Se connecter / S'enregistrer
Votre question

Virus windows live

Tags :
  • windows live
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Mars 2008 14:56:13

Bonjour, je me suis fai infecté par un virus windows live.
J'ai regardé différents sujets pour savoir que faire pour l'enlever, sans vraiment comprendre ce qu'il fallait faire exactement.
J'ai fait un scan avec msnfix qui ne m'a pas supprimé le virus.
Je copie-colle le rapport.
Si quelqu'un pourrait m'aider, se serait vraiment sympa.




MSNFix 1.690

C:\Documents and Settings\Alex\Bureau\Nouveau dossier\MSNFix
Fix exécuté le 27/03/2008 - 14:31:39,82 By Alex
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\b???.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\system32\real.txt

************************ Recherche les dossiers présents

... \TEMP\
... C:\Temp\




************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\Alex\LOCALS~1\Temp\winlogon.exe
.. OK ... C:\DOCUME~1\Alex\LOCALS~1\Temp\services.exe
.. OK ... C:\WINDOWS\system32\LOCALS~1
.. OK ... C:\DOCUME~1\Alex\LOCALS~1\Temp\dcybéé£'£''fix''.exe
/!\ ... C:\WINDOWS\b???.exe
/!\ ... C:\WINDOWS\mrofinu*.exe
/!\ ... C:\WINDOWS\system32\real.txt


************************ Suppression des dossiers

/!\ ... \TEMP\
/!\ ... C:\Temp\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp
.. OK ... C:\WINDOWS\system32\real.txt



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 27032008_14363135.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Estelle\LOCALS~1\Temp\dcybéé£'£''fix''.exe


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Autres pages sur : virus windows live

27 Mars 2008 20:29:33

je n'ai plu d'antivirus :s
est-ce qu'on peut quand même le retirer sans ?
Contenus similaires
28 Mars 2008 19:54:35

Voila le rapport

Logfile of HijackThis v1.99.1
Scan saved at 14:44:28, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\17PHolmes1423.exe
C:\Documents and Settings\Alex\Bureau\Nouveau dossier\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Estelle\LOCALS~1\Temp\dcybéé£'£'%''msn'è%'fix''.exe
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94523B2A-7D54-BEC3-F9A0-273CEF0B3D56} - C:\DOCUME~1\Estelle\APPLIC~1\FACESP~1\heartbuild.exe (file missing)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O5 "LPT1:" /M "Stylus C46"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Trust Cake Dead Four] C:\Documents and Settings\All Users\Application Data\chic cast trust cake\owns fast.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Kw29Rfe3P] kerntui.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Estelle\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105w.bay105.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CSNetManagerXp - Unknown owner - C:\WINDOWS\system32\isass.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
a b 8 Sécurité
28 Mars 2008 20:58:57

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    31 Mars 2008 12:51:10

    c fait ! Voila le rapport. le virus est-il définitivement supprimé ou faut-il encore faire autre chose. Dsl je suis un noob.

    Malwarebytes' Anti-Malware 1.09
    Version de la base de données: 572

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 207921
    Temps écoulé: 1 hour(s), 16 minute(s), 16 second(s)

    Processus mémoire infecté(s): 2
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 14
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 7
    Fichier(s) infecté(s): 17

    Processus mémoire infecté(s):
    c:\WINDOWS\mrofinu1423.exe (Trojan.Downloader) -> Unloaded process successfully.
    C:\WINDOWS\system32\isass.exe (Worm.Silly) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\csnetmanagerxp (Worm.Silly) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\csnetmanagerxp (Worm.Silly) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\csnetmanagerxp (Worm.Silly) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\xInsiDERexe (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
    C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
    C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.
    C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    c:\WINDOWS\mrofinu1423.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\CPV\CPV7.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alex\Local Settings\Temp\outerinfo.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alex\Local Settings\Temp\uninstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\KXQ709MZ\17PHolmes[1].cmt (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Estelle\Local Settings\Temporary Internet Files\Content.IE5\S20A2FVK\17PHolmes[1].cmt (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\JavaCore\JavaCore.MSNFix (Trojan.Insider) -> Quarantined and deleted successfully.
    C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
    C:\Program Files\Temporary\InsiDERInst.MSNFix (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\b128.MSNFix (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\b138.MSNFix (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\mrofinu1423.exe.MSNFix (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\mrofinu1423.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\mrofinu1423.MSNFix (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\Program Files\JavaCore\UnInstall.MSNFix (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\isass.exe (Worm.Silly) -> Quarantined and deleted successfully.
    C:\WINDOWS\system\sservice.exe (BackDoor.ProRat) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    31 Mars 2008 18:00:35

    Reposte un rapport Hijackthis.
    31 Mars 2008 21:14:00

    Logfile of HijackThis v1.99.1
    Scan saved at 21:10:26, on 31/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\mrofinu1423.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\17PHolmes1423.exe
    C:\Documents and Settings\Alex\Bureau\Nouveau dossier\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Estelle\LOCALS~1\Temp\dcybéé£'£'%''msn'è%'fix''.exe
    O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {94523B2A-7D54-BEC3-F9A0-273CEF0B3D56} - C:\DOCUME~1\Estelle\APPLIC~1\FACESP~1\heartbuild.exe (file missing)
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O5 "LPT1:" /M "Stylus C46"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Trust Cake Dead Four] C:\Documents and Settings\All Users\Application Data\chic cast trust cake\owns fast.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Estelle\LOCALS~1\Temp\dcybéé£'£'%''msn'è%'fix''.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Kw29Rfe3P] kerntui.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Estelle\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105w.bay105.mail.live.com/mail/resources/MsnPU...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter: text/html - (no CLSID) - (no file)
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

    a b 8 Sécurité
    31 Mars 2008 21:26:19

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    31 Mars 2008 21:52:14

    ComboFix 08-03-30.4 - Alex 2008-03-31 21:36:11.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.184 [GMT 2:00]
    Endroit: C:\Documents and Settings\Alex\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Alex\Application Data\ICROSO~1.NET
    C:\Documents and Settings\Anne-Sophie\Application Data\HbTools
    C:\Documents and Settings\Estelle\Application Data\HbTools
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\1175990.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\130395.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\1383356.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\1383771.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\1386476.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\1386771.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\1395210.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\1395212.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\1400989.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\1401883.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\1401899.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\1403308.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\175641.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\221540.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\2896152.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\289651.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\2899595.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\2899670.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\2899691.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\39621.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\566217.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\600583.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\671709.sdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\hstat\3293.dat
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\100902
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\104395
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\11213
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\12776
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1491
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16173
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17025
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\19052
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20202
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20517
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\23066
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\23923
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\23928
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\25043
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26664
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27414
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27503
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32171
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34123
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34186
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34237
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34513
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35047
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\36079
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\371239
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\4142
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\42208
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\42915
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\43908
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44300
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44878
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45833
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\47468
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\50215
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52335
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\526389
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52968
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\5358
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\578150
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\59231
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\59234
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\59844
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61837
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\6292
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\641647
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64521
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\650179
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\658159
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\658742
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\66836
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\67226
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\67564
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\68370
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\69201
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\7009
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\70309
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\703336
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\703600
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\704972
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705021
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705060
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705124
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705129
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705133
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705142
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705150
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705156
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705157
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705375
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705431
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\70614
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\75089
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\75436
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79079
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\80670
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\81293
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\82646
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\84677
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\86379
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\91224
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\93934
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\94407
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\95716
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\95740
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\3293.dat
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\ads.cdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\business_promo.htm
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\country.exe
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar10.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar11.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar12.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar13.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar14.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar2.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar3.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar4.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar5.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar6.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar7.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar8.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar9.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_x.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\default.cdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_ringtone.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\icons2.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\progress.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\t2_bg.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\1\tsd_bg.res
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\country.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar10.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar11.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar12.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar13.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar14.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar2.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar3.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar4.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar5.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar6.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar7.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar8.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar9.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_x.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\default.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\progress.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
    C:\Documents and Settings\Estelle\Application Data\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\1055531.sdf
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\1057642.sdf
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\1065003.sdf
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\1383356.sdf
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\175641.sdf
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\566217.sdf
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\647388.sdf
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\hstat\3293.dat
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17025
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\23923
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\23928
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\258537
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26077
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27503
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34123
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34186
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\36834
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44878
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45833
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52335
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\526389
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52968
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\578150
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\59844
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\598613
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\611476
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\613373
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61837
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\67564
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\697059
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\703600
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\704974
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705021
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705035
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705060
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705142
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705150
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\707001
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\707408
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\711372
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\75089
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\76159
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\81293
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\83690
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\86379
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\87770
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\3293.dat
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\ads.cdf
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\business_promo.htm
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\country.exe
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar10.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar11.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar12.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar13.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar14.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar2.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar3.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar4.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar5.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar6.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar7.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar8.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar9.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_x.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\default.cdf
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_ringtone.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\icons2.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\progress.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\t2_bg.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\1\tsd_bg.res
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\country.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar10.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar11.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar12.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar13.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar14.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar2.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar3.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar4.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar5.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar6.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar7.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar8.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar9.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_x.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\default.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\progress.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
    C:\Documents and Settings\PHAN\Application Data\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip
    C:\WINDOWS\ktd32.atm
    C:\WINDOWS\mrofinu1423.exe
    C:\WINDOWS\mrofinu1423.exe.tmp
    C:\WINDOWS\smdat32m.sys
    C:\WINDOWS\system32\_000000_.tmp.dll
    C:\WINDOWS\system32\_000116_.tmp.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NWSAPAGENT
    -------\Service_NwSapAgent


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-28 to 2008-03-31 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-31 10:50 . 2008-03-31 21:35 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-03-31 10:50 . 2008-03-31 10:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-03-31 10:50 . 2008-03-31 10:50 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Malwarebytes
    2008-03-27 22:11 . 2008-03-27 22:11 827 --a------ C:\WINDOWS\system32\pbrgyh.exe
    2008-03-27 21:28 . 2007-04-18 18:14 2,854,400 --a------ C:\WINDOWS\system32\SET111.tmp
    2008-03-26 19:55 . 2008-03-26 19:55 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
    2008-03-25 16:38 . 2008-03-25 16:38 0 --a------ C:\WINDOWS\system32\real.MSNFix
    2008-03-19 22:16 . 2008-03-19 22:16 <REP> d-------- C:\Documents and Settings\Estelle\Application Data\MiniDm
    2008-03-14 21:00 . 2008-03-14 21:00 <REP> d-------- C:\Program Files\EA SPORTS
    2008-03-14 20:30 . 2008-03-14 20:30 <REP> d-------- C:\Program Files\DAEMON Tools Lite
    2008-03-14 20:27 . 2008-03-14 20:27 <REP> d-------- C:\Documents and Settings\Alex\Application Data\DAEMON Tools
    2008-03-14 20:27 . 2008-03-14 20:27 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-27 16:47 . 2008-03-31 21:33 <REP> d-------- C:\Program Files\PDFCreator Toolbar
    2008-02-27 16:47 . 2008-02-27 16:47 253,116 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_562.exe
    2008-02-27 16:47 . 2008-02-27 16:47 15,397 --a------ C:\Program Files\settings.dat
    2008-02-27 16:46 . 2008-02-27 16:46 <REP> d-------- C:\Documents and Settings\Anne-Sophie\Application Data\MiniDm
    2008-02-21 12:35 . 2008-02-21 12:47 <REP> d-------- C:\Documents and Settings\Alex\Application Data\MiniDm
    2008-02-20 20:32 . 2008-03-16 14:50 <REP> d-------- C:\Documents and Settings\PHAN\Application Data\MiniDm
    2008-02-19 15:03 . 2008-02-19 15:03 <REP> d-------- C:\Documents and Settings\Anne-Sophie\Application Data\IEPro
    2008-02-18 17:10 . 2008-03-06 18:23 <REP> d-------- C:\Documents and Settings\PHAN\Application Data\IEPro
    2008-02-18 14:11 . 2008-02-18 14:11 <REP> d-------- C:\Documents and Settings\Estelle\Application Data\IEPro
    2008-02-18 13:35 . 2008-02-18 13:36 <REP> d-------- C:\Program Files\IEPro
    2008-02-18 13:35 . 2008-02-18 13:36 <REP> d-------- C:\Documents and Settings\Alex\Application Data\IEPro
    2008-02-15 15:37 . 2008-02-15 15:37 <REP> d-------- C:\Documents and Settings\Anne-Sophie\Application Data\ScanSoft
    2008-02-07 20:15 . 2008-02-07 20:15 268 --ah----- C:\sqmdata19.sqm
    2008-02-07 20:15 . 2008-02-07 20:15 244 --ah----- C:\sqmnoopt19.sqm
    2008-02-06 20:26 . 2008-02-06 20:26 268 --ah----- C:\sqmdata18.sqm
    2008-02-06 20:26 . 2008-02-06 20:26 244 --ah----- C:\sqmnoopt18.sqm
    2008-02-06 12:52 . 2008-02-06 12:52 <REP> d-------- C:\Program Files\Frets on Fire
    2008-02-06 12:52 . 2008-02-06 12:53 <REP> d-------- C:\Documents and Settings\Alex\Application Data\fretsonfire
    2008-02-01 19:51 . 2008-02-01 19:51 <REP> d-------- C:\Documents and Settings\Estelle\Application Data\ScanSoft

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-31 18:50 --------- d-----w C:\Program Files\eMule
    2008-03-31 09:29 --------- d-----w C:\Documents and Settings\PHAN\Application Data\Skype
    2008-03-28 10:36 --------- d-----w C:\Documents and Settings\Alex\Application Data\BitTorrent
    2008-03-26 17:35 10 ----a-w C:\Program Files\.autoreg
    2008-03-25 19:20 --------- d-----w C:\Program Files\Windows Live
    2008-03-25 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-03-24 13:45 --------- d-----w C:\Documents and Settings\Estelle\Application Data\Creative
    2008-03-13 19:13 --------- d-----w C:\Program Files\Java
    2008-03-13 19:06 --------- d-----w C:\Program Files\BitTorrent_DNA
    2008-03-13 19:06 --------- d-----w C:\Documents and Settings\Alex\Application Data\BitTorrent DNA
    2008-03-12 09:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-11 21:16 --------- d-----w C:\Program Files\BitTorrent
    2008-02-18 11:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-18 11:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-06 17:29 --------- d-----w C:\Documents and Settings\Estelle\Application Data\BitTorrent
    2005-04-30 13:12 75,776 -c-ha-w C:\Documents and Settings\Estelle\Application Data\rbqt450.DLL
    2005-04-28 14:08 75,776 -c-ha-w C:\Documents and Settings\Anne-Sophie\Application Data\rbqt450.DLL
    2005-04-27 12:39 2,994 -c--a-w C:\Documents and Settings\Estelle\unins000.dat
    2003-09-22 01:00 77,508 -c--a-w C:\Documents and Settings\Estelle\unins000.exe
    2005-05-13 16:12 217,073 -csha-r C:\WINDOWS\meta4.exe
    2005-02-21 09:48 56 --sh--r C:\WINDOWS\system32\56C5DCDCE3.sys
    2005-07-14 11:31 27,648 -csha-r C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 14:32 616,448 -csha-r C:\WINDOWS\system32\cygwin1.dll
    2005-06-21 21:37 45,568 -csha-r C:\WINDOWS\system32\cygz.dll
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    2005-02-28 12:16 240,128 -csha-r C:\WINDOWS\system32\x.264.exe
    2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94523B2A-7D54-BEC3-F9A0-273CEF0B3D56}]
    C:\DOCUME~1\Estelle\APPLIC~1\FACESP~1\heartbuild.exe

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "Kw29Rfe3P"="kerntui.exe" []
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2004-07-27 11:01 68096 C:\WINDOWS\SOUNDMAN.EXE]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]
    "nwiz"="nwiz.exe" [2007-09-17 02:07 1626112 C:\WINDOWS\system32\nwiz.exe]
    "EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.exe" [2004-01-14 04:00 99840]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-03-04 18:56 180269]
    "Trust Cake Dead Four"="C:\Documents and Settings\All Users\Application Data\chic cast trust cake\owns fast.exe" [ ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
    "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 19:17 57393]
    "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 19:30 40960]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 02:07 81920]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [ ]
    "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 16:48 622592]
    "SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 19:02 49152]
    "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 15:58 61440]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
    "Flash Media"="C:\DOCUME~1\Estelle\LOCALS~1\Temp\dcybéé£'£'%''msn'è%'fix''.exe" [ ]
    "runner1"="C:\WINDOWS\mrofinu1423.exe" [2008-03-31 21:46 37376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "serpe"= C:\WINDOWS\system32\serbw.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
    "serpe"= C:\WINDOWS\system32\serbw.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\WinMX\\WinMX.exe"=
    "C:\\Program Files\\Gigabyte\\Gigabyte Windows Utility Manager\\ET4\\update.exe"=
    "C:\\Program Files\\NovaLogic\\Joint Operations Beta Demo\\UPDATE.EXE"=
    "C:\\Program Files\\AIM\\aim.exe"=
    "C:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
    "C:\\WINDOWS\\system32\\rtcshare.exe"=
    "C:\\Program Files\\NetMeeting\\conf.exe"=
    "C:\\Program Files\\JVTorrent\\btdownloadgui.exe"=
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Documents and Settings\\Alex\\Local Settings\\Temp\\Rar$EX00.813\\emule.exe"=
    "C:\\Documents and Settings\\Alex\\Local Settings\\Temp\\Rar$EX00.312\\emule.exe"=
    "C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\Xolox\\mldonkey\\mlnet.exe"=
    "C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Documents and Settings\\Alex\\Mes documents\\PES2008.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\DOCUME~1\\Estelle\\LOCALS~1\\Temp\\dcybéé£'£'%''msn'è%'fix''.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 10:10]
    R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-12 04:47]
    R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-12 03:40]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-07-07 19:26]
    S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50]
    S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2003-04-18 07:15]
    S3 oflpydin;oflpydin;C:\DOCUME~1\Alex\LOCALS~1\Temp\oflpydin.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
    S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 03:00]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-03-31 19:00:00 C:\WINDOWS\Tasks\AB7B910A91B0067E.job"
    - c:\docume~1\estelle\applic~1\atomtr~1\dupedeletethe.exe
    "2008-03-31 19:00:00 C:\WINDOWS\Tasks\AC95E603918E986F.job"
    - c:\docume~1\phan\applic~1\atomtr~1\dupedeletethe.exe
    "2008-03-31 19:00:00 C:\WINDOWS\Tasks\AD8BC47691AC77A6.job"
    - c:\docume~1\anne-s~1\applic~1\atomtr~1\dupedeletethe.exe
    "2008-03-26 12:38:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-31 21:43:42
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    ? [380]

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\system32\nview.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\17PHolmes1423.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-31 21:49:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-31 19:49:29
    Pre-Run: 41,178,796,032 octets libres
    Post-Run: 41,065,164,800 octets libres
    .
    2008-03-27 20:33:22 --- E O F ---
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS