windows\system32​\drivers\aswSP.sys [16/12/2009 12:07 114768]
 R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [17/12/2009 20:52 1858144]
 R2 aswFsBlk;aswFsBlk;c:\windows\s​ystem32\drivers\aswFsBlk.sys [16/12/2009 12:07 20560]
 R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [27/06/2008 14:47 1664248]
 R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmM​gmtAgent.exe [01/07/2008 19:57 110592]
 R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [04/09/2008 18:28 406808]
 R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [11/11/2008 16:00 451872]
 R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [01/10/2008 05:28 90112]
 R3 AESTAud;AE Audio Service;c:\windows\system32\dr​ivers\AESTAud.sys [07/03/2009 18:29 112128]
 R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\dr​ivers\IntcHdmi.sys [07/03/2009 18:29 110080]
 S3 AVFSFilter;AVFSFilter;c:\windo​ws\system32\DRIVERS\avfsfilter​.sys --> c:\windows\system32\DRIVERS\av​fsfilter.sys [?]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\svchost]
 HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
 hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
 2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dl​l
 .
 .
 ------- Examen supplémentaire -------
 .
 uStart Page = hxxp://fr.yahoo.com/?fr=fp-yie​8
 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\​EXCEL.EXE/3000
 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
 IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
 DPF: {A2030DF6-FA3E-4308-8BA0-90171​83AE3FD} - hxxp://61.49.1.101/gc2/weblib.​cab
 .
 - - - - ORPHELINS SUPPRIMES - - - -

 AddRemove-SLOW-PCfighter - c:\program files\Fighters\SLOW-PCfighter\​Uninstall.exe



 ******************************​******************************​**************

 catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2010-01-02 19:57
 Windows 5.1.2600 Service Pack 3 NTFS

 Recherche de processus cachés ...

 Recherche d'éléments en démarrage automatique cachés ...

 Recherche de fichiers cachés ...

 Scan terminé avec succès
 Fichiers cachés: 0

 ******************************​******************************​**************
 .
 --------------------- DLLs chargées dans les processus actifs ---------------------

 - - - - - - - > 'lsass.exe'(672)
 c:\windows\system32\wvauth.dll

 - - - - - - - > 'explorer.exe'(524)
 c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
 c:\windows\system32\btmmhook.d​ll
 c:\program files\Windows Desktop Search\deskbar.dll
 c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui
 c:\program files\Windows Desktop Search\dbres.dll
 c:\program files\Windows Desktop Search\wordwheel.dll
 c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mu​i
 c:\program files\Windows Desktop Search\msnlExtRes.dll
 c:\windows\system32\eappprxy.d​ll
 c:\windows\system32\webcheck.d​ll
 c:\windows\system32\WPDShServi​ceObj.dll
 c:\windows\system32\btncopy.dl​l
 c:\program files\Roxio\Drag-to-Disc\Shell​ex.dll
 c:\program files\Fichiers communs\Roxio Shared\9.0\DLLShared\DLAAPI_W.​DLL
 c:\program files\Roxio\Drag-to-Disc\Shell​Res.dll
 c:\windows\system32\PortableDe​viceTypes.dll
 c:\windows\system32\PortableDe​viceApi.dll
 .
 ------------------------ Autres processus actifs ------------------------
 .
 c:\program files\Alwil Software\Avast4\aswUpdSv.exe
 c:\program files\Alwil Software\Avast4\ashServ.exe
 c:\drivers\audio\r205445\stacs​v.exe
 c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
 c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
 c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 c:\program files\Java\jre6\bin\jqs.exe
 c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
 c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.ex​e
 c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
 c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
 c:\windows\system32\SearchInde​xer.exe
 c:\windows\system32\igfxsrvc.e​xe
 c:\program files\DellTPad\ApMsgFwd.exe
 c:\program files\DellTPad\HidFind.exe
 c:\program files\DellTPad\Apntex.exe
 c:\progra~1\MI3AA1~1\wcescomm.​exe
 c:\progra~1\MI3AA1~1\rapimgr.e​xe
 c:\program files\Alwil Software\Avast4\ashMaiSv.exe
 c:\program files\Alwil Software\Avast4\ashWebSv.exe
 c:\windows\system32\wbem\wmiap​srv.exe
 .
 ******************************​******************************​**************
 .
 Heure de fin: 2010-01-02  20:00:41 - La machine a redémarré
 ComboFix-quarantined-files.txt  2010-01-02 19:00
 ComboFix2.txt  2010-01-02 17:05

 Avant-CF: 95 814 451 200 octets libres
 Après-CF: 95 769 337 856 octets libres

 - - End Of File - - 8D36A2CC45E43AB77706F5C19F902B​23

(Publicité)
il fait froid ici......
  1. homepage
jeanmimigab
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 02/01/2010 à 20:43:35  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello:

 il en reste encore... :whistle:

 > crées un nouveau document texte sur ton bureau
 > pour cela clic-droit sur le bureau  >  Nouveau  > document texte >  copies et colles le contenu de la citation ci-dessous à l'intérieur

 



 
 KillAll::
 
 Folder::
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}

 




 Respectes à la lettre la procédure d'enregistrement suivante,c'est très important

 > ensuite cliques sur "fichier" > "enregistrer sous..."
 > dans la fenêtre d'enregistrement choisis le bureau comme destination > dans type choisis "tous les fichiers" > et dans nom du fichier tape CFScript.txt  > ensuite cliques sur enregistrer et fermes le document texte.

 > fais un glisser/déposer(clic-gauche enfoncé sur CFScrit.txt et tu fais glisser) de ce fichier CFScript.txt sur le fichier ComboFix.exe(dans ton cas c'est "jorker.exe" ) comme sur cette capture.

 http://jeanmimigab.perso.neuf.​fr/images/CFScript.gif

 > une fenêtre bleue va apparaître >>suis les instructions
 > patientes le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
 >  ne touches à rien tant que le scan n'est pas terminé  
 >  une fois le scan achevé, un rapport va s'afficher,postes son contenu dans ta prochaine réponse.
 >  si le rapport ne s'ouvre pas, il se trouve à cet emplacement C:\ComboFix.txt

 ensuite...

 Télécharge >> TFC.exe << impérativement sur ton bureau

 Ferme tous les programmes en cour de fonctionnement...

 Fait un double-clic sur l'icône de TFC pour le lancer

 Une demande va apparaitre pour te demander de redémarrer ton pc, cliques sur "YES" et laisse faire TFC.


 :salut:


---------------
Notre ami
lejorker
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 02/01/2010 à 21:21:21  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:pfff:
 salut, le rapport avant tfc.
 Tchuss.
 ComboFix 10-01-01.05 - Guillaume Desbrosses 02/01/2010  21:07:55.3.2 - x86
 Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.200​3.1424 [GMT 1:00]
 Lancé depuis: c:\documents and settings\Guillaume Desbrosses\Bureau\lejorker.exe
 Commutateurs utilisés :: c:\documents and settings\Guillaume Desbrosses\Bureau\CFScript.txt
 AV: avast! antivirus 4.8.1368 [VPS 100102-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293​FD8233D}
 .

 ((((((((((((((((((((((((((((((​((((((   Autres suppressions   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .

 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\{5A7D2B13-9522-4​8A9-A06F-A9C4AA33D8AD}
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Common\{7516B6E8​-5C01-4895-B079-DFC32A4ADEE1}
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Common\1282CB8D\​B0EB1015\AVScanningService.exe
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Common\1AAF4B16\​784E0F06\avfsfilter.sys
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Common\2E8F041B\​B0EB1015\avfsfilter.inf
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Common\39297131\​B0EB1015\avfsfilter_x86.cat
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Common\A9BBB5E0\​22F9FC7F\avfsfilter.sys
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Common\B22E4B26\​B0EB1015\QtCore4.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Common\B22E4B26\​B0EB1015\QtNetwork4.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Common\B22E4B26\​B0EB1015\QtXml4.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Common\B22E4B26\​B0EB1015\VBAdapter.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Common\B22E4B26\​B0EB1015\vbengnt.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Common\B3420151\​B0EB1015\avfsfilter_x64.cat
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Common\D075E43B\​B0EB1015\AVEngine.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\{7516B6E8-5​C01-4895-B079-DFC32A4ADEE1}
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-000.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-001.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-002.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-003.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-004.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-005.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-006.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-007.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-008.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-009.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-010.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-011.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-012.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-013.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-014.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-015.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-016.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-017.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-018.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-019.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-020.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-021.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-022.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-023.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-024.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-025.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-026.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-027.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-028.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-029.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-030.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-031.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-032.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-033.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-034.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-035.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-036.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-037.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-038.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-039.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-040.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-041.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-042.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-043.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-044.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-045.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-046.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-047.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-048.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-049.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-050.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-051.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-052.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-053.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-054.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-055.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-056.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-057.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-058.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-059.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-060.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-061.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-062.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-063.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-064.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-065.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-066.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-067.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-068.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vb10-daily.vdb
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Defs\6FE9CA92\41​F5687E\vdb.xml
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\instance.dat
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\mia.lib
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\OFFLINE\{7516B6E​8-5C01-4895-B079-DFC32A4ADEE1}
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SPYWAREfighter.d​at
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SPYWAREfighter.e​xe
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SPYWAREfighter.l​an
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SPYWAREfighter.l​nk
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SPYWAREfighter.m​si
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SPYWAREfighter.p​ar
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SPYWAREfighter.r​es
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\{7516B6E8-​5C01-4895-B079-DFC32A4ADEE1}
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\1FD8C978\B​937B15C\license.rtf
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\2C0CE245\3​C94288E\swproTray.exe
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\53462D78\3​C94288E\swpro.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\6904C2BB\3​C94288E\sfhtml.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\986E0139\B​937B15C\License.danish.rtf
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\9D95263A\B​0EB1015\QtCore4.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\9D95263A\B​0EB1015\QtNetwork4.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\9D95263A\B​0EB1015\QtXml4.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\B191BD45\B​937B15C\License.german.rtf
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\C6484BEA\9​25ACEC1\Language_CS.xml
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\C6484BEA\9​25ACEC1\Language_DA.xml
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\C6484BEA\9​25ACEC1\Language_DE.xml
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\C6484BEA\9​25ACEC1\Language_EL.xml
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\C6484BEA\9​25ACEC1\Language_EN.xml
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\C6484BEA\9​25ACEC1\Language_ES.xml
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\C6484BEA\9​25ACEC1\Language_FR.xml
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\C6484BEA\9​25ACEC1\Language_IT.xml
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\C6484BEA\9​25ACEC1\Language_NL.xml
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\C6484BEA\9​25ACEC1\Language_PT.xml
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\C6484BEA\9​25ACEC1\Language_RU.xml
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\C6484BEA\9​25ACEC1\Language_SV.xml
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\C6484BEA\9​25ACEC1\Language_ZH.xml
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\account.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\account_on.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\actions.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\add.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\addgrey.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\arrow_left.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\arrow_right.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\buy.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\buy_renew_icon.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\calendar.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\change.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\changegrey.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\closed.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\confirm.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\confirmgrey.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\customscan.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\delete.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\deletegrey.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\fade_bg.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\help.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\language_selection.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\large_blue_button.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\large_blue_button_hove​red.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\large_blue_button_pres​sed.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\large_green_button.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\large_green_button_hov​ered.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\large_green_button_pre​ssed.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\left-bgtop.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\live-spyfound.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\loading.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\logfiles.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\logo.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\logo_bg.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\medium_blue_button.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\medium_blue_button_hov​ered.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\medium_blue_button_pre​ssed.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\medium_green_button.gi​f
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\medium_green_button_ho​vered.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\medium_green_button_pr​essed.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\no_infections_found.gi​f
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\open.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\overview.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\overview_on.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\progress_back.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\progress_bar.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\progress_body.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\proxy.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\quarantine-view.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\quarantine.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\quarantine_on.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\quickscan.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\quickscan1.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\quickscan2.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\realtime-scan-warning.​gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\realtime-scan.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\rounded_box.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\rounded_box_large.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\scan_report.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\scan1.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\scanning.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\scanning_on.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\section-focused.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\settings-view.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\settings.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\settings_on.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\shield_grey.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\SLOW-PCfighter.png
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\small_blue_button.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\small_blue_button_hove​red.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\small_blue_button_pres​sed.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\SPAMfighter.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\start_scan.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\status.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\support.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_bg.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_ch.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_cs.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_da.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_de.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_el.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_en.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_es.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_fi.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_fr.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_it.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_ja.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_nl.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_no.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_pl.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_pt.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_ru.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_sv.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_th.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_tw.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_vi.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_buy_zh.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_pro_da.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\top_pro_en.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\updateicon.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\user-account.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\VIRUSfighter.png
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\1​8A1DEC7\white_list.gif
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\A​1450A49\account.css
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\A​1450A49\bottom.css
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\A​1450A49\index.html
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\A​1450A49\loading.css
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\A​1450A49\loading.html
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\A​1450A49\main.css
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\A​1450A49\overview.css
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\A​1450A49\protection.css
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\A​1450A49\protection.html
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\A​1450A49\quarantine.css
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\A​1450A49\scan.css
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\A​1450A49\settings.css
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\A​1450A49\top.css
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\A​1450A49\update.html
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\D21B2400\A​1450A49\white_list.css
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\mDown.dll\​mDownExec.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SWPRO\mIDEFunc.d​ll\mEXEFunc.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Toolkit\{7516B6E​8-5C01-4895-B079-DFC32A4ADEE1}
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Toolkit\1EE46BE9​\7973EFCA\FighterSuiteService.​exe
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Toolkit\25C348B6​\7973EFCA\FighterSuiteClient.d​ll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Toolkit\64DABCF7​\7973EFCA\FighterSuiteCfg.xml
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Toolkit\6C72E19E​\7973EFCA\FighterLauncher.exe
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Windows\system32​\msvcm80.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Windows\system32​\msvcp80.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Windows\system32​\msvcr80.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Windows\winsxs\9​2rg91xw.1p4\msvcm80.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Windows\winsxs\9​2rg91xw.1p4\msvcp80.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Windows\winsxs\9​2rg91xw.1p4\msvcr80.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Windows\winsxs\b​2rg91xw.1p4\msvcm80.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Windows\winsxs\b​2rg91xw.1p4\msvcp80.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Windows\winsxs\b​2rg91xw.1p4\msvcr80.dll
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Windows\winsxs\b​2rg91xw.1p4\x86_Microsoft.VC80​.CRT_1fc8b3b9a1e18e3b_8.0.5072​7.762_x-ww_6b128700.cat
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Windows\winsxs\b​2rg91xw.1p4\x86_Microsoft.VC80​.CRT_1fc8b3b9a1e18e3b_8.0.5072​7.762_x-ww_6b128700.manifest
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Windows\winsxs\M​anifests\x86_Microsoft.VC80.CR​T_1fc8b3b9a1e18e3b_8.0.50727.7​62_x-ww_6b128700.cat
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Windows\winsxs\M​anifests\x86_Microsoft.VC80.CR​T_1fc8b3b9a1e18e3b_8.0.50727.7​62_x-ww_6b128700.manifest
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Windows\winsxs\P​olicies\uxgs54we.kj4\8.0.50727​.762.cat
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Windows\winsxs\P​olicies\uxgs54we.kj4\8.0.50727​.762.policy
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Windows\winsxs\v​xgs54we.kj4\8.0.50727.762.cat
 c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\Windows\winsxs\v​xgs54we.kj4\8.0.50727.762.poli​cy

 .
 (((((((((((((((((((((((((((((   Fichiers créés du 2009-12-02 au 2010-01-02  ))))))))))))))))))))))))))))))​))))))
 .

 2010-01-02 16:49 . 2010-01-02 17:05 -------- d-----w- C:\lejorker17667l
 2010-01-02 16:33 . 2010-01-02 16:35 -------- d-----w- C:\lejorker
 2010-01-02 15:54 . 2010-01-02 15:54 -------- d-----w- c:\documents and settings\HelpAssistant\Applica​tion Data\Uniblue
 2010-01-02 15:53 . 2010-01-02 15:53 -------- d-----w- c:\documents and settings\HelpAssistant\Applica​tion Data\Malwarebytes
 2009-12-29 09:56 . 2009-12-29 09:56 -------- d-----w- c:\documents and settings\Guillaume Desbrosses\Application Data\Malwarebytes
 2009-12-29 09:56 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mb​amswissarmy.sys
 2009-12-29 09:56 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mb​am.sys
 2009-12-29 09:56 . 2009-12-29 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
 2009-12-29 09:55 . 2010-01-01 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
 2009-12-29 09:45 . 2009-12-29 09:45 -------- d-----w- c:\program files\Trend Micro
 2009-12-29 08:08 . 2009-12-29 08:08 -------- d-----w- c:\program files\ESET
 2009-12-29 07:53 . 2009-12-29 07:53 -------- d-----w- c:\documents and settings\Guillaume Desbrosses\Application Data\Uniblue
 2009-12-21 23:42 . 2009-12-22 17:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
 2009-12-21 23:42 . 2009-12-22 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
 2009-12-19 19:05 . 2009-12-19 19:05 -------- d-----w- c:\documents and settings\Guillaume Desbrosses\Application Data\Fighters
 2009-12-19 19:05 . 2009-12-19 19:05 -------- d-----w- c:\documents and settings\Guillaume Desbrosses\Local Settings\Application Data\PackageAware
 2009-12-17 19:52 . 2010-01-02 17:43 -------- d-----w- c:\program files\a-squared Free
 2009-12-17 19:45 . 2009-12-17 19:45 -------- d-----w- C:\found.000
 2009-12-16 11:07 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\as​wTdi.sys
 2009-12-16 11:07 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\as​wRdr.sys
 2009-12-16 11:07 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aa​vmker4.sys
 2009-12-16 11:07 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\as​wSP.sys
 2009-12-16 11:07 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\as​wFsBlk.sys
 2009-12-16 11:07 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.sc​r
 2009-12-16 11:07 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\as​wmon.sys
 2009-12-16 11:07 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\as​wmon2.sys
 2009-12-16 11:07 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.ex​e
 2009-12-16 11:07 . 2009-12-16 11:07 -------- d-----w- c:\program files\Alwil Software
 2009-12-15 16:13 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\a​clayers.dll
 2009-12-13 22:39 . 2009-12-13 22:39 -------- d-----w- c:\documents and settings\HelpAssistant\UserDat​a
 2009-12-13 22:39 . 2009-12-13 22:39 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
 2009-12-13 22:38 . 2009-12-13 22:38 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacI​E
 2009-12-10 18:39 . 2009-12-10 18:39 -------- d-----w- c:\program files\Microsoft ActiveSync
 2009-12-10 18:00 . 2009-12-10 18:00 -------- d-----w- c:\documents and settings\Guillaume Desbrosses\Local Settings\Application Data\HP
 2009-12-10 17:50 . 2009-12-10 17:53 -------- d-----w- c:\program files\Readiris Pro 11 HP
 2009-12-10 16:40 . 2009-12-10 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
 2009-12-10 16:39 . 2009-12-10 16:39 -------- d-----w- c:\program files\Fichiers communs\HP
 2009-12-10 16:39 . 2009-12-10 16:39 -------- d-----w- c:\program files\Hewlett-Packard
 2009-12-10 16:39 . 2009-12-10 16:39 -------- d-----w- c:\program files\Fichiers communs\Hewlett-Packard
 2009-12-10 16:37 . 2009-12-10 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
 2009-12-10 16:37 . 2008-01-16 17:45 241664 ----a-w- c:\windows\system32\Spool\prtp​rocs\w32x86\hpzpp5k4.DLL
 2009-12-10 16:37 . 2008-09-26 23:37 665 ----a-r- c:\windows\system32\hppapr11.d​at
 2009-12-10 16:37 . 2008-09-26 23:37 331776 ----a-r- c:\windows\system32\hppcpr11.d​ll
 2009-12-10 16:37 . 2007-07-16 14:29 59928 ----a-w- c:\windows\system32\fxcompchan​nel.dll
 2009-12-10 16:37 . 2008-09-26 23:37 188416 ----a-r- c:\windows\system32\hppcew11.d​ll
 2009-12-10 16:37 . 2007-07-16 21:29 26136 ----a-r- c:\windows\system32\drivers\hp​fxgen.sys
 2009-12-10 16:37 . 2007-07-16 21:29 17432 ----a-r- c:\windows\system32\drivers\hp​fxbulk.sys
 2009-12-10 16:37 . 2009-06-26 17:43 770048 ----a-r- c:\windows\system32\hpptsp04.d​ll
 2009-12-10 16:37 . 2008-09-26 23:37 450560 ----a-r- c:\windows\system32\hppasc11.d​ll
 2009-12-10 16:37 . 2007-10-24 19:18 729088 ----a-r- c:\windows\system32\hpxp1312.d​ll
 2009-12-10 16:34 . 2009-12-10 16:47 -------- d-----w- c:\program files\HP
 2009-12-10 16:29 . 2009-12-10 16:47 200610 ----a-w- c:\windows\hppins11.dat
 2009-12-10 16:29 . 2009-08-03 23:28 5707 ------w- c:\windows\hppmdl11.dat
 2009-12-10 16:11 . 2009-12-10 16:11 -------- d-----w- c:\program files\Fichiers communs\SWF Studio
 2009-12-07 21:01 . 2009-12-07 21:01 -------- d-----w- c:\documents and settings\Guillaume Desbrosses\Local Settings\Application Data\Pentax
 2009-12-07 19:57 . 2009-12-07 19:57 -------- d-----w- c:\program files\PENTAX

 .
 ((((((((((((((((((((((((((((((​((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 2010-01-02 20:14 . 2009-03-10 15:33 0 ----a-w- c:\documents and settings\Guillaume Desbrosses\Local Settings\Application Data\WavXMapDrive.bat
 2010-01-02 17:29 . 2009-03-12 21:35 -------- d-----w- c:\program files\PokerStars
 2009-12-29 08:25 . 2009-07-10 19:32 -------- d-----w- c:\program files\pdfforge Toolbar
 2009-12-22 14:31 . 2008-04-25 12:46 592276 ----a-w- c:\windows\system32\perfh00C.d​at
 2009-12-22 14:31 . 2008-04-25 12:46 118436 ----a-w- c:\windows\system32\perfc00C.d​at
 2009-12-16 18:54 . 2009-03-07 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
 2009-12-16 18:04 . 2009-03-07 09:49 -------- d--h--w- c:\program files\InstallShield Installation Information
 2009-12-13 22:32 . 2009-12-13 22:32 -------- d-----w- c:\documents and settings\HelpAssistant\Applica​tion Data\Yahoo!
 2009-12-13 22:32 . 2009-12-13 22:32 -------- d-----w- c:\documents and settings\HelpAssistant\Applica​tion Data\Windows Search
 2009-12-13 22:32 . 2009-12-13 22:32 -------- d-----w- c:\documents and settings\HelpAssistant\Applica​tion Data\SMART Technologies Inc
 2009-12-13 22:32 . 2009-12-13 22:32 -------- d-----w- c:\documents and settings\HelpAssistant\Applica​tion Data\SMART Technologies
 2009-12-13 22:32 . 2009-12-13 22:32 -------- d-----w- c:\documents and settings\HelpAssistant\Applica​tion Data\Search Settings
 2009-10-28 14:17 . 2009-10-28 14:17 97280 ----a-w- c:\documents and settings\Guillaume Desbrosses\Application Data\SMART Technologies Inc\Bridgit\BridgitCrashReport​er.exe
 2009-10-21 05:39 . 2008-04-25 12:46 75776 ----a-w- c:\windows\system32\strmfilt.d​ll
 2009-10-21 05:39 . 2008-04-25 12:46 25088 ----a-w- c:\windows\system32\httpapi.dl​l
 2009-10-20 16:20 . 2008-04-13 11:53 265728 ----a-w- c:\windows\system32\drivers\ht​tp.sys
 2009-10-13 10:33 . 2008-04-25 12:46 271360 ----a-w- c:\windows\system32\oakley.dll
 2009-10-12 13:39 . 2008-04-25 12:46 79872 ----a-w- c:\windows\system32\raschap.dl​l
 2009-10-12 13:39 . 2008-04-25 12:46 150528 ----a-w- c:\windows\system32\rastls.dll
 2009-10-11 20:40 . 2009-12-13 22:32 826856 ----a-w- c:\documents and settings\HelpAssistant\Applica​tion Data\MSNInstaller\msnauins.exe
 2009-10-11 20:40 . 2009-10-11 20:40 826856 ----a-w- c:\documents and settings\Guillaume Desbrosses\Application Data\MSNInstaller\msnauins.exe
 2009-10-07 07:22 . 2009-12-13 22:32 152576 ----a-w- c:\documents and settings\HelpAssistant\Applica​tion Data\Sun\Java\jre1.6.0_15\lzma​.dll
 2009-10-07 07:22 . 2009-10-07 07:22 152576 ----a-w- c:\documents and settings\Guillaume Desbrosses\Application Data\Sun\Java\jre1.6.0_15\lzma​.dll
 .

 (((((((((((((((((((((((((((((   SnapShot@2010-01-02_18.56.50   ))))))))))))))))))))))))))))))​)))))))))))
 .
 + 2010-01-02 20:12 . 2010-01-02 20:12 16384              c:\windows\Temp\Perflib_Perfda​ta_5ac.dat
 + 2010-01-02 20:12 . 2010-01-02 20:12 16384              c:\windows\Temp\Perflib_Perfda​ta_4c4.dat
 .
 ((((((((((((((((((((((((((((((​(((   Points de chargement Reg   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 .
 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 REGEDIT4

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
 2009-06-25 13:06 688640 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\Toolbar]
 "{B922D405-6D13-4A2B-AE89-08A0​30DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-06-25 688640]

 [HKEY_CLASSES_ROOT\clsid\{b922d​405-6d13-4a2b-ae89-08a030da440​2}]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\explorer\shelliconoverlayiden​tifiers\EnabledUnlockedFDEIcon​Overlay]
 @="{30D3C2AF-9709-4D05-9CF4-13​335F3C1E4A}"
 [HKEY_CLASSES_ROOT\CLSID\{30D3C​2AF-9709-4D05-9CF4-13335F3C1E4​A}]
 2008-11-09 18:10 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\explorer\shelliconoverlayiden​tifiers\UninitializedFdeIconOv​erlay]
 @="{CF08DA3E-C97D-4891-A66B-E3​9B28DD270F}"
 [HKEY_CLASSES_ROOT\CLSID\{CF08D​A3E-C97D-4891-A66B-E39B28DD270​F}]
 2008-11-09 18:10 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateSe​rvice\ISUSPM.exe" [2006-09-11 218032]
 "swg"="c:\program files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe​" [2009-06-08 39408]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-10-28 200704]
 "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-01 483420]
 "AESTFltr"="c:\windows\system3​2\AESTFltr.exe" [2008-12-01 471040]
 "IgfxTray"="c:\windows\system3​2\igfxtray.exe" [2008-09-17 150040]
 "HotKeysCmds"="c:\windows\syst​em32\hkcmd.exe" [2008-09-17 178712]
 "Persistence"="c:\windows\syst​em32\igfxpers.exe" [2008-09-17 150040]
 "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
 "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint​.exe" [2008-08-18 598016]
 "DellConnectionManager"="c:\pr​ogram files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-10-01 1454080]
 "ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-09-24 184320]
 "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.​exe" [2008-09-26 145408]
 "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-11-10 656696]
 "EmbassySecurityCheck"="c:\pro​gram files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe​" [2008-11-10 91448]
 "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatus​Service.exe" [2009-01-16 24576]
 "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
 "SunJavaUpdateSched"="c:\progr​am files\Java\jre6\bin\jusched.ex​e" [2009-07-25 149280]
 "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
 "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM​.exe" [2009-09-04 935288]
 "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
 "avast!"="c:\progra~1\ALWILS~1​\Avast4\ashDisp.exe" [2009-11-24 81000]

 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\Run]
 "CTFMON.EXE"="c:\windows\syste​m32\CTFMON.EXE" [2008-04-14 15360]

 c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
 Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
 Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2008-11-11 950048]
 HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
 Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 [hkey_local_machine\software\mi​crosoft\windows\currentversion​\explorer\ShellExecuteHooks]
 "{56F9679E-7826-4C84-81F3-5320​71A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\control\lsa]
 Authentication Packages REG_MULTI_SZ    msv1_0 wvauth

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\Wdf01000.sys]
 @="Driver"

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\AuthorizedApplicati​ons\List]
 "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
 "%windir%\\system32\\sessmgr.e​xe"=
 "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
 "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
 "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.ex​e"=
 "c:\\Program Files\\Bose\\ControlSpace 2.0\\bin\\CSDesigner.exe"=
 "c:\\Program Files\\Bose\\ControlSpace 2.0\\bin\\CSupdate.exe"=
 "c:\\Program Files\\Bose\\ControlSpace 2.200\\bin\\CSDesigner.exe"=
 "c:\\Program Files\\Bose\\ControlSpace 2.200\\bin\\CSupdate.exe"=
 "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254​.2.0/255.255.255.0:Enabled:Act​iveSync RAPI Manager
 "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.25​4.2.0/255.255.255.0:Enabled:Ac​tiveSync Connection Manager
 "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254​.2.0/255.255.255.0:Enabled:Act​iveSync Application

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\GloballyOpenPorts\L​ist]
 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.​255.0:Enabled:ActiveSync Service
 "65533:TCP"= 65533:TCP:Services
 "52344:TCP"= 52344:TCP:Services
 "3246:TCP"= 3246:TCP:Services
 "2479:TCP"= 2479:TCP:Services
 "3389:TCP"= 3389:TCP:Remote Desktop
 "1850:TCP"= 1850:TCP:Services

 R1 aswSP;avast! Self Protection;c:\windows\system32​\drivers\aswSP.sys [16/12/2009 12:07 114768]
 R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [17/12/2009 20:52 1858144]
 R2 aswFsBlk;aswFsBlk;c:\windows\s​ystem32\drivers\aswFsBlk.sys [16/12/2009 12:07 20560]
 R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [27/06/2008 14:47 1664248]
 R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmM​gmtAgent.exe [01/07/2008 19:57 110592]
 R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [04/09/2008 18:28 406808]
 R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [11/11/2008 16:00 451872]
 R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [01/10/2008 05:28 90112]
 R3 AESTAud;AE Audio Service;c:\windows\system32\dr​ivers\AESTAud.sys [07/03/2009 18:29 112128]
 R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\dr​ivers\IntcHdmi.sys [07/03/2009 18:29 110080]
 S3 AVFSFilter;AVFSFilter;c:\windo​ws\system32\DRIVERS\avfsfilter​.sys --> c:\windows\system32\DRIVERS\av​fsfilter.sys [?]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\svchost]
 HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
 hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
 2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dl​l
 .
 .
 ------- Examen supplémentaire -------
 .
 uStart Page = hxxp://fr.yahoo.com/?fr=fp-yie​8
 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\​EXCEL.EXE/3000
 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
 IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
 DPF: {A2030DF6-FA3E-4308-8BA0-90171​83AE3FD} - hxxp://61.49.1.101/gc2/weblib.​cab
 .
 - - - - ORPHELINS SUPPRIMES - - - -

 AddRemove-SPYWAREfighter - c:\documents and settings\All Users\Application Data\{7516B6E8-5C01-4895-B079-​DFC32A4ADEE1}\SPYWAREfighter.e​xe



 ******************************​******************************​**************

 catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2010-01-02 21:14
 Windows 5.1.2600 Service Pack 3 NTFS

 Recherche de processus cachés ...

 Recherche d'éléments en démarrage automatique cachés ...

 Recherche de fichiers cachés ...

 Scan terminé avec succès
 Fichiers cachés: 0

 ******************************​******************************​**************
 .
 --------------------- DLLs chargées dans les processus actifs ---------------------

 - - - - - - - > 'lsass.exe'(672)
 c:\windows\system32\wvauth.dll

 - - - - - - - > 'explorer.exe'(5424)
 c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
 c:\windows\system32\btmmhook.d​ll
 c:\program files\Windows Desktop Search\deskbar.dll
 c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui
 c:\program files\Windows Desktop Search\dbres.dll
 c:\program files\Windows Desktop Search\wordwheel.dll
 c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mu​i
 c:\program files\Windows Desktop Search\msnlExtRes.dll
 c:\windows\system32\eappprxy.d​ll
 c:\windows\system32\webcheck.d​ll
 c:\windows\system32\WPDShServi​ceObj.dll
 c:\windows\system32\btncopy.dl​l
 c:\program files\Roxio\Drag-to-Disc\Shell​ex.dll
 c:\program files\Fichiers communs\Roxio Shared\9.0\DLLShared\DLAAPI_W.​DLL
 c:\program files\Roxio\Drag-to-Disc\Shell​Res.dll
 c:\windows\system32\PortableDe​viceTypes.dll
 c:\windows\system32\PortableDe​viceApi.dll
 .
 ------------------------ Autres processus actifs ------------------------
 .
 c:\program files\Alwil Software\Avast4\aswUpdSv.exe
 c:\program files\Alwil Software\Avast4\ashServ.exe
 c:\drivers\audio\r205445\stacs​v.exe
 c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
 c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
 c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 c:\program files\Java\jre6\bin\jqs.exe
 c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
 c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.ex​e
 c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
 c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
 c:\windows\system32\SearchInde​xer.exe
 c:\program files\Alwil Software\Avast4\ashMaiSv.exe
 c:\program files\Alwil Software\Avast4\ashWebSv.exe
 c:\windows\system32\wbem\wmiap​srv.exe
 c:\program files\DellTPad\ApMsgFwd.exe
 c:\windows\system32\igfxsrvc.e​xe
 c:\program files\DellTPad\HidFind.exe
 c:\program files\DellTPad\Apntex.exe
 c:\progra~1\MI3AA1~1\wcescomm.​exe
 c:\progra~1\MI3AA1~1\rapimgr.e​xe
 .
 ******************************​******************************​**************
 .
 Heure de fin: 2010-01-02  21:18:26 - La machine a redémarré
 ComboFix-quarantined-files.txt  2010-01-02 20:18
 ComboFix2.txt  2010-01-02 19:00
 ComboFix3.txt  2010-01-02 17:05

 Avant-CF: 95 788 986 368 octets libres
 Après-CF: 95 696 076 800 octets libres

 - - End Of File - - 0B230D4142058C987FEFCB5019C8F6​39

il fait froid ici......
  1. homepage
jeanmimigab
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 02/01/2010 à 21:53:48  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello:

 on commence à y voir plus claire  ;)

 > crées un nouveau document texte sur ton bureau
 > pour cela clic-droit sur le bureau  >  Nouveau  > document texte >  copies et colles le contenu de la citation ci-dessous à l'intérieur

 



 
 KillAll::

 Folder::
 c:\documents and settings\Guillaume Desbrosses\Application Data\Fighters
 c:\documents and settings\Guillaume Desbrosses\Local Settings\Application Data\PackageAware
 c:\documents and settings\HelpAssistant\Applica​tion Data\Search Settings
 




 Respectes à la lettre la procédure d'enregistrement suivante,c'est très important

 > ensuite cliques sur "fichier" > "enregistrer sous..."
 > dans la fenêtre d'enregistrement choisis le bureau comme destination > dans type choisis "tous les fichiers" > et dans nom du fichier tape CFScript.txt  > ensuite cliques sur enregistrer et fermes le document texte.

 > fais un glisser/déposer(clic-gauche enfoncé sur CFScrit.txt et tu fais glisser) de ce fichier CFScript.txt sur le fichier ComboFix.exe(dans ton cas c'est "lejorker.exe" ) comme sur cette capture.

 http://jeanmimigab.perso.neuf.​fr/images/CFScript.gif

 > une fenêtre bleue va apparaître >>suis les instructions
 > patientes le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
 >  ne touches à rien tant que le scan n'est pas terminé
 >  une fois le scan achevé, un rapport va s'afficher,postes son contenu dans ta prochaine réponse.
 >  si le rapport ne s'ouvre pas, il se trouve à cet emplacement C:\ComboFix.txt


 ensuite...

 > Télécharge ToolBar-S&D (D'Angeldark, Sham_Rock & XmichouX) sur ton bureau.

 > Double-clique sur l'icône http://nsa07.casimages.com/img​/2009/07/17/090717035500340884​.png afin de le lancer.

 >  Choisie "F" pour la langue  >  presses la touche "entrée" pour valider.

 > Dans la fenêtre qui s'ouvre fais la choix N°2 (Suppression)  >  presses la touche "entrée" pour valider.

 > Patiente jusqu'à la fin de la recherche > sauvegarde le rapport qui s'ouvre à la fin du scan sur ton bureau et poste le dans ta prochaine réponse stp...

 :salut:


---------------
Notre ami
(Publicité)
lejorker
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 02/01/2010 à 23:17:29  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Nouveau rapport:
 ComboFix 10-01-02.01 - Guillaume Desbrosses 02/01/2010  22:04:40.4.2 - x86
 Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.200​3.1450 [GMT 1:00]
 Lancé depuis: c:\documents and settings\Guillaume Desbrosses\Bureau\lejorker.exe
 Commutateurs utilisés :: c:\documents and settings\Guillaume Desbrosses\Bureau\CFScript.txt
 AV: avast! antivirus 4.8.1368 [VPS 100102-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293​FD8233D}
 .

 ((((((((((((((((((((((((((((((​((((((   Autres suppressions   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .

 c:\documents and settings\Guillaume Desbrosses\Application Data\Fighters
 c:\documents and settings\Guillaume Desbrosses\Application Data\Fighters\SWPRO\FighterSui​teCfg.xml
 c:\documents and settings\Guillaume Desbrosses\Application Data\Fighters\SWPRO\Installer.​log.txt
 c:\documents and settings\Guillaume Desbrosses\Application Data\Fighters\SWPRO\SPYWAREfig​hter.log.txt
 c:\documents and settings\Guillaume Desbrosses\Application Data\Fighters\SWPRO\Tray.log.t​xt
 c:\documents and settings\Guillaume Desbrosses\Local Settings\Application Data\PackageAware
 c:\documents and settings\HelpAssistant\Applica​tion Data\Search Settings
 c:\documents and settings\HelpAssistant\Applica​tion Data\Search Settings\kb128\temp\~dtF.tmp
 c:\documents and settings\HelpAssistant\Applica​tion Data\Search Settings\kb128\temp\ws-14592.l​og
 c:\documents and settings\HelpAssistant\Applica​tion Data\Search Settings\kb128\temp\ws-14597.l​og
 c:\documents and settings\HelpAssistant\Applica​tion Data\Search Settings\kb128\temp\ws-14604.l​og
 c:\documents and settings\HelpAssistant\Applica​tion Data\Search Settings\kb128\temp\ws-14605.l​og

 .
 (((((((((((((((((((((((((((((   Fichiers créés du 2009-12-02 au 2010-01-02  ))))))))))))))))))))))))))))))​))))))
 .

 2010-01-02 21:01 . 2010-01-02 21:01 -------- d-----w- C:\lejorker7079l
 2010-01-02 16:49 . 2010-01-02 17:05 -------- d-----w- C:\lejorker17667l
 2010-01-02 16:33 . 2010-01-02 16:35 -------- d-----w- C:\lejorker
 2009-12-29 09:56 . 2009-12-29 09:56 -------- d-----w- c:\documents and settings\Guillaume Desbrosses\Application Data\Malwarebytes
 2009-12-29 09:56 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mb​amswissarmy.sys
 2009-12-29 09:56 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mb​am.sys
 2009-12-29 09:56 . 2009-12-29 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
 2009-12-29 09:55 . 2010-01-01 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
 2009-12-29 09:45 . 2009-12-29 09:45 -------- d-----w- c:\program files\Trend Micro
 2009-12-29 08:08 . 2009-12-29 08:08 -------- d-----w- c:\program files\ESET
 2009-12-29 07:53 . 2009-12-29 07:53 -------- d-----w- c:\documents and settings\Guillaume Desbrosses\Application Data\Uniblue
 2009-12-21 23:42 . 2009-12-22 17:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
 2009-12-21 23:42 . 2009-12-22 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
 2009-12-17 19:52 . 2010-01-02 17:43 -------- d-----w- c:\program files\a-squared Free
 2009-12-17 19:45 . 2009-12-17 19:45 -------- d-----w- C:\found.000
 2009-12-16 11:07 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\as​wTdi.sys
 2009-12-16 11:07 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\as​wRdr.sys
 2009-12-16 11:07 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aa​vmker4.sys
 2009-12-16 11:07 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\as​wSP.sys
 2009-12-16 11:07 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\as​wFsBlk.sys
 2009-12-16 11:07 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.sc​r
 2009-12-16 11:07 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\as​wmon.sys
 2009-12-16 11:07 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\as​wmon2.sys
 2009-12-16 11:07 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.ex​e
 2009-12-16 11:07 . 2009-12-16 11:07 -------- d-----w- c:\program files\Alwil Software
 2009-12-15 16:13 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\a​clayers.dll
 2009-12-13 22:39 . 2009-12-13 22:39 -------- d-----w- c:\documents and settings\HelpAssistant\UserDat​a
 2009-12-13 22:39 . 2009-12-13 22:39 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
 2009-12-13 22:38 . 2009-12-13 22:38 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacI​E
 2009-12-10 18:39 . 2009-12-10 18:39 -------- d-----w- c:\program files\Microsoft ActiveSync
 2009-12-10 18:00 . 2009-12-10 18:00 -------- d-----w- c:\documents and settings\Guillaume Desbrosses\Local Settings\Application Data\HP
 2009-12-10 17:50 . 2009-12-10 17:53 -------- d-----w- c:\program files\Readiris Pro 11 HP
 2009-12-10 16:40 . 2009-12-10 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
 2009-12-10 16:39 . 2009-12-10 16:39 -------- d-----w- c:\program files\Fichiers communs\HP
 2009-12-10 16:39 . 2009-12-10 16:39 -------- d-----w- c:\program files\Hewlett-Packard
 2009-12-10 16:39 . 2009-12-10 16:39 -------- d-----w- c:\program files\Fichiers communs\Hewlett-Packard
 2009-12-10 16:37 . 2009-12-10 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
 2009-12-10 16:37 . 2008-01-16 17:45 241664 ----a-w- c:\windows\system32\Spool\prtp​rocs\w32x86\hpzpp5k4.DLL
 2009-12-10 16:37 . 2008-09-26 23:37 665 ----a-r- c:\windows\system32\hppapr11.d​at
 2009-12-10 16:37 . 2008-09-26 23:37 331776 ----a-r- c:\windows\system32\hppcpr11.d​ll
 2009-12-10 16:37 . 2007-07-16 14:29 59928 ----a-w- c:\windows\system32\fxcompchan​nel.dll
 2009-12-10 16:37 . 2008-09-26 23:37 188416 ----a-r- c:\windows\system32\hppcew11.d​ll
 2009-12-10 16:37 . 2007-07-16 21:29 26136 ----a-r- c:\windows\system32\drivers\hp​fxgen.sys
 2009-12-10 16:37 . 2007-07-16 21:29 17432 ----a-r- c:\windows\system32\drivers\hp​fxbulk.sys
 2009-12-10 16:37 . 2009-06-26 17:43 770048 ----a-r- c:\windows\system32\hpptsp04.d​ll
 2009-12-10 16:37 . 2008-09-26 23:37 450560 ----a-r- c:\windows\system32\hppasc11.d​ll
 2009-12-10 16:37 . 2007-10-24 19:18 729088 ----a-r- c:\windows\system32\hpxp1312.d​ll
 2009-12-10 16:34 . 2009-12-10 16:47 -------- d-----w- c:\program files\HP
 2009-12-10 16:29 . 2009-12-10 16:47 200610 ----a-w- c:\windows\hppins11.dat
 2009-12-10 16:29 . 2009-08-03 23:28 5707 ------w- c:\windows\hppmdl11.dat
 2009-12-10 16:11 . 2009-12-10 16:11 -------- d-----w- c:\program files\Fichiers communs\SWF Studio
 2009-12-07 21:01 . 2009-12-07 21:01 -------- d-----w- c:\documents and settings\Guillaume Desbrosses\Local Settings\Application Data\Pentax
 2009-12-07 19:57 . 2009-12-07 19:57 -------- d-----w- c:\program files\PENTAX

 .
 ((((((((((((((((((((((((((((((​((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 2010-01-02 22:13 . 2009-03-10 15:33 0 ----a-w- c:\documents and settings\Guillaume Desbrosses\Local Settings\Application Data\WavXMapDrive.bat
 2010-01-02 20:22 . 2008-04-25 12:46 592276 ----a-w- c:\windows\system32\perfh00C.d​at
 2010-01-02 20:22 . 2008-04-25 12:46 118436 ----a-w- c:\windows\system32\perfc00C.d​at
 2010-01-02 17:29 . 2009-03-12 21:35 -------- d-----w- c:\program files\PokerStars
 2009-12-29 08:25 . 2009-07-10 19:32 -------- d-----w- c:\program files\pdfforge Toolbar
 2009-12-16 18:54 . 2009-03-07 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
 2009-12-16 18:04 . 2009-03-07 09:49 -------- d--h--w- c:\program files\InstallShield Installation Information
 2009-12-10 19:57 . 2009-03-07 10:29 82128 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
 2009-12-10 18:45 . 2009-03-07 10:04 82128 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
 2009-12-09 13:20 . 2009-03-07 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
 2009-11-26 08:44 . 2009-05-24 19:34 -------- d-----w- c:\program files\Extron
 2009-11-25 15:35 . 2009-11-25 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Extron
 2009-11-21 15:58 . 2008-04-25 12:46 471552 ----a-w- c:\windows\AppPatch\aclayers.d​ll
 2009-11-18 23:07 . 2009-03-16 10:16 -------- d-----w- c:\program files\Fichiers communs\Adobe
 2009-10-29 07:42 . 2008-04-25 12:46 916480 ------w- c:\windows\system32\wininet.dl​l
 2009-10-28 14:17 . 2009-10-28 14:17 97280 ----a-w- c:\documents and settings\Guillaume Desbrosses\Application Data\SMART Technologies Inc\Bridgit\BridgitCrashReport​er.exe
 2009-10-21 05:39 . 2008-04-25 12:46 75776 ----a-w- c:\windows\system32\strmfilt.d​ll
 2009-10-21 05:39 . 2008-04-25 12:46 25088 ----a-w- c:\windows\system32\httpapi.dl​l
 2009-10-20 16:20 . 2008-04-13 11:53 265728 ----a-w- c:\windows\system32\drivers\ht​tp.sys
 2009-10-13 10:33 . 2008-04-25 12:46 271360 ----a-w- c:\windows\system32\oakley.dll
 2009-10-12 13:39 . 2008-04-25 12:46 79872 ----a-w- c:\windows\system32\raschap.dl​l
 2009-10-12 13:39 . 2008-04-25 12:46 150528 ----a-w- c:\windows\system32\rastls.dll
 2009-10-11 20:40 . 2009-10-11 20:40 826856 ----a-w- c:\documents and settings\Guillaume Desbrosses\Application Data\MSNInstaller\msnauins.exe
 2009-10-07 07:22 . 2009-10-07 07:22 152576 ----a-w- c:\documents and settings\Guillaume Desbrosses\Application Data\Sun\Java\jre1.6.0_15\lzma​.dll
 .

 (((((((((((((((((((((((((((((   SnapShot@2010-01-02_18.56.50   ))))))))))))))))))))))))))))))​)))))))))))
 .
 + 2010-01-02 21:09 . 2010-01-02 21:09 16384              c:\windows\Temp\Perflib_Perfda​ta_59c.dat
 + 2010-01-02 21:09 . 2010-01-02 21:09 16384              c:\windows\Temp\Perflib_Perfda​ta_4ec.dat
 + 2008-04-25 12:46 . 2010-01-02 20:22 90432              c:\windows\system32\perfc009.d​at
 - 2008-04-25 12:46 . 2009-12-22 14:31 90432              c:\windows\system32\perfc009.d​at
 + 2008-04-25 12:46 . 2010-01-02 20:22 492412              c:\windows\system32\perfh009.d​at
 - 2008-04-25 12:46 . 2009-12-22 14:31 492412              c:\windows\system32\perfh009.d​at
 .
 ((((((((((((((((((((((((((((((​(((   Points de chargement Reg   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 .
 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 REGEDIT4

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
 2009-06-25 13:06 688640 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\Toolbar]
 "{B922D405-6D13-4A2B-AE89-08A0​30DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-06-25 688640]

 [HKEY_CLASSES_ROOT\clsid\{b922d​405-6d13-4a2b-ae89-08a030da440​2}]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\explorer\shelliconoverlayiden​tifiers\EnabledUnlockedFDEIcon​Overlay]
 @="{30D3C2AF-9709-4D05-9CF4-13​335F3C1E4A}"
 [HKEY_CLASSES_ROOT\CLSID\{30D3C​2AF-9709-4D05-9CF4-13335F3C1E4​A}]
 2008-11-09 18:10 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\explorer\shelliconoverlayiden​tifiers\UninitializedFdeIconOv​erlay]
 @="{CF08DA3E-C97D-4891-A66B-E3​9B28DD270F}"
 [HKEY_CLASSES_ROOT\CLSID\{CF08D​A3E-C97D-4891-A66B-E39B28DD270​F}]
 2008-11-09 18:10 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateSe​rvice\ISUSPM.exe" [2006-09-11 218032]
 "swg"="c:\program files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe​" [2009-06-08 39408]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-10-28 200704]
 "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-01 483420]
 "AESTFltr"="c:\windows\system3​2\AESTFltr.exe" [2008-12-01 471040]
 "IgfxTray"="c:\windows\system3​2\igfxtray.exe" [2008-09-17 150040]
 "HotKeysCmds"="c:\windows\syst​em32\hkcmd.exe" [2008-09-17 178712]
 "Persistence"="c:\windows\syst​em32\igfxpers.exe" [2008-09-17 150040]
 "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
 "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint​.exe" [2008-08-18 598016]
 "DellConnectionManager"="c:\pr​ogram files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-10-01 1454080]
 "ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-09-24 184320]
 "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.​exe" [2008-09-26 145408]
 "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-11-10 656696]
 "EmbassySecurityCheck"="c:\pro​gram files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe​" [2008-11-10 91448]
 "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatus​Service.exe" [2009-01-16 24576]
 "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
 "SunJavaUpdateSched"="c:\progr​am files\Java\jre6\bin\jusched.ex​e" [2009-07-25 149280]
 "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
 "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM​.exe" [2009-09-04 935288]
 "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
 "avast!"="c:\progra~1\ALWILS~1​\Avast4\ashDisp.exe" [2009-11-24 81000]

 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\Run]
 "CTFMON.EXE"="c:\windows\syste​m32\CTFMON.EXE" [2008-04-14 15360]

 c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
 Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
 Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2008-11-11 950048]
 HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
 Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 [hkey_local_machine\software\mi​crosoft\windows\currentversion​\explorer\ShellExecuteHooks]
 "{56F9679E-7826-4C84-81F3-5320​71A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\control\lsa]
 Authentication Packages REG_MULTI_SZ    msv1_0 wvauth

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\Wdf01000.sys]
 @="Driver"

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\AuthorizedApplicati​ons\List]
 "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
 "%windir%\\system32\\sessmgr.e​xe"=
 "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
 "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
 "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.ex​e"=
 "c:\\Program Files\\Bose\\ControlSpace 2.0\\bin\\CSDesigner.exe"=
 "c:\\Program Files\\Bose\\ControlSpace 2.0\\bin\\CSupdate.exe"=
 "c:\\Program Files\\Bose\\ControlSpace 2.200\\bin\\CSDesigner.exe"=
 "c:\\Program Files\\Bose\\ControlSpace 2.200\\bin\\CSupdate.exe"=
 "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254​.2.0/255.255.255.0:Enabled:Act​iveSync RAPI Manager
 "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.25​4.2.0/255.255.255.0:Enabled:Ac​tiveSync Connection Manager
 "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254​.2.0/255.255.255.0:Enabled:Act​iveSync Application

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\GloballyOpenPorts\L​ist]
 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.​255.0:Enabled:ActiveSync Service
 "65533:TCP"= 65533:TCP:Services
 "52344:TCP"= 52344:TCP:Services
 "3246:TCP"= 3246:TCP:Services
 "2479:TCP"= 2479:TCP:Services
 "3389:TCP"= 3389:TCP:Remote Desktop
 "1850:TCP"= 1850:TCP:Services

 R1 aswSP;avast! Self Protection;c:\windows\system32​\drivers\aswSP.sys [16/12/2009 12:07 114768]
 R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [17/12/2009 20:52 1858144]
 R2 aswFsBlk;aswFsBlk;c:\windows\s​ystem32\drivers\aswFsBlk.sys [16/12/2009 12:07 20560]
 R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [27/06/2008 14:47 1664248]
 R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmM​gmtAgent.exe [01/07/2008 19:57 110592]
 R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [04/09/2008 18:28 406808]
 R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [11/11/2008 16:00 451872]
 R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [01/10/2008 05:28 90112]
 R3 AESTAud;AE Audio Service;c:\windows\system32\dr​ivers\AESTAud.sys [07/03/2009 18:29 112128]
 R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\dr​ivers\IntcHdmi.sys [07/03/2009 18:29 110080]
 S3 AVFSFilter;AVFSFilter;c:\windo​ws\system32\DRIVERS\avfsfilter​.sys --> c:\windows\system32\DRIVERS\av​fsfilter.sys [?]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\svchost]
 HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
 hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
 2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dl​l
 .
 .
 ------- Examen supplémentaire -------
 .
 uStart Page = hxxp://fr.yahoo.com/?fr=fp-yie​8
 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\​EXCEL.EXE/3000
 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
 IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
 DPF: {A2030DF6-FA3E-4308-8BA0-90171​83AE3FD} - hxxp://61.49.1.101/gc2/weblib.​cab
 .

 ******************************​******************************​**************

 catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2010-01-02 23:12
 Windows 5.1.2600 Service Pack 3 NTFS

 Recherche de processus cachés ...

 Recherche d'éléments en démarrage automatique cachés ...

 Recherche de fichiers cachés ...

 Scan terminé avec succès
 Fichiers cachés: 0

 ******************************​******************************​**************
 .
 --------------------- DLLs chargées dans les processus actifs ---------------------

 - - - - - - - > 'lsass.exe'(672)
 c:\windows\system32\wvauth.dll

 - - - - - - - > 'explorer.exe'(2580)
 c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
 c:\windows\system32\btmmhook.d​ll
 c:\program files\Windows Desktop Search\deskbar.dll
 c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui
 c:\program files\Windows Desktop Search\dbres.dll
 c:\program files\Windows Desktop Search\wordwheel.dll
 c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mu​i
 c:\program files\Windows Desktop Search\msnlExtRes.dll
 c:\windows\system32\eappprxy.d​ll
 c:\windows\system32\webcheck.d​ll
 c:\windows\system32\WPDShServi​ceObj.dll
 c:\windows\system32\btncopy.dl​l
 c:\program files\Roxio\Drag-to-Disc\Shell​ex.dll
 c:\program files\Fichiers communs\Roxio Shared\9.0\DLLShared\DLAAPI_W.​DLL
 c:\program files\Roxio\Drag-to-Disc\Shell​Res.dll
 c:\windows\system32\PortableDe​viceTypes.dll
 c:\windows\system32\PortableDe​viceApi.dll
 .
 ------------------------ Autres processus actifs ------------------------
 .
 c:\program files\Alwil Software\Avast4\aswUpdSv.exe
 c:\program files\Alwil Software\Avast4\ashServ.exe
 c:\drivers\audio\r205445\stacs​v.exe
 c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
 c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
 c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 c:\program files\Java\jre6\bin\jqs.exe
 c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
 c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.ex​e
 c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
 c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
 c:\windows\system32\SearchInde​xer.exe
 c:\program files\Alwil Software\Avast4\ashMaiSv.exe
 c:\program files\Alwil Software\Avast4\ashWebSv.exe
 c:\windows\system32\wbem\wmiap​srv.exe
 c:\program files\DellTPad\ApMsgFwd.exe
 c:\windows\system32\igfxsrvc.e​xe
 c:\program files\DellTPad\HidFind.exe
 c:\program files\DellTPad\Apntex.exe
 c:\progra~1\MI3AA1~1\wcescomm.​exe
 c:\progra~1\MI3AA1~1\rapimgr.e​xe
 c:\windows\system32\SearchProt​ocolHost.exe
 c:\windows\system32\SearchFilt​erHost.exe
 .
 ******************************​******************************​**************
 .
 Heure de fin: 2010-01-02  23:16:21 - La machine a redémarré
 ComboFix-quarantined-files.txt  2010-01-02 22:16
 ComboFix2.txt  2010-01-02 20:18
 ComboFix3.txt  2010-01-02 19:00
 ComboFix4.txt  2010-01-02 17:05

 Avant-CF: 96 555 458 560 octets libres
 Après-CF: 96 521 326 592 octets libres

 - - End Of File - - 311D5503BE86859E2025C2B58FC0F9​CC

lejorker
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 02/01/2010 à 23:19:45  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:bien:
 Rapport toolbar

-----------\\  ToolBar S&D 1.2.9   XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU     P8400  @ 2.26GHz )

BIOS : Phoenix ROM BIOS PLUS Version 1.10 A08

USER : Guillaume Desbrosses ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1368 [VPS 100102-0] 4.8.1368 (Activated)

C:\ (Local Disk) - NTFS - Total:111 Go (Free:89 Go)

D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [2] ( 02/01/2010|23:18 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\GUILLA~1\APPLIC~1\​Search Settings\kb128

Supprime! - C:\DOCUME~1\GUILLA~1\APPLIC~1\​Search Settings

-----------\\  Recherche de Fichiers / Dossiers ...

-----------\\  [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\Main]

"Start Page"="http://fr.yahoo.com/?fr​=fp-yie8"

"Search Page"="http://www.microsoft.co​m/isapi/redir.dll?prd=ie&ar=ie​search"

[HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.​microsoft.com/fwlink/?LinkId=6​9157"

"Default_Search_URL"="http://g​o.microsoft.com/fwlink/?LinkId​=54896"

"Search Page"="http://go.microsoft.com​/fwlink/?LinkId=54896"

"Start Page"="http://www.msn.com/"

"Home_Page"="http://www1.euro.​dell.com/content/default.aspx?​c=fr&l=fr&s=gen"

"Help_Page"="http://support.eu​ro.dell.com/support/index.aspx​?c=fr&l=fr&s=gen"

--------------------\\  Recherche d'autres infections

Aucune autre infection trouvée  !

1 - "C:\ToolBar SD\TB_1.txt" - 02/01/2010|23:18 - Option : [2]

-----------\\  Fin du rapport a 23:18:52,17

il fait froid ici......
  1. homepage
jeanmimigab
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 03/01/2010 à 00:15:01  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello:

 comment se comporte le pc maintenant...?

 si tu n'as plus de problème fait cela...sinon ne fait rien et dit le moi...

 Il nous reste a désinstaller de manière automatique tous les outils utilisés pour la désinfection...

 pour cela...


 [:Poulbot:6] télécharge >>> ToolsCleaner <<< (de A.Rothstein & dj QUIOU)

 [:Poulbot:6] fait un double-clique dessus pour lancer le programme

 [:Poulbot:6] Clique sur Recherche et laisse le scan se terminer (il peut durer une dizaine de minutes au maximum).

 [:dj QUIOU:4] une fois la recherche lancée, ne clique pas dans la fenêtre, cela provoquerait un léger bug du programme.

 [:dj QUIOU:4] Si toutes fois la mention (ne réponds pas) apparaissait dans le titre de la fenêtre ToolsCleaner, ne t'en occupes pas et laisse quand même le programme terminer son travail

 [:Poulbot:6] Poste moi le rapport qui apparait

 [:Poulbot:6] [:dj QUIOU:4] Attends mon feu vert pour cliquer sur Suppression

 :salut:


---------------
Notre ami
lejorker
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2010 à 00:24:36  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello:
 ok, le pc tourne, à suivre.
 Que fais-je maintenant?

il fait froid ici......
  1. homepage
jeanmimigab
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 03/01/2010 à 00:31:46  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello:

 tu peux lancer la recherche avec tools cleaner et me poster le rapport stp... :bien:


---------------
Notre ami
lejorker
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2010 à 01:33:37  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:fume:

-----------\\  ToolBar S&D 1.2.9   XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU     P8400  @ 2.26GHz )

BIOS : Phoenix ROM BIOS PLUS Version 1.10 A08

USER : Guillaume Desbrosses ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1368 [VPS 100102-0] 4.8.1368 (Activated)

C:\ (Local Disk) - NTFS - Total:111 Go (Free:89 Go)

D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [2] ( 03/01/2010| 1:32 )

-----------\\  Recherche de Fichiers / Dossiers ...

-----------\\  [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\Main]

"Start Page"="http://fr.yahoo.com/?fr​=fp-yie8"

"Search Page"="http://www.microsoft.co​m/isapi/redir.dll?prd=ie&ar=ie​search"

[HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.​microsoft.com/fwlink/?LinkId=6​9157"

"Default_Search_URL"="http://g​o.microsoft.com/fwlink/?LinkId​=54896"

"Search Page"="http://go.microsoft.com​/fwlink/?LinkId=54896"

"Start Page"="http://www.msn.com/"

"Home_Page"="http://www1.euro.​dell.com/content/default.aspx?​c=fr&l=fr&s=gen"

"Help_Page"="http://support.eu​ro.dell.com/support/index.aspx​?c=fr&l=fr&s=gen"

--------------------\\  Recherche d'autres infections

Aucune autre infection trouvée  !

1 - "C:\ToolBar SD\TB_1.txt" - 02/01/2010|23:18 - Option : [2]

2 - "C:\ToolBar SD\TB_2.txt" - 03/01/2010| 1:32 - Option : [2]

-----------\\  Fin du rapport a  1:32:53,56

 

lejorker
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2010 à 11:37:42  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:lol:
 salut,
 ça a l'air de bien mieux se passer...
 Dois-je désinstaller les outils?
 SLOWPCfighter ne marche plus, mais est-ce important?
 Merci, l'ami!

il fait froid ici......
  1. homepage
jeanmimigab
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 03/01/2010 à 13:07:07  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello:

 pour slowpc je l'ai virer volontairement, ce soft à très mauvaise réputation et il est assimilé à un rogue, je te conseil pas de le réinstaller  ;)

 pour supprimer les outils utilisés, il faut utiliser toolcleaner et non toolbarSD :whistle:

 je t'ai demander le rapport toolcleaner (option recherche) pour que tu me poste le rapport car avant d'effectuer les suppressions il faut contrôler qu'il n'y ai pas d'erreurs dans les fichiers trouvés.

 



Il nous reste a désinstaller de manière automatique tous les outils utilisés pour la désinfection...

 pour cela...


 télécharge >>> ToolsCleaner <<< (de A.Rothstein & dj QUIOU)

 fait un double-clique dessus pour lancer le programme

 Clique sur Recherche et laisse le scan se terminer (il peut durer une dizaine de minutes au maximum).

 une fois la recherche lancée, ne clique pas dans la fenêtre, cela provoquerait un léger bug du programme.

 Si toutes fois la mention (ne réponds pas) apparaissait dans le titre de la fenêtre ToolsCleaner, ne t'en occupes pas et laisse quand même le programme terminer son travail

 Poste moi le rapport qui apparait

 Attends mon feu vert pour cliquer sur Suppression
 




 :salut:


---------------
Notre ami
lejorker
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2010 à 23:36:45  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut,
 :sleep:

 [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

 --> Recherche:

 C:\Combofix.txt: trouvé !
 C:\TB.txt: trouvé !
 C:\Qoobox: trouvé !
 C:\Toolbar SD: trouvé !
 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis​: trouvé !
 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis​\HijackThis.lnk: trouvé !
 C:\Documents and Settings\Guillaume Desbrosses\Bureau\HJTInstall.e​xe: trouvé !
 C:\Documents and Settings\Guillaume Desbrosses\Bureau\ToolBarSD.ex​e: trouvé !
 C:\Documents and Settings\Guillaume Desbrosses\Bureau\Raccourcis Bureau non utilisés\HijackThis.lnk: trouvé !
 C:\Documents and Settings\HelpAssistant\Bureau\​HJTInstall.exe: trouvé !
 C:\Documents and Settings\HelpAssistant\Bureau\​Raccourcis Bureau non utilisés\HijackThis.lnk: trouvé !
 C:\Program Files\Trend Micro\HijackThis: trouvé !
 C:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e: trouvé !
 C:\Program Files\Trend Micro\HijackThis\hijackthis.lo​g: trouvé !
 C:\Qoobox\Quarantine\catchme.l​og: trouvé !
 C:\WINDOWS\mbr.exe: trouvé !

il fait froid ici......
  1. homepage
jeanmimigab
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 04/01/2010 à 18:35:34  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello:

 c'est nickel, tu peux cliquer sur "Suppression"  :bien:
 Supprimes aussi manuellement le fichier "lejorker.exe" (combofix)


 tu peux éditer le titre avechttp://nsa08.casimages.com/img​/2009/05/10/090510071013887581​.png en te mettant
 sur ton premier message,pour ajouter [résolu] au bout.


 si le pc se porte bien d'ici deux ou trois jours,fait cela stp...

 Il faut purger ta Restauration du système pour qu'elle soit exempte d'infections.
 pour ce faire clique simultanément sur les touches Windows + Pause du clavier.puis coche la case
 indiquée>>Appliquer>>Ok.Redémarre l'ordi>>décoche la case>>Appliquer>>Ok.

 http://nsa01.casimages.com/img​/2008/05/09/080509101158322705​2.jpg


 Pour nettoyer les fichiers temporaires,souvent source de problèmes divers,utilise:
 >>Atf Cleaner<<.pas d'installation,juste un exécutable.clique sur Select All puis
 sur Empty Selected,une nouvelle fenêtre va apparaître,clique sur Ok.
 opération à effectuer dans chaque onglet actif de Atf Cleaner et après
 chaque séance de surf sur le net.

 http://nsa01.casimages.com/img​/2008/05/09/080509101711322707​9.png



 Procéde à une Défragmentation afin d'optimiser les temps d'accès du disque dur
 lors de la lecture des fichiers.Pour lancer une défragmentation :
 Double-clique sur Poste de Travail,clic-droit sur le disque à défragmenter puis sur Propriétés.
 Choisis l'onglet Outils puis clique sur Défragmenter maintenant .

 http://nsa01.casimages.com/img​/2008/05/12/080512114857326159​3.gif

 à renouveler régulièrement,après suppression des fichiers temporaires.




 Ne pas oublier de créer un point de restauration après cette manip.
 

 Pour ce faire Démarrer>>Exécuter>>saisir: restore/rstrui.exe valider par Entrée>>
 cocher Créer un point de restauration>>cliquer sur Suivant

 http://nsa02.casimages.com/img​/2008/05/25/080525062357342275​7.jpg

 Saisir un nom pour le point de restauration puis cliquer sur Créer.

 http://nsa02.casimages.com/img​/2008/05/25/080525070657342351​2.png

 un peu de lecture sur la manière de protéger ton surf et ton ordi.

 
 
 
 
 Passes une bonne semaine et @++ :bien:




---------------
Notre ami
lejorker
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 04/01/2010 à 20:15:17  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut l'ami!
 Windows + pause m'ouvre une fenetre qui ne me propose pas appliquer ok ?
 Je vais attendre pour agir.
 J'ai toujours ce message "pare feu désactivé", qui se barre lorsque le pc trouve la connexion wifi.
 Je galère avec cette connexion c'est pas possible.
 Un coup c'est bon, j'écris un message d'une page et vlan dans le C. lulu...
 Pénible!
 Rien ne vaut le filaire!!
 Un peu déçu par Dell, mais bon...
 Tiens moi au courant pour cette histoire de fenetre bizarre...
 Et encore merci! :bisou:

il fait froid ici......
  1. homepage
jeanmimigab
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 04/01/2010 à 21:14:39  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello:

 



Windows + pause m'ouvre une fenetre qui ne me propose pas appliquer ok ?




 Clique sur l'onglet restauration du système, coche "Désactiver la restauration du système...".

 sinon un autre méthode ici
 http://service1.symantec.com/s [...] 0101856924

 



J'ai toujours ce message "pare feu désactivé", qui se barre lorsque le pc trouve la connexion wifi.




 si le pc est un peu long au démarrage, le centre de sécurité Windows s'ouvre avant que tous les services de ton pare-feu ne soient actif, et c'est ce qui provoque ce message.
 Si ensuite tu vas dans le centre de sécurité et que tu le vois bien actif, c'est OK  :bien:

 N'hésites pas si tu as d'autres questions  :)

 :salut:


---------------
Notre ami
 Page :
1

Aller à :
 

Sujets relatifs
virus persistant(résolu) Trojan generic 804372
Trojan.Generic.[RESOLU] trojan sur mon pc mdrrrrrrrrrrrrr
Infections Trojan , pannes bizarres Invasion générale de adwares, spywares, trojan etc
Plus de sujets relatifs à : Trojan persistant

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
rootkit getpadd.sys - vrai ou faux rootkit?[resolu] 5
Le fameux menu démarrer 0
carte son: le son disparait a chaque allumage du PC 0
problème Virus : Packed.Win32;Krap.ag 1
pas de souris sous windows 7 0