Analyse RSIT

de **Lucas** » 25 Nov 2010 16:30

Salut à toute l'équipe, salut Nardino ! :wink:

Suite à la première désinfection de ce pc, je reviens te consulter à cause de différents soucis actuels sur cette machine. (redirections sur firefox, accès impossible au pare-feu windows...)

http://www.informatruc.com/forum/topic30921.html

Je te poste les derniers rapports d'aujourd'hui

Mbam:

Code: Tout sélectionner: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 5188 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 25/11/2010 15:54:11 mbam-log-2010-11-25 (15-54-11).txt Type d'examen: Examen rapide Elément(s) analysé(s): 165858 Temps écoulé: 10 minute(s), 20 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\temp\~nsuobw.tmp\OfferBoxSetup_FR.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

et le RSIT :

Code: Tout sélectionner: Logfile of random's system information tool 1.08 (written by random/random) Run by VIRGINIE at 2010-11-25 16:23:17 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 276 GB (90%) free of 305 GB Total RAM: 3037 MB (85% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:23:23, on 25/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\VIRGINIE\Bureau\RSIT.exe C:\Program Files\trend micro\VIRGINIE.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.uk.msn.com/USSMB/7 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A47BAFE2-1E88-4792-B788-6252CDCC7A6E} - c:\windows\system32\alka.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: OfferBox - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files\OfferBox\OfferBoxBHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file) O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe /hw O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DATD.tmp.exe] "C:\WINDOWS\TEMP\DATD.tmp.exe" /run (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DAT4.tmp.exe] "C:\WINDOWS\TEMP\DAT4.tmp.exe" /run (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-20 Startup: Launch WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe (User 'SERVICE RÉSEAU') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O20 - AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AMService - Unknown owner - C:\WINDOWS\TEMP\cimr\setup.exe (file missing) O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 11683 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-137615074-2211993003-2770038294-1005.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-137615074-2211993003-2770038294-1005.job C:\WINDOWS\tasks\Recherche de problèmes automatique.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}] KeyScramblerBHO Class - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2010-10-12 796192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-24 341600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}] Searchqu Toolbar - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll [2010-02-10 87488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A47BAFE2-1E88-4792-B788-6252CDCC7A6E}] c:\windows\system32\alka.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] OfferBox - C:\Program Files\OfferBox\OfferBoxBHO.dll [2010-10-22 135000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - {7FF99715-3016-4381-84CE-E4E4C9673020} - Searchqu Toolbar - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll [2010-02-10 87488] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-18 16806912] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-08-18 150040] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-08-18 178712] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-08-18 150040] "Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2009-01-19 2289664] "8169Diag"=C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe [2008-02-26 909312] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-12-04 186904] "dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384] "PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe [2001-07-23 200704] "SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-05-14 248552] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-03-24 202256] "Malwarebytes Anti-Malware (rootkit-scan)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-17 281768] "UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u [] "DATAMNGR"=C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE [2010-08-22 796608] "dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\VIRGINIE\Menu Démarrer\Programmes\Démarrage LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\progra~1\wi9130~1\datamngr\datamngr.dll " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-08-18 217088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 nwprovau [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-11-23 10:41:55 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\searchqutb 2010-11-23 10:40:53 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\OfferBox 2010-11-23 09:50:11 ----D---- C:\Program Files\Windows Searchqu Toolbar 2010-11-23 09:50:11 ----D---- C:\Program Files\OfferBox 2010-11-23 09:50:10 ----D---- C:\Program Files\Fun4IM 2010-11-23 09:49:59 ----D---- C:\Program Files\WhiteSmoke 2010-11-18 14:21:21 ----A---- C:\WINDOWS\system32\alk24.tmp 2010-11-18 14:21:10 ----A---- C:\WINDOWS\system32\alk23.tmp 2010-11-17 11:22:12 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\Icones 2010-11-12 10:30:00 ----D---- C:\WINDOWS\system32\NtmsData 2010-11-12 10:27:58 ----A---- C:\WINDOWS\system32\javaws.exe 2010-11-12 10:27:58 ----A---- C:\WINDOWS\system32\javaw.exe 2010-11-12 10:27:58 ----A---- C:\WINDOWS\system32\java.exe 2010-11-12 10:22:32 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\Avira 2010-11-09 14:08:04 ----A---- C:\WINDOWS\system32\alkA.tmp 2010-11-09 14:08:04 ----A---- C:\WINDOWS\system32\alka.dll.bak ======List of files/folders modified in the last 1 months====== 2010-11-25 16:23:22 ----D---- C:\WINDOWS\Prefetch 2010-11-25 16:23:19 ----D---- C:\Program Files\trend micro 2010-11-25 16:22:37 ----SD---- C:\WINDOWS\Tasks 2010-11-25 16:17:25 ----D---- C:\WINDOWS\system32\CatRoot2 2010-11-25 16:14:32 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\LimeWire 2010-11-25 16:14:03 ----D---- C:\WINDOWS\temp 2010-11-25 16:14:00 ----AD---- C:\WINDOWS 2010-11-25 16:07:19 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-11-25 15:55:15 ----D---- C:\WINDOWS\system32\drivers 2010-11-25 15:54:22 ----D---- C:\WINDOWS\twain_32 2010-11-24 17:58:03 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\Spotify 2010-11-24 17:57:31 ----AD---- C:\WINDOWS\system32 2010-11-24 17:57:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-11-23 16:42:37 ----D---- C:\Program Files\Mozilla Firefox 2010-11-23 09:50:11 ----RD---- C:\Program Files 2010-11-22 15:22:49 ----SHD---- C:\System Volume Information 2010-11-22 15:19:33 ----D---- C:\WINDOWS\Registration 2010-11-22 15:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2010-11-12 10:32:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2010-11-12 10:29:59 ----D---- C:\WINDOWS\repair 2010-11-12 10:28:04 ----SHD---- C:\WINDOWS\Installer 2010-11-12 10:28:04 ----D---- C:\Config.Msi 2010-11-12 10:27:48 ----D---- C:\Program Files\Java 2010-11-12 10:11:42 ----D---- C:\WINDOWS\system32\Restore 2010-11-08 12:50:17 ----D---- C:\Documents and Settings\All Users\Application Data\Real ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-07-23 14576] R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2007-07-23 99808] R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2008-08-19 324120] R0 lhztltrv;lhztltrv; C:\WINDOWS\system32\drivers\lhztltrv.sys [2008-04-14 23424] R0 pavboot;pavboot; C:\WINDOWS\system32\drivers\pavboot.sys [2009-06-30 28552] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-07-26 43872] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-08-17 126856] R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-07-23 30064] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520] R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-08-17 60936] R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [2007-07-23 37360] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [2007-07-23 32848] R2 DLADResM;DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [2007-07-23 9136] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [2007-07-23 108752] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [2007-07-23 27216] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [2007-07-23 16304] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [2007-07-23 98448] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [2007-07-23 93552] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-07-23 52000] R2 LANPkt;Realtek LANPkt Protocol Driver; C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2007-11-20 8960] R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320] R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232] R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936] R3 BCM43XX;Pilote de la carte réseau local sans fil Wireless de Dell; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-01-19 1391104] R3 Diag69xp;Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [2007-12-03 11264] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-08-18 6044864] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-18 4752896] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2008-08-18 110080] R3 KeyScrambler;KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [2010-02-11 114952] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12288] R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-08-19 106368] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [] R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S0 drkudrv;drkudrv; C:\WINDOWS\system32\drivers\gqjak.sys [] S0 ipqisvpjaoieonx;ipqisvpjaoieonx; C:\WINDOWS\system32\drivers\lsyurm.sys [] S0 nojvhaw;nojvhaw; C:\WINDOWS\system32\drivers\kxbtxm.sys [] S0 vpbgwdjygacpwv;vpbgwdjygacpwv; C:\WINDOWS\system32\drivers\gvwhdqbip.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\VIRGINIE\LOCALS~1\Temp\catchme.sys [] S3 encodfdi;encodfdi; C:\WINDOWS\system32\drivers\encodfdi.sys [2001-01-28 169464] S3 RTLVLAN;Realtek VLAN Intermediate Driver; C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS [2007-11-20 16640] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368] S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928] S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752] S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952] S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960] S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-08-17 267944] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2007-12-12 65536] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-03 1043784] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2009-01-19 24576] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2007-12-12 1531989] S2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 AMService;AMService; C:\WINDOWS\TEMP\cimr\setup.exe run [] S2 espasmtf;USB Bus oa929 Support; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-12-04 354840] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] S3 stllssvr;stllssvr; C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe [2007-07-11 69632] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-02-10 435016] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

En attendant ton avis sur la situation, bonne journée!
Cordialement

de **nardino** » 26 Nov 2010 18:10

Bonsoir,

Télécharge Combofix
**Création d'un Script Combofix**

ATTENTION : Cette procédure a été rédigée pour le cas présent, toute copie sur sur un autre système peut entrainer des dysfonctionnements graves.

Ouvre le bloc-notes : Tous les programmes-Accessoire-Bloc-notes
Colles-y les lignes écrites ci-dessous :
Veille à ce que Retour à la ligne ne soit pas coché dans Format.

Driver::
lhztltrv
gqjak
lsyurm
kxbtxm
gvwhdqbip

File::
C:\WINDOWS\system32\alk24.tmp
C:\WINDOWS\system32\alk23.tmp
C:\WINDOWS\system32\alkA.tmp
C:\WINDOWS\system32\alka.dll.bak
C:\WINDOWS\system32\drivers\lhztltrv.sys
C:\WINDOWS\system32\drivers\gqjak.sys
C:\WINDOWS\system32\drivers\lsyurm.sys
C:\WINDOWS\system32\drivers\kxbtxm.sys
C:\WINDOWS\system32\drivers\gvwhdqbip.sys
C:\WINDOWS\TEMP\DAT4.tmp.exe
C:\WINDOWS\TEMP\DATD.tmp.exe

Folder::
C:\PROGRA~1\WI9130~1
C:\Documents and Settings\VIRGINIE\Application Data\searchqutb
C:\Documents and Settings\VIRGINIE\Application Data\OfferBox
C:\Program Files\Windows Searchqu Toolbar
C:\Program Files\OfferBox
C:\Program Files\Fun4IM
C:\Program Files\WhiteSmoke

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A47BAFE2-1E88-4792-B788-6252CDCC7A6E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=-
"{7FF99715-3016-4381-84CE-E4E4C9673020}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DATAMNGR"=-

Enregistre-le sous CFScript.txt, sur le bureau
Comme sur l'image présentée ici, fais glisser CFScript.txt dans Combofix.exe

Combofix va se lancer et faire redémarrer l'ordinateur.
Poste le rapport C:\Combofix et un nouveau rapport RSIT.
Donne des infos sur l'évolution de tes problèmes.
@+

de **Lucas** » 28 Nov 2010 20:24

Je ne serais pas sur mon lieu de travail cette semaine alors je suivrais cette manipulation dès mon retour.
Merci de ton aide Nardino, à la semaine prochaine pour la suite de cette désinfection.

de **Lucas** » 06 Déc 2010 17:45

Re-bonjour Nardino, voilà comme prévu la suite de la désinfection après Combofix.
Je du le séparer en plusieurs parties à cause de la limitation des caractères.

Rapport Combofix (part 1):

Code: Tout sélectionner: ComboFix 10-12-04.06 - VIRGINIE 06/12/2010 16:43:59.3.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3037.2613 [GMT 1:00] Lancé depuis: c:\documents and settings\VIRGINIE\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\VIRGINIE\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\system32\alk23.tmp" "c:\windows\system32\alk24.tmp" "c:\windows\system32\alka.dll.bak" "c:\windows\system32\alkA.tmp" "c:\windows\system32\drivers\gqjak.sys" "c:\windows\system32\drivers\gvwhdqbip.sys" "c:\windows\system32\drivers\kxbtxm.sys" "c:\windows\system32\drivers\lhztltrv.sys" "c:\windows\system32\drivers\lsyurm.sys" "c:\windows\TEMP\DAT4.tmp.exe" "c:\windows\TEMP\DATD.tmp.exe" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users.\documents\settings c:\documents and settings\NetworkService\Application Data\OfferBox c:\documents and settings\NetworkService\Application Data\OfferBox\config.dat c:\documents and settings\NetworkService\Application Data\OfferBox\config.xml c:\documents and settings\VIRGINIE\Application Data\OfferBox c:\documents and settings\VIRGINIE\Application Data\OfferBox\config.dat c:\documents and settings\VIRGINIE\Application Data\OfferBox\config.xml c:\documents and settings\VIRGINIE\Application Data\searchqutb c:\progra~1\WI9130~1 c:\progra~1\WI9130~1\Datamngr\datamngr.dll c:\progra~1\WI9130~1\Datamngr\datamngrUI.exe c:\progra~1\WI9130~1\ToolBar\chrome\content\.#searchqutb.js.1.3 c:\progra~1\WI9130~1\ToolBar\chrome\content\data\search\engines.xml c:\progra~1\WI9130~1\ToolBar\chrome\content\data\search\search.xsl c:\progra~1\WI9130~1\ToolBar\chrome\content\lib\about.xml c:\progra~1\WI9130~1\ToolBar\chrome\content\lib\dtxpanelwin.xul c:\progra~1\WI9130~1\ToolBar\chrome\content\lib\dtxprefwin.xul c:\progra~1\WI9130~1\ToolBar\chrome\content\lib\dtxwin.xul c:\progra~1\WI9130~1\ToolBar\chrome\content\lib\emailnotifierproviders.xml c:\progra~1\WI9130~1\ToolBar\chrome\content\lib\external.js c:\progra~1\WI9130~1\ToolBar\chrome\content\lib\neterror.xhtml c:\progra~1\WI9130~1\ToolBar\chrome\content\lib\wmpstreamer.html c:\progra~1\WI9130~1\ToolBar\chrome\content\modules\datastore.jsm c:\progra~1\WI9130~1\ToolBar\chrome\content\preferences.xml c:\progra~1\WI9130~1\ToolBar\chrome\content\searchqutb.js c:\progra~1\WI9130~1\ToolBar\chrome\content\toolbar.htm c:\progra~1\WI9130~1\ToolBar\chrome\content\toolbar.xul c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-mdl.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tl.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tr.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-dragresize.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-down.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-over.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-down.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-over.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-down.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-over.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next-off.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous-off.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\navico-home.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\panel.html c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\powered-mystart.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\tb_icon.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.js c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.xml c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-mdl.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tl.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tr.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-dragresize.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-down.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-over.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-down.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-over.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-down.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-over.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next-off.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous-off.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\navico-home.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\panel.html c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\powered-mystart.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\tb_icon.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.js c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.xml c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217.zip c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js c:\progra~1\WI9130~1\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml c:\progra~1\WI9130~1\ToolBar\chrome\skin\bluelite.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\bluesky.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\btn-search-over.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\btn-search.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\btn-settings-over.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\btn-settings.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\btn-widgets-over.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\btn-widgets.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\btn_settings.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\button-down-back-ff.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\button-down-back.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\button-down-left.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\button-down-right.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\button-down-splitter.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\button-drop-back.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\button-drop-left.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\button-drop-right.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\button-drop-splitter.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\button-hover-back-ff.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\button-hover-back.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\button-hover-left.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\button-hover-right.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\button-hover-splitter.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\ca.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\dictionary.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\divider.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\downloadcom.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\email.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\email_on.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\games.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\graphred0.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\graphred0_5.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\grey.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\headsup.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\ico-shield.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\images.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\add.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\aol.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\arrow-dn.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\arrow-right.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\arrow-up.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\bg-btn-end.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\bg-btn-mdl.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\bg-btn-start.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\bg-btnover-end.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\bg-btnover-mdl.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\bg-btnover-start.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\blank.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\btnback-down-vista.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\btnback-vista.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\btnleft-down-vista.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\btnleft-vista.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\btnright-down-vista.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\btnright-vista.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\button-splitter-down-vista.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\button-splitter-vista.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\checkmark.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\chevron.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\collapse.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\comcast.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\dtx.css c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\edit-back-hot.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\edit-back.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\expand.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\found.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\gmail.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\highlight.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\highlight_blue.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\highlight_cyan.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\highlight_lime.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\highlight_magenta.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\highlight_yellow.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\hotmail.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\imap.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\loadingMid.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\lock.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\mailcom.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\menu_bg-basic.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\menu_separator_bar.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\menuitem-splitter.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\menuitemback-down-vista.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\menuitemback-vista.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\menuitemleft-vista.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\menuitemright-down-vista.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\menuitemright-vista.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\move.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\movetarget.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\css\popupAbout.css c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\css\popupGames.css c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\footer.htm c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\gamecategory.xsl c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\gameData.js c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\gameList.xsl c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\gametype.xsl c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\btn-drag.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\btn-next.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\btn-previous.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\ico-download.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\ico-play.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\ico-tags.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\icon-Add.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\icon-download.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\icon-Info.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\icon-play.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\icon-shop.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\scrollb.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\scrollt.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\popupGames.html c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\panels\popupWidgets.html c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\pop.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\css\manager.css c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\css\slider.css c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\ico-radio.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\music-note.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\radio-options.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\slider.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\slideron.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\images\track.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\managerpanel.html c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\radio\volumeslider.html c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\remove.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\rename.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\resize-box.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\rss.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\rsschannelback.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\RSSLogo.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\rsstabdivider.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\scroll-left.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\scroll-right.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\search-go.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\search.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\text-ellipsis.xml c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\throbber.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\toolbarsplitter.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\transparent_1px.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\border_02.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\border_03.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\border_04.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\border_06.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\border_07.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\border_08.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\border_09.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\border_10.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\border_11.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\border_12.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\border_13.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\border_14.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\border_15.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\border_16.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\border_18.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\border_19.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\border_20.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\border_21.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\close-hot.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\close-normal.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\loadingMid.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\proxy.html c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\template.html c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\template.xml c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\templateFF.html c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\uwa\throbber.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html c:\progra~1\WI9130~1\ToolBar\chrome\skin\lib\yahoo.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\lichen.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\logo-about.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\logo.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\maps.bmp c:\progra~1\WI9130~1\ToolBar\chrome\skin\menuseparatorback.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\modify-save.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\modify.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\modifyhot.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\music.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\news.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\options\options-main.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\options\options-search.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\options\options-weather.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\options\options-widgets.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\orange.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\pixsy.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\relatedlinks.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\rss-collapse.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\rss-delete.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\rss-expand.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\rss-feed.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\rss-folder-remove.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\rss-folder-rename.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\rss-folder.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\rss-found.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\rss-reload.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\rss-subscribe.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\rss.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\rssback.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\rsstopback.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\search-over.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\search.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\searchbar\searchbar-background-left.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\searchbar\searchbar-background-right.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\searchqutb.css c:\progra~1\WI9130~1\ToolBar\chrome\skin\settings.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\shopping.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\siteinfo.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\skin-bluelite.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\skin-bluesky.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\skin-grey.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\skin-lichen.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\skin-orange.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\skin-yellow.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\technorati.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\throbber.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\toolbarsplitter.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\video.bmp c:\progra~1\WI9130~1\ToolBar\chrome\skin\weather.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\web.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\widget_allocine.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\widget_bliptv.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\widget_calcal.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\widget_calculator.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\widget_gservices.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\widget_sudoku.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\widget_todo.jpg c:\progra~1\WI9130~1\ToolBar\chrome\skin\widget_todo.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\widget_trio.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\widget_uconverter.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\widgets-square-16px.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\widgets.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\wikipedia.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\yahoosearch.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\yellow.gif c:\progra~1\WI9130~1\ToolBar\chrome\skin\youtube.png c:\progra~1\WI9130~1\ToolBar\chrome\skin\zoom.png c:\progra~1\WI9130~1\ToolBar\components\windowmediator.js c:\progra~1\WI9130~1\ToolBar\manifest.xml c:\progra~1\WI9130~1\ToolBar\SearchquDx.dll c:\progra~1\WI9130~1\ToolBar\SearchquTb.dll c:\progra~1\WI9130~1\ToolBar\uninstall.exe c:\progra~1\WI9130~1\uninstall.exe c:\program files\Fun4IM c:\program files\Fun4IM\Plugins\MSN\msnplugin.dll c:\program files\OfferBox c:\program files\OfferBox\OfferBox.exe c:\program files\OfferBox\OfferBoxBHO.dll c:\program files\OfferBox\OfferBoxChromeExtension.crx c:\program files\OfferBox\OfferBoxEngine.dll c:\program files\OfferBox\offerboxffx@offerbox.com\chrome.manifest c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\events.js c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\overlay.xul c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.xpt c:\program files\OfferBox\offerboxffx@offerbox.com\install.rdf c:\program files\OfferBox\OfferBoxLauncher.exe c:\program files\OfferBox\res\language.xml c:\program files\OfferBox\res\loader.gif c:\program files\OfferBox\uninst.exe

de **Lucas** » 06 Déc 2010 17:48

Désolé du double-post :oops:

Combofix (part 2) :

Code: Tout sélectionner: c:\program files\WhiteSmoke c:\program files\WhiteSmoke\buy.ico c:\program files\WhiteSmoke\ComVistaElevator.dll c:\program files\WhiteSmoke\FloatButtonWhiteApps.txt c:\program files\WhiteSmoke\FuncServer_WDC_x64.exe c:\program files\WhiteSmoke\HookDllOE.dll c:\program files\WhiteSmoke\HookDllOE64.dll c:\program files\WhiteSmoke\html\english\common\iepngfix\blank.gif c:\program files\WhiteSmoke\html\english\common\iepngfix\checkerboard.gif c:\program files\WhiteSmoke\html\english\common\iepngfix\helix.gif c:\program files\WhiteSmoke\html\english\common\iepngfix\iepngfix.htc c:\program files\WhiteSmoke\html\english\common\iepngfix\iepngfix.html c:\program files\WhiteSmoke\html\english\common\iepngfix\opacity.png c:\program files\WhiteSmoke\html\english\common\js\common.js c:\program files\WhiteSmoke\html\english\common\js\pngfix.js c:\program files\WhiteSmoke\html\english\common\js\prototype.js c:\program files\WhiteSmoke\html\english\common\js\xmlhttp.js c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\ajax-loader.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\bottom_bg.png c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\bottom_bg_.png c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\bottom_left_corner.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\bottom_left_corner_.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\corner_bottom_left.png c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\corner_bottom_right.png c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\corner_top_left.png c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\corner_top_right.png c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\down_arrow.png c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\empty.jpg c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\input_bg.png c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\left_input.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\loading_dictionary.swf c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\resize.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\resize_.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\right_input.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\search_strip_bg3.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\search_strip_bg3_.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\dictionary_disabled.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\dictionary_over.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\dictionary_press.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\dictionary_up.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\down_arrow.png c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\go_disabled.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\go_over.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\go_press.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\go_up.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\idioms_disabled.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\idioms_over.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\idioms_press.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\idioms_up.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\thesaurus_disabled.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\thesaurus_over.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\thesaurus_press.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\thesaurus_up.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\translate_normal.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\translate_pressed.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\translate_rollover.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\translation_disabled.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\translation_over.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\translation_press.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\translation_up.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_bar_close_down.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_bar_close_down_.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_bar_close_over.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_bar_close_over_.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_bar_close_up.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_bar_close_up_.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_bar_max_down.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_bar_max_over.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_bar_max_up.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_bar_min_down.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_bar_min_down_.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_bar_min_over.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_bar_min_over_.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_bar_min_up.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_bar_min_up_.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_dictionary_off.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_dictionary_off_.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_dictionary_press.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_dictionary_press_.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_dictionary_roll_over.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_dictionary_roll_over_.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_strip.png c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_strip_ (2).png c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_strip_.png c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_strip_old.png c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_strip_right_corner.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_strip_right_corner.png c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_strip_right_corner_.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_translation_off.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_translation_off_.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_translation_press.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_translation_press_.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_translation_roll_over.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\caption_translation_roll_over_.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\logo.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\logo.png c:\program files\WhiteSmoke\html\english\dictClientDic\img\captionbar\logo_.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\popup\screen_bg.png c:\program files\WhiteSmoke\html\english\dictClientDic\img\popup\screen_bg_bottom.png c:\program files\WhiteSmoke\html\english\dictClientDic\img\popup\screen_bg_top.png c:\program files\WhiteSmoke\html\english\dictClientDic\img\popup\screen_captionbar_press.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\popup\screen_captionbar_up.gif c:\program files\WhiteSmoke\html\english\dictClientDic\img\spacer.gif c:\program files\WhiteSmoke\html\english\dictClientDic\index.html c:\program files\WhiteSmoke\html\english\dictClientDic\js\common.js c:\program files\WhiteSmoke\html\english\dictClientDic\js\Contextmenu.js c:\program files\WhiteSmoke\html\english\dictClientDic\js\dictInterface.js c:\program files\WhiteSmoke\html\english\dictClientDic\js\jquery.combobox.js c:\program files\WhiteSmoke\html\english\dictClientDic\js\jquery.js c:\program files\WhiteSmoke\html\english\dictClientDic\js\prototype.js c:\program files\WhiteSmoke\html\english\dictClientDic\js\xmlhttp.js c:\program files\WhiteSmoke\html\english\dictClientDic\style\combobox.css c:\program files\WhiteSmoke\html\english\dictClientDic\style\Contextmenu.css c:\program files\WhiteSmoke\html\english\dictClientDic\style\dictionary.css c:\program files\WhiteSmoke\html\english\floatingButton\blue-Q-rollover.gif c:\program files\WhiteSmoke\html\english\floatingButton\blue-rollover.gif c:\program files\WhiteSmoke\html\english\floatingButton\blue-X-rollover.gif c:\program files\WhiteSmoke\html\english\floatingButton\blue.gif c:\program files\WhiteSmoke\html\english\floatingButton\index.html c:\program files\WhiteSmoke\html\english\floatingButton\red&blue.gif c:\program files\WhiteSmoke\html\english\floatingButton\Thumbs.db c:\program files\WhiteSmoke\html\english\floatingButton_howto\img\Background\howto_bg.gif c:\program files\WhiteSmoke\html\english\floatingButton_howto\img\Background\Thumbs.db c:\program files\WhiteSmoke\html\english\floatingButton_howto\img\spacer.gif c:\program files\WhiteSmoke\html\english\floatingButton_howto\img\Thumbs.db c:\program files\WhiteSmoke\html\english\floatingButton_howto\index.html c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\blank.gif c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\checkerboard.gif c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\helix.gif c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\iepngfix.htc c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\iepngfix.html c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\opacity.png c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\index.js c:\program files\WhiteSmoke\html\english\floatingButton_howto\style\style.css c:\program files\WhiteSmoke\html\english\gui\img\Background\ajax-loader.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\base_fade_px.png c:\program files\WhiteSmoke\html\english\gui\img\Background\bg_bottom.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\blue_bg.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\blue_bg_.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\blue_bottom_bg.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\blue_dark_bg.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\blue_dark_bg_.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\blue_top_bg.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\blue_top_bg_.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\bottom_bg.png c:\program files\WhiteSmoke\html\english\gui\img\Background\bottom_grey_strip.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\bottom_left_corner.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\bottom_left_corner.png c:\program files\WhiteSmoke\html\english\gui\img\Background\bottom_left_corner_.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\bottom_left_corner6.png c:\program files\WhiteSmoke\html\english\gui\img\Background\bottom_right_corner.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\bottom_right_corner.png c:\program files\WhiteSmoke\html\english\gui\img\Background\bottom_right_corner_.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\bottom_right_corner6.png c:\program files\WhiteSmoke\html\english\gui\img\Background\bottombar_px.png c:\program files\WhiteSmoke\html\english\gui\img\Background\buttons_separator.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\buttons_tray_bottom_px.png c:\program files\WhiteSmoke\html\english\gui\img\Background\buttons_tray_px.png c:\program files\WhiteSmoke\html\english\gui\img\Background\cascade.png c:\program files\WhiteSmoke\html\english\gui\img\Background\collapse.png c:\program files\WhiteSmoke\html\english\gui\img\Background\context_bl2.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\context_br2.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\context_dot.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\context_menu_bg.png c:\program files\WhiteSmoke\html\english\gui\img\Background\context_sub_menu_bg.png c:\program files\WhiteSmoke\html\english\gui\img\Background\context_submenu.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\context_submenu_dis.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\context_tl2.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\context_tr2.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\Copy of notice_right_top_bg.png c:\program files\WhiteSmoke\html\english\gui\img\Background\corner_bottom_left.png c:\program files\WhiteSmoke\html\english\gui\img\Background\corner_bottom_right.png c:\program files\WhiteSmoke\html\english\gui\img\Background\corner_top_left.png c:\program files\WhiteSmoke\html\english\gui\img\Background\corner_top_right.png c:\program files\WhiteSmoke\html\english\gui\img\Background\down_arrow.png c:\program files\WhiteSmoke\html\english\gui\img\Background\dpreloader.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\dpreloader_left_bottom_bg.png c:\program files\WhiteSmoke\html\english\gui\img\Background\dpreloader_left_top_bg.png c:\program files\WhiteSmoke\html\english\gui\img\Background\dpreloader_right_bottom_bg.png c:\program files\WhiteSmoke\html\english\gui\img\Background\dpreloader_right_top_bg.png c:\program files\WhiteSmoke\html\english\gui\img\Background\drop_down_input_box.png c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_footer_left.png c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_footer_px.png c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_footer_right.png c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_header_left.png c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_header_px.png c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_header_right.png c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_sidefade.png c:\program files\WhiteSmoke\html\english\gui\img\Background\empty.jpg c:\program files\WhiteSmoke\html\english\gui\img\Background\epreloader_left_bottom_bg.png c:\program files\WhiteSmoke\html\english\gui\img\Background\epreloader_left_top_bg.png c:\program files\WhiteSmoke\html\english\gui\img\Background\epreloader_right_bottom_bg.png c:\program files\WhiteSmoke\html\english\gui\img\Background\epreloader_right_top_bg.png c:\program files\WhiteSmoke\html\english\gui\img\Background\feather.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\input_bg.png c:\program files\WhiteSmoke\html\english\gui\img\Background\inputline_fade_px.png c:\program files\WhiteSmoke\html\english\gui\img\Background\left_input.png c:\program files\WhiteSmoke\html\english\gui\img\Background\left_input_.png c:\program files\WhiteSmoke\html\english\gui\img\Background\left_input_old.png c:\program files\WhiteSmoke\html\english\gui\img\Background\loading_dictionary.swf c:\program files\WhiteSmoke\html\english\gui\img\Background\main_background.png c:\program files\WhiteSmoke\html\english\gui\img\Background\main_background_old.png c:\program files\WhiteSmoke\html\english\gui\img\Background\notice_checkbox_checked.png c:\program files\WhiteSmoke\html\english\gui\img\Background\notice_checkbox_unchecked.png c:\program files\WhiteSmoke\html\english\gui\img\Background\notice_close_down.png c:\program files\WhiteSmoke\html\english\gui\img\Background\notice_close_over.png c:\program files\WhiteSmoke\html\english\gui\img\Background\notice_close_up.png c:\program files\WhiteSmoke\html\english\gui\img\Background\notice_left_bottom_bg.png c:\program files\WhiteSmoke\html\english\gui\img\Background\notice_left_top_bg.png c:\program files\WhiteSmoke\html\english\gui\img\Background\notice_right_bottom_bg.png c:\program files\WhiteSmoke\html\english\gui\img\Background\notice_right_top_bg.png c:\program files\WhiteSmoke\html\english\gui\img\Background\resize.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\resize_gripper.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\resize_gripper.png c:\program files\WhiteSmoke\html\english\gui\img\Background\result_area_top_bg.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\result_area_top_bg_.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\right_input.png c:\program files\WhiteSmoke\html\english\gui\img\Background\right_input_.png c:\program files\WhiteSmoke\html\english\gui\img\Background\right_input_goldold.png c:\program files\WhiteSmoke\html\english\gui\img\Background\right_input_old.png c:\program files\WhiteSmoke\html\english\gui\img\Background\search_strip_bg.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\search_strip_bg2.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\sideinfoblankimage.jpg c:\program files\WhiteSmoke\html\english\gui\img\Background\spacer.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\spacer_.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_blue.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_green.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_green2.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_purple.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_red.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_left_corner.png c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_px.png c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_right_corner.png c:\program files\WhiteSmoke\html\english\gui\img\Background\Thumbs.db c:\program files\WhiteSmoke\html\english\gui\img\Background\ticket.png c:\program files\WhiteSmoke\html\english\gui\img\Background\top_grey_strip.gif c:\program files\WhiteSmoke\html\english\gui\img\Background\wslogo.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\Autocorrect-btn-press.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\Autocorrect-btn-roll-over.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\Autocorrect-btn.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\Autocorrect-close-press.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\Autocorrect-close-rollover.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\Autocorrect-close.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\Autocorrect-open-press.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\Autocorrect-open-rollover.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\Autocorrect-open.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\autocorrect_arrow_down.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\autocorrect_arrow_roll.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\autocorrect_arrow_roll2.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\autocorrect_arrow_roll3.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\autocorrect_arrowclose_roll.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\autocorrect_disabled.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\autocorrect_down.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\autocorrect_over.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\autocorrect_up.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\bottombar_buynow_down.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\bottombar_buynow_roll.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\bottombar_buynow_up.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\bottombar_tellfriend_down.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\bottombar_tellfriend_roll.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\bottombar_tellfriend_up.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\close_down.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\close_over.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\close_up.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\get-full.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\get-full.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\get-full_old.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\input_left.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_down.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_down.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_down_.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_roll.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_roll.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_roll_.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_up.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_up.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_up_.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_edit_down.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_edit_roll.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_edit_up.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_englishlessons_down.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_englishlessons_roll.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_englishlessons_up.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_menu_down.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_menu_down.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_menu_roll.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_menu_roll.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_menu_up.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_menu_up.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_templates_down.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_templates_down.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_templates_roll.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_templates_roll.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_templates_up.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_templates_up.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\new_autocorrect_down.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\new_autocorrect_nofocus.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\notice_userguide_press.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\notice_userguide_up.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\redo_disabled.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\redo_down.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\redo_roll.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\redo_up.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\smallclosebutton.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_apply_down.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_apply_down.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_apply_down_.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_apply_roll.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_apply_roll.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_apply_roll_.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_apply_up.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_apply_up.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_apply_up_.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_check_down.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_check_down.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_check_down_.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_check_roll.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_check_roll.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_check_roll_.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_check_up.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_check_up.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_check_up_.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\Thumbs.db c:\program files\WhiteSmoke\html\english\gui\img\Buttons\undo_disabled.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\undo_down.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\undo_roll.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\undo_up.png c:\program files\WhiteSmoke\html\english\gui\img\Buttons\x.gif c:\program files\WhiteSmoke\html\english\gui\img\Buttons\x.jpg c:\program files\WhiteSmoke\html\english\gui\img\Buttons\x_hover.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_close_down.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_close_down_old.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_close_over.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_close_over_.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_close_over_old.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_close_up.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_close_up_.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_close_up_old.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_max_down.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_max_down_old.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_max_over.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_max_over_.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_max_over_old.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_max_up.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_max_up_.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_max_up_old.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_max2_down.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_max2_over.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_min_down.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_min_over.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_min_up.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_re_down.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_re_down_old.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_re_over.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_re_over_.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_re_over_old.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_re_up.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_re_up_.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_re_up_old.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bottom_px.png c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bottom_px_.png c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bottom_px_old.png c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_px.png c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_px_.png c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_px_old.png c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_strip.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_strip.png c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_strip_right_corner.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_strip_right_corner.png c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_strip_right_corner_.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_strip_right_corner_old.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_strip_right_corner6.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_strip_right_corner6.png c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_strip_under_buttons.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\Copy (2) of logo.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\Copy of logo.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\executive.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\logo.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\logo.png c:\program files\WhiteSmoke\html\english\gui\img\captionbar\logo_.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\logo_g.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\logo_old.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\logo_without 2008.gif c:\program files\WhiteSmoke\html\english\gui\img\captionbar\Thumbs.db c:\program files\WhiteSmoke\html\english\gui\img\close.png c:\program files\WhiteSmoke\html\english\gui\img\dictionary\bottom_left.png c:\program files\WhiteSmoke\html\english\gui\img\dictionary\bottom_right.png c:\program files\WhiteSmoke\html\english\gui\img\dictionary\closeButton.png c:\program files\WhiteSmoke\html\english\gui\img\dictionary\fadeborder.png c:\program files\WhiteSmoke\html\english\gui\img\dictionary\load.gif c:\program files\WhiteSmoke\html\english\gui\img\dictionary\Thumbs.db c:\program files\WhiteSmoke\html\english\gui\img\dictionary\title.png c:\program files\WhiteSmoke\html\english\gui\img\dictionary\top_bg.png c:\program files\WhiteSmoke\html\english\gui\img\dictionary\top_left.png c:\program files\WhiteSmoke\html\english\gui\img\dictionary\top_right.png c:\program files\WhiteSmoke\html\english\gui\img\enrichment\bottom_bg.png c:\program files\WhiteSmoke\html\english\gui\img\enrichment\bottom_left.png c:\program files\WhiteSmoke\html\english\gui\img\enrichment\bottom_right.png c:\program files\WhiteSmoke\html\english\gui\img\enrichment\explanation.png c:\program files\WhiteSmoke\html\english\gui\img\enrichment\fadeborder.png c:\program files\WhiteSmoke\html\english\gui\img\enrichment\horizontal_border.gif c:\program files\WhiteSmoke\html\english\gui\img\enrichment\qmark.png c:\program files\WhiteSmoke\html\english\gui\img\enrichment\qmark_old.png c:\program files\WhiteSmoke\html\english\gui\img\enrichment\Thumbs.db c:\program files\WhiteSmoke\html\english\gui\img\enrichment\title.gif c:\program files\WhiteSmoke\html\english\gui\img\enrichment\title.png c:\program files\WhiteSmoke\html\english\gui\img\enrichment\title_synonyms.png c:\program files\WhiteSmoke\html\english\gui\img\enrichment\top_bg.png c:\program files\WhiteSmoke\html\english\gui\img\enrichment\top_left.png c:\program files\WhiteSmoke\html\english\gui\img\enrichment\top_right.png c:\program files\WhiteSmoke\html\english\gui\img\enrichments\bottom_bg.png c:\program files\WhiteSmoke\html\english\gui\img\enrichments\bottom_left.png c:\program files\WhiteSmoke\html\english\gui\img\enrichments\bottom_right.png c:\program files\WhiteSmoke\html\english\gui\img\enrichments\delete_btn.png c:\program files\WhiteSmoke\html\english\gui\img\enrichments\fadeborder.png c:\program files\WhiteSmoke\html\english\gui\img\enrichments\qmark.png c:\program files\WhiteSmoke\html\english\gui\img\enrichments\Thumbs.db c:\program files\WhiteSmoke\html\english\gui\img\enrichments\title.png c:\program files\WhiteSmoke\html\english\gui\img\enrichments\top_bg.png c:\program files\WhiteSmoke\html\english\gui\img\enrichments\top_left.png c:\program files\WhiteSmoke\html\english\gui\img\enrichments\top_right.png c:\program files\WhiteSmoke\html\english\gui\img\grammar\bottom_bg.png c:\program files\WhiteSmoke\html\english\gui\img\grammar\bottom_left.png c:\program files\WhiteSmoke\html\english\gui\img\grammar\bottom_right.png c:\program files\WhiteSmoke\html\english\gui\img\grammar\explanation.png c:\program files\WhiteSmoke\html\english\gui\img\grammar\fadeborder.png c:\program files\WhiteSmoke\html\english\gui\img\grammar\grammarexpclosebutton.gif c:\program files\WhiteSmoke\html\english\gui\img\grammar\qmark.png c:\program files\WhiteSmoke\html\english\gui\img\grammar\Thumbs.db c:\program files\WhiteSmoke\html\english\gui\img\grammar\title.png c:\program files\WhiteSmoke\html\english\gui\img\grammar\top_bg.png c:\program files\WhiteSmoke\html\english\gui\img\grammar\top_left.png c:\program files\WhiteSmoke\html\english\gui\img\grammar\top_right.png c:\program files\WhiteSmoke\html\english\gui\img\Menu\help_over.png c:\program files\WhiteSmoke\html\english\gui\img\Menu\help_up.png c:\program files\WhiteSmoke\html\english\gui\img\Menu\menu_bottom.png c:\program files\WhiteSmoke\html\english\gui\img\Menu\settings_over.png c:\program files\WhiteSmoke\html\english\gui\img\Menu\settings_up.png c:\program files\WhiteSmoke\html\english\gui\img\Menu\submenu.gif c:\program files\WhiteSmoke\html\english\gui\img\Menu\Thumbs.db c:\program files\WhiteSmoke\html\english\gui\img\open.png c:\program files\WhiteSmoke\html\english\gui\img\review-section\close.png c:\program files\WhiteSmoke\html\english\gui\img\review-section\closedy2.png c:\program files\WhiteSmoke\html\english\gui\img\review-section\content-review.gif c:\program files\WhiteSmoke\html\english\gui\img\review-section\down-content.gif c:\program files\WhiteSmoke\html\english\gui\img\review-section\li-content.png c:\program files\WhiteSmoke\html\english\gui\img\review-section\open.png c:\program files\WhiteSmoke\html\english\gui\img\review-section\opencq8.png c:\program files\WhiteSmoke\html\english\gui\img\review-section\right-content.gif c:\program files\WhiteSmoke\html\english\gui\img\review-section\right-shadow.gif c:\program files\WhiteSmoke\html\english\gui\img\review-section\shdow.gif c:\program files\WhiteSmoke\html\english\gui\img\review-section\show-report.png c:\program files\WhiteSmoke\html\english\gui\img\review-section\Thumbs.db c:\program files\WhiteSmoke\html\english\gui\img\review-section\up-shdow.gif c:\program files\WhiteSmoke\html\english\gui\img\review-section\up-shdow_.gif c:\program files\WhiteSmoke\html\english\gui\img\review-section\up-shdow__.gif c:\program files\WhiteSmoke\html\english\gui\img\scale\horizontalLine.gif c:\program files\WhiteSmoke\html\english\gui\img\scale\horizontalLine_old.gif c:\program files\WhiteSmoke\html\english\gui\img\scale\scale1.gif c:\program files\WhiteSmoke\html\english\gui\img\scale\scale2.gif c:\program files\WhiteSmoke\html\english\gui\img\scale\scale3.gif c:\program files\WhiteSmoke\html\english\gui\img\scale\scale4.gif c:\program files\WhiteSmoke\html\english\gui\img\scale\scale5.gif c:\program files\WhiteSmoke\html\english\gui\img\scale\Thumbs.db

de **Lucas** » 06 Déc 2010 17:49

Combofix (part 3) :

Code: Tout sélectionner: c:\program files\WhiteSmoke\html\english\gui\img\screens\button_no_down.png c:\program files\WhiteSmoke\html\english\gui\img\screens\button_no_up.png c:\program files\WhiteSmoke\html\english\gui\img\screens\button_yes_down.png c:\program files\WhiteSmoke\html\english\gui\img\screens\button_yes_up.png c:\program files\WhiteSmoke\html\english\gui\img\screens\caption_bar_close_over.gif c:\program files\WhiteSmoke\html\english\gui\img\screens\ico_analyze.gif c:\program files\WhiteSmoke\html\english\gui\img\screens\ico_complete.gif c:\program files\WhiteSmoke\html\english\gui\img\screens\ico_connection.gif c:\program files\WhiteSmoke\html\english\gui\img\screens\ico_expired.gif c:\program files\WhiteSmoke\html\english\gui\img\screens\loading_window.swf c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg.png c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_bottom.png c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_bottom_old.png c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_old.png c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_top.png c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_top_.png c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_top_left.png c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_top_left_old.png c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_top_old.png c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_top_px.png c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_top_right.png c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_top_right_old.png c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_captionbar_press.gif c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_captionbar_press_old.gif c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_captionbar_up.gif c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_captionbar_up_old.gif c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_getitnow_press.gif c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_getitnow_up.gif c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_ok_press.gif c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_ok_press.png c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_ok_up.gif c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_ok_up.png c:\program files\WhiteSmoke\html\english\gui\img\screens\Thumbs.db c:\program files\WhiteSmoke\html\english\gui\img\spacer.gif c:\program files\WhiteSmoke\html\english\gui\img\spelling\add_to_dictionary_btn.png c:\program files\WhiteSmoke\html\english\gui\img\spelling\bottom_bg.png c:\program files\WhiteSmoke\html\english\gui\img\spelling\bottom_left.png c:\program files\WhiteSmoke\html\english\gui\img\spelling\bottom_right.png c:\program files\WhiteSmoke\html\english\gui\img\spelling\fadeborder.png c:\program files\WhiteSmoke\html\english\gui\img\spelling\qmark.png c:\program files\WhiteSmoke\html\english\gui\img\spelling\Thumbs.db c:\program files\WhiteSmoke\html\english\gui\img\spelling\title.png c:\program files\WhiteSmoke\html\english\gui\img\spelling\top_bg.png c:\program files\WhiteSmoke\html\english\gui\img\spelling\top_left.png c:\program files\WhiteSmoke\html\english\gui\img\spelling\top_right.png c:\program files\WhiteSmoke\html\english\gui\img\Thumbs.db c:\program files\WhiteSmoke\html\english\gui\index.html c:\program files\WhiteSmoke\html\english\gui\js\appInterface.js c:\program files\WhiteSmoke\html\english\gui\js\builder.pack.js c:\program files\WhiteSmoke\html\english\gui\js\common.js c:\program files\WhiteSmoke\html\english\gui\js\Contextmenu.js c:\program files\WhiteSmoke\html\english\gui\js\controls.pack.js c:\program files\WhiteSmoke\html\english\gui\js\dictionaryContextMenu.class.js c:\program files\WhiteSmoke\html\english\gui\js\dragdrop.pack.js c:\program files\WhiteSmoke\html\english\gui\js\effects.pack.js c:\program files\WhiteSmoke\html\english\gui\js\enrichmentContextMenu.class.js c:\program files\WhiteSmoke\html\english\gui\js\enrichmentsContextMenu.class.js c:\program files\WhiteSmoke\html\english\gui\js\final.js c:\program files\WhiteSmoke\html\english\gui\js\gmonitor.js c:\program files\WhiteSmoke\html\english\gui\js\grammarCache.class.js c:\program files\WhiteSmoke\html\english\gui\js\grammarContextMenu.class.js c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\blank.gif c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\checkerboard.gif c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\helix.gif c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\iepngfix.htc c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\iepngfix.html c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\opacity.png c:\program files\WhiteSmoke\html\english\gui\js\jqModal.js c:\program files\WhiteSmoke\html\english\gui\js\jquery-1.2.6.pack.NotUSED.js c:\program files\WhiteSmoke\html\english\gui\js\jquery-1.3.2.js c:\program files\WhiteSmoke\html\english\gui\js\jquery-1.3.2.min.js c:\program files\WhiteSmoke\html\english\gui\js\jquery.jeegoocontext.min.js c:\program files\WhiteSmoke\html\english\gui\js\monitor.js c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\builder.js c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\controls.js c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\dragdrop.js c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\effects.js c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\prototype.js c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\slider.js c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\sound.js c:\program files\WhiteSmoke\html\english\gui\js\prototype.pack.js c:\program files\WhiteSmoke\html\english\gui\js\scriptaculous.js c:\program files\WhiteSmoke\html\english\gui\js\slider.pack.js c:\program files\WhiteSmoke\html\english\gui\js\sound.pack.js c:\program files\WhiteSmoke\html\english\gui\js\spellingContextMenu.class.js c:\program files\WhiteSmoke\html\english\gui\js\summary.js c:\program files\WhiteSmoke\html\english\gui\js\supersleight.js c:\program files\WhiteSmoke\html\english\gui\js\switchcontent.js c:\program files\WhiteSmoke\html\english\gui\js\tooltip.js c:\program files\WhiteSmoke\html\english\gui\js\unittest.js c:\program files\WhiteSmoke\html\english\gui\js\ws_content_manager.js c:\program files\WhiteSmoke\html\english\gui\js\ws_functions.js c:\program files\WhiteSmoke\html\english\gui\js\ws_links.js c:\program files\WhiteSmoke\html\english\gui\js\x.gif c:\program files\WhiteSmoke\html\english\gui\js\xmlhttp.js c:\program files\WhiteSmoke\html\english\gui\js\ypSlideOutMenus.js c:\program files\WhiteSmoke\html\english\gui\js\ypSlideOutMenusContext.js c:\program files\WhiteSmoke\html\english\gui\style\combobox.css c:\program files\WhiteSmoke\html\english\gui\style\Contextmenu.css c:\program files\WhiteSmoke\html\english\gui\style\Copy of indexnew.css c:\program files\WhiteSmoke\html\english\gui\style\dictionary.css c:\program files\WhiteSmoke\html\english\gui\style\enrichment.css c:\program files\WhiteSmoke\html\english\gui\style\enrichments.css c:\program files\WhiteSmoke\html\english\gui\style\grammar.css c:\program files\WhiteSmoke\html\english\gui\style\indexnew.css c:\program files\WhiteSmoke\html\english\gui\style\indexnew__.css c:\program files\WhiteSmoke\html\english\gui\style\jeegoo.css c:\program files\WhiteSmoke\html\english\gui\style\jqModal.css c:\program files\WhiteSmoke\html\english\gui\style\screens.css c:\program files\WhiteSmoke\html\english\gui\style\spelling.css c:\program files\WhiteSmoke\html\english\help\content\content\demo\demo.swf c:\program files\WhiteSmoke\html\english\help\content\faq.html c:\program files\WhiteSmoke\html\english\help\content\firewall.html c:\program files\WhiteSmoke\html\english\help\content\img\autocorrect.gif c:\program files\WhiteSmoke\html\english\help\content\img\backtomain.gif c:\program files\WhiteSmoke\html\english\help\content\img\body_bg.gif c:\program files\WhiteSmoke\html\english\help\content\img\bottom_strip.gif c:\program files\WhiteSmoke\html\english\help\content\img\cs_01.gif c:\program files\WhiteSmoke\html\english\help\content\img\demo_button_over.png c:\program files\WhiteSmoke\html\english\help\content\img\demo_button_up.png c:\program files\WhiteSmoke\html\english\help\content\img\enrichmentondemand.gif c:\program files\WhiteSmoke\html\english\help\content\img\everywhere.gif c:\program files\WhiteSmoke\html\english\help\content\img\explore_01.gif c:\program files\WhiteSmoke\html\english\help\content\img\faq_bullet.gif c:\program files\WhiteSmoke\html\english\help\content\img\faq_bullet_new.gif c:\program files\WhiteSmoke\html\english\help\content\img\faq_button_over.png c:\program files\WhiteSmoke\html\english\help\content\img\faq_button_up.png c:\program files\WhiteSmoke\html\english\help\content\img\grammarexp.gif c:\program files\WhiteSmoke\html\english\help\content\img\guide_button_over.png c:\program files\WhiteSmoke\html\english\help\content\img\guide_button_up.png c:\program files\WhiteSmoke\html\english\help\content\img\make_changes_to_text.gif c:\program files\WhiteSmoke\html\english\help\content\img\next.png c:\program files\WhiteSmoke\html\english\help\content\img\prev.png c:\program files\WhiteSmoke\html\english\help\content\img\questions_tbl.gif c:\program files\WhiteSmoke\html\english\help\content\img\settings-general.gif c:\program files\WhiteSmoke\html\english\help\content\img\settings-shortcut.gif c:\program files\WhiteSmoke\html\english\help\content\img\spacer.gif c:\program files\WhiteSmoke\html\english\help\content\img\tech_button_over.png c:\program files\WhiteSmoke\html\english\help\content\img\tech_button_up.png c:\program files\WhiteSmoke\html\english\help\content\img\Thumbs.db c:\program files\WhiteSmoke\html\english\help\content\img\us_ws_01.gif c:\program files\WhiteSmoke\html\english\help\content\img\us_ws_02.gif c:\program files\WhiteSmoke\html\english\help\content\img\us_ws_03.gif c:\program files\WhiteSmoke\html\english\help\content\img\us_wsdict_any.gif c:\program files\WhiteSmoke\html\english\help\content\img\use_wsdict_in.gif c:\program files\WhiteSmoke\html\english\help\content\img\userguide_bullet.gif c:\program files\WhiteSmoke\html\english\help\content\img\userguide_bullet2.gif c:\program files\WhiteSmoke\html\english\help\content\img\userguide_subbullet.gif c:\program files\WhiteSmoke\html\english\help\content\img\whitesmoke_templates.gif c:\program files\WhiteSmoke\html\english\help\content\img\writingStyles.gif c:\program files\WhiteSmoke\html\english\help\content\img\wsnotifierpicture.gif c:\program files\WhiteSmoke\html\english\help\content\index.html c:\program files\WhiteSmoke\html\english\help\content\js\iepngfix\blank.gif c:\program files\WhiteSmoke\html\english\help\content\js\iepngfix\checkerboard.gif c:\program files\WhiteSmoke\html\english\help\content\js\iepngfix\helix.gif c:\program files\WhiteSmoke\html\english\help\content\js\iepngfix\iepngfix.htc c:\program files\WhiteSmoke\html\english\help\content\js\iepngfix\iepngfix.html c:\program files\WhiteSmoke\html\english\help\content\js\iepngfix\opacity.png c:\program files\WhiteSmoke\html\english\help\content\js\iframeInterface.js c:\program files\WhiteSmoke\html\english\help\content\js\objectSwap.js c:\program files\WhiteSmoke\html\english\help\content\style\help.css c:\program files\WhiteSmoke\html\english\help\content\style\user_guide.css c:\program files\WhiteSmoke\html\english\help\content\technical.html c:\program files\WhiteSmoke\html\english\help\content\userguide-p1.html c:\program files\WhiteSmoke\html\english\help\content\userguide-p11.html c:\program files\WhiteSmoke\html\english\help\content\userguide-p12.html c:\program files\WhiteSmoke\html\english\help\content\userguide-p13.html c:\program files\WhiteSmoke\html\english\help\content\userguide-p14.html c:\program files\WhiteSmoke\html\english\help\content\userguide-p2.html c:\program files\WhiteSmoke\html\english\help\content\userguide-p3.html c:\program files\WhiteSmoke\html\english\help\content\userguide-p4.html c:\program files\WhiteSmoke\html\english\help\content\userguide-p5.html c:\program files\WhiteSmoke\html\english\help\content\userguide-p6.html c:\program files\WhiteSmoke\html\english\help\content\userguide-p7.html c:\program files\WhiteSmoke\html\english\help\content\userguide-p8.html c:\program files\WhiteSmoke\html\english\help\content\userguide-p9.html c:\program files\WhiteSmoke\html\english\help\content\userguide.html c:\program files\WhiteSmoke\html\english\help\img\Background\ajax-loader.gif c:\program files\WhiteSmoke\html\english\help\img\Background\body_bg.gif c:\program files\WhiteSmoke\html\english\help\img\Background\bottom_bg.png c:\program files\WhiteSmoke\html\english\help\img\Background\bottom_border.png c:\program files\WhiteSmoke\html\english\help\img\Background\bottom_left_corner.png c:\program files\WhiteSmoke\html\english\help\img\Background\bottom_right_corner.gif c:\program files\WhiteSmoke\html\english\help\img\Background\bottom_right_corner.png c:\program files\WhiteSmoke\html\english\help\img\Background\bottom_strip.gif c:\program files\WhiteSmoke\html\english\help\img\Background\button_f2.gif c:\program files\WhiteSmoke\html\english\help\img\Background\buttonf2.png c:\program files\WhiteSmoke\html\english\help\img\Background\buy_button.jpg c:\program files\WhiteSmoke\html\english\help\img\Background\expired.jpg c:\program files\WhiteSmoke\html\english\help\img\Background\inside_bg.gif c:\program files\WhiteSmoke\html\english\help\img\Background\left_border.png c:\program files\WhiteSmoke\html\english\help\img\Background\left_bottom_corner.png c:\program files\WhiteSmoke\html\english\help\img\Background\left_column_bg.gif c:\program files\WhiteSmoke\html\english\help\img\Background\loading_dictionary.swf c:\program files\WhiteSmoke\html\english\help\img\Background\logo.gif c:\program files\WhiteSmoke\html\english\help\img\Background\logo_in.gif c:\program files\WhiteSmoke\html\english\help\img\Background\noconnection.jpg c:\program files\WhiteSmoke\html\english\help\img\Background\pen.png c:\program files\WhiteSmoke\html\english\help\img\Background\pen_h.png c:\program files\WhiteSmoke\html\english\help\img\Background\result_area_top_bg.gif c:\program files\WhiteSmoke\html\english\help\img\Background\right_border.png c:\program files\WhiteSmoke\html\english\help\img\Background\right_bottom_corner.gif c:\program files\WhiteSmoke\html\english\help\img\Background\right_bottom_corner.png c:\program files\WhiteSmoke\html\english\help\img\Background\right_column_bg.gif c:\program files\WhiteSmoke\html\english\help\img\Background\scrbox_bottom.gif c:\program files\WhiteSmoke\html\english\help\img\Background\scrbox_left.gif c:\program files\WhiteSmoke\html\english\help\img\Background\scrbox_left_bottom.gif c:\program files\WhiteSmoke\html\english\help\img\Background\scrbox_left_top.gif c:\program files\WhiteSmoke\html\english\help\img\Background\scrbox_right.gif c:\program files\WhiteSmoke\html\english\help\img\Background\scrbox_right_bottom.gif c:\program files\WhiteSmoke\html\english\help\img\Background\scrbox_right_top.gif c:\program files\WhiteSmoke\html\english\help\img\Background\scrbox_top.gif c:\program files\WhiteSmoke\html\english\help\img\Background\screen_title.png c:\program files\WhiteSmoke\html\english\help\img\Background\search_strip_bg.gif c:\program files\WhiteSmoke\html\english\help\img\Background\Thumbs.db c:\program files\WhiteSmoke\html\english\help\img\Background\title_strip_bg.gif c:\program files\WhiteSmoke\html\english\help\img\Background\title_strip_left.gif c:\program files\WhiteSmoke\html\english\help\img\Background\title_strip_right.gif c:\program files\WhiteSmoke\html\english\help\img\Background\top_strip.gif c:\program files\WhiteSmoke\html\english\help\img\captionbar\caption_bar_close_down.gif c:\program files\WhiteSmoke\html\english\help\img\captionbar\caption_bar_close_over.gif c:\program files\WhiteSmoke\html\english\help\img\captionbar\caption_bar_close_up.gif c:\program files\WhiteSmoke\html\english\help\img\captionbar\caption_bar_max_down.gif c:\program files\WhiteSmoke\html\english\help\img\captionbar\caption_bar_max_over.gif c:\program files\WhiteSmoke\html\english\help\img\captionbar\caption_bar_max_up.gif c:\program files\WhiteSmoke\html\english\help\img\captionbar\caption_bar_min_down.gif c:\program files\WhiteSmoke\html\english\help\img\captionbar\caption_bar_min_over.gif c:\program files\WhiteSmoke\html\english\help\img\captionbar\caption_bar_min_up.gif c:\program files\WhiteSmoke\html\english\help\img\captionbar\caption_bar_re_down.gif c:\program files\WhiteSmoke\html\english\help\img\captionbar\caption_bar_re_over.gif c:\program files\WhiteSmoke\html\english\help\img\captionbar\caption_bar_re_up.gif c:\program files\WhiteSmoke\html\english\help\img\captionbar\caption_strip.png c:\program files\WhiteSmoke\html\english\help\img\captionbar\caption_strip_right_corner.png c:\program files\WhiteSmoke\html\english\help\img\captionbar\logo.png c:\program files\WhiteSmoke\html\english\help\img\captionbar\Thumbs.db c:\program files\WhiteSmoke\html\english\help\index.html c:\program files\WhiteSmoke\html\english\help\js\common.js c:\program files\WhiteSmoke\html\english\help\js\iepngfix\blank.gif c:\program files\WhiteSmoke\html\english\help\js\iepngfix\checkerboard.gif c:\program files\WhiteSmoke\html\english\help\js\iepngfix\helix.gif c:\program files\WhiteSmoke\html\english\help\js\iepngfix\iepngfix.htc c:\program files\WhiteSmoke\html\english\help\js\iepngfix\iepngfix.html c:\program files\WhiteSmoke\html\english\help\js\iepngfix\opacity.png c:\program files\WhiteSmoke\html\english\help\js\iframeInterface.js c:\program files\WhiteSmoke\html\english\help\js\index.html c:\program files\WhiteSmoke\html\english\help\js\welcomeInterface.js c:\program files\WhiteSmoke\html\english\help\style\activation.css c:\program files\WhiteSmoke\html\english\help\style\welcome.css c:\program files\WhiteSmoke\html\english\help\style\welcomescreen.css c:\program files\WhiteSmoke\html\english\notifier\img\close_button.png c:\program files\WhiteSmoke\html\english\notifier\img\notifier_main_bg.gif c:\program files\WhiteSmoke\html\english\notifier\index.html c:\program files\WhiteSmoke\html\english\notifier\start.html c:\program files\WhiteSmoke\html\english\registration\img\banner.jpg c:\program files\WhiteSmoke\html\english\registration\img\body_bg.gif c:\program files\WhiteSmoke\html\english\registration\img\body_bg_new.gif c:\program files\WhiteSmoke\html\english\registration\img\captionbar\caption_bar_close_down.gif c:\program files\WhiteSmoke\html\english\registration\img\captionbar\caption_bar_close_over.gif c:\program files\WhiteSmoke\html\english\registration\img\captionbar\caption_bar_close_up.gif c:\program files\WhiteSmoke\html\english\registration\img\captionbar\caption_strip.png c:\program files\WhiteSmoke\html\english\registration\img\captionbar\logo.png c:\program files\WhiteSmoke\html\english\registration\img\captionbar\Thumbs.db c:\program files\WhiteSmoke\html\english\registration\img\congra.png c:\program files\WhiteSmoke\html\english\registration\img\continue_button_click.gif c:\program files\WhiteSmoke\html\english\registration\img\continue_button_click_old.gif c:\program files\WhiteSmoke\html\english\registration\img\continue_button_over.gif c:\program files\WhiteSmoke\html\english\registration\img\continue_button_over_old.gif c:\program files\WhiteSmoke\html\english\registration\img\continue_button_up.gif c:\program files\WhiteSmoke\html\english\registration\img\continue_button_up_old.gif c:\program files\WhiteSmoke\html\english\registration\img\down.gif c:\program files\WhiteSmoke\html\english\registration\img\down.jpg c:\program files\WhiteSmoke\html\english\registration\img\down_.jpg c:\program files\WhiteSmoke\html\english\registration\img\f2.gif c:\program files\WhiteSmoke\html\english\registration\img\intro.jpg c:\program files\WhiteSmoke\html\english\registration\img\left-side.gif c:\program files\WhiteSmoke\html\english\registration\img\right-side.gif c:\program files\WhiteSmoke\html\english\registration\img\Thumbs.db c:\program files\WhiteSmoke\html\english\registration\img\welcome.png c:\program files\WhiteSmoke\html\english\registration\index-old.html c:\program files\WhiteSmoke\html\english\registration\index.html c:\program files\WhiteSmoke\html\english\registration\js\regInterface.js c:\program files\WhiteSmoke\html\english\registration\js\regInterface_old.js c:\program files\WhiteSmoke\html\english\registration\style\registration-old.css c:\program files\WhiteSmoke\html\english\registration\style\registration.css c:\program files\WhiteSmoke\html\english\settings\css\index.css c:\program files\WhiteSmoke\html\english\settings\img\Background\left_bg.png c:\program files\WhiteSmoke\html\english\settings\img\Background\logo.png c:\program files\WhiteSmoke\html\english\settings\img\Background\main_bg.png c:\program files\WhiteSmoke\html\english\settings\img\Background\right_bg.png c:\program files\WhiteSmoke\html\english\settings\img\Background\tabcontent_bg.gif c:\program files\WhiteSmoke\html\english\settings\img\Background\Thumbs.db c:\program files\WhiteSmoke\html\english\settings\img\Buttons\cancel_disabled.png c:\program files\WhiteSmoke\html\english\settings\img\Buttons\cancel_down.png c:\program files\WhiteSmoke\html\english\settings\img\Buttons\cancel_over.png c:\program files\WhiteSmoke\html\english\settings\img\Buttons\cancel_up.png c:\program files\WhiteSmoke\html\english\settings\img\Buttons\save_disabled.png c:\program files\WhiteSmoke\html\english\settings\img\Buttons\save_down.png c:\program files\WhiteSmoke\html\english\settings\img\Buttons\save_over.png c:\program files\WhiteSmoke\html\english\settings\img\Buttons\save_up.png c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_connection_off.png c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_connection_on.png c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_content_off.png c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_content_on.png c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_general_off.png c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_general_on.png c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_info_off.png c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_info_on.png c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_shortcut_off.png c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_shortcut_on.png c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_template.psd c:\program files\WhiteSmoke\html\english\settings\img\captionbar\caption_bar_close_down.gif c:\program files\WhiteSmoke\html\english\settings\img\captionbar\caption_bar_close_over.gif c:\program files\WhiteSmoke\html\english\settings\img\captionbar\caption_bar_close_up.gif c:\program files\WhiteSmoke\html\english\settings\img\captionbar\Thumbs.db c:\program files\WhiteSmoke\html\english\settings\index.html c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\blank.gif c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\checkerboard.gif c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\helix.gif c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\iepngfix.htc c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\iepngfix.html c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\opacity.png c:\program files\WhiteSmoke\html\english\settings\js\settingsInterface.js c:\program files\WhiteSmoke\html\english\templates\img\Background\bg_center_bottom.png c:\program files\WhiteSmoke\html\english\templates\img\Background\bg_center_up.png c:\program files\WhiteSmoke\html\english\templates\img\Background\bg_gray.gif c:\program files\WhiteSmoke\html\english\templates\img\Background\bg_gray_sides.gif c:\program files\WhiteSmoke\html\english\templates\img\Background\bottom_left.gif c:\program files\WhiteSmoke\html\english\templates\img\Background\bottom_right.gif c:\program files\WhiteSmoke\html\english\templates\img\Background\bottom_right_corner.gif c:\program files\WhiteSmoke\html\english\templates\img\Background\bottom_right_corner.png c:\program files\WhiteSmoke\html\english\templates\img\Background\logo.png c:\program files\WhiteSmoke\html\english\templates\img\Background\start_bullet.png c:\program files\WhiteSmoke\html\english\templates\img\Background\template_list_caption.png c:\program files\WhiteSmoke\html\english\templates\img\Background\template_title_logo.gif c:\program files\WhiteSmoke\html\english\templates\img\Background\template_title_logo.png c:\program files\WhiteSmoke\html\english\templates\img\Buttons\apply_disabled.png c:\program files\WhiteSmoke\html\english\templates\img\Buttons\apply_down.gif c:\program files\WhiteSmoke\html\english\templates\img\Buttons\apply_down.png c:\program files\WhiteSmoke\html\english\templates\img\Buttons\apply_over.gif c:\program files\WhiteSmoke\html\english\templates\img\Buttons\apply_over.png c:\program files\WhiteSmoke\html\english\templates\img\Buttons\apply_up.gif c:\program files\WhiteSmoke\html\english\templates\img\Buttons\apply_up.png c:\program files\WhiteSmoke\html\english\templates\img\Buttons\cancel_disabled.png c:\program files\WhiteSmoke\html\english\templates\img\Buttons\cancel_down.gif c:\program files\WhiteSmoke\html\english\templates\img\Buttons\cancel_down.png c:\program files\WhiteSmoke\html\english\templates\img\Buttons\cancel_over.gif c:\program files\WhiteSmoke\html\english\templates\img\Buttons\cancel_over.png c:\program files\WhiteSmoke\html\english\templates\img\Buttons\cancel_up.gif c:\program files\WhiteSmoke\html\english\templates\img\Buttons\cancel_up.png c:\program files\WhiteSmoke\html\english\templates\img\Buttons\suggest_disabled.png c:\program files\WhiteSmoke\html\english\templates\img\Buttons\suggest_down.png c:\program files\WhiteSmoke\html\english\templates\img\Buttons\suggest_over.png c:\program files\WhiteSmoke\html\english\templates\img\Buttons\suggest_up.png c:\program files\WhiteSmoke\html\english\templates\img\captionbar\caption_bar_close_down.gif c:\program files\WhiteSmoke\html\english\templates\img\captionbar\caption_bar_close_over.gif c:\program files\WhiteSmoke\html\english\templates\img\captionbar\caption_bar_close_up.gif c:\program files\WhiteSmoke\html\english\templates\img\captionbar\caption_bar_max_down.gif c:\program files\WhiteSmoke\html\english\templates\img\captionbar\caption_bar_max_over.gif c:\program files\WhiteSmoke\html\english\templates\img\captionbar\caption_bar_max_up.gif c:\program files\WhiteSmoke\html\english\templates\img\captionbar\caption_bar_min_down.gif c:\program files\WhiteSmoke\html\english\templates\img\captionbar\caption_bar_min_over.gif c:\program files\WhiteSmoke\html\english\templates\img\captionbar\caption_bar_min_up.gif c:\program files\WhiteSmoke\html\english\templates\img\captionbar\caption_bar_re_down.gif c:\program files\WhiteSmoke\html\english\templates\img\captionbar\caption_bar_re_over.gif c:\program files\WhiteSmoke\html\english\templates\img\captionbar\caption_bar_re_up.gif c:\program files\WhiteSmoke\html\english\templates\img\captionbar\left_corner.gif c:\program files\WhiteSmoke\html\english\templates\img\captionbar\right_corner.gif c:\program files\WhiteSmoke\html\english\templates\img\captionbar\Thumbs.db c:\program files\WhiteSmoke\html\english\templates\img\screens\button_no_down.png c:\program files\WhiteSmoke\html\english\templates\img\screens\button_no_up.png c:\program files\WhiteSmoke\html\english\templates\img\screens\button_yes_down.png c:\program files\WhiteSmoke\html\english\templates\img\screens\button_yes_up.png c:\program files\WhiteSmoke\html\english\templates\img\screens\ico_analyze.gif c:\program files\WhiteSmoke\html\english\templates\img\screens\ico_complete.gif c:\program files\WhiteSmoke\html\english\templates\img\screens\ico_connection.gif c:\program files\WhiteSmoke\html\english\templates\img\screens\ico_expired.gif c:\program files\WhiteSmoke\html\english\templates\img\screens\loading_window.swf c:\program files\WhiteSmoke\html\english\templates\img\screens\screen_bg.png c:\program files\WhiteSmoke\html\english\templates\img\screens\screen_bg_bottom.png c:\program files\WhiteSmoke\html\english\templates\img\screens\screen_bg_top.png c:\program files\WhiteSmoke\html\english\templates\img\screens\screen_bg_top_left.png c:\program files\WhiteSmoke\html\english\templates\img\screens\screen_bg_top_px.png c:\program files\WhiteSmoke\html\english\templates\img\screens\screen_bg_top_right.png c:\program files\WhiteSmoke\html\english\templates\img\screens\screen_captionbar_press.gif c:\program files\WhiteSmoke\html\english\templates\img\screens\screen_captionbar_up.gif c:\program files\WhiteSmoke\html\english\templates\img\screens\screen_getitnow_press.gif c:\program files\WhiteSmoke\html\english\templates\img\screens\screen_getitnow_up.gif c:\program files\WhiteSmoke\html\english\templates\img\screens\screen_ok_press.gif c:\program files\WhiteSmoke\html\english\templates\img\screens\screen_ok_up.gif c:\program files\WhiteSmoke\html\english\templates\img\spacer.gif c:\program files\WhiteSmoke\html\english\templates\img\tree\ajax-loader.gif c:\program files\WhiteSmoke\html\english\templates\img\tree\cascade.png c:\program files\WhiteSmoke\html\english\templates\img\tree\collapse.png c:\program files\WhiteSmoke\html\english\templates\img\tree\folder.png c:\program files\WhiteSmoke\html\english\templates\img\tree\loading_dictionary.swf c:\program files\WhiteSmoke\html\english\templates\img\tree\template.png c:\program files\WhiteSmoke\html\english\templates\img\tree\Thumbs.db c:\program files\WhiteSmoke\html\english\templates\index.html c:\program files\WhiteSmoke\html\english\templates\js\Contextmenu.js c:\program files\WhiteSmoke\html\english\templates\js\prototype.js c:\program files\WhiteSmoke\html\english\templates\js\templatesCache.class.js c:\program files\WhiteSmoke\html\english\templates\js\templatesInterface.js c:\program files\WhiteSmoke\html\english\templates\js\xmlhttp.js c:\program files\WhiteSmoke\html\english\templates\style\Contextmenu.css c:\program files\WhiteSmoke\html\english\templates\style\index.css c:\program files\WhiteSmoke\html\english\templates\style\screens.css c:\program files\WhiteSmoke\html\english\welcome\content\img\Background\splash.gif c:\program files\WhiteSmoke\html\english\welcome\content\img\Background\splash.jpg c:\program files\WhiteSmoke\html\english\welcome\content\img\Background\splash_old.gif c:\program files\WhiteSmoke\html\english\welcome\content\img\Background\splashdd.gif c:\program files\WhiteSmoke\html\english\welcome\content\img\Background\splashddd.gif c:\program files\WhiteSmoke\html\english\welcome\content\img\Background\Thumbs.db c:\program files\WhiteSmoke\html\english\welcome\content\img\Background\use_ws_bgNEW.PNG c:\program files\WhiteSmoke\html\english\welcome\content\img\buy_button.gif c:\program files\WhiteSmoke\html\english\welcome\content\img\captionbar\arrow_white.gif c:\program files\WhiteSmoke\html\english\welcome\content\img\captionbar\caption_strip.png c:\program files\WhiteSmoke\html\english\welcome\content\img\captionbar\left_bot_chunk.gif c:\program files\WhiteSmoke\html\english\welcome\content\img\captionbar\right_bot_chunk.gif c:\program files\WhiteSmoke\html\english\welcome\content\img\captionbar\Thumbs.db c:\program files\WhiteSmoke\html\english\welcome\content\img\captionbar\white_x_button.gif c:\program files\WhiteSmoke\html\english\welcome\content\img\close_button.gif c:\program files\WhiteSmoke\html\english\welcome\content\img\close_button_down.gif c:\program files\WhiteSmoke\html\english\welcome\content\img\expired_bg.gif c:\program files\WhiteSmoke\html\english\welcome\content\img\Thumbs.db c:\program files\WhiteSmoke\html\english\welcome\content\js\iframeInterface.js c:\program files\WhiteSmoke\html\english\welcome\content\style\welcome.css c:\program files\WhiteSmoke\html\english\welcome\content\welcome_all.html c:\program files\WhiteSmoke\html\english\welcome\content\welcome_expired.html c:\program files\WhiteSmoke\html\english\welcome\index.html c:\program files\WhiteSmoke\html\english\welcome\js\welcomeInterface.js c:\program files\WhiteSmoke\html\english\welcome\style\welcomescreen.css c:\program files\WhiteSmoke\Microsoft.VC80.CRT.manifest c:\program files\WhiteSmoke\msvcp80.dll c:\program files\WhiteSmoke\msvcr80.dll c:\program files\WhiteSmoke\NotifierWhiteApps.txt c:\program files\WhiteSmoke\osmax.ocx c:\program files\WhiteSmoke\osmax64.ocx c:\program files\WhiteSmoke\secman.dll c:\program files\WhiteSmoke\secman64.dll c:\program files\WhiteSmoke\settings.ini c:\program files\WhiteSmoke\TCCons.dll c:\program files\WhiteSmoke\TCCons_x64.dll c:\program files\WhiteSmoke\Uninst.exe c:\program files\WhiteSmoke\WCapture.dll c:\program files\WhiteSmoke\WCapture_x64.dll c:\program files\WhiteSmoke\WCaptureX.dll c:\program files\WhiteSmoke\WCaptureX_x64.dll c:\program files\WhiteSmoke\WCustom.dll c:\program files\WhiteSmoke\WCustom_x64.dll c:\program files\WhiteSmoke\WhiteSmokeRegistration.exe c:\program files\WhiteSmoke\WHook.dll c:\program files\WhiteSmoke\WHook_x64.dll c:\program files\WhiteSmoke\Writer.ico c:\program files\WhiteSmoke\WSEngine.dll c:\program files\WhiteSmoke\WSEnrichment.exe c:\program files\WhiteSmoke\WSLogger.exe c:\program files\WhiteSmoke\WSMouseHook.dll c:\program files\WhiteSmoke\WSTray64.exe

de **Lucas** » 06 Déc 2010 17:50

Combofix (part 4) :

Code: Tout sélectionner: c:\program files\Windows Searchqu Toolbar\Datamngr\datamngr.dll c:\program files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\.#searchqutb.js.1.3 c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-mdl.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tl.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tr.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-dragresize.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-down.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-over.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-down.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-down.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-over.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\navico-home.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\panel.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\powered-mystart.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\tb_icon.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.js c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-mdl.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tl.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tr.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-dragresize.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-down.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-over.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-down.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-down.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-over.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\navico-home.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\panel.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\powered-mystart.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\tb_icon.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.js c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217.zip c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back-ff.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-left.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-right.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-splitter.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-back.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-left.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-right.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-splitter.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back-ff.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-left.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-right.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-splitter.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\headsup.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchqutb.css c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_allocine.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_bliptv.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calcal.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calculator.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_gservices.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_sudoku.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.jpg c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_trio.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_uconverter.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png c:\program files\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js c:\program files\Windows Searchqu Toolbar\ToolBar\manifest.xml c:\program files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll c:\program files\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll c:\program files\Windows Searchqu Toolbar\ToolBar\uninstall.exe c:\program files\Windows Searchqu Toolbar\uninstall.exe c:\windows\system32\alk23.tmp c:\windows\system32\alk24.tmp c:\windows\system32\alka.dll c:\windows\system32\alkA.tmp c:\windows\system32\drivers\kmcqsrsb.sys c:\windows\system32\drivers\lhztltrv.sys c:\windows\system32\dvrd.dll c:\windows\system32\DRIVERS\RDPCDD.sys . . . est infecté!! . . . Impossible de trouver un substitut valide. . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ESPASMTF -------\Legacy_LHZTLTRV -------\Legacy_SSHNAS -------\Service_espasmtf -------\Service_lhztltrv ((((((((((((((((((((((((((((( Fichiers créés du 2010-11-06 au 2010-12-06 )))))))))))))))))))))))))))))))))))) . 2010-12-02 15:34 . 2010-12-02 15:34 -------- d-----w- c:\program files\VirginMega 2010-11-25 16:42 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-11-23 08:54 . 2010-11-23 08:54 -------- d-----w- c:\documents and settings\NetworkService\Application Data\WhiteSmoke 2010-11-23 08:50 . 2010-11-23 08:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\searchqutb 2010-11-23 08:50 . 2010-11-23 08:50 -------- d-----w- c:\documents and settings\NetworkService\Menu Démarrer 2010-11-17 10:22 . 2010-11-17 10:22 -------- d-----w- c:\documents and settings\VIRGINIE\Application Data\Icones 2010-11-12 09:30 . 2010-11-22 14:22 -------- d-----w- c:\windows\system32\NtmsData 2010-11-12 09:27 . 2010-09-15 03:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2010-11-12 09:22 . 2010-11-12 09:22 -------- d-----w- c:\documents and settings\VIRGINIE\Application Data\Avira . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-15 03:50 . 2010-07-30 12:47 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-15 01:29 . 2010-02-09 18:43 73728 ----a-w- c:\windows\system32\javacpl.cpl . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-19 2289664] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-23 200704] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-03-24 202256] "Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768] "AMService"="c:\windows\system32\setup.exe" [2008-04-14 23040] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\VIRGINIE\Menu D‚marrer\Programmes\D‚marrage\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter "Fkahuyokuyepebe"=rundll32.exe "c:\windows\icdleca.dll",Startup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [25/11/2010 17:42 28552] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [12/07/2010 11:05 135336] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?] R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [08/06/2009 10:35 8960] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [03/02/2010 13:20 1043784] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [08/06/2009 19:22 110080] R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [12/10/2010 09:47 114952] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064] S0 drkudrv;drkudrv;c:\windows\system32\drivers\gqjak.sys --> c:\windows\system32\drivers\gqjak.sys [?] S0 ipqisvpjaoieonx;ipqisvpjaoieonx;c:\windows\system32\drivers\lsyurm.sys --> c:\windows\system32\drivers\lsyurm.sys [?] S0 nojvhaw;nojvhaw;c:\windows\system32\drivers\kxbtxm.sys --> c:\windows\system32\drivers\kxbtxm.sys [?] S0 vpbgwdjygacpwv;vpbgwdjygacpwv;c:\windows\system32\drivers\gvwhdqbip.sys --> c:\windows\system32\drivers\gvwhdqbip.sys [?] S2 AMService;AMService;c:\windows\TEMP\cimr\setup.exe run --> c:\windows\TEMP\cimr\setup.exe run [?] S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [08/06/2009 10:35 11264] S3 encodfdi;encodfdi;c:\windows\system32\drivers\encodfdi.SYS [18/09/2009 12:26 169464] S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [08/06/2009 10:35 16640] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - LHZTLTRV *Deregistered* - lhztltrv HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Tâches planifiées' 2010-12-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-137615074-2211993003-2770038294-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-12-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-137615074-2211993003-2770038294-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-12-06 c:\windows\Tasks\Recherche de problèmes automatique.job - c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2010-02-03 12:26] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\ FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Extension: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Extension: PhishTank SiteChecker: {8bc5b5eb-0ec4-46ed-a024-ace8a3032888} - c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\extensions\{8bc5b5eb-0ec4-46ed-a024-ace8a3032888} FF - Extension: KeyScrambler: keyscrambler@qfx.software.corporation - c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\extensions\keyscrambler@qfx.software.corporation . - - - - ORPHELINS SUPPRIMES - - - - AddRemove-Searchqu MediaBar - c:\program files\Windows Searchqu Toolbar\uninstall.exe AddRemove-WhiteSmoke - c:\program files\WhiteSmoke\Uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-06 17:26 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: WDC_WD32 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x888D0EC5]<< _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8814b872; SUB DWORD [EBP-0x4], 0x8814b12e; PUSH EDI; CALL 0xffffffffffffdf33; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A486AB8] 3 CLASSPNP[0xBA0F8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89A56660] [0x897FD410] -> IRP_MJ_CREATE -> 0x888D0EC5 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; } detected disk devices: \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD3200AAKS-75L9A0___________________01.03E01#4&37acd5ca&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\iaStor DriverStartIo -> 0x888D0AEA user & kernel MBR OK sectors 625142446 (+255): user != kernel Warning: possible TDL3 rootkit infection ! ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(1648) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\program files\Fichiers communs\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe . ************************************************************************** . Heure de fin: 2010-12-06 17:30:45 - La machine a redémarré ComboFix-quarantined-files.txt 2010-12-06 16:30 Avant-CF: 289 046 491 136 octets libres Après-CF: 289 987 207 168 octets libres - - End Of File - - 576738DC0AEE411C2FC3030C90A7A118

de **Lucas** » 06 Déc 2010 17:53

Et voici le RSIT demandé suite à Combofix
(Désolé d'avoir du séparer le Combo mais cela était du à la restrictions des caractères)

Rapport RSIT:

Code: Tout sélectionner: Logfile of random's system information tool 1.08 (written by random/random) Run by VIRGINIE at 2010-12-06 17:34:06 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 277 GB (91%) free of 305 GB Total RAM: 3037 MB (77% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:34:10, on 06/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\LimeWire\LimeWire.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\VIRGINIE\Bureau\Désinfection Lucas\RSIT.exe C:\Program Files\trend micro\VIRGINIE.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.uk.msn.com/USSMB/7 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AMService] C:\WINDOWS\system32\setup.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-20 Startup: Launch WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe (User 'SERVICE RÉSEAU') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AMService - Unknown owner - C:\WINDOWS\TEMP\cimr\setup.exe (file missing) O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 10473 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-137615074-2211993003-2770038294-1005.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-137615074-2211993003-2770038294-1005.job C:\WINDOWS\tasks\Recherche de problèmes automatique.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}] KeyScramblerBHO Class - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2010-10-12 796192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-24 341600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-18 16806912] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-08-18 150040] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-08-18 178712] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-08-18 150040] "Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2009-01-19 2289664] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-12-04 186904] "dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384] "PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe [2001-07-23 200704] "SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-05-14 248552] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-03-24 202256] "Malwarebytes Anti-Malware (rootkit-scan)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-17 281768] "AMService"=C:\WINDOWS\system32\setup.exe [2008-04-14 23040] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] C:\Documents and Settings\VIRGINIE\Menu Démarrer\Programmes\Démarrage LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-08-18 217088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-12-06 17:30:52 ----D---- C:\WINDOWS\temp 2010-12-06 17:30:47 ----A---- C:\ComboFix.txt 2010-12-06 16:36:38 ----A---- C:\WINDOWS\zip.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\SWSC.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\SWREG.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\sed.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\PEV.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\NIRCMD.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\MBR.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\grep.exe 2010-12-06 16:29:48 ----D---- C:\Qoobox 2010-12-02 16:34:00 ----D---- C:\Program Files\VirginMega 2010-11-25 17:42:25 ----A---- C:\WINDOWS\system32\drivers\pavboot.sys 2010-11-17 11:22:12 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\Icones 2010-11-12 10:30:00 ----D---- C:\WINDOWS\system32\NtmsData 2010-11-12 10:27:58 ----A---- C:\WINDOWS\system32\javaws.exe 2010-11-12 10:27:58 ----A---- C:\WINDOWS\system32\javaw.exe 2010-11-12 10:27:58 ----A---- C:\WINDOWS\system32\java.exe 2010-11-12 10:22:32 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\Avira 2010-11-09 14:08:04 ----A---- C:\WINDOWS\system32\alka.dll.bak ======List of files/folders modified in the last 1 months====== 2010-12-06 17:34:08 ----D---- C:\Program Files\trend micro 2010-12-06 17:32:59 ----D---- C:\WINDOWS\Prefetch 2010-12-06 17:30:57 ----D---- C:\WINDOWS\system32\drivers 2010-12-06 17:30:52 ----AD---- C:\WINDOWS 2010-12-06 17:29:55 ----AD---- C:\WINDOWS\system32 2010-12-06 17:29:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-12-06 17:26:48 ----A---- C:\WINDOWS\system.ini 2010-12-06 17:26:22 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\LimeWire 2010-12-06 17:26:22 ----A---- C:\WINDOWS\setuplog.txt 2010-12-06 17:26:01 ----D---- C:\WINDOWS\system32\drivers\etc 2010-12-06 17:26:01 ----D---- C:\WINDOWS\system32\CatRoot2 2010-12-06 17:24:55 ----D---- C:\WINDOWS\system32\config 2010-12-06 17:24:48 ----D---- C:\WINDOWS\ERDNT 2010-12-06 17:21:53 ----RD---- C:\Program Files 2010-12-06 16:49:01 ----D---- C:\WINDOWS\AppPatch 2010-12-06 16:49:00 ----D---- C:\Program Files\Fichiers communs 2010-12-06 16:42:41 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-12-06 16:36:17 ----SD---- C:\WINDOWS\Tasks 2010-12-06 13:19:19 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\Spotify 2010-12-06 10:19:17 ----D---- C:\Program Files\Mozilla Firefox 2010-12-02 17:06:42 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\dvdcss 2010-12-02 16:34:10 ----SHD---- C:\WINDOWS\Installer 2010-12-02 16:34:00 ----D---- C:\Config.Msi 2010-12-02 16:31:37 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2010-12-02 09:15:08 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-11-25 17:42:20 ----HD---- C:\WINDOWS\inf 2010-11-25 15:55:15 ----D---- C:\WINDOWS\twain_32 2010-11-22 15:22:49 ----SHD---- C:\System Volume Information 2010-11-22 15:19:33 ----D---- C:\WINDOWS\Registration 2010-11-22 15:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2010-11-12 10:32:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2010-11-12 10:29:59 ----D---- C:\WINDOWS\repair 2010-11-12 10:27:48 ----D---- C:\Program Files\Java 2010-11-12 10:11:42 ----D---- C:\WINDOWS\system32\Restore 2010-11-08 12:50:17 ----D---- C:\Documents and Settings\All Users\Application Data\Real ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-07-23 14576] R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2007-07-23 99808] R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2008-08-19 324120] R0 pavboot;pavboot; C:\WINDOWS\system32\drivers\pavboot.sys [2009-06-30 28552] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-07-26 43872] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-08-17 126856] R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-07-23 30064] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520] R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-08-17 60936] R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [2007-07-23 37360] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [2007-07-23 32848] R2 DLADResM;DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [2007-07-23 9136] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [2007-07-23 108752] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [2007-07-23 27216] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [2007-07-23 16304] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [2007-07-23 98448] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [2007-07-23 93552] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-07-23 52000] R2 LANPkt;Realtek LANPkt Protocol Driver; C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2007-11-20 8960] R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320] R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232] R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936] R3 BCM43XX;Pilote de la carte réseau local sans fil Wireless de Dell; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-01-19 1391104] R3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-08-18 6044864] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-18 4752896] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2008-08-18 110080] R3 KeyScrambler;KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [2010-02-11 114952] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12288] R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-08-19 106368] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [] R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S0 drkudrv;drkudrv; C:\WINDOWS\system32\drivers\gqjak.sys [] S0 ipqisvpjaoieonx;ipqisvpjaoieonx; C:\WINDOWS\system32\drivers\lsyurm.sys [] S0 nojvhaw;nojvhaw; C:\WINDOWS\system32\drivers\kxbtxm.sys [] S0 vpbgwdjygacpwv;vpbgwdjygacpwv; C:\WINDOWS\system32\drivers\gvwhdqbip.sys [] S3 Diag69xp;Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [2007-12-03 11264] S3 encodfdi;encodfdi; C:\WINDOWS\system32\drivers\encodfdi.sys [2001-01-28 169464] S3 mbr;mbr; \??\C:\DOCUME~1\VIRGINIE\LOCALS~1\Temp\mbr.sys [] S3 RTLVLAN;Realtek VLAN Intermediate Driver; C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS [2007-11-20 16640] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368] S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928] S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752] S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952] S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960] S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-08-17 267944] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2007-12-12 65536] R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-03 1043784] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2009-01-19 24576] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2007-12-12 1531989] S2 AMService;AMService; C:\WINDOWS\TEMP\cimr\setup.exe run [] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-12-04 354840] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] S3 stllssvr;stllssvr; C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe [2007-07-11 69632] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-02-10 435016] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

Au niveau des problèmes rencontrés je constate une nette amélioration :
- accès au centre de sécurité windows rétabli
- plus d'ouverture/redirections sur Firefox

Dans l'attente de ton oeil/conseil avisé, je me tiens à ta disposition si d'autres manips sont nécéssaire.
Cordialement
Lucas.

de **nardino** » 07 Déc 2010 11:23

Bonjour,

Il va falloir lever le pied du côté& de LimeWire si tu ne veux pas pourrir ton pc toutes les semaines et devenir ainis un maillon de la cybercriminalité.

Télécharge tdsskiller.zip
Décompresse l'archive et place TDSSKiller.exe sur le bureau.
Double clique sur le fichier.
Sur l'écran clique sur le bouton Start scan
A la fin du scan, si des nuisibles sont détectés

Vérifie que l'option Cure est sélectionnée

Clique sur le bouton

Poste le contenu du rapport C:\TDSSKiller.Version_Date_Heure_log.txt

Refais un nouveau script Combofix avec ce qui suit

Killall::

Driver::
lhztltrv
gqjak
lsyurm
kxbtxm
gvwhdqbip

File::
c:\windows\system32\drivers\gqjak.sys
c:\windows\system32\drivers\lsyurm.sys
c:\windows\system32\drivers\kxbtxm.sys
c:\windows\system32\drivers\gvwhdqbip.sys
c:\windows\TEMP\cimr\setup.exe

Folder::
c:\documents and settings\NetworkService\Application Data\searchqutb

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Fkahuyokuyepebe"=-

Poste le nouveau rapport avec celui de TDSSKiller.
@+

de **Lucas** » 07 Déc 2010 17:17

Bonjour Nardino, alors voici les deux rapports suite à TdssKiller et Combofix.

rapport TdssKiller :

Code: Tout sélectionner: 2010/12/07 16:43:42.0703 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01 2010/12/07 16:43:42.0703 ================================================================================ 2010/12/07 16:43:42.0703 SystemInfo: 2010/12/07 16:43:42.0703 2010/12/07 16:43:42.0703 OS Version: 5.1.2600 ServicePack: 3.0 2010/12/07 16:43:42.0703 Product type: Workstation 2010/12/07 16:43:42.0703 ComputerName: ANIMATION 2010/12/07 16:43:42.0703 UserName: VIRGINIE 2010/12/07 16:43:42.0703 Windows directory: C:\WINDOWS 2010/12/07 16:43:42.0703 System windows directory: C:\WINDOWS 2010/12/07 16:43:42.0703 Processor architecture: Intel x86 2010/12/07 16:43:42.0703 Number of processors: 2 2010/12/07 16:43:42.0703 Page size: 0x1000 2010/12/07 16:43:42.0703 Boot type: Normal boot 2010/12/07 16:43:42.0703 ================================================================================ 2010/12/07 16:43:42.0906 Initialize success 2010/12/07 16:43:50.0890 ================================================================================ 2010/12/07 16:43:50.0890 Scan started 2010/12/07 16:43:50.0890 Mode: Manual; 2010/12/07 16:43:50.0890 ================================================================================ 2010/12/07 16:43:51.0140 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2010/12/07 16:43:51.0187 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/12/07 16:43:51.0234 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/12/07 16:43:51.0250 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2010/12/07 16:43:51.0343 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/12/07 16:43:51.0375 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/12/07 16:43:51.0421 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2010/12/07 16:43:51.0437 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2010/12/07 16:43:51.0468 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2010/12/07 16:43:51.0484 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2010/12/07 16:43:51.0500 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2010/12/07 16:43:51.0531 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2010/12/07 16:43:51.0546 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2010/12/07 16:43:51.0562 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2010/12/07 16:43:51.0593 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2010/12/07 16:43:51.0609 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2010/12/07 16:43:51.0640 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2010/12/07 16:43:51.0656 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2010/12/07 16:43:51.0687 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/12/07 16:43:51.0703 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/12/07 16:43:51.0734 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/12/07 16:43:51.0750 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/12/07 16:43:51.0828 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/12/07 16:43:51.0890 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2010/12/07 16:43:51.0906 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2010/12/07 16:43:51.0968 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 2010/12/07 16:43:52.0031 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/12/07 16:43:52.0078 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2010/12/07 16:43:52.0078 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/12/07 16:43:52.0093 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2010/12/07 16:43:52.0125 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/12/07 16:43:52.0140 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/12/07 16:43:52.0171 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/12/07 16:43:52.0203 CmdIde (e3726ad522d0bdae090671048c991ab3) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2010/12/07 16:43:52.0218 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2010/12/07 16:43:52.0250 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2010/12/07 16:43:52.0265 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2010/12/07 16:43:52.0296 Diag69xp (a22d5a027f397e412cbb2d97e8661bff) C:\WINDOWS\system32\Drivers\Diag69xp.sys 2010/12/07 16:43:52.0312 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/12/07 16:43:52.0328 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS 2010/12/07 16:43:52.0359 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS 2010/12/07 16:43:52.0375 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2010/12/07 16:43:52.0390 DLADResM (86dfc5bae3878cfabde1430475bd52a7) C:\WINDOWS\system32\Drivers\DLADResM.SYS 2010/12/07 16:43:52.0406 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS 2010/12/07 16:43:52.0421 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS 2010/12/07 16:43:52.0437 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS 2010/12/07 16:43:52.0453 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 2010/12/07 16:43:52.0468 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS 2010/12/07 16:43:52.0484 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS 2010/12/07 16:43:52.0515 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys 2010/12/07 16:43:52.0546 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys 2010/12/07 16:43:52.0562 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/12/07 16:43:52.0609 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/12/07 16:43:52.0625 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2010/12/07 16:43:52.0671 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/12/07 16:43:52.0687 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2010/12/07 16:43:52.0703 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2010/12/07 16:43:52.0734 encodfdi (5b6f97a45f80730d8957afd9b3019802) C:\WINDOWS\system32\drivers\encodfdi.sys 2010/12/07 16:43:52.0781 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/12/07 16:43:52.0828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2010/12/07 16:43:52.0859 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys 2010/12/07 16:43:52.0875 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2010/12/07 16:43:52.0890 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2010/12/07 16:43:52.0906 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/12/07 16:43:52.0921 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/12/07 16:43:52.0953 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/12/07 16:43:52.0968 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/12/07 16:43:53.0000 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/12/07 16:43:53.0031 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2010/12/07 16:43:53.0062 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/12/07 16:43:53.0093 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2010/12/07 16:43:53.0109 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2010/12/07 16:43:53.0250 ialm (2da364ee62d4949620b6fae4ffea16a7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2010/12/07 16:43:53.0390 iaStor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\drivers\iaStor.sys 2010/12/07 16:43:53.0406 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/12/07 16:43:53.0453 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2010/12/07 16:43:53.0578 IntcAzAudAddService (5c8f36cdcb489111b24003af4dfe1fdc) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2010/12/07 16:43:53.0671 IntcHdmiAddService (c9ef68bee3b1a62f34125a9fbbaac10c) C:\WINDOWS\system32\drivers\IntcHdmi.sys 2010/12/07 16:43:53.0687 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/12/07 16:43:53.0718 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/12/07 16:43:53.0734 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2010/12/07 16:43:53.0750 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/12/07 16:43:53.0765 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/12/07 16:43:53.0781 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/12/07 16:43:53.0828 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/12/07 16:43:53.0843 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/12/07 16:43:53.0859 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/12/07 16:43:53.0890 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/12/07 16:43:53.0890 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/12/07 16:43:53.0937 KeyScrambler (75c3aca076eba5a676e3552085545f21) C:\WINDOWS\system32\drivers\keyscrambler.sys 2010/12/07 16:43:53.0984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/12/07 16:43:54.0015 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/12/07 16:43:54.0078 LANPkt (8f5795b166cbb50966e29982f8cdb310) C:\WINDOWS\system32\DRIVERS\LANPkt.sys 2010/12/07 16:43:54.0093 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/12/07 16:43:54.0125 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys 2010/12/07 16:43:54.0140 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/12/07 16:43:54.0140 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/12/07 16:43:54.0156 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/12/07 16:43:54.0187 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2010/12/07 16:43:54.0218 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/12/07 16:43:54.0234 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/12/07 16:43:54.0265 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/12/07 16:43:54.0296 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/12/07 16:43:54.0328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/12/07 16:43:54.0328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/12/07 16:43:54.0343 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/12/07 16:43:54.0359 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/12/07 16:43:54.0390 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/12/07 16:43:54.0421 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/12/07 16:43:54.0437 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/12/07 16:43:54.0453 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/12/07 16:43:54.0468 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/12/07 16:43:54.0484 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/12/07 16:43:54.0500 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/12/07 16:43:54.0546 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/12/07 16:43:54.0578 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/12/07 16:43:54.0625 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/12/07 16:43:54.0656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/12/07 16:43:54.0671 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/12/07 16:43:54.0703 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 2010/12/07 16:43:54.0718 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 2010/12/07 16:43:54.0750 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 2010/12/07 16:43:54.0781 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys 2010/12/07 16:43:54.0828 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys 2010/12/07 16:43:54.0843 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/12/07 16:43:54.0843 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/12/07 16:43:54.0875 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys 2010/12/07 16:43:54.0890 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/12/07 16:43:54.0921 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/12/07 16:43:54.0937 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/12/07 16:43:55.0000 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2010/12/07 16:43:55.0015 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2010/12/07 16:43:55.0062 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/12/07 16:43:55.0078 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/12/07 16:43:55.0093 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/12/07 16:43:55.0125 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/12/07 16:43:55.0140 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2010/12/07 16:43:55.0156 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2010/12/07 16:43:55.0171 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2010/12/07 16:43:55.0203 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2010/12/07 16:43:55.0218 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2010/12/07 16:43:55.0250 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/12/07 16:43:55.0265 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/12/07 16:43:55.0281 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/12/07 16:43:55.0296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/12/07 16:43:55.0328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/12/07 16:43:55.0343 RDPCDD (8f526945238c1dc71987cb1428a1bad6) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/12/07 16:43:55.0343 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\RDPCDD.sys. Real md5: 8f526945238c1dc71987cb1428a1bad6, Fake md5: 1df31caea91f2a76fdd4d6e955a9cc2b 2010/12/07 16:43:55.0343 RDPCDD - detected Rootkit.Win32.TDSS.tdl3 (0) 2010/12/07 16:43:55.0359 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/12/07 16:43:55.0406 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/12/07 16:43:55.0437 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/12/07 16:43:55.0500 RTLE8023xp (7174f20ad9b7b7878a51ecca03c499c2) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2010/12/07 16:43:55.0531 RTLVLAN (b9ca69921379ea2931c4450fe975bce7) C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS 2010/12/07 16:43:55.0578 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/12/07 16:43:55.0609 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/12/07 16:43:55.0625 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/12/07 16:43:55.0671 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/12/07 16:43:55.0703 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2010/12/07 16:43:55.0734 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2010/12/07 16:43:55.0765 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/12/07 16:43:55.0812 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/12/07 16:43:55.0843 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/12/07 16:43:55.0875 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2010/12/07 16:43:55.0890 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/12/07 16:43:55.0906 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/12/07 16:43:55.0937 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2010/12/07 16:43:55.0953 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2010/12/07 16:43:55.0968 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2010/12/07 16:43:55.0984 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2010/12/07 16:43:56.0015 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/12/07 16:43:56.0046 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/12/07 16:43:56.0093 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys 2010/12/07 16:43:56.0125 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/12/07 16:43:56.0140 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/12/07 16:43:56.0156 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/12/07 16:43:56.0187 TosIde (b411668322c3bf4e690888706b999679) C:\WINDOWS\system32\DRIVERS\toside.sys 2010/12/07 16:43:56.0281 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys 2010/12/07 16:43:56.0296 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 2010/12/07 16:43:56.0312 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/12/07 16:43:56.0343 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2010/12/07 16:43:56.0375 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/12/07 16:43:56.0437 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/12/07 16:43:56.0453 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/12/07 16:43:56.0468 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/12/07 16:43:56.0500 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/12/07 16:43:56.0546 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/12/07 16:43:56.0562 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/12/07 16:43:56.0578 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/12/07 16:43:56.0593 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2010/12/07 16:43:56.0609 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/12/07 16:43:56.0640 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/12/07 16:43:56.0671 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/12/07 16:43:56.0718 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/12/07 16:43:56.0812 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/12/07 16:43:56.0828 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/12/07 16:43:56.0875 ================================================================================ 2010/12/07 16:43:56.0875 Scan finished 2010/12/07 16:43:56.0875 ================================================================================ 2010/12/07 16:43:56.0875 Detected object count: 1 2010/12/07 16:44:19.0546 RDPCDD (8f526945238c1dc71987cb1428a1bad6) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/12/07 16:44:19.0546 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\RDPCDD.sys. Real md5: 8f526945238c1dc71987cb1428a1bad6, Fake md5: 1df31caea91f2a76fdd4d6e955a9cc2b 2010/12/07 16:44:19.0765 Backup copy not found, trying to cure infected file.. 2010/12/07 16:44:19.0765 Cure success, using it.. 2010/12/07 16:44:22.0296 C:\WINDOWS\system32\DRIVERS\RDPCDD.sys - processing error 2010/12/07 16:44:22.0296 Rootkit.Win32.TDSS.tdl3(RDPCDD) - User select action: Cure 2010/12/07 16:47:25.0468 Deinitialize success

et le rapport Combofix :

Code: Tout sélectionner: ComboFix 10-12-06.04 - VIRGINIE 07/12/2010 16:59:15.4.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3037.2609 [GMT 1:00] Lancé depuis: c:\documents and settings\VIRGINIE\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\VIRGINIE\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\system32\drivers\gqjak.sys" "c:\windows\system32\drivers\gvwhdqbip.sys" "c:\windows\system32\drivers\kxbtxm.sys" "c:\windows\system32\drivers\lsyurm.sys" "c:\windows\TEMP\cimr\setup.exe" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\NetworkService\Application Data\searchqutb c:\documents and settings\NetworkService\Application Data\searchqutb\dtx.ini c:\documents and settings\NetworkService\Application Data\searchqutb\guid.dat c:\documents and settings\NetworkService\Application Data\searchqutb\setupCfg.xml c:\windows\system32\DRIVERS\RDPCDD.sys . . . est infecté!! . . . Impossible de trouver un substitut valide. . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_LHZTLTRV ((((((((((((((((((((((((((((( Fichiers créés du 2010-11-07 au 2010-12-07 )))))))))))))))))))))))))))))))))))) . 2010-11-25 16:42 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-11-23 08:54 . 2010-11-23 08:54 -------- d-----w- c:\documents and settings\NetworkService\Application Data\WhiteSmoke 2010-11-23 08:50 . 2010-11-23 08:50 -------- d-----w- c:\documents and settings\NetworkService\Menu Démarrer 2010-11-17 10:22 . 2010-11-17 10:22 -------- d-----w- c:\documents and settings\VIRGINIE\Application Data\Icones 2010-11-12 09:30 . 2010-11-22 14:22 -------- d-----w- c:\windows\system32\NtmsData 2010-11-12 09:27 . 2010-09-15 03:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2010-11-12 09:22 . 2010-11-12 09:22 -------- d-----w- c:\documents and settings\VIRGINIE\Application Data\Avira . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-15 03:50 . 2010-07-30 12:47 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-15 01:29 . 2010-02-09 18:43 73728 ----a-w- c:\windows\system32\javacpl.cpl . ((((((((((((((((((((((((((((( SnapShot@2010-12-06_16.26.47 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-25 12:46 . 2010-12-06 16:29 86514 c:\windows\system32\perfc00C.dat - 2008-04-25 12:46 . 2010-12-02 16:03 86514 c:\windows\system32\perfc00C.dat + 2008-04-25 12:46 . 2010-12-06 16:29 72712 c:\windows\system32\perfc009.dat - 2008-04-25 12:46 . 2010-12-02 16:03 72712 c:\windows\system32\perfc009.dat + 2008-04-25 12:46 . 2010-12-06 16:29 515048 c:\windows\system32\perfh00C.dat - 2008-04-25 12:46 . 2010-12-02 16:03 515048 c:\windows\system32\perfh00C.dat + 2008-04-25 12:46 . 2010-12-06 16:29 445506 c:\windows\system32\perfh009.dat - 2008-04-25 12:46 . 2010-12-02 16:03 445506 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-19 2289664] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-23 200704] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-03-24 202256] "Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768] "AMService"="c:\windows\system32\setup.exe" [2008-04-14 23040] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\VIRGINIE\Menu D‚marrer\Programmes\D‚marrage\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [25/11/2010 17:42 28552] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [12/07/2010 11:05 135336] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?] R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [08/06/2009 10:35 8960] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [03/02/2010 13:20 1043784] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [08/06/2009 19:22 110080] R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [12/10/2010 09:47 114952] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064] S0 drkudrv;drkudrv;c:\windows\system32\drivers\gqjak.sys --> c:\windows\system32\drivers\gqjak.sys [?] S0 ipqisvpjaoieonx;ipqisvpjaoieonx;c:\windows\system32\drivers\lsyurm.sys --> c:\windows\system32\drivers\lsyurm.sys [?] S0 nojvhaw;nojvhaw;c:\windows\system32\drivers\kxbtxm.sys --> c:\windows\system32\drivers\kxbtxm.sys [?] S0 vpbgwdjygacpwv;vpbgwdjygacpwv;c:\windows\system32\drivers\gvwhdqbip.sys --> c:\windows\system32\drivers\gvwhdqbip.sys [?] S2 AMService;AMService;c:\windows\TEMP\cimr\setup.exe run --> c:\windows\TEMP\cimr\setup.exe run [?] S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [08/06/2009 10:35 11264] S3 encodfdi;encodfdi;c:\windows\system32\drivers\encodfdi.SYS [18/09/2009 12:26 169464] S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [08/06/2009 10:35 16640] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Tâches planifiées' 2010-12-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-137615074-2211993003-2770038294-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-12-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-137615074-2211993003-2770038294-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-12-07 c:\windows\Tasks\Recherche de problèmes automatique.job - c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2010-02-03 12:26] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\ FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Extension: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Extension: PhishTank SiteChecker: {8bc5b5eb-0ec4-46ed-a024-ace8a3032888} - c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\extensions\{8bc5b5eb-0ec4-46ed-a024-ace8a3032888} FF - Extension: KeyScrambler: keyscrambler@qfx.software.corporation - c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\extensions\keyscrambler@qfx.software.corporation . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-07 17:07 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: WDC_WD32 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8889EEC5]<< _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8814b872; SUB DWORD [EBP-0x4], 0x8814b12e; PUSH EDI; CALL 0xffffffffffffdf33; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A41E6C8] 3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A46F1E0] [0x89340D78] -> IRP_MJ_CREATE -> 0x8889EEC5 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; } detected disk devices: \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD3200AAKS-75L9A0___________________01.03E01#4&37acd5ca&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\iaStor DriverStartIo -> 0x8889EAEA user & kernel MBR OK sectors 625142446 (+255): user != kernel Warning: possible TDL3 rootkit infection ! ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3712) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\program files\Fichiers communs\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\RTHDCPL.EXE c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe c:\windows\system32\igfxsrvc.exe . ************************************************************************** . Heure de fin: 2010-12-07 17:11:48 - La machine a redémarré ComboFix-quarantined-files.txt 2010-12-07 16:11 ComboFix2.txt 2010-12-06 16:30 Avant-CF: 289 897 259 008 octets libres Après-CF: 289 914 359 808 octets libres - - End Of File - - 1BC21CA83B1F6C638F4CE1B65C2B42B6

Pour LimeWire, c'est bon j'ai désinstallé ça du Pc.
J'attends ton retour.
Cordialement, Lucas.

de **nardino** » 07 Déc 2010 22:47

Bonsoir,

As-tu bien redémarré entre le passage de TDSSkiller et celui de Combofix ?

Peux-tu renouveler les deux opérations en redémarrant à chaque fois ?
Et poster les deux rapports.
@+

de **Lucas** » 08 Déc 2010 15:19

Bonjour Nardino, en effet Antivir étant activé pendant le passage de TdssKiller, l'icône "reboot now" n'est pas apparu et la désinfection ne s'est pas faite après redémarrage.
c'est bon j'ai refait les deux manips.
Voici les rapports.

Rapport TdssKiller :

Code: Tout sélectionner: 2010/12/08 14:46:27.0718 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01 2010/12/08 14:46:27.0718 ================================================================================ 2010/12/08 14:46:27.0718 SystemInfo: 2010/12/08 14:46:27.0718 2010/12/08 14:46:27.0718 OS Version: 5.1.2600 ServicePack: 3.0 2010/12/08 14:46:27.0718 Product type: Workstation 2010/12/08 14:46:27.0718 ComputerName: ANIMATION 2010/12/08 14:46:27.0718 UserName: VIRGINIE 2010/12/08 14:46:27.0718 Windows directory: C:\WINDOWS 2010/12/08 14:46:27.0718 System windows directory: C:\WINDOWS 2010/12/08 14:46:27.0718 Processor architecture: Intel x86 2010/12/08 14:46:27.0718 Number of processors: 2 2010/12/08 14:46:27.0718 Page size: 0x1000 2010/12/08 14:46:27.0718 Boot type: Normal boot 2010/12/08 14:46:27.0718 ================================================================================ 2010/12/08 14:46:27.0812 Initialize success 2010/12/08 14:46:29.0015 ================================================================================ 2010/12/08 14:46:29.0015 Scan started 2010/12/08 14:46:29.0015 Mode: Manual; 2010/12/08 14:46:29.0015 ================================================================================ 2010/12/08 14:46:29.0250 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2010/12/08 14:46:29.0296 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/12/08 14:46:29.0328 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/12/08 14:46:29.0390 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2010/12/08 14:46:29.0453 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/12/08 14:46:29.0515 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/12/08 14:46:29.0562 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2010/12/08 14:46:29.0578 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2010/12/08 14:46:29.0625 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2010/12/08 14:46:29.0640 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2010/12/08 14:46:29.0656 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2010/12/08 14:46:29.0734 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2010/12/08 14:46:29.0750 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2010/12/08 14:46:29.0781 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2010/12/08 14:46:29.0796 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2010/12/08 14:46:29.0828 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2010/12/08 14:46:29.0859 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2010/12/08 14:46:29.0890 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2010/12/08 14:46:29.0953 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/12/08 14:46:29.0968 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/12/08 14:46:30.0000 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/12/08 14:46:30.0031 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/12/08 14:46:30.0125 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/12/08 14:46:30.0171 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2010/12/08 14:46:30.0187 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2010/12/08 14:46:30.0265 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 2010/12/08 14:46:30.0359 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/12/08 14:46:30.0406 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2010/12/08 14:46:30.0421 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/12/08 14:46:30.0453 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2010/12/08 14:46:30.0484 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/12/08 14:46:30.0500 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/12/08 14:46:30.0531 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/12/08 14:46:30.0578 CmdIde (e3726ad522d0bdae090671048c991ab3) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2010/12/08 14:46:30.0593 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2010/12/08 14:46:30.0640 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2010/12/08 14:46:30.0671 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2010/12/08 14:46:30.0703 Diag69xp (a22d5a027f397e412cbb2d97e8661bff) C:\WINDOWS\system32\Drivers\Diag69xp.sys 2010/12/08 14:46:30.0718 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/12/08 14:46:30.0750 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS 2010/12/08 14:46:30.0781 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS 2010/12/08 14:46:30.0796 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2010/12/08 14:46:30.0812 DLADResM (86dfc5bae3878cfabde1430475bd52a7) C:\WINDOWS\system32\Drivers\DLADResM.SYS 2010/12/08 14:46:30.0828 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS 2010/12/08 14:46:30.0843 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS 2010/12/08 14:46:30.0859 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS 2010/12/08 14:46:30.0875 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 2010/12/08 14:46:30.0890 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS 2010/12/08 14:46:30.0921 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS 2010/12/08 14:46:30.0953 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys 2010/12/08 14:46:30.0984 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys 2010/12/08 14:46:31.0000 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/12/08 14:46:31.0046 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/12/08 14:46:31.0062 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2010/12/08 14:46:31.0109 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/12/08 14:46:31.0125 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2010/12/08 14:46:31.0140 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2010/12/08 14:46:31.0171 encodfdi (5b6f97a45f80730d8957afd9b3019802) C:\WINDOWS\system32\drivers\encodfdi.sys 2010/12/08 14:46:31.0218 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/12/08 14:46:31.0234 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2010/12/08 14:46:31.0265 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys 2010/12/08 14:46:31.0281 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2010/12/08 14:46:31.0296 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2010/12/08 14:46:31.0328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/12/08 14:46:31.0328 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/12/08 14:46:31.0359 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/12/08 14:46:31.0375 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/12/08 14:46:31.0406 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/12/08 14:46:31.0437 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2010/12/08 14:46:31.0484 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/12/08 14:46:31.0515 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2010/12/08 14:46:31.0531 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2010/12/08 14:46:31.0703 ialm (2da364ee62d4949620b6fae4ffea16a7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2010/12/08 14:46:31.0843 iaStor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\drivers\iaStor.sys 2010/12/08 14:46:31.0859 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/12/08 14:46:31.0890 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2010/12/08 14:46:32.0015 IntcAzAudAddService (5c8f36cdcb489111b24003af4dfe1fdc) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2010/12/08 14:46:32.0093 IntcHdmiAddService (c9ef68bee3b1a62f34125a9fbbaac10c) C:\WINDOWS\system32\drivers\IntcHdmi.sys 2010/12/08 14:46:32.0125 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/12/08 14:46:32.0140 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/12/08 14:46:32.0156 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2010/12/08 14:46:32.0171 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/12/08 14:46:32.0187 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/12/08 14:46:32.0218 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/12/08 14:46:32.0265 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/12/08 14:46:32.0281 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/12/08 14:46:32.0296 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/12/08 14:46:32.0328 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/12/08 14:46:32.0328 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/12/08 14:46:32.0375 KeyScrambler (75c3aca076eba5a676e3552085545f21) C:\WINDOWS\system32\drivers\keyscrambler.sys 2010/12/08 14:46:32.0421 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/12/08 14:46:32.0453 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/12/08 14:46:32.0500 LANPkt (8f5795b166cbb50966e29982f8cdb310) C:\WINDOWS\system32\DRIVERS\LANPkt.sys 2010/12/08 14:46:32.0531 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/12/08 14:46:32.0546 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys 2010/12/08 14:46:32.0562 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/12/08 14:46:32.0578 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/12/08 14:46:32.0593 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/12/08 14:46:32.0640 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2010/12/08 14:46:32.0656 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/12/08 14:46:32.0687 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/12/08 14:46:32.0718 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/12/08 14:46:32.0750 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/12/08 14:46:32.0796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/12/08 14:46:32.0796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/12/08 14:46:32.0812 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/12/08 14:46:32.0828 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/12/08 14:46:32.0859 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/12/08 14:46:32.0890 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/12/08 14:46:32.0906 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/12/08 14:46:32.0921 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/12/08 14:46:32.0937 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/12/08 14:46:32.0953 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/12/08 14:46:32.0968 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/12/08 14:46:33.0015 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/12/08 14:46:33.0046 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/12/08 14:46:33.0078 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/12/08 14:46:33.0109 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/12/08 14:46:33.0125 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/12/08 14:46:33.0156 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 2010/12/08 14:46:33.0156 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 2010/12/08 14:46:33.0187 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 2010/12/08 14:46:33.0203 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys 2010/12/08 14:46:33.0234 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys 2010/12/08 14:46:33.0250 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/12/08 14:46:33.0265 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/12/08 14:46:33.0281 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys 2010/12/08 14:46:33.0296 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/12/08 14:46:33.0328 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/12/08 14:46:33.0343 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/12/08 14:46:33.0406 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2010/12/08 14:46:33.0406 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2010/12/08 14:46:33.0453 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/12/08 14:46:33.0468 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/12/08 14:46:33.0484 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/12/08 14:46:33.0515 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/12/08 14:46:33.0515 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2010/12/08 14:46:33.0546 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2010/12/08 14:46:33.0562 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2010/12/08 14:46:33.0578 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2010/12/08 14:46:33.0578 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2010/12/08 14:46:33.0609 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/12/08 14:46:33.0640 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/12/08 14:46:33.0656 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/12/08 14:46:33.0656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/12/08 14:46:33.0687 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/12/08 14:46:33.0703 RDPCDD (8f526945238c1dc71987cb1428a1bad6) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/12/08 14:46:33.0703 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\RDPCDD.sys. Real md5: 8f526945238c1dc71987cb1428a1bad6, Fake md5: 1df31caea91f2a76fdd4d6e955a9cc2b 2010/12/08 14:46:33.0718 RDPCDD - detected Rootkit.Win32.TDSS.tdl3 (0) 2010/12/08 14:46:33.0734 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/12/08 14:46:33.0765 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/12/08 14:46:33.0781 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/12/08 14:46:33.0828 RTLE8023xp (7174f20ad9b7b7878a51ecca03c499c2) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2010/12/08 14:46:33.0875 RTLVLAN (b9ca69921379ea2931c4450fe975bce7) C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS 2010/12/08 14:46:33.0890 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/12/08 14:46:33.0937 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/12/08 14:46:33.0937 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/12/08 14:46:33.0968 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/12/08 14:46:34.0000 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2010/12/08 14:46:34.0031 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2010/12/08 14:46:34.0062 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/12/08 14:46:34.0093 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/12/08 14:46:34.0125 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/12/08 14:46:34.0156 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2010/12/08 14:46:34.0171 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/12/08 14:46:34.0187 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/12/08 14:46:34.0218 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2010/12/08 14:46:34.0234 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2010/12/08 14:46:34.0250 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2010/12/08 14:46:34.0250 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2010/12/08 14:46:34.0281 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/12/08 14:46:34.0312 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/12/08 14:46:34.0343 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys 2010/12/08 14:46:34.0375 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/12/08 14:46:34.0390 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/12/08 14:46:34.0406 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/12/08 14:46:34.0421 TosIde (b411668322c3bf4e690888706b999679) C:\WINDOWS\system32\DRIVERS\toside.sys 2010/12/08 14:46:34.0515 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys 2010/12/08 14:46:34.0531 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 2010/12/08 14:46:34.0546 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/12/08 14:46:34.0562 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2010/12/08 14:46:34.0609 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/12/08 14:46:34.0671 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/12/08 14:46:34.0687 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/12/08 14:46:34.0718 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/12/08 14:46:34.0765 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/12/08 14:46:34.0812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/12/08 14:46:34.0828 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/12/08 14:46:34.0859 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/12/08 14:46:34.0875 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2010/12/08 14:46:34.0890 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/12/08 14:46:34.0906 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/12/08 14:46:34.0953 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/12/08 14:46:35.0000 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/12/08 14:46:35.0078 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/12/08 14:46:35.0093 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/12/08 14:46:35.0125 ================================================================================ 2010/12/08 14:46:35.0125 Scan finished 2010/12/08 14:46:35.0125 ================================================================================ 2010/12/08 14:46:35.0140 Detected object count: 1 2010/12/08 14:46:52.0468 RDPCDD (8f526945238c1dc71987cb1428a1bad6) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/12/08 14:46:52.0468 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\RDPCDD.sys. Real md5: 8f526945238c1dc71987cb1428a1bad6, Fake md5: 1df31caea91f2a76fdd4d6e955a9cc2b 2010/12/08 14:46:52.0640 Backup copy not found, trying to cure infected file.. 2010/12/08 14:46:52.0640 Cure success, using it.. 2010/12/08 14:46:52.0640 C:\WINDOWS\system32\DRIVERS\RDPCDD.sys - will be cured after reboot 2010/12/08 14:46:52.0640 Rootkit.Win32.TDSS.tdl3(RDPCDD) - User select action: Cure 2010/12/08 14:46:57.0390 Deinitialize success

Rapport Combofix :

Code: Tout sélectionner: ComboFix 10-12-07.04 - VIRGINIE 08/12/2010 15:01:25.5.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3037.2539 [GMT 1:00] Lancé depuis: c:\documents and settings\VIRGINIE\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\VIRGINIE\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\system32\drivers\gqjak.sys" "c:\windows\system32\drivers\gvwhdqbip.sys" "c:\windows\system32\drivers\kxbtxm.sys" "c:\windows\system32\drivers\lsyurm.sys" "c:\windows\TEMP\cimr\setup.exe" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\NetworkService\Application Data\OfferBox c:\documents and settings\NetworkService\Application Data\OfferBox\config.dat c:\documents and settings\NetworkService\Application Data\OfferBox\config.xml c:\documents and settings\NetworkService\Application Data\searchqutb c:\documents and settings\NetworkService\Application Data\searchqutb\dtx.ini c:\documents and settings\NetworkService\Application Data\searchqutb\guid.dat c:\documents and settings\NetworkService\Application Data\searchqutb\setupCfg.xml c:\documents and settings\VIRGINIE\Application Data\OfferBox c:\documents and settings\VIRGINIE\Application Data\OfferBox\config.dat c:\documents and settings\VIRGINIE\Application Data\OfferBox\config.xml c:\program files\OfferBox c:\program files\OfferBox\OfferBox.exe c:\program files\OfferBox\OfferBoxBHO.dll c:\program files\OfferBox\OfferBoxChromeExtension.crx c:\program files\OfferBox\OfferBoxEngine.dll c:\program files\OfferBox\offerboxffx@offerbox.com\chrome.manifest c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\events.js c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\overlay.xul c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.xpt c:\program files\OfferBox\offerboxffx@offerbox.com\install.rdf c:\program files\OfferBox\OfferBoxLauncher.exe c:\program files\OfferBox\res\language.xml c:\program files\OfferBox\res\loader.gif c:\program files\OfferBox\uninst.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-11-08 au 2010-12-08 )))))))))))))))))))))))))))))))))))) . 2010-12-08 11:23 . 2010-12-08 13:50 -------- d-----w- c:\documents and settings\VIRGINIE\Application Data\searchqutb 2010-12-08 10:31 . 2010-12-08 10:31 -------- d-----w- c:\documents and settings\VIRGINIE\Application Data\Bandoo 2010-12-08 10:31 . 2010-12-08 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Bandoo 2010-12-08 10:31 . 2010-12-08 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Fun4IM 2010-12-08 10:31 . 2010-12-08 10:31 -------- d-----w- c:\program files\Windows Searchqu Toolbar 2010-12-08 10:31 . 2010-12-08 10:31 -------- d-----w- c:\program files\Fun4IM 2010-12-08 10:30 . 2010-12-08 10:30 -------- d-----w- c:\program files\WhiteSmoke 2010-12-07 19:22 . 2010-12-07 19:22 -------- d-----w- c:\program files\Quick Web Player 2010-12-07 16:23 . 2010-12-07 16:23 -------- d-sh--w- c:\documents and settings\VIRGINIE\IECompatCache 2010-11-25 16:42 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-11-23 08:54 . 2010-12-08 10:31 -------- d-----w- c:\documents and settings\NetworkService\Application Data\WhiteSmoke 2010-11-23 08:50 . 2010-11-23 08:50 -------- d-----w- c:\documents and settings\NetworkService\Menu Démarrer 2010-11-17 10:22 . 2010-11-17 10:22 -------- d-----w- c:\documents and settings\VIRGINIE\Application Data\Icones 2010-11-12 09:30 . 2010-11-22 14:22 -------- d-----w- c:\windows\system32\NtmsData 2010-11-12 09:27 . 2010-09-15 03:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2010-11-12 09:22 . 2010-11-12 09:22 -------- d-----w- c:\documents and settings\VIRGINIE\Application Data\Avira . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-08 13:47 . 2008-04-25 12:46 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys 2010-09-15 03:50 . 2010-07-30 12:47 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-15 01:29 . 2010-02-09 18:43 73728 ----a-w- c:\windows\system32\javacpl.cpl . ((((((((((((((((((((((((((((( SnapShot@2010-12-06_16.26.47 ))))))))))))))))))))))))))))))))))))))))) . + 2010-04-16 21:12 . 2010-04-16 21:12 48464 c:\windows\system32\sirenacm.dll - 2008-04-25 12:46 . 2010-12-02 16:03 86514 c:\windows\system32\perfc00C.dat + 2008-04-25 12:46 . 2010-12-06 16:29 86514 c:\windows\system32\perfc00C.dat + 2008-04-25 12:46 . 2010-12-06 16:29 72712 c:\windows\system32\perfc009.dat - 2008-04-25 12:46 . 2010-12-02 16:03 72712 c:\windows\system32\perfc009.dat + 2010-12-07 20:00 . 2010-12-07 20:00 22016 c:\windows\Installer\5f64d0.msi + 2010-12-07 20:00 . 2010-12-07 20:00 27136 c:\windows\Installer\5f64a3.msi + 2010-12-07 19:59 . 2010-12-07 19:59 83456 c:\windows\Installer\5f648c.msi + 2010-12-07 19:59 . 2010-12-07 19:59 58880 c:\windows\Installer\5f6483.msi + 2010-12-07 20:00 . 2010-12-07 20:00 61272 c:\windows\Installer\{B3B487E7-6171-4376-9074-B28082CEB504}\IconWlc.exe + 2010-12-07 20:00 . 2010-12-07 20:00 58945 c:\windows\Installer\{5DD76286-9BE7-4894-A990-E905E91AC818}\wlmail.exe - 2009-11-24 13:46 . 2009-11-24 13:46 58945 c:\windows\Installer\{5DD76286-9BE7-4894-A990-E905E91AC818}\wlmail.exe + 2010-12-07 20:00 . 2010-12-07 20:00 80395 c:\windows\Installer\{445B183D-F4F1-45C8-B9DB-F11355CA657B}\MsblIco.Exe + 2010-12-08 10:41 . 2010-12-08 10:41 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\28e4732511f8745b7c96834a4aeaf136\WindowsLiveWriter.ni.exe + 2010-12-08 10:41 . 2010-12-08 10:41 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\965170373cb2ac38b5025a332bea07ec\WindowsLive.Writer.Api.ni.dll + 2010-04-17 00:28 . 2010-04-17 00:28 307056 c:\windows\WLXPGSS.SCR + 2008-04-25 12:46 . 2010-12-06 16:29 515048 c:\windows\system32\perfh00C.dat - 2008-04-25 12:46 . 2010-12-02 16:03 515048 c:\windows\system32\perfh00C.dat + 2008-04-25 12:46 . 2010-12-06 16:29 445506 c:\windows\system32\perfh009.dat - 2008-04-25 12:46 . 2010-12-02 16:03 445506 c:\windows\system32\perfh009.dat + 2010-12-07 20:01 . 2010-12-07 20:01 569856 c:\windows\Installer\5f65aa.msi + 2010-12-07 20:01 . 2010-12-07 20:01 177152 c:\windows\Installer\5f658b.msi + 2010-12-07 20:01 . 2010-12-07 20:01 727040 c:\windows\Installer\5f6567.msi + 2010-12-07 20:01 . 2010-12-07 20:01 483328 c:\windows\Installer\5f6559.msi + 2010-12-07 20:01 . 2010-12-07 20:01 779264 c:\windows\Installer\5f6546.msi + 2010-12-07 20:01 . 2010-12-07 20:01 483328 c:\windows\Installer\5f650a.msi + 2010-12-07 20:00 . 2010-12-07 20:00 816640 c:\windows\Installer\5f64fd.msi + 2010-12-07 20:00 . 2010-12-07 20:00 429056 c:\windows\Installer\5f64c9.msi + 2010-12-07 20:00 . 2010-12-07 20:00 149504 c:\windows\Installer\5f6498.msi + 2010-12-07 20:01 . 2010-12-07 20:01 132096 c:\windows\Installer\{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}\WLXPhotoGalleryIcon.exe + 2010-12-08 10:41 . 2010-12-08 10:41 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\ce97f6084d7984c0ba84d7f39d4262fb\WindowsLiveLocal.WriterPlugin.ni.dll + 2010-12-08 10:41 . 2010-12-08 10:41 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ffcedffda9196191379338ec74fe5ebc\WindowsLive.Writer.Instrumentation.ni.dll + 2010-12-08 10:41 . 2010-12-08 10:41 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fa1c8f274cd76ccf50638d663d1dac93\WindowsLive.Writer.Interop.ni.dll + 2010-12-08 10:41 . 2010-12-08 10:41 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e5725f3a7b331db6545c79802942c47d\WindowsLive.Writer.HtmlEditor.ni.dll + 2010-12-08 10:41 . 2010-12-08 10:41 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e479d7a0a625ae59f6e449bc37521846\WindowsLive.Writer.Localization.ni.dll + 2010-12-08 10:41 . 2010-12-08 10:41 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\db96749a2c7d47d12c6828423f5fb9b7\WindowsLive.Writer.HtmlParser.ni.dll + 2010-12-08 10:41 . 2010-12-08 10:41 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\da882dc60b961d297b7c299d1d3ae8c3\WindowsLive.Writer.BlogClient.ni.dll + 2010-12-08 10:41 . 2010-12-08 10:41 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c77586116133d60c1070cb49f84aa893\WindowsLive.Writer.FileDestinations.ni.dll + 2010-12-08 10:41 . 2010-12-08 10:41 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\88dc5bb467d54064629bcb8651b3913a\WindowsLive.Writer.Extensibility.ni.dll + 2010-12-08 10:41 . 2010-12-08 10:41 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5490a52d532fec5e4babc7eeec23cee5\WindowsLive.Writer.Passport.ni.dll + 2010-12-08 10:41 . 2010-12-08 10:41 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\29e3ec71d6d033a25b4b7040674c939c\WindowsLive.Writer.BrowserControl.ni.dll + 2010-12-08 10:41 . 2010-12-08 10:41 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1c0e22f447978df2258526a92777e2bd\WindowsLive.Writer.Interop.Mshtml.ni.dll + 2010-12-08 10:41 . 2010-12-08 10:41 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1877ec2ba83d84262ffc304cfb9959f9\WindowsLive.Writer.Controls.ni.dll + 2010-12-08 10:41 . 2010-12-08 10:41 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0c3e4debb6a6f0b4c661f69d1fd87928\WindowsLive.Writer.Mshtml.ni.dll + 2010-12-08 10:41 . 2010-12-08 10:41 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\05c31774b5860bb61f539377fee04eb5\WindowsLive.Writer.SpellChecker.ni.dll + 2010-12-08 10:41 . 2010-12-08 10:41 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\cfad7a4e77d441d3e5568163ee2adab7\WindowsLive.Client.ni.dll + 2010-12-08 10:41 . 2010-12-08 10:41 2018816 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f05b5e8ac6a38b25438eecf35c853c48\WindowsLive.Writer.CoreServices.ni.dll + 2010-12-08 10:41 . 2010-12-08 10:41 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\83d2123168b38c5890e290370da3895c\WindowsLive.Writer.ApplicationFramework.ni.dll + 2010-12-08 10:41 . 2010-12-08 10:41 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\18a60e0a3576c6c72093757809d909c4\WindowsLive.Writer.PostEditor.ni.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}] 2010-08-23 02:22 2195456 ----a-w- c:\program files\Fun4IM\Plugins\IE\ieplugin.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-19 2289664] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-23 200704] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-03-24 202256] "Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768] "AMService"="c:\windows\system32\setup.exe" [2008-04-14 23040] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\NetworkService\Menu D‚marrer\Programmes\D‚marrage\ Launch WhiteSmoke.lnk - c:\program files\WhiteSmoke\WSEnrichment.exe [2010-11-10 2170880] c:\documents and settings\NetworkService\Menu D‚marrer\Programmes\D‚marrage\ Launch WhiteSmoke.lnk - c:\program files\WhiteSmoke\WSEnrichment.exe [2010-11-10 2170880] c:\documents and settings\NetworkService\Menu D‚marrer\Programmes\D‚marrage\ Launch WhiteSmoke.lnk - c:\program files\WhiteSmoke\WSEnrichment.exe [2010-11-10 2170880] c:\documents and settings\NetworkService\Menu D‚marrer\Programmes\D‚marrage\ Launch WhiteSmoke.lnk - c:\program files\WhiteSmoke\WSEnrichment.exe [2010-11-10 2170880] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [25/11/2010 17:42 28552] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [12/07/2010 11:05 135336] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?] R2 Fun4IM Coordinator;Fun4IM Coordinator;c:\progra~1\Fun4IM\Bandoo.exe [08/12/2010 11:31 1938880] R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [08/06/2009 10:35 8960] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [03/02/2010 13:20 1043784] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [08/06/2009 19:22 110080] R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [12/10/2010 09:47 114952] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064] S0 drkudrv;drkudrv;c:\windows\system32\drivers\gqjak.sys --> c:\windows\system32\drivers\gqjak.sys [?] S0 ipqisvpjaoieonx;ipqisvpjaoieonx;c:\windows\system32\drivers\lsyurm.sys --> c:\windows\system32\drivers\lsyurm.sys [?] S0 nojvhaw;nojvhaw;c:\windows\system32\drivers\kxbtxm.sys --> c:\windows\system32\drivers\kxbtxm.sys [?] S0 vpbgwdjygacpwv;vpbgwdjygacpwv;c:\windows\system32\drivers\gvwhdqbip.sys --> c:\windows\system32\drivers\gvwhdqbip.sys [?] S2 AMService;AMService;c:\windows\TEMP\cimr\setup.exe run --> c:\windows\TEMP\cimr\setup.exe run [?] S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [08/06/2009 10:35 11264] S3 encodfdi;encodfdi;c:\windows\system32\drivers\encodfdi.SYS [18/09/2009 12:26 169464] S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [08/06/2009 10:35 16640] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Tâches planifiées' 2010-12-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-137615074-2211993003-2770038294-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-12-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-137615074-2211993003-2770038294-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-12-08 c:\windows\Tasks\Recherche de problèmes automatique.job - c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2010-02-03 12:26] . . ------- Examen supplémentaire ------- . uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\\extensions\firefox@bandoo.com\components\FFPlugin.dll FF - component: c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Extension: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Extension: PhishTank SiteChecker: {8bc5b5eb-0ec4-46ed-a024-ace8a3032888} - c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\extensions\{8bc5b5eb-0ec4-46ed-a024-ace8a3032888} FF - Extension: KeyScrambler: keyscrambler@qfx.software.corporation - c:\documents and settings\VIRGINIE\Application Data\Mozilla\Firefox\Profiles\isjdrg43.default\extensions\keyscrambler@qfx.software.corporation FF - Extension: Bandoo for Firefox: firefox@bandoo.com - c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\\extensions\firefox@bandoo.com . - - - - ORPHELINS SUPPRIMES - - - - SafeBoot-klmdb.sys AddRemove-OfferBox Browser - c:\program files\OfferBox\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-08 15:04 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(604) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\program files\Fichiers communs\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe c:\windows\RTHDCPL.EXE c:\progra~1\WI9130~1\Datamngr\DATAMN~1.EXE c:\windows\system32\igfxsrvc.exe c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe . ************************************************************************** . Heure de fin: 2010-12-08 15:06:40 - La machine a redémarré ComboFix-quarantined-files.txt 2010-12-08 14:06 ComboFix2.txt 2010-12-07 16:11 ComboFix3.txt 2010-12-06 16:30 Avant-CF: 289 586 626 560 octets libres Après-CF: 289 772 433 408 octets libres - - End Of File - - 5C1FE49146CEBC54E591610088AA6A5E

J'ai remarqué que certains éléments qui avaient été supprimés au premier passage de Combofix (Fun4IM, WhiteSmoke, QuickWeb Player) sont de nouveau présent sur la machine.
A priori Navigateur OfferBox a été neutralisé.

J'attends ton avis.
Cordialement, Lucas.

de **Lucas** » 08 Déc 2010 15:26

Je te joins un autre rapport RSIT ou l'on vois les éléments cités dans le précèdent message :

Code: Tout sélectionner: Logfile of random's system information tool 1.08 (written by random/random) Run by VIRGINIE at 2010-12-08 15:22:12 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 276 GB (91%) free of 305 GB Total RAM: 3037 MB (82% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:23:06, on 08/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\PROGRA~1\Fun4IM\Bandoo.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\VIRGINIE\Bureau\Désinfection Lucas\RSIT.exe C:\Program Files\trend micro\VIRGINIE.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.uk.msn.com/USSMB/7 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Fun4IM\Plugins\IE\ieplugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AMService] C:\WINDOWS\system32\setup.exe O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-20 Startup: Launch WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe (User 'SERVICE RÉSEAU') O4 - S-1-5-18 Startup: Launch WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Launch WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AMService - Unknown owner - C:\WINDOWS\TEMP\cimr\setup.exe (file missing) O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: Fun4IM Coordinator - Discordia Limited - C:\PROGRA~1\Fun4IM\Bandoo.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 11031 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-137615074-2211993003-2770038294-1005.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-137615074-2211993003-2770038294-1005.job C:\WINDOWS\tasks\Recherche de problèmes automatique.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}] KeyScramblerBHO Class - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2010-10-12 796192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-24 341600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}] BandooIEPlugin Class - C:\Program Files\Fun4IM\Plugins\IE\ieplugin.dll [2010-08-23 2195456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-18 16806912] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-08-18 150040] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-08-18 178712] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-08-18 150040] "Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2009-01-19 2289664] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-12-04 186904] "dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384] "PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe [2001-07-23 200704] "SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-05-14 248552] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-03-24 202256] "Malwarebytes Anti-Malware (rootkit-scan)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-17 281768] "AMService"=C:\WINDOWS\system32\setup.exe [2008-04-14 23040] "DATAMNGR"=C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE [2010-08-22 796608] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-08-18 217088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" "C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" ======List of files/folders created in the last 1 months====== 2010-12-08 15:06:42 ----D---- C:\WINDOWS\temp 2010-12-08 15:06:41 ----A---- C:\ComboFix.txt 2010-12-08 14:59:36 ----D---- C:\ComboFix 2010-12-08 14:46:27 ----A---- C:\TDSSKiller.2.4.10.1_08.12.2010_14.46.27_log.txt 2010-12-08 14:41:08 ----A---- C:\TDSSKiller.2.4.10.1_08.12.2010_14.41.08_log.txt 2010-12-08 12:23:48 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\searchqutb 2010-12-08 11:31:48 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\Bandoo 2010-12-08 11:31:18 ----D---- C:\Documents and Settings\All Users\Application Data\Bandoo 2010-12-08 11:31:11 ----D---- C:\Documents and Settings\All Users\Application Data\Fun4IM 2010-12-08 11:31:08 ----D---- C:\Program Files\Windows Searchqu Toolbar 2010-12-08 11:31:07 ----D---- C:\Program Files\Fun4IM 2010-12-08 11:30:13 ----D---- C:\Program Files\WhiteSmoke 2010-12-07 20:22:22 ----D---- C:\Program Files\Quick Web Player 2010-12-07 16:43:42 ----A---- C:\TDSSKiller.2.4.10.1_07.12.2010_16.43.42_log.txt 2010-12-06 16:36:38 ----A---- C:\WINDOWS\zip.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\SWSC.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\SWREG.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\sed.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\PEV.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\NIRCMD.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\MBR.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\grep.exe 2010-12-06 16:29:48 ----D---- C:\Qoobox 2010-11-25 17:42:25 ----A---- C:\WINDOWS\system32\drivers\pavboot.sys 2010-11-17 11:22:12 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\Icones 2010-11-12 10:30:00 ----D---- C:\WINDOWS\system32\NtmsData 2010-11-12 10:27:58 ----A---- C:\WINDOWS\system32\javaws.exe 2010-11-12 10:27:58 ----A---- C:\WINDOWS\system32\javaw.exe 2010-11-12 10:27:58 ----A---- C:\WINDOWS\system32\java.exe 2010-11-12 10:22:32 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\Avira 2010-11-09 14:08:04 ----A---- C:\WINDOWS\system32\alka.dll.bak ======List of files/folders modified in the last 1 months====== 2010-12-08 15:22:21 ----D---- C:\WINDOWS\Prefetch 2010-12-08 15:22:14 ----D---- C:\Program Files\trend micro 2010-12-08 15:08:26 ----SD---- C:\WINDOWS\Tasks 2010-12-08 15:06:43 ----D---- C:\WINDOWS\system32\drivers 2010-12-08 15:06:42 ----AD---- C:\WINDOWS 2010-12-08 15:04:54 ----D---- C:\WINDOWS\system32\CatRoot2 2010-12-08 15:04:43 ----A---- C:\WINDOWS\system.ini 2010-12-08 15:04:42 ----A---- C:\WINDOWS\setuplog.txt 2010-12-08 15:04:33 ----D---- C:\WINDOWS\system32\drivers\etc 2010-12-08 15:03:50 ----D---- C:\WINDOWS\system32\config 2010-12-08 15:03:47 ----D---- C:\WINDOWS\ERDNT 2010-12-08 15:03:21 ----RD---- C:\Program Files 2010-12-08 15:02:42 ----D---- C:\WINDOWS\AppPatch 2010-12-08 15:02:42 ----D---- C:\Program Files\Fichiers communs 2010-12-08 15:02:42 ----AD---- C:\WINDOWS\system32 2010-12-08 14:59:43 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-12-08 12:24:30 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\Spotify 2010-12-08 11:42:08 ----RSD---- C:\WINDOWS\assembly 2010-12-08 11:41:19 ----D---- C:\WINDOWS\Microsoft.NET 2010-12-07 21:01:57 ----SHD---- C:\WINDOWS\Installer 2010-12-07 21:01:56 ----D---- C:\Config.Msi 2010-12-07 21:01:49 ----D---- C:\Program Files\Windows Live 2010-12-07 21:01:09 ----D---- C:\WINDOWS\system32\DirectX 2010-12-07 17:14:24 ----D---- C:\Program Files\LimeWire 2010-12-07 17:07:22 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\LimeWire 2010-12-06 17:29:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-12-06 10:19:17 ----D---- C:\Program Files\Mozilla Firefox 2010-12-02 17:06:42 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\dvdcss 2010-12-02 16:31:37 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2010-12-02 09:15:08 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-11-25 17:42:20 ----HD---- C:\WINDOWS\inf 2010-11-25 15:55:15 ----D---- C:\WINDOWS\twain_32 2010-11-22 15:22:49 ----SHD---- C:\System Volume Information 2010-11-22 15:19:33 ----D---- C:\WINDOWS\Registration 2010-11-22 15:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2010-11-12 10:32:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2010-11-12 10:29:59 ----D---- C:\WINDOWS\repair 2010-11-12 10:27:48 ----D---- C:\Program Files\Java 2010-11-12 10:11:42 ----D---- C:\WINDOWS\system32\Restore ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-07-23 14576] R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2007-07-23 99808] R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2008-08-19 324120] R0 pavboot;pavboot; C:\WINDOWS\system32\drivers\pavboot.sys [2009-06-30 28552] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-07-26 43872] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-08-17 126856] R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-07-23 30064] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520] R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-08-17 60936] R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [2007-07-23 37360] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [2007-07-23 32848] R2 DLADResM;DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [2007-07-23 9136] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [2007-07-23 108752] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [2007-07-23 27216] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [2007-07-23 16304] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [2007-07-23 98448] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [2007-07-23 93552] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-07-23 52000] R2 LANPkt;Realtek LANPkt Protocol Driver; C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2007-11-20 8960] R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320] R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232] R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936] R3 BCM43XX;Pilote de la carte réseau local sans fil Wireless de Dell; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-01-19 1391104] R3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-08-18 6044864] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-18 4752896] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2008-08-18 110080] R3 KeyScrambler;KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [2010-02-11 114952] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12288] R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-08-19 106368] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [] R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S0 drkudrv;drkudrv; C:\WINDOWS\system32\drivers\gqjak.sys [] S0 ipqisvpjaoieonx;ipqisvpjaoieonx; C:\WINDOWS\system32\drivers\lsyurm.sys [] S0 nojvhaw;nojvhaw; C:\WINDOWS\system32\drivers\kxbtxm.sys [] S0 vpbgwdjygacpwv;vpbgwdjygacpwv; C:\WINDOWS\system32\drivers\gvwhdqbip.sys [] S3 Diag69xp;Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [2007-12-03 11264] S3 encodfdi;encodfdi; C:\WINDOWS\system32\drivers\encodfdi.sys [2001-01-28 169464] S3 mbr;mbr; \??\C:\DOCUME~1\VIRGINIE\LOCALS~1\Temp\mbr.sys [] S3 RTLVLAN;Realtek VLAN Intermediate Driver; C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS [2007-11-20 16640] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368] S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928] S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752] S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952] S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960] S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-08-17 267944] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2007-12-12 65536] R2 Fun4IM Coordinator;Fun4IM Coordinator; C:\PROGRA~1\Fun4IM\Bandoo.exe [2010-08-23 1938880] R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-03 1043784] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2009-01-19 24576] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2007-12-12 1531989] S2 AMService;AMService; C:\WINDOWS\TEMP\cimr\setup.exe run [] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-12-04 354840] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] S3 stllssvr;stllssvr; C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe [2007-07-11 69632] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-02-10 435016] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

de **nardino** » 08 Déc 2010 21:23

Bonsoir,

Dans Démarrer, Exécuter tu tapes cmd et tu cliques sur OK.
-Au prompt, tu tapes sc delete AMService et tu appuies sur[Entrer] pour supprimer le service.
Cette suppression est irréversible.
Cette commande ne doit donc être utilisée qu'à bon escient sous le contrôle d'un dépanneur.
Le résultat sera affiché dans la même fenêtre.

ATTENTION. Cette procédure ne s'applique qu'au cas présent, toute copie peut entrainer des risques pour votre système.

Fichier à créer avec le blocnote et à enregistrer sous delete.txt.
Dans Format décoche "Retour automatique à la ligne".

Drivers to delete:
c:\windows\system32\drivers\gqjak.sys
c:\windows\system32\drivers\lsyurm.sys
c:\windows\system32\drivers\kxbtxm.sys
c:\windows\system32\drivers\gvwhdqbip.sys

Folders to delete:
c:\windows\TEMP\cimr
C:\PROGRA~1\WI9130~1

Files to delete:
C:\WINDOWS\system32\setup.exe
c:\windows\system32\drivers\gqjak.sys
c:\windows\system32\drivers\lsyurm.sys
c:\windows\system32\drivers\kxbtxm.sys
c:\windows\system32\drivers\gvwhdqbip.sys

Télécharge The Avenger 2 (de Swandog46) :

Enregistre le fichier sur le Bureau.
Décompresse Avenger.zip sur le Bureau.
Tu dois obtenir le fichier avenger.exe
Ferme tous tes programmes y compris la surveillance de ton antivirus.
Clique sur l'icône avenger.exe, il ne nécessite pas d'installation.
Sous Vista , clic droit dessus et Exécuter en tant qu'administrateur.
OK sur le message d'avertissement.
Clique sur l'icône Ouvrir un dossier en haut à gauche.
Dans l'arborescence, pointe sur le fichier delete.txt créé sur le bureau.
Clique sur Execute.
Il sera demandé si on veut redémarrer maintenant ou plus tard.
Une fois revenu sur la session un rapport va s'ouvrir.
Poste-le par copier-coller.
Il sera enregistré sous C:\avenger.txt
Une sauvegarde des suppressions sera créée dans le dossier c:\avenger\backups.

@+

de **Lucas** » 09 Déc 2010 17:07

Bonjour Nardino, voici les résultats de deux dernières manips.
Pour le service "sc delete AMService" c'est normalement fait.
Voici le rapport Avenger :

Code: Tout sélectionner: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\c:\windows\system32\drivers\gqjak.sys" not found! Deletion of driver "c:\windows\system32\drivers\gqjak.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\c:\windows\system32\drivers\lsyurm.sys" not found! Deletion of driver "c:\windows\system32\drivers\lsyurm.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\c:\windows\system32\drivers\kxbtxm.sys" not found! Deletion of driver "c:\windows\system32\drivers\kxbtxm.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\c:\windows\system32\drivers\gvwhdqbip.sys" not found! Deletion of driver "c:\windows\system32\drivers\gvwhdqbip.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: folder "c:\windows\TEMP\cimr" not found! Deletion of folder "c:\windows\TEMP\cimr" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Folder "C:\PROGRA~1\WI9130~1" deleted successfully. File "C:\WINDOWS\system32\setup.exe" deleted successfully. Error: file "c:\windows\system32\drivers\gqjak.sys" not found! Deletion of file "c:\windows\system32\drivers\gqjak.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\drivers\lsyurm.sys" not found! Deletion of file "c:\windows\system32\drivers\lsyurm.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\drivers\kxbtxm.sys" not found! Deletion of file "c:\windows\system32\drivers\kxbtxm.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\drivers\gvwhdqbip.sys" not found! Deletion of file "c:\windows\system32\drivers\gvwhdqbip.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate.

Je te joins également un rapport RSIT effectué après le passage d'Avenger :

Code: Tout sélectionner: Logfile of random's system information tool 1.08 (written by random/random) Run by VIRGINIE at 2010-12-09 17:09:14 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 275 GB (90%) free of 305 GB Total RAM: 3037 MB (85% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:09:28, on 09/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\PROGRA~1\Fun4IM\Bandoo.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\PROGRA~1\Fun4IM\BndCore.exe C:\Documents and Settings\VIRGINIE\Bureau\Désinfection Lucas\RSIT.exe C:\Program Files\trend micro\VIRGINIE.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/firefox R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.uk.msn.com/USSMB/7 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Fun4IM\Plugins\IE\ieplugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AMService] C:\WINDOWS\system32\setup.exe O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-20 Startup: Launch WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe (User 'SERVICE RÉSEAU') O4 - S-1-5-18 Startup: Launch WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Launch WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O20 - AppInit_DLLs: c:\progra~1\fun4im\bndhook.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: Fun4IM Coordinator - Discordia Limited - C:\PROGRA~1\Fun4IM\Bandoo.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 11107 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-137615074-2211993003-2770038294-1005.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-137615074-2211993003-2770038294-1005.job C:\WINDOWS\tasks\Recherche de problèmes automatique.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}] KeyScramblerBHO Class - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2010-10-12 796192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-24 341600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}] BandooIEPlugin Class - C:\Program Files\Fun4IM\Plugins\IE\ieplugin.dll [2010-08-23 2195456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-18 16806912] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-08-18 150040] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-08-18 178712] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-08-18 150040] "Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2009-01-19 2289664] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-12-04 186904] "dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384] "PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe [2001-07-23 200704] "SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-05-14 248552] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-03-24 202256] "Malwarebytes Anti-Malware (rootkit-scan)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-11-29 963976] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-17 281768] "AMService"=C:\WINDOWS\system32\setup.exe [] "DATAMNGR"=C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\progra~1\fun4im\bndhook.dll " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-08-18 217088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=0 "NoDriveAutoRun"=3 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=3 "NoDriveTypeAutoRun"=0 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" "C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" ======List of files/folders created in the last 1 months====== 2010-12-09 17:02:05 ----D---- C:\Avenger 2010-12-09 17:02:05 ----A---- C:\avenger.txt 2010-12-08 20:28:27 ----A---- C:\TDSSKiller.2.4.10.1_08.12.2010_20.28.27_log.txt 2010-12-08 20:22:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$ 2010-12-08 20:22:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$ 2010-12-08 20:22:36 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$ 2010-12-08 20:22:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$ 2010-12-08 20:22:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$ 2010-12-08 20:22:25 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$ 2010-12-08 20:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$ 2010-12-08 20:22:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$ 2010-12-08 20:22:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$ 2010-12-08 20:22:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$ 2010-12-08 20:21:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$ 2010-12-08 20:21:47 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$ 2010-12-08 20:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$ 2010-12-08 20:21:23 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$ 2010-12-08 20:21:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$ 2010-12-08 20:18:49 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$ 2010-12-08 20:18:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$ 2010-12-08 20:16:22 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$ 2010-12-08 20:16:18 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$ 2010-12-08 20:16:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$ 2010-12-08 20:16:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$ 2010-12-08 20:16:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$ 2010-12-08 20:15:58 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$ 2010-12-08 20:15:54 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$ 2010-12-08 20:15:51 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$ 2010-12-08 20:15:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$ 2010-12-08 20:14:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$ 2010-12-08 20:12:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$ 2010-12-08 20:12:55 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$ 2010-12-08 20:12:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$ 2010-12-08 19:43:53 ----D---- C:\UsbFix 2010-12-08 19:43:53 ----A---- C:\UsbFix.txt 2010-12-08 16:11:15 ----SHD---- C:\RECYCLER 2010-12-08 15:28:11 ----A---- C:\TDSSKiller.2.4.10.1_08.12.2010_15.28.11_log.txt 2010-12-08 15:27:30 ----A---- C:\TDSSKiller.2.4.10.1_08.12.2010_15.27.30_log.txt 2010-12-08 15:27:15 ----A---- C:\TDSSKiller.2.4.10.1_08.12.2010_15.27.15_log.txt 2010-12-08 15:25:07 ----A---- C:\WINDOWS\system32\drivers\rdpcdd.sys 2010-12-08 15:06:42 ----D---- C:\WINDOWS\temp 2010-12-08 15:06:41 ----A---- C:\ComboFix.txt 2010-12-08 14:59:36 ----D---- C:\ComboFix 2010-12-08 14:46:27 ----A---- C:\TDSSKiller.2.4.10.1_08.12.2010_14.46.27_log.txt 2010-12-08 14:41:08 ----A---- C:\TDSSKiller.2.4.10.1_08.12.2010_14.41.08_log.txt 2010-12-08 12:23:48 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\searchqutb 2010-12-08 11:31:48 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\Bandoo 2010-12-08 11:31:18 ----D---- C:\Documents and Settings\All Users\Application Data\Bandoo 2010-12-08 11:31:11 ----D---- C:\Documents and Settings\All Users\Application Data\Fun4IM 2010-12-08 11:31:07 ----D---- C:\Program Files\Fun4IM 2010-12-08 11:30:13 ----D---- C:\Program Files\WhiteSmoke 2010-12-07 20:22:22 ----D---- C:\Program Files\Quick Web Player 2010-12-07 16:43:42 ----A---- C:\TDSSKiller.2.4.10.1_07.12.2010_16.43.42_log.txt 2010-12-06 16:36:38 ----A---- C:\WINDOWS\zip.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\SWSC.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\SWREG.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\sed.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\PEV.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\NIRCMD.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\MBR.exe 2010-12-06 16:36:38 ----A---- C:\WINDOWS\grep.exe 2010-12-06 16:29:48 ----D---- C:\Qoobox 2010-11-25 17:42:25 ----A---- C:\WINDOWS\system32\drivers\pavboot.sys 2010-11-17 11:22:12 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\Icones 2010-11-12 10:30:00 ----D---- C:\WINDOWS\system32\NtmsData 2010-11-12 10:27:58 ----A---- C:\WINDOWS\system32\javaws.exe 2010-11-12 10:27:58 ----A---- C:\WINDOWS\system32\javaw.exe 2010-11-12 10:27:58 ----A---- C:\WINDOWS\system32\java.exe 2010-11-12 10:22:32 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\Avira ======List of files/folders modified in the last 1 months====== 2010-12-09 17:09:24 ----D---- C:\Program Files\trend micro 2010-12-09 17:09:22 ----D---- C:\WINDOWS\Prefetch 2010-12-09 17:03:21 ----SD---- C:\WINDOWS\Tasks 2010-12-09 17:02:59 ----D---- C:\WINDOWS\system32\CatRoot2 2010-12-09 17:02:56 ----AD---- C:\WINDOWS 2010-12-09 17:02:05 ----RD---- C:\Program Files 2010-12-09 17:02:05 ----D---- C:\WINDOWS\system32\drivers 2010-12-09 17:02:05 ----AD---- C:\WINDOWS\system32 2010-12-09 17:01:11 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-12-09 11:20:01 ----A---- C:\WINDOWS\setuplog.txt 2010-12-08 20:27:33 ----D---- C:\Config.Msi 2010-12-08 20:26:28 ----RSD---- C:\WINDOWS\assembly 2010-12-08 20:25:09 ----D---- C:\WINDOWS\Microsoft.NET 2010-12-08 20:22:58 ----SHD---- C:\WINDOWS\Installer 2010-12-08 20:22:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2010-12-08 20:22:46 ----HD---- C:\WINDOWS\inf 2010-12-08 20:22:45 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-12-08 20:22:42 ----HD---- C:\WINDOWS\$hf_mig$ 2010-12-08 20:22:41 ----A---- C:\WINDOWS\imsins.BAK 2010-12-08 20:22:23 ----D---- C:\WINDOWS\WinSxS 2010-12-08 20:19:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-12-08 20:17:32 ----D---- C:\Program Files\Internet Explorer 2010-12-08 20:17:28 ----D---- C:\WINDOWS\ie8updates 2010-12-08 20:16:08 ----D---- C:\Program Files\Outlook Express 2010-12-08 20:15:52 ----D---- C:\Program Files\Movie Maker 2010-12-08 19:26:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-12-08 15:04:43 ----A---- C:\WINDOWS\system.ini 2010-12-08 15:04:33 ----D---- C:\WINDOWS\system32\drivers\etc 2010-12-08 15:03:50 ----D---- C:\WINDOWS\system32\config 2010-12-08 15:03:47 ----D---- C:\WINDOWS\ERDNT 2010-12-08 15:02:42 ----D---- C:\WINDOWS\AppPatch 2010-12-08 15:02:42 ----D---- C:\Program Files\Fichiers communs 2010-12-08 12:24:30 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\Spotify 2010-12-07 21:01:49 ----D---- C:\Program Files\Windows Live 2010-12-07 21:01:09 ----D---- C:\WINDOWS\system32\DirectX 2010-12-07 17:14:24 ----D---- C:\Program Files\LimeWire 2010-12-07 17:07:22 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\LimeWire 2010-12-06 10:19:17 ----D---- C:\Program Files\Mozilla Firefox 2010-12-02 17:06:42 ----D---- C:\Documents and Settings\VIRGINIE\Application Data\dvdcss 2010-12-02 16:31:37 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2010-11-25 15:55:15 ----D---- C:\WINDOWS\twain_32 2010-11-22 15:22:49 ----SHD---- C:\System Volume Information 2010-11-22 15:19:33 ----D---- C:\WINDOWS\Registration 2010-11-22 15:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2010-11-12 10:32:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2010-11-12 10:29:59 ----D---- C:\WINDOWS\repair 2010-11-12 10:27:48 ----D---- C:\Program Files\Java 2010-11-12 10:11:42 ----D---- C:\WINDOWS\system32\Restore ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-07-23 14576] R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2007-07-23 99808] R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2008-08-19 324120] R0 pavboot;pavboot; C:\WINDOWS\system32\drivers\pavboot.sys [2009-06-30 28552] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-07-26 43872] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-08-17 126856] R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-07-23 30064] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520] R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-08-17 60936] R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [2007-07-23 37360] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [2007-07-23 32848] R2 DLADResM;DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [2007-07-23 9136] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [2007-07-23 108752] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [2007-07-23 27216] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [2007-07-23 16304] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [2007-07-23 98448] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [2007-07-23 93552] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-07-23 52000] R2 LANPkt;Realtek LANPkt Protocol Driver; C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2007-11-20 8960] R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320] R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232] R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936] R3 BCM43XX;Pilote de la carte réseau local sans fil Wireless de Dell; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-01-19 1391104] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-08-18 6044864] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-18 4752896] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2008-08-18 110080] R3 KeyScrambler;KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [2010-02-11 114952] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12288] R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-08-19 106368] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [] R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S0 drkudrv;drkudrv; C:\WINDOWS\system32\drivers\gqjak.sys [] S0 ipqisvpjaoieonx;ipqisvpjaoieonx; C:\WINDOWS\system32\drivers\lsyurm.sys [] S0 nojvhaw;nojvhaw; C:\WINDOWS\system32\drivers\kxbtxm.sys [] S0 vpbgwdjygacpwv;vpbgwdjygacpwv; C:\WINDOWS\system32\drivers\gvwhdqbip.sys [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 Diag69xp;Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [2007-12-03 11264] S3 encodfdi;encodfdi; C:\WINDOWS\system32\drivers\encodfdi.sys [2001-01-28 169464] S3 RTLVLAN;Realtek VLAN Intermediate Driver; C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS [2007-11-20 16640] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368] S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928] S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752] S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952] S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960] S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-08-17 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-08-17 267944] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2007-12-12 65536] R2 Fun4IM Coordinator;Fun4IM Coordinator; C:\PROGRA~1\Fun4IM\Bandoo.exe [2010-08-23 1938880] R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-03 1043784] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2009-01-19 24576] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2007-12-12 1531989] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-12-04 354840] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] S3 stllssvr;stllssvr; C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe [2007-07-11 69632] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-02-10 435016] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

Accueil

Forums

Actualités

Astuces

Annuaire

Boutique

Télécharger

Contact

Analyse RSIT

Analyse RSIT

Re: Analyse RSIT

Re: Analyse RSIT

Re: Analyse RSIT

Re: Analyse RSIT

Re: Analyse RSIT

Re: Analyse RSIT

Re: Analyse RSIT

Re: Analyse RSIT

Re: Analyse RSIT

Re: Analyse RSIT

Re: Analyse RSIT

Re: Analyse RSIT

Re: Analyse RSIT

Re: Analyse RSIT

Qui est en ligne