Application.prockill.BD Fermé

Question

Bonsoir, 

Mon ordi rame et quand je lui fais une analyse anti virus il me détecte Application.prockill.BD et bitdefender ne peut le supprimer.

Je ne connais pas grand chose en ordi (mais je me débrouille un peu, a part là, je n'ai pas su).

J'ai essayé scan online de bitdefender et lui non plus ne peut rien faire. je n'arrive pas as trouver sur internet de l'aide seul. Alors si quelqu'un pouvait m'aider se serait super sympas.

En plus, j'ai deux autre soucis.
je ne peux plus me servir de mon antivirus il ne veux rien savoir, j'ai du en faire une.
mais par contre, j'avais installer avast avec d'avoir bitdefender et je n'arrive pas a le surprimé de mon ordi.

Que fait de tous c'est soucis ?

pimprenelle27 · Accepted Answer

Fait ceci et poste moi le rapport à la suite de la question êtes vous aider par quelqu'un, répondre oui. Merci.

Télécharge GenProc sur ton bureau (Attention le fichier est un fichier zip)
Dézippe le dossier, double-clique sur GenProc.bat
En final, poste le contenu du rapport qui s'affiche.
Comment utiliser GenProc

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

IMPORTANT : poste le rapport et ne fais rien d'autre pour l'instant ( souvent il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement )

pimprenelle27 · Answer

Bonsoir,

Pour commencer :  faire un petit nettoyage de l'ordi et du registre avec Ccleaner, regarde bien le Tuto CCleaner

Ensuite :

Télécharge le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.

Renomme Hijackthis en Tutu

Double-clique sur HJTInstall.exe (tutu)  pour lancer le programme

Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis

Accepte la licence en cliquant sur le bouton "I Accept"

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum

Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement

Tutoriaux (ne fixe rien pour le moment !!)

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

vistav · Answer

Je ne peux pas renommer Hijackthis

Voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:24, on 14/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users	itival\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Windows\vVX6000.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\ehome\ehtray.exe
C:\Users	itival\AppData\Local\euyku.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\PROGRA~1\FREEDO~1\FDM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users	itival\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [euyku] "c:\users	itival\appdata\local\euyku.exe" euyku
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users	itival\AppData\LocalLow\Dealio\kb127es\DealioSearch.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe (file missing)

vistav · Answer

Désolé voici le bon rapport.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:48, on 14/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users	itival\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Windows\vVX6000.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\ehome\ehtray.exe
C:\Users	itival\AppData\Local\euyku.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\PROGRA~1\FREEDO~1\FDM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users	itival\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [euyku] "c:\users	itival\appdata\local\euyku.exe" euyku
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users	itival\AppData\LocalLow\Dealio\kb127es\DealioSearch.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe (file missing)

vistav · Answer

j'ai eu du mal a télécharger genpro en une fois je l'ai dézippé et je ne trouve pas genpro.bat.

Que doit-je faire ?

pimprenelle27 · Answer

tu as regardé le petit dessin que j'ai mis pour trouver genproc?

vistav · Answer

j'ai cliquer genpro sur le message lors du téléchargement il restait bloqué a 94 % j'ai du le relancer plusieur fois mais il restait bloqué au même en droit. une fois le téléchargement fini je l'ai dézipé et j'ai appuié sur genproc.bat sur le message mais rien.

pimprenelle27 · Answer

As tu fait ceci et redémarré ton ordi :

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

vistav · Answer

oui j'ai désactivé les comptes utilisateurs j'ai redémarer l'ordi.

pimprenelle27 · Answer

et ça donne quoi alors?

vistav · Answer

rien je n'ai aucun rapport.

pimprenelle27 · Answer

Fais un scan en ligne avec Internet explorer
Rend toi sur ce site : https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan

Voici un tutoriel

vistav · Answer

est-ce que je doit faire les deux analyse un avec panda et l'autre avec kaperski ?

pimprenelle27 · Answer

pourquoi kaspersky?

vistav · Answer

voici le scan de panda

Niveau de risque faible (42) Cookie/Apmebf Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@apmebf[1].txt
 
 Cookie/Bluestr... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users	itival\AppData\Roaming\Microsoft\Wi...s\Cookies	itival@bluestreak[1].txt
2. C:\Users\Invité\AppData\Roaming\Microsoft\Win...ookies\Low\invité@bluestreak[2].txt
 
 Cookie/Adserve... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...es\Low\david@adserver.easyad[1].txt
 
 Cookie/PointRo... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...\Cookies\david@ads.pointroll[2].txt
2. C:\Users\david\AppData\Roaming\Microsoft\Wind...kies\Low\david@ads.pointroll[1].txt
 
 Cookie/Server.... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...\david@server.iad.liveperson[1].txt
 
 Cookie/YieldMa... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...es\Low\david@ad.yieldmanager[2].txt
 
 Cookie/XXXCoun... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...Cookies\Low\david@xxxcounter[1].txt
 
 Cookie/Adtech Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\david@adtech[1].txt
2. C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@adtech[2].txt
 
 Cookie/Atlas D... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@atdmt[2].txt
2. C:\Users\Invité\AppData\Roaming\Microsoft\Win...ows\Cookies\Low\invité@atdmt[2].txt
3. C:\Users	itival\AppData\Roaming\Microsoft\Windows\Cookies	itival@atdmt[1].txt
4. C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\david@atdmt[2].txt
 
 Cookie/Weboram... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\david@weborama[2].txt
2. C:\Users\Invité\AppData\Roaming\Microsoft\Win...\Cookies\Low\invité@weborama[1].txt
3. C:\Users\david\AppData\Roaming\Microsoft\Wind...s\Cookies\Low\david@weborama[1].txt
 
 Cookie/Doublec... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\Invité\AppData\Roaming\Microsoft\Win...okies\Low\invité@doubleclick[1].txt
2. C:\Users\david\AppData\Roaming\Microsoft\Wind...ws\Cookies\david@doubleclick[1].txt
3. C:\Users\david\AppData\Roaming\Microsoft\Wind...ookies\Low\david@doubleclick[1].txt
4. C:\Users	itival\AppData\Roaming\Microsoft\Wi...\Cookies	itival@doubleclick[2].txt
5. C:\Users	itival\AppData\Roaming\Microsoft\Wi...\Cookies	itival@doubleclick[1].txt
 
 Cookie/Casalem... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...ookies\Low\david@casalemedia[2].txt
 
 Cookie/Mediapl... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users	itival\AppData\Roaming\Microsoft\Wi...ws\Cookies	itival@mediaplex[2].txt
2. C:\Users\david\AppData\Roaming\Microsoft\Wind...\Cookies\Low\david@mediaplex[2].txt
3. C:\Users\Invité\AppData\Roaming\Microsoft\Win...Cookies\Low\invité@mediaplex[1].txt
4. C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\david@mediaplex[1].txt
 
 Cookie/MetriWe... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...s\Cookies\Low\david@metriweb[2].txt
 
 Cookie/Traffic... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...\Cookies\Low\david@trafficmp[2].txt
 
 Cookie/Adrevol... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...Cookies\Low\david@adrevolver[1].txt
2. C:\Users	itival\AppData\Roaming\Microsoft\Wi...s\Cookies	itival@adrevolver[2].txt
3. C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\david@adrevolver[2].txt
 
 Cookie/Tribalf... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...okies\Low\david@tribalfusion[2].txt
 
 Cookie/Serving... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...Cookies\david@bs.serving-sys[1].txt
2. C:\Users\david\AppData\Roaming\Microsoft\Wind...ies\Low\david@bs.serving-sys[1].txt
3. C:\Users\Invité\AppData\Roaming\Microsoft\Win...es\Low\invité@bs.serving-sys[2].txt
 
 Cookie/Serving... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\Invité\AppData\Roaming\Microsoft\Win...okies\Low\invité@serving-sys[1].txt
2. C:\Users\david\AppData\Roaming\Microsoft\Wind...ookies\Low\david@serving-sys[2].txt
3. C:\Users\david\AppData\Roaming\Microsoft\Wind...ws\Cookies\david@serving-sys[1].txt
 
 Cookie/RealMed... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...okies\Low\david@247realmedia[1].txt
 
 Cookie/FastCli... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...\Cookies\Low\david@fastclick[1].txt
 
 Cookie/Sextrac... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...w\david@counter15.sextracker[2].txt
 
 Cookie/Zedo Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@zedo[2].txt
 
 Cookie/Smartad... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users	itival\AppData\Roaming\Microsoft\Wi...ookies	itival@smartadserver[3].txt
2. C:\Users	itival\AppData\Roaming\Microsoft\Wi...ookies	itival@smartadserver[2].txt
3. C:\Users\david\AppData\Roaming\Microsoft\Wind...\Cookies\david@smartadserver[2].txt
4. C:\Users\david\AppData\Roaming\Microsoft\Wind...kies\Low\david@smartadserver[1].txt
 
 Cookie/fe.lea.... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...okies\Low\david@fe.lea.lycos[1].txt
 
 Cookie/Adviva Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@adviva[2].txt
 
 Cookie/Starwar... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...Cookies\Low\david@h.starware[1].txt
 
 Cookie/Webtren... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...w\david@statse.webtrendslive[2].txt
 
 Cookie/Adverti... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...ws\Cookies\david@advertising[1].txt
2. C:\Users\david\AppData\Roaming\Microsoft\Wind...ookies\Low\david@advertising[1].txt
 
 Cookie/Tradedo... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...okies\Low\david@tradedoubler[2].txt
2. C:\Users\Invité\AppData\Roaming\Microsoft\Win...kies\Low\invité@tradedoubler[1].txt
 
 Cookie/SpyLog Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@spylog[1].txt
 
 Cookie/bravene... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...s\Cookies\Low\david@bravenet[2].txt
 
 Cookie/Xiti Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users	itival\AppData\Roaming\Microsoft\Windows\Cookies	itival@xiti[1].txt
2. C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\david@xiti[1].txt
3. C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@xiti[1].txt
4. C:\Users	itival\AppData\Roaming\Microsoft\Windows\Cookies	itival@xiti[2].txt
 
 Cookie/Mysearc... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\david@mysearch[2].txt
 
 Cookie/Statcou... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...ookies\Low\david@statcounter[2].txt
 
 Cookie/Yadro Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@yadro[2].txt
 
 Cookie/Adrevol... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...s\Low\david@media.adrevolver[3].txt
2. C:\Users\david\AppData\Roaming\Microsoft\Wind...okies\david@media.adrevolver[1].txt
 
 Cookie/Sextrac... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...Cookies\Low\david@sextracker[2].txt
 
 Cookie/Com.com Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@com[1].txt
 
 Cookie/Comclic... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\Invité\AppData\Roaming\Microsoft\Win...Low\invité@fl01.ct2.comclick[1].txt
2. C:\Users\david\AppData\Roaming\Microsoft\Wind...\Low\david@fl01.ct2.comclick[1].txt
 
 Cookie/Overtur... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...s\Cookies\Low\david@overture[1].txt
2. C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\david@overture[1].txt
 
 Cookie/Cgi-bin Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...\Low\david@www2.addfreestats[1].txt
 

Uniquement disponible en version payante.
Acheter - Je suis un client 
 Fichiers suspects (1)
 C:\Users\user\Free\Outils\MMedia\WinAmp\wa501_patch_fr.exe Non envoyé 

je fais quoi après ?

pimprenelle27 · Answer

il n'y a que ça qui semble être suspect  :


C:\Users\user\Free\Outils\MMedia\WinAmp\wa501_patch_fr.exe Non envoyé

un nouvel hijakthis.

vistav · Answer

comment ca un nouvel hijacthis ? et pour le reste ce n'est pas grave ? je l'ai enlève comment ? car j'ai l'ordi qui ram un peut trop a mon gout.

vistav · Answer

voici le scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:17, on 15/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users	itival\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Windows\vVX6000.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\FREEDO~1\FDM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users	itival\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users	itival\AppData\LocalLow\Dealio\kb127es\DealioSearch.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

pimprenelle27 · Answer

alors tu va me faire ceci : 

Télécharges ToolBar S&D ( de Eric_71/Team IDN ) :


  Tuto

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!  désactive ton antivirus.

* double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
* Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
* Choisis l'option 1 ( "recherche") et tapes "entrée" .
* Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
de son contenu dans ta prochaine réponse ...
( le rapport est en outre sauvegardé ici -> C:\TB.txt )

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

vistav · Answer

voici le rapport.


   -----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3700+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : titival ( Not Administrator ! )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1201 [VPS 000000-0] 4.8.1201 (Not Activated)
   A:\ (USB)
   C:\ (Local Disk) - NTFS - Total:126 Go (Free:84 Go)
   D:\ (CD or DVD)
   E:\ (Local Disk) - NTFS - Total:596 Go (Free:590 Go)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [1] ( 15/03/2009|23:31 )

   [ UAC => 1 ]

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\AskTBar
   C:\Program Files\AskTBar\bar
   C:\Program Files\AskTBar\bar\History
   C:\Program Files\AskTBar\bar\Settings
   C:\Program Files\AskTBar\bar\History\search2
   C:\Program Files\Search Settings
   C:\Program Files\Search Settings\kb127
   C:\Program Files\Search Settings\SearchSettings.exe
   C:\Program Files\Search Settings\kb127es
   C:\Program Files\Search Settings\kb127\SearchSettings.dll
   C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
   C:\Program Files\Search Settings\kb127	emp

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\Windows\system32\blank.htm"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.google.fr/?gws_rd=ssl"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="http://lo.st"
   "Default_Page_URL"="https://www.msn.com/fr-fr"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [ UAC => 1 ]


   1 - "C:\ToolBar SD\TB_1.txt" - 15/03/2009|23:25 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 15/03/2009|23:31 - Option : [1]

   -----------\  Fin du rapport a 23:31:29,65

pimprenelle27 · Answer

Nettoyage avec ToolBar S&D : Redémarre en mode sans échec comme indiqué  ici ;  Choisis ta session courante.


!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

Relances Toolbar-S&D en double-cliquant sur le raccourci.
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".

Note : ne touches à rien lors de la suppression !

Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse ... 

Ensuite ceci : 

Nettoyage avec ToolBar S&D : Redémarre en mode sans échec comme indiqué  ici ;  Choisis ta session courante.


!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

Relances Toolbar-S&D en double-cliquant sur le raccourci.
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".

Note : ne touches à rien lors de la suppression !

Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse ...

vistav · Answer

voici les rapports.

toolbar s&d


   -----------\  ToolBar S&D 1.2.8   XP/Vista


   "C:\Windows\system32" ( MAJ : 21-12-2008|20:47 )
   Option : [2] ( 16/03/2009| 8:31 )

   [ UAC => 1 ]

   -----------\   ...

Commande ECHO d‚sactiv‚e.


   --------------------\  

Commande ECHO d‚sactiv‚e.

   [ UAC => 1 ]


   1 - "C:\Windows\system32\TB_1.txt" - 16/03/2009| 8:23 - Option : [2]
   2 - "C:\Windows\system32\TB_2.txt" - 16/03/2009| 8:31 - Option : [2]

   -----------\    8:31:48,89

maintenant celui hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:32:43, on 16/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users	itival\AppData\LocalLow\Dealio\kb127es\DealioSearch.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

pimprenelle27 · Answer

ensuite fait ceci : 

Fait ceci et poste moi le rapport à la suite de la question êtes vous aider par quelqu'un, répondre oui. Merci.

Télécharge GenProc sur ton bureau (Attention le fichier est un fichier zip)
Dézippe le dossier, double-clique sur GenProc.bat
En final, poste le contenu du rapport qui s'affiche.
Comment utiliser GenProc

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

IMPORTANT : poste le rapport et ne fais rien d'autre pour l'instant ( souvent il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement )

vistav · Answer

le téléchargement de genpro reste bloqué sur 12 % du téléchargement en mode normal et en mode de téléchargement rapide il bloque à 94 %. que dois-je faire ?

pimprenelle27 · Answer

j'espère que celui là non : 

Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :


/!\ Déconnectes toi et fermes toutes applications en cours

&#9679; Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
&#9679; Double clique sur l'icône Ad-removersituée sur ton bureau
&#9679; Au menu principal choisi l'option "A"
&#9679; Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

vistav · Answer

le rapport est vide. pendant le scan il y avait écrit accès refusé.

pimprenelle27 · Answer

as tu désactivé le contrôle des comptes utilisateurs et redémaré l'ordi.

Escaflowne14850 · Answer

salut primprenelle 27

je serai là vers 13h00, le virus a du infecté un autre fichier. je t'expliquerai tout à 13h00

Coodialement,

Escaflowne

vistav · Answer

Je n'ai pas réactivé le controle des comptes depuis un bon moment. A moins que je n'est pas été au bonne endroit pour le désactivé. 
J'ai fait panneau de configuration, puis compte des utilisateurs, puis activé ou désactivé les comptes, puis j'ai désactivé les comptes et décoché la case utilisé les comptes (bien que cette case se recoche a chaque fois que j'y regarde). donc quand je retourne sur le compte des utilisateurs y écrit activé les comptes. Voilà.

pimprenelle27 · Answer

refait cette manip et redémarre bien ton ordi après.

vistav · Answer

c'est bon je n'avais pas retirer les mots de passe de chaque utilisateur. voici le rapport.


------- LOGFILE OF AD-REMOVER 1.1.1.8 | ONLY XP/VISTA -------

Updated by C_XX on 15/03/2009 at 12:00

Start at: 14:30:34, Mon 16/03/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows Vista™ Home Premium Service Pack 1 (version 6.0.6001)
Computer Name: VAL
Current User: titival - Administrator
Drive(s): 
- C:\  (File System: NTFS)
- E:\  (File System: NTFS)
System Drive: C:\
Windows Directory: C:\Windows\
System Directory: C:\Windows\System32\

--- Running Processes: 52
--- User Account Control is DISABLE

+-----------------| Boonty/Boonty Games Elements Found:

.
.

+-----------------| Eorezo Elements Found:

HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\EoRezo
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\EoEngine.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Eoengine
.
C:\Users	itival\AppData\Roaming\EoRezo
C:\Users\david\AppData\Roaming\Eorezo
C:\Users\user\AppData\Roaming\Eorezo
C:\Windows\Prefetch\SOFTWAREUPDATEHP.EXE-AEB80F45.pf 
C:\Users	itival\AppData\Roaming\Microsoft\Windows\Cookies	itival@eorezo[1].txt 
C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\david@eorezo[1].txt 
C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\david@scache.eorezo[2].txt 
C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\david@scache1.eorezo[1].txt 
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@eorezo[1].txt 

+-----------------| Infected Poker Softwares Elements Found:

.

+-----------------| FunWebProducts/MyWay/MyWebSearch Elements Found:

.
HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
.

+-----------------| It's TV Elements Found:

.
C:\Users\david\AppData\Roaming\ItsLabel
C:\Users\user\AppData\Roaming\ItsLabel

+-----------------| Sweetim Elements Found:

HKLM\Software\Macrogaming
HKU\S-1-5-18\Software\SWEETIE
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\Program Files\Macrogaming

+-----------------/!\ Other Adwares Found:

.
.
C:\Users	itival\AppData\Roaming\Microsoft\Windows\Cookies	itival@atdmt[2].txt 

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.6 ----

ProfilePath: 1bx7hgsw.default (titival)
.
.
(Prefs.js) FOUND: user_pref("browser.startup.homepage", "http://y.lo.st");
.
.
(Invalidprefs.js) FOUND: user_pref("browser.startup.homepage", "http://y.lo.st");
.
.

---- Internet Explorer Version 7.0.6001.18000 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://www.google.fr/

+-[HKEY_USERS\S-1-5-21-869160614-3211715476-4275654548-1004\..\Internet Explorer\Main]

Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://www.google.fr/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://fr.msn.com/
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://lo.st

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://y.lo.st

+---------------------------------------------------------------------------+

3997 Byte(s) - C:\Ad-Report-Scan-16.03.2009.log

0 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

End at: 14:33:41 | 16/03/2009
.
+-----------------| E.O.F - 87 Lines
.

pimprenelle27 · Answer

! Déconnectes toi et fermes toutes applications en cours !

Redémarre en mode sans échec comme indiqué  ici ;  Choisis ta session courante.

* Relances "Ad-remover" : au menu principal choisi l'option "B" .

--> le programme va travailler ...

* Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\

vistav · Answer

pas possible d'appliqué l'option B. Ad-remove indique  erreur "Delete.cmd" est manquant.

pimprenelle27 · Answer

tu peux réessayer, car tu as bien réussi à la lancer as tu fait en mode sans echec?

vistav · Answer

oui et en plus j'ai même réinstaller ad-aware.

pimprenelle27 · Answer

ad-aware. ce n'ai pas ça désolé.

vistav · Answer

désolé je me suis troppé sur le nom. J'ai bien relancé Ad-remover. je l'ai fait 3 fois en mode sans échec pour être sur de ne pas m'être trompé. je ne sais pas pourquoi il m'écrit ce message. l'option a a bien fonctionner mais pas l'option B.

pimprenelle27 · Answer

en mode normale cela donne la même chose?

vistav · Answer

je ne sais pas je n'ai pas essayé. je vais le faire et on verra bien.

vistav · Answer

cela ne change rien. j'ai le même message.

pimprenelle27 · Answer

FindyKill http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe  sur le Bureau.


Note importante : l'infection bagle s'installant au moyen d'un crack/keygen, tu dois IMPERATIVEMENT supprimer ce type de fichier.

# Etape 2/

Lance l'installation avec les paramètres par défaut
- Double-clique sur le raccourci FindyKill sur le Bureau (sous Vista : clic droit sur le raccourci --> Exécuter en temps qu'Administrateur)
- Au menu principal, sélectionne l'option 1 (Recherche)
et l option 4 : Recherche Cracks / Keygens
cette recherche se fait sur le pc et sur les disques amovibles , il est donc important qu ils soient branché ..
- Le rapport est sauvegardé à la racine du disque dur (C:\FindyKill.txt )
Avant de faire quoi que ce soit d'autre, il est fortement recommandé de poster le rapport sur le forum pour avoir l'avis d'un spécialiste.Après confirmation par un intervenant qualifié du forum, passe au nettoyage


Si besoin: Tutoriel

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

vistav · Answer

voici les rapports que j'ai eu.


################################### [ FindyKill V4.720 ] 

# User : titival (Administrateurs) # VAL
# Update on 12/03/09 by Chiquitine29
# Start at: 18:42:01 | 16/03/2009

# AMD Athlon(tm) 64 Processor 3700+
# Microsoft© Windows VistaT dition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1201 [VPS 000000-0] 4.8.1201 [ (!) Disabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # 126,95 Go (84,2 Go free) [VISTA] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 596,17 Go (590,74 Go free) [DISQUE DUR] # NTFS
 
################################### [ Cracks / Keygens ... ] 
 


 
################## [ ! Fin du rapport # FindyKill V4.720 ! ]  
 

############################## [ FindyKill V4.720 ] 

# User : titival (Administrateurs) # VAL
# Update on 12/03/09 by Chiquitine29
# Start at: 18:39:31 | 16/03/2009

# AMD Athlon(tm) 64 Processor 3700+
# Microsoft© Windows VistaT dition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1201 [VPS 000000-0] 4.8.1201 [ (!) Disabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # 126,95 Go (84,2 Go free) [VISTA] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 596,17 Go (590,74 Go free) [DISQUE DUR] # NTFS
 
############################## [ Processus actifs ] 
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32
vvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32undll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32unonce.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Windows\system32
otepad.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
 
################## [ Fichiers / Dossiers infectieux C:\ ] 
 
 
################## [ C:\Windows ] 
 
 
################## [ C:\Windows\system32 ] 
 
 
################## [ C:\Windows\system32\drivers ] 
 
 
################## [ C:\.. Application Data ... ] 
 
 
################## [ Registre / Clés infectieuses ] 
 
 
 
################## [ Recherche dans supports amovibles] 
 
# Presence des fichiers :  

 
################## [ Registre / Mountpoint2 ] 
 
# -> Not found ! 
 
################## [ ! Fin du rapport # FindyKill V4.720 ! ]  
 

############################## [ FindyKill V4.720 ] 

# User : titival (Administrateurs) # VAL
# Update on 12/03/09 by Chiquitine29
# Start at: 18:21:33 | 16/03/2009

# AMD Athlon(tm) 64 Processor 3700+
# Microsoft© Windows VistaT dition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1201 [VPS 000000-0] 4.8.1201 [ (!) Disabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # 126,95 Go (84,18 Go free) [VISTA] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 596,17 Go (590,74 Go free) [DISQUE DUR] # NTFS
 
############################## [ Active Processes ] 
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32
vvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32undll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\vVX6000.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
C:\PROGRA~1\FREEDO~1\FDM.exe
C:\Windows\system32\wbem\wmiprvse.exe
 
################## [ Infected Files / Folders C:\ ] 
 
 
################## [ C:\Windows ] 
 
 
################## [ C:\Windows\system32 ] 
 
 
################## [ C:\Windows\system32\drivers ] 
 
 
################## [ C:\.. Application Data ... ] 
 
 
################## [  Registry / Infected keys ]   
 
 
################## [ Cleaning Removable drives ]  
 
# Deleting files : 
 
Deleted ! - E:\autorun.inf  
 
################## [ Registry / Mountpoint2 ] 
 
# -> Not found ! 
 
################## [ Searching Other Infections ] 
 
# -> Nothing found.
 
################## [ ! End of Report # FindyKill V4.720 ! ] 
                    

################################### [ FindyKill V4.720 ] 

# User : titival (Administrateurs) # VAL
# Update on 12/03/09 by Chiquitine29
# Start at: 18:42:01 | 16/03/2009

# AMD Athlon(tm) 64 Processor 3700+
# Microsoft© Windows VistaT dition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1201 [VPS 000000-0] 4.8.1201 [ (!) Disabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # 126,95 Go (84,2 Go free) [VISTA] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 596,17 Go (590,74 Go free) [DISQUE DUR] # NTFS
 
################################### [ Cracks / Keygens ... ] 
 


 
################## [ ! Fin du rapport # FindyKill V4.720 ! ]

pimprenelle27 · Answer

tu peux réessayer STP. Merci.

vistav · Answer

je relance les mêmes étapes ? Pourquoi y un souci ?

pimprenelle27 · Answer

je parlais d'ad remover.

vistav · Answer

ok je le relance. je fais la dernière étape ou le tout ?

pimprenelle27 · Answer

non juste ad remover

vistav · Answer

en faite, je suis en mode sans échec sur vista et la j'ai réussi en mode sans échec a être sur l'option b. je supprime tout ? voici ce qu'il m'affiche :

A supprimer tout
1 sup boonty/boontyGames
2 Sup Eorézo
3 sup Logiciel de Poker infectés
4 sup FunwebProducts/MyWay/MyWebSearch
5 sup It's tv
6 sup Sweetin
7 sup Autres Adwares
D décocher tout
R retour au menu principal
Q Quitter
S supprimer les éléments cochés.

Attend réponse avant de choisir. Je suis sur mon ordinateur portable qui lui aussi doit avoir des soucis, mais on verrra après.

pimprenelle27 · Answer

oui supprimer tout.

Cesel45 · Answer

Salut

A voir tes infections...c'est normal que ton PC rama à mort.

Fait très attention à tes téléchargements...la toile en est pourri.

Va sur des sites de jeux quand il sont sûr.

1 sup boonty/boontyGames 2 Sup Eorézo 
3 sup Logiciel de Poker infectés 
4 sup FunwebProducts/MyWay/MyWebSearch --
Il y a qu'un mur qu'un tagueur ne pourra jamais taguer...C'est le mur du son.

vistav · Answer

Après, je fais quoi ?

pimprenelle27 · Answer

je peux voir le rapport.

vistav · Answer

oui je veux bien mais comment savoir qu'il son sure ?

cela fais un moment que mon ordi rame, m'ai je ne pensai pas que mon ordi était infecter. en tous cas maintenant je ferais plus attention.

Cesel45 · Answer

Un virus ne dit jamais coucou c'est moi je suis là...

Un virus c'est sournois.

Attention à tes surfs à l'avenir.

pimprenelle27 · Answer

Il faut sécuriser ton navigateur en prenant pas IE mais Firefox et en sécurisant Firefox voir ceci

vistav · Answer

oui mais je suis obligé de garder IE ? 
En plus je connais mieux la page d'IE et j'aime bien, par contre firefox est particulier.

Pour AD-revomer il y a une page violette et ecrit scan additionnel .. et un curseur qui clignote cela va durer longtemp ou pas.

pimprenelle27 · Answer

non normalement.

vistav · Answer

cela fais dix minute que le curseur clignote je fais quoi ? je peux lui faire un reset ?  ou pas .

pimprenelle27 · Answer

je ne pense pas que les fichiers soit supprimé?

vistav · Answer

alors qu'est-ce que je dois faire pour ce soir ? j'attend votre message et après je vous dit bonsoir et a demain vers 14h. Je veux juste savoir si je peux arrêter mon ordi jusqu'a demain. merci.

pimprenelle27 · Answer

c'est pas grave eteind le il va se reposer et demain on va réessayer.

vistav · Answer

ok merci et a demain après midi. j'y serais vers environ 14H. bonsoir.

pimprenelle27 · Answer

ok. à demain.

vistav · Answer

Bonjour, 

Je Fais quoi aujourd'hui.

vistav · Answer

j'ai fait un rapport hijackthis et voici ce qu'il m'affiche :Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:32:43, on 16/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users	itival\AppData\LocalLow\Dealio\kb127es\DealioSearch.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

pimprenelle27 · Answer

non moi ce que je veux c'est que tu me refasse un rapport adremover options 1. je doit partir, je reviens tout à l'heure.

vistav · Answer

Ok, a tout a l'heure.

vistav · Answer

voici le rapport :


------- LOGFILE OF AD-REMOVER 1.1.1.8 | ONLY XP/VISTA -------

Updated by C_XX on 15/03/2009 at 12:00

Start at: 15:31:31, Tue 17/03/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows Vista™ Home Premium Service Pack 1 (version 6.0.6001)
Computer Name: VAL
Current User: titival - Administrator
Drive(s): 
- C:\  (File System: NTFS)
- E:\  (File System: NTFS)
System Drive: C:\
Windows Directory: C:\Windows\
System Directory: C:\Windows\System32\

--- Running Processes: 51
--- User Account Control is DISABLE

+-----------------| Boonty/Boonty Games Elements Found:

.
.

+-----------------| Eorezo Elements Found:

HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\EoRezo
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\EoEngine.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Eoengine
.

+-----------------| Infected Poker Softwares Elements Found:

.

+-----------------| FunWebProducts/MyWay/MyWebSearch Elements Found:

.
HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
.

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

HKLM\Software\Macrogaming
HKU\S-1-5-18\Software\SWEETIE
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.

+-----------------/!\ Other Adwares Found:

.
.
C:\Users	itival\AppData\Roaming\Microsoft\Windows\Cookies	itival@bs.serving-sys[2].txt 

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.6 ----

ProfilePath: 1bx7hgsw.default (titival)
.
.
.
.
(Invalidprefs.js) FOUND: user_pref("browser.startup.homepage", "http://y.lo.st");
.
.

---- Internet Explorer Version 7.0.6001.18000 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-869160614-3211715476-4275654548-1004\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://fr.msn.com/
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://lo.st

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://y.lo.st

+---------------------------------------------------------------------------+

5825 Byte(s) - C:\Ad-Report-Clean-16.03.2009.log
4237 Byte(s) - C:\Ad-Report-Scan-16.03.2009.log
3847 Byte(s) - C:\Ad-Report-Scan-17.03.2009.log

2 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
7 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

End at: 15:34:34 | 17/03/2009
.
+-----------------| E.O.F - 79 Lines
.

pimprenelle27 · Answer

toutjours là donc fait moi l'option b ad remover en mode noramle. Merci.

vistav · Answer

oui, toujours là. ok c'est parti.

vistav · Answer

Alors, il est rester bloqué sur scan additionnel .. Cela fait une heure que le curseur clignote et voilà rien de plus depuis tout à l'heure.

pimprenelle27 · Answer

bon fait moi ceci  :

Etape 1/ Télécharge :

- FindyKill http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe  sur le Bureau.


Note importante : l'infection bagle s'installant au moyen d'un crack/keygen, tu dois IMPERATIVEMENT supprimer ce type de fichier.

# Etape 2/

Lance l'installation avec les paramètres par défaut
- Double-clique sur le raccourci FindyKill sur le Bureau (sous Vista : clic droit sur le raccourci --> Exécuter en temps qu'Administrateur)
- Au menu principal, sélectionne l'option 1 (Recherche)
et l option 4 : Recherche Cracks / Keygens
cette recherche se fait sur le pc et sur les disques amovibles , il est donc important qu ils soient branché ..
- Le rapport est sauvegardé à la racine du disque dur (C:\FindyKill.txt )
Avant de faire quoi que ce soit d'autre, il est fortement recommandé de poster le rapport sur le forum pour avoir l'avis d'un spécialiste.Après confirmation par un intervenant qualifié du forum, passe au nettoyage


Si besoin: Tutoriel

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

vistav · Answer

############################## [ FindyKill V4.720 ] 

# User : titival (Administrateurs) # VAL
# Update on 12/03/09 by Chiquitine29
# Start at: 22:09:40 | 17/03/2009

# AMD Athlon(tm) 64 Processor 3700+
# Microsoft© Windows VistaT dition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1201 [VPS 000000-0] 4.8.1201 [ (!) Disabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # 126,95 Go (84,22 Go free) [VISTA] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 596,17 Go (592,09 Go free) [DISQUE DUR] # NTFS
 
############################## [ Active Processes ] 
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32
vvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32undll32.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\vVX6000.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\conime.exe
C:\Windows\system32
otepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
 
################## [ Infected Files / Folders C:\ ] 
 
 
################## [ C:\Windows ] 
 
 
################## [ C:\Windows\system32 ] 
 
 
################## [ C:\Windows\system32\drivers ] 
 
 
################## [ C:\.. Application Data ... ] 
 
 
################## [  Registry / Infected keys ]   
 
 
################## [ Cleaning Removable drives ]  
 
# Deleting files : 
 
 
################## [ Registry / Mountpoint2 ] 
 
# -> Not found ! 
 
################## [ Searching Other Infections ] 
 
# -> Nothing found.
 
################## [ ! End of Report # FindyKill V4.720 ! ] 
                    
comment je fais pour savoir si j'ai bien supprimé le fichier crack/keygen.
j'ai fais l'option 1 et 4 plus la suppression. Mais je ne sais pas si j'ai supprimé crack/keygen.

pimprenelle27 · Answer

Pourquoi avoir fait supression je t'ai rien demander.

vistav · Answer

c'est sa qui a fait que j'ai supprimer :

Note importante : l'infection bagle s'installant au moyen d'un crack/keygen, tu dois IMPERATIVEMENT supprimer ce type de fichier.

Pourquoi je n'aurais pas du ?

vistav · Answer

Je vous dit bonsoir et à demain. Je serais connecter en fin de journée.

vistav · Answer

Bonsoir,

Que dois-je faire aujourd'hui ?

vistav · Answer

bonsoir et a demain. J'y serais vers environ 17 h.

pimprenelle27 · Answer

Fait moi un nouvel hiajackthis.

vistav · Answer

Bonjour,

Voici le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:41, on 19/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vVX6000.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users	itival\AppData\LocalLow\Dealio\kb127es\DealioSearch.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

vistav · Answer

Alors que donne le rapport ?

vistav · Answer

voici enfin le rapport genproc :

Rapport GenProc 2.452 [1] - 20/03/2009 à 21:20:13 - Windows Vista 
 
----------------------------------------------------------------------
 
~~ Arguments de la procédure ~~
 
# Détections [1] GenProc 2.452 20/03/2009 à 21:20:13 
Rustock: le 20/03/2009 à 21:20:13 "pe386" present 


Je ne sais pas s'il est entier car je n'ai pas peux le téléchargé entièrement Il restait bloqué a 94 %.

pimprenelle27 · Answer

Télécharger GMER ( http://www2.gmer.net/gmer.zip )
Extraire le contenu du ZIP puis renommer "gmer.exe" en "bypass.exe"
Onglet "Rootkit" ; cliquez sur "SCAN" puis patienter...
En fin de traitement cliquez sur "SAVE" et enregistrer sur votre bureau "150309.txt"
Double cliquez sur "150309.txt" ; le fichier s'ouvre dans le bloc-notes.
Copiez le contenu et collez le sur votre prochain message.

Ensuite ceci : 


Téléchargez SmitfraudFix et enregistrez-le sur le bureau
    * Ensuite, double cliquez sur SmitfraudFix puis sur Exécuter. (Sous Vista : clic droit sur SmitfraudFix et sélectionnez "Exécuter en tant qu'administrateur")
    * Sélectionnez 1 pour créer un rapport des fichiers responsables de l'infection.
    * A la fin de l'analyse, un rapport va être généré...Enregistrez-le sur le bureau.

Regarde bien le tuto qui est avec


/!\ Postez le rapport sur le forum pour savoir si la suppression peut être lancée.

En mode sans echec la suppression des fichiers présents.


process.exe
est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
http://www.beyondlogic.org/consulting/processutil/processutil.htm


Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

vistav · Answer

voici le rapport gmer :

GMER 1.0.15.14944 - http://www.gmer.net
Rootkit scan 2009-03-20 22:49:08
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT            \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys                                                ZwOpenProcess [0x98DF7B4C]
SSDT            \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys                                                ZwOpenThread [0x98DF7C3A]
SSDT            \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys                                                ZwTerminateProcess [0x98DF7AB0]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetTimerEx + 624                                                                               82108BE8 4 Bytes  [4C, 7B, DF, 98] {DEC ESP; JNP 0xffffffffffffffe2; CWDE }
.text           ntkrnlpa.exe!KeSetTimerEx + 640                                                                               82108C04 4 Bytes  [3A, 7C, DF, 98] {CMP BH, [EDI+EBX*8-0x68]}
.text           ntkrnlpa.exe!KeSetTimerEx + 854                                                                               82108E18 4 Bytes  [B0, 7A, DF, 98]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1712] ADVAPI32.dll!RegOpenKeyExA                       75D8D4E8 5 Bytes  JMP 004DF7BF C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Family Safety Service/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                          [74547BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                           [745898C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                       [7454D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                 [7453F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                           [74547599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                        [7453E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]            [7457B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]               [7454D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                       [7454012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                        [74540095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                         [745371F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                 [745CD802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                    [745675E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                       [7453DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                 [7453668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                [745366BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                   [74541E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\system32\services.exe[540] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]  00250002
IAT             C:\Windows\system32\services.exe[540] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW]        00250000

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver	dx \Device\Tcp                                                                                       bdftdif.sys
AttachedDevice  \Driver	dx \Device\Udp                                                                                       bdftdif.sys

---- EOF - GMER 1.0.15 ----
est-ce que je fait la suite ?

vistav · Answer

voici celu de smitfraudfix :

SmitFraudFix v2.405

Scan done at 22:55:53,33, 20/03/2009
Run from C:\Downloads\Software\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32
vvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32undll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vVX6000.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe
C:\Users	itival\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\PROGRA~1\FREEDO~1\FDM.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users	itival


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users	itival\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users	itival\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» E:\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,"


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240

HKLM\SYSTEM\CCS\Services\Tcpip\..\{203188B9-487A-45EB-AF36-1CD6BC38D6EF}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{AD6CC391-3FE9-41F3-B5EC-10C48651ED70}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{203188B9-487A-45EB-AF36-1CD6BC38D6EF}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AD6CC391-3FE9-41F3-B5EC-10C48651ED70}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{203188B9-487A-45EB-AF36-1CD6BC38D6EF}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{AD6CC391-3FE9-41F3-B5EC-10C48651ED70}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

attend pour faire la suite.

pimprenelle27 · Answer

Ok y a rien, Maintenant fait ceci : 

Telecharge malwarebytes

NB : S'il te manque COMCTL32.OCX alors télécharge le ici

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log


Tutoriaux

vistav · Answer

J'ai un souci avec malwarebyte. Il fait son scan et au bout d'une heure vingt il me dit qu'il y a un problème sans me dit quel est le problème. Que dois-je faire ?

pimprenelle27 · Answer

bon ba on va changer fait celui on verra après son problème : 

Pour commencer :  faire un petit nettoyage de l'ordi et du registre avec Ccleaner, regarde bien le Tuto CCleaner


Télécharge Superantispyware (SAS)



Choisis "enregistrer" et enregistre-le sur ton bureau.

Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

Créé une icône sur le bureau.

Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

- Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
- Sous Configuration and Preferences, clique sur le bouton "Preferences"
- Clique sur l'onglet "Scanning Control "
- Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
- Laisse les autres lignes décochées.

- Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

- Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

Dans la colonne de gauche, coche C:\Fixed Drive.

Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"

Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

Pour recopier les informations sur le forum, fais ceci :

- après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
- Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
- Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.

- Le rapport va s'ouvrir dans ton éditeur de texte par défaut.

- Copie son contenu dans ta réponse.


Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.

vistav · Answer

Voici le rapport de superantispyware :

SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 03/21/2009 at 11:44 PM

Application Version : 4.25.1014

Core Rules Database Version : 3808
Trace Rules Database Version: 1763

Scan type       : Complete Scan
Total Scan Time : 07:23:01

Memory items scanned      : 585
Memory threats detected   : 0
Registry items scanned    : 7104
Registry threats detected : 1
File items scanned        : 1338870
File threats detected     : 1656

Adware.Tracking Cookie
	C:\Users	itival\AppData\Roaming\Microsoft\Windows\Cookies	itival@doubleclick[1].txt
	C:\Users	itival\AppData\Roaming\Microsoft\Windows\Cookies	itival@smartadserver[3].txt
	C:\Users	itival\AppData\Roaming\Microsoft\Windows\Cookies	itival@xiti[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@2o7[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@ad.caradisiac[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@ad.zanox[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@adrevolver[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@ads.pointroll[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@adtech[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@advertising[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@advertstream[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@atdmt[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@audi.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@bluestreak[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@bnpparibasnet.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@bs.serving-sys[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@cetelem.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@conforamalancementsite.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@creditcooperatif.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@dolcegusto16avril11juin.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@doubleclick[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@fortuneopub.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@intermarche.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@intermarche2009.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@media.adrevolver[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@media.adrevolver[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@mediaplex[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@msnaccountservices.112.2o7[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@msnportal.112.2o7[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@overture[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@radiofrance.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@samsung.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@serving-sys[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@smartadserver[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@symphonis.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@tracker.affistats[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@xiti[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\david@yourmedia[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@1029.stats.misstrends[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@2101.stats.misstrends[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@247realmedia[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@2803.stats.misstrends[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@2o7[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@3479.stats.misstrends[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@630.stats.misstrends[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@635.stats.misstrends[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@648.stats.misstrends[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@653.stats.stats[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@680.stats.misstrends[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@699.stats.misstrends[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@747.stats.stats[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@815.stats.misstrends[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@account.live[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ad.altermedia[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ad.caradisiac[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ad.cibleclick[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ad.ifrance[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ad.proxad[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ad.uk.tangozebra[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ad.yieldmanager[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ad.zanox[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@adbrite[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@adcentriconline[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@adopt.euroclick[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@adrevolver[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ads.allotraffic[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ads.benegil[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ads.canalblog[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ads.eorezo[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ads.highmetrics[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ads.multimania.lycos[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ads.networldmedia[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ads.pixicast[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ads.planetactive[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ads.pointroll[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ads.rtl[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ads.us.e-planning[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ads.voir[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ads1.nsamedia[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ads2.afrik[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@adserver.alyzamedia[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@adserver.aol[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@adserver.easyad[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@adserver.futura-sciences[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@adtech[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@adv.surinter[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@advertising[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@advertstream[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@adviva[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@aimfar.solution.weborama[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@allezdiscount[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@aolfr.122.2o7[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@apmebf[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@argenius.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@atdmt[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@audi.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@bizrate[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@blackbox.weborama[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@bluestreak[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@bnpparibasnet.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@boursoramabanque.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@bravenet[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@bs.serving-sys[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@casalemedia[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@cdiscount[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@cetelem.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@chitika[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@cibleclick.azuria[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@click-fr[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@click.ccard-processing[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@clickintext[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@cnam.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@comeinmyworld.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@counter15.sextracker[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@creditcooperatif.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@dealtime[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@dolcegusto16avril11juin.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@doubleclick[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@dynamic.media.adrevolver[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@eas.apm.emediate[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ehg-danieljouvance.hitbox[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ehg-discoverynetwork.hitbox[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ehg-esignal.hitbox[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ehg-telecomitalia.hitbox[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ehg-youtube.hitbox[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@excite-fr.ads.trackset[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@fastclick[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@findextremevideo[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@findumonde[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@fl01.ct2.comclick[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@fnac.112.2o7[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@fr.16.slidein.clickintext[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@fr.classic.clickintext[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@fr.clickintext[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@free.mediadico[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@fructismen07mars06avril.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@garnieratelierdelacouleur.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@garnierultradoux.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@georgiapacificlotus.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@globalpublicmedia[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@h.starware[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@himedia.112.2o7[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@himedia.individuad[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@hitbox[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@iacas.adbureau[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@imrworldwide[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@indextools[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@insightexpressai[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@intermarche.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@intermarche2009.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@karavel.112.2o7[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@katoa.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@laredoute.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@lascad.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@login.tracking101[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@m1.webstats.motigo[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@maisondevalerie.112.2o7[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@media.adrevolver[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@media.adrevolver[3].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@media6degrees[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@mediametrics.mpsa[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@mediaplex[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@mediaservices.myspace[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@men.122.2o7[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@metacafe.122.2o7[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@mistergooddeal.112.2o7[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@msnaccountservices.112.2o7[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@msnportal.112.2o7[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@mypornmotion[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@neocounter.neoworx-blog-tools[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@nespresso.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@notrefamille.112.2o7[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@nrjmobile.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@optimost[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@overture[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@penpal-tradition[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@phyto.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@plagesexy[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@pornattitude[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@porno-fiesta[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@pro-market[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@proadult[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@psychomedia.qc[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@publicidad1.webfg[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@redcats.122.2o7[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@revision-auto-discount[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@roiservice[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@roitracking[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@rotator.adjuggler[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@samsung.solution.weborama[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@server.cpmstar[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@server.iad.liveperson[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@serving-sys[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@sextracker[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@sexyavenue[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@smartadserver[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@soldes-hiver-discount.zlio[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@specificclick[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@spylog[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@stat.blogorama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@stat.dealtime[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@stat.hi-pi[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@stat.one-clic[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@stat.spos[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@statcounter[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@stats.canalblog[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@stats.coerrance[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@stats.desinformations[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@stats.la-france-de-demain[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@stats.searchtrack[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@stats.sports[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@stats.tf1[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@statse.webtrendslive[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@statse.webtrendslive[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@statsweb.bnpparibas[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@tacoda[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@tamedia.individuad[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@toyotaauris21mars09avril.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@track.effiliation[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@track.espaceclient[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@tracker.affistats[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@tracker.esecure-transaction[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@tracking.lsfinteractive[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@tracking.publicidees[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@tracking.veille-referencement[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@tradedoubler[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@trafficmp[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@tribalfusion[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@try.starware[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ttbpgsm.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@vitamine.networldmedia[3].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@weba.cdiscount[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@weborama[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@windowsmobile.solution.weborama[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@www.3dstats[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@www.cibleclick[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@www.googleadservices[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@www.googleadservices[4].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@www.pornattitude[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@www.revision-auto-discount[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@www.robostats[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@www.sa-sex[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@www.sexe-au-bois[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@www.sexeautop[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@www.sexomatic[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@www.sexyavenue[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@www.smartadserver[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@www.teenplanetvoyeur[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@www.tonsexegratuit[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@www2.addfreestats[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@www7.addfreestats[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@xiti[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@xxx-loveuse-xxx-91.skyrock[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@xxx.video-bagarre[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@xxxcounter[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@yadro[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@yourmedia[1].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@zbox.zanox[2].txt
	C:\Documents and Settings\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@zedo[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@2o7[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@ad.caradisiac[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@ad.zanox[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@adrevolver[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@ads.pointroll[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@adtech[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@advertising[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@advertstream[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@atdmt[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@audi.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@bluestreak[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@bnpparibasnet.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@bs.serving-sys[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@cetelem.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@conforamalancementsite.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@creditcooperatif.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@dolcegusto16avril11juin.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@doubleclick[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@fortuneopub.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@intermarche.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@intermarche2009.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@media.adrevolver[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@media.adrevolver[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@mediaplex[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@msnaccountservices.112.2o7[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@msnportal.112.2o7[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@overture[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@radiofrance.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@samsung.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@serving-sys[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@smartadserver[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@symphonis.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@tracker.affistats[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@xiti[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\david@yourmedia[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@1029.stats.misstrends[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@2101.stats.misstrends[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@247realmedia[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@2803.stats.misstrends[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@2o7[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@3479.stats.misstrends[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@630.stats.misstrends[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@635.stats.misstrends[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@648.stats.misstrends[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@653.stats.stats[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@680.stats.misstrends[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@699.stats.misstrends[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@747.stats.stats[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@815.stats.misstrends[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@account.live[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ad.altermedia[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ad.caradisiac[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ad.cibleclick[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ad.ifrance[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ad.proxad[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ad.uk.tangozebra[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ad.yieldmanager[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ad.zanox[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@adbrite[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@adcentriconline[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@adopt.euroclick[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@adrevolver[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ads.allotraffic[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ads.benegil[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ads.canalblog[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ads.eorezo[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ads.highmetrics[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ads.multimania.lycos[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ads.networldmedia[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ads.pixicast[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ads.planetactive[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ads.pointroll[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ads.rtl[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ads.us.e-planning[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ads.voir[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ads1.nsamedia[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ads2.afrik[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@adserver.alyzamedia[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@adserver.aol[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@adserver.easyad[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@adserver.futura-sciences[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@adtech[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@adv.surinter[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@advertising[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@advertstream[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@adviva[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@aimfar.solution.weborama[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@allezdiscount[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@aolfr.122.2o7[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@apmebf[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@argenius.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@atdmt[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@audi.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@bizrate[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@blackbox.weborama[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@bluestreak[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@bnpparibasnet.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@boursoramabanque.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@bravenet[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@bs.serving-sys[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@casalemedia[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@cdiscount[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@cetelem.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@chitika[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@cibleclick.azuria[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@click-fr[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@click.ccard-processing[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@clickintext[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@cnam.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@comeinmyworld.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@counter15.sextracker[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@creditcooperatif.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@dealtime[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@dolcegusto16avril11juin.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@doubleclick[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@dynamic.media.adrevolver[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@eas.apm.emediate[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ehg-danieljouvance.hitbox[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ehg-discoverynetwork.hitbox[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ehg-esignal.hitbox[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ehg-telecomitalia.hitbox[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ehg-youtube.hitbox[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@excite-fr.ads.trackset[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@fastclick[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@findextremevideo[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@findumonde[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@fl01.ct2.comclick[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@fnac.112.2o7[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@fr.16.slidein.clickintext[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@fr.classic.clickintext[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@fr.clickintext[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@free.mediadico[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@fructismen07mars06avril.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@garnieratelierdelacouleur.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@garnierultradoux.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@georgiapacificlotus.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@globalpublicmedia[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@h.starware[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@himedia.112.2o7[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@himedia.individuad[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@hitbox[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@iacas.adbureau[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@imrworldwide[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@indextools[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@insightexpressai[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@intermarche.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@intermarche2009.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@karavel.112.2o7[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@katoa.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@laredoute.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@lascad.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@login.tracking101[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@m1.webstats.motigo[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@maisondevalerie.112.2o7[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@media.adrevolver[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@media.adrevolver[3].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@media6degrees[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@mediametrics.mpsa[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@mediaplex[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@mediaservices.myspace[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@men.122.2o7[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@metacafe.122.2o7[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@mistergooddeal.112.2o7[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@msnaccountservices.112.2o7[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@msnportal.112.2o7[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@mypornmotion[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@neocounter.neoworx-blog-tools[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@nespresso.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@notrefamille.112.2o7[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@nrjmobile.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@optimost[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@overture[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@penpal-tradition[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@phyto.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@plagesexy[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@pornattitude[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@porno-fiesta[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@pro-market[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@proadult[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@psychomedia.qc[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@publicidad1.webfg[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@redcats.122.2o7[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@revision-auto-discount[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@roiservice[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@roitracking[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@rotator.adjuggler[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@samsung.solution.weborama[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@server.cpmstar[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@server.iad.liveperson[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@serving-sys[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@sextracker[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@sexyavenue[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@smartadserver[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@soldes-hiver-discount.zlio[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@specificclick[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@spylog[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@stat.blogorama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@stat.dealtime[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@stat.hi-pi[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@stat.one-clic[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@stat.spos[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@statcounter[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@stats.canalblog[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@stats.coerrance[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@stats.desinformations[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@stats.la-france-de-demain[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@stats.searchtrack[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@stats.sports[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@stats.tf1[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@statse.webtrendslive[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@statse.webtrendslive[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@statsweb.bnpparibas[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@tacoda[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@tamedia.individuad[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@toyotaauris21mars09avril.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@track.effiliation[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@track.espaceclient[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@tracker.affistats[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@tracker.esecure-transaction[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@tracking.lsfinteractive[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@tracking.publicidees[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@tracking.veille-referencement[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@tradedoubler[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@trafficmp[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@tribalfusion[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@try.starware[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@ttbpgsm.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@vitamine.networldmedia[3].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@weba.cdiscount[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@weborama[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@windowsmobile.solution.weborama[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@www.3dstats[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@www.cibleclick[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@www.googleadservices[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@www.googleadservices[4].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@www.pornattitude[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@www.revision-auto-discount[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@www.robostats[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@www.sa-sex[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@www.sexe-au-bois[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@www.sexeautop[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@www.sexomatic[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@www.sexyavenue[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@www.smartadserver[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@www.teenplanetvoyeur[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@www.tonsexegratuit[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@www2.addfreestats[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@www7.addfreestats[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@xiti[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@xxx-loveuse-xxx-91.skyrock[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@xxx.video-bagarre[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@xxxcounter[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@yadro[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@yourmedia[1].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@zbox.zanox[2].txt
	C:\Documents and Settings\david\Application Data\Microsoft\Windows\Cookies\Low\david@zedo[2].txt
	C:\Documents and Settings\david\Cookies\david@2o7[1].txt
	C:\Documents and Settings\david\Cookies\david@ad.caradisiac[2].txt
	C:\Documents and Settings\david\Cookies\david@ad.zanox[2].txt
	C:\Documents and Settings\david\Cookies\david@adrevolver[2].txt
	C:\Documents and Settings\david\Cookies\david@ads.pointroll[2].txt
	C:\Documents and Settings\david\Cookies\david@adtech[1].txt
	C:\Documents and Settings\david\Cookies\david@advertising[1].txt
	C:\Documents and Settings\david\Cookies\david@advertstream[1].txt
	C:\Documents and Settings\david\Cookies\david@atdmt[2].txt
	C:\Documents and Settings\david\Cookies\david@audi.solution.weborama[2].txt
	C:\Documents and Settings\david\Cookies\david@bluestreak[2].txt
	C:\Documents and Settings\david\Cookies\david@bnpparibasnet.solution.weborama[2].txt
	C:\Documents and Settings\david\Cookies\david@bs.serving-sys[1].txt
	C:\Documents and Settings\david\Cookies\david@cetelem.solution.weborama[2].txt
	C:\Documents and Settings\david\Cookies\david@conforamalancementsite.solution.weborama[2].txt
	C:\Documents and Settings\david\Cookies\david@creditcooperatif.solution.weborama[2].txt
	C:\Documents and Settings\david\Cookies\david@dolcegusto16avril11juin.solution.weborama[2].txt
	C:\Documents and Settings\david\Cookies\david@doubleclick[1].txt
	C:\Documents and Settings\david\Cookies\david@fortuneopub.solution.weborama[2].txt
	C:\Documents and Settings\david\Cookies\david@intermarche.solution.weborama[2].txt
	C:\Documents and Settings\david\Cookies\david@intermarche2009.solution.weborama[2].txt
	C:\Documents and Settings\david\Cookies\david@media.adrevolver[1].txt
	C:\Documents and Settings\david\Cookies\david@media.adrevolver[2].txt
	C:\Documents and Settings\david\Cookies\david@mediaplex[1].txt
	C:\Documents and Settings\david\Cookies\david@msnaccountservices.112.2o7[1].txt
	C:\Documents and Settings\david\Cookies\david@msnportal.112.2o7[1].txt
	C:\Documents and Settings\david\Cookies\david@overture[1].txt
	C:\Documents and Settings\david\Cookies\david@radiofrance.solution.weborama[2].txt
	C:\Documents and Settings\david\Cookies\david@samsung.solution.weborama[2].txt
	C:\Documents and Settings\david\Cookies\david@serving-sys[1].txt
	C:\Documents and Settings\david\Cookies\david@smartadserver[2].txt
	C:\Documents and Settings\david\Cookies\david@symphonis.solution.weborama[2].txt
	C:\Documents and Settings\david\Cookies\david@tracker.affistats[2].txt
	C:\Documents and Settings\david\Cookies\david@weborama[2].txt
	C:\Documents and Settings\david\Cookies\david@xiti[1].txt
	C:\Documents and Settings\david\Cookies\david@yourmedia[1].txt
	C:\Documents and Settings\david\Cookies\Low\david@1029.stats.misstrends[2].txt
	C:\Documents and Settings\david\Cookies\Low\david@2101.stats.misstrends[2].txt
	C:\Documents and Settings\david\Cookies\Low\david@247realmedia

pimprenelle27 · Answer

Supprimes tout ce qu'il a trouvé ensuite fait ceci : 

Télécharger RemoveIT Pro

Fais un scan et poste moi le full rapport log.

A la fin du 1er scan, s'il demande de faire un scan complet dite oui et à la fin du 2ème scan, si virus trouvé cliquez sur fix pour nettoyer des virus trouvés.

vistav · Answer

Scan avec removeIT pro a fonctionner mais il na pas pu tout supprimé voici ce qu'il m'indique :

Cannot clean file
c:/Windows/System32/DriverStore/FileRepository/Ivelch.inf_986f6c7b/Ivcoinst.dll
please try to delete this file manually

6 alerts have been cleaned !

Notes :
1.If some viruses has not been cleaned please try to deleted those files manually or restart your computer in Safe Mode then Scan again.
2.This version is only simple detection tool without advanced clearing techniques and preventions, For powerful protection purchase our RemoveIT Pro Entreprise tool for only 15$ and get yourself protected!

j'ai essayer de relancer remove en mode sans échec mais y'a un souci. 

Que dois-je faire ?

pimprenelle27 · Answer

Je ne suis pas très bonne en anglais mais je comprends qu'il n'a pu le supprimer et donc il faut le faire manuellement  :  c:/Windows/System32/DriverStore/FileRepository/Ivelch.inf_98­6f6c7b/Ivcoinst.dll
please try to delete this file manually

vistav · Answer

oui mais comment je fais manuellement ?

pimprenelle27 · Answer

tu va dans c:/Windows/System32/DriverStore/FileRepository/Ivelch.inf_98­­6f6c7b

vistav · Answer

je ne peux pas le supprimer car il me dit que je doit disposer d'une autorisation.

pimprenelle27 · Answer

tu es l'administrateur de l'ordi?

vistav · Answer

C'est pas moi qui est installer vista quand je l'ai acheter. si je ne me trompe pas c'est user qui est l'administrateur. Sur mon ordi il y a User, val et david c'est tout ce que je peux dire. après je n'y connais pas grand chose. je sais qu'une chose c'est que la plupart du temps quand je fais une manip il me demande si je suis l'administrateur et je répond oui.

pimprenelle27 · Answer

pas grave fait ceci on va voir s'il reste des virus : 

Fais un scan en ligne avec Internet explorer
Rend toi sur ce site : https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan

Voici un tutoriel

vistav · Answer

ok je fais ca demain bonne soir.

vistav · Answer

Voici le scan panda :

Résultats 
Analyse
Recherche de virus, logiciels espions, chevaux de Troie et autres menaces. Ce processus peut prendre plus d’une heure, selon la quantité d’informations stockées sur votre ordinateur.

100% 
Elément en cours: E:\works\MSWORKS\Works7.msi[unk_0081]
Fichiers analysés : 675061 
Fichiers infectés : 18 
Fichiers suspects détectés : 1 
Vulnérabilités détectées : 0 
 
Vous êtes infecté !

Nous avons détecté que la protection Bitdefender Antivirus de votre PC est activée et à jour.

Niveau de risque faible (12) Cookie/Xiti Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users	itival\AppData\Roaming\Microsoft\Windows\Cookies	itival@xiti[1].txt
2. C:\Users	itival\AppData\Roaming\Microsoft\Windows\Cookies	itival@xiti[2].txt
 
 Cookie/Serving... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users	itival\AppData\Roaming\Microsoft\Wi...okies	itival@bs.serving-sys[1].txt
2. C:\Program Files\Ad-remover\TOOLS\QUARANTINE	itival@bs.serving-sys[3].txt
3. C:\Program Files\Ad-remover\TOOLS\QUARANTINE	itival@bs.serving-sys[2].txt
 
 Cookie/Smartad... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users	itival\AppData\Roaming\Microsoft\Wi...ookies	itival@smartadserver[2].txt
2. C:\Users	itival\AppData\Roaming\Microsoft\Wi...ookies	itival@smartadserver[1].txt
 
 Cookie/Serving... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users	itival\AppData\Roaming\Microsoft\Wi...\Cookies	itival@serving-sys[2].txt
 
 Cookie/Adverti... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users	itival\AppData\Roaming\Microsoft\Wi...\Cookies	itival@advertising[1].txt
 
 Cookie/Com.com Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@com[1].txt
 
 Cookie/Atlas D... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Program Files\Ad-remover\TOOLS\QUARANTINE	itival@atdmt[2].txt
 
 Cookie/fe.lea.... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...okies\Low\david@fe.lea.lycos[1].txt
 
 Application/IE... Application de surveillance Latent(e) Masquer +Infos   
 1. C:\Windows\System32\IEDFix.C.exe
2. C:\Downloads\Software\SmitfraudFix\IEDFix.C.exe
 
 Cookie/MetriWe... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Wind...s\Cookies\Low\david@metriweb[2].txt
 
 Cookie/Doublec... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users	itival\AppData\Roaming\Microsoft\Wi...\Cookies	itival@doubleclick[2].txt
2. C:\Users	itival\AppData\Roaming\Microsoft\Wi...\Cookies	itival@doubleclick[1].txt
 
 Cookie/Mysearc... Cookie de surveillance Latent(e) Masquer +Infos   
 1. C:\Users\david\AppData\Roaming\Microsoft\Windows\Cookies\david@mysearch[2].txt
 
 Fichiers suspects (1)
 C:\Users\user\Free\Outils\MMedia\WinAmp\wa501_patch_fr.exe

pimprenelle27 · Answer

y a plus rien sauf celui ci qui parait suspect tu connais  : 

C:\Users\user\Free\Outils\MMedia\WinAmp\wa501_patch_fr.exe

vistav · Answer

non pas du tout. et pour le system 32 je fais comment alors ?

pimprenelle27 · Answer

tu parle de quel système 32?

vistav · Answer

Je parlais de lui :

c:/Windows/System32/DriverStore/FileRepository/Ivelch.inf_98­6f6c7b/Ivcoinst.dll 

Et pour lui je fais quoi ?


C:\Users\user\Free\Outils\MMedia\WinAmp\wa501_patch_fr.exe 

Je trouve toujours que mon ordi rame toujours surtout au démarrage de m session.

pimprenelle27 · Answer

Fait quand même ceci : 

Etape 1/ Télécharge :

- FindyKill http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe  sur le Bureau.


Note importante : l'infection bagle s'installant au moyen d'un crack/keygen, tu dois IMPERATIVEMENT supprimer ce type de fichier.

# Etape 2/

Lance l'installation avec les paramètres par défaut
- Double-clique sur le raccourci FindyKill sur le Bureau (sous Vista : clic droit sur le raccourci --> Exécuter en temps qu'Administrateur)
- Au menu principal, sélectionne l'option 1 (Recherche)
et l option 4 : Recherche Cracks / Keygens
cette recherche se fait sur le pc et sur les disques amovibles , il est donc important qu ils soient branché ..
- Le rapport est sauvegardé à la racine du disque dur (C:\FindyKill.txt )
Avant de faire quoi que ce soit d'autre, il est fortement recommandé de poster le rapport sur le forum pour avoir l'avis d'un spécialiste.Après confirmation par un intervenant qualifié du forum, passe au nettoyage


Si besoin: Tutoriel

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

vistav · Answer

Voici l
############################## [ FindyKill V4.720 ] 

# User : titival (Administrateurs) # VAL
# Update on 22/03/09 by Chiquitine29
# Start at: 11:56:40 | 24/03/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 Processor 3700+
# Microsoft© Windows VistaT dition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1201 [VPS 000000-0] 4.8.1201 [ (!) Disabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # 126,95 Go (84,34 Go free) [VISTA] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 596,17 Go (570,38 Go free) [DISQUE DUR] # NTFS
# F:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
# G:\ # Disque amovible # 3,81 Go (3,72 Go free) [VAL 2] # FAT32
# H:\ # Disque amovible # 1,88 Go (1,88 Go free) [VAL] # FAT32
# I:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
# J:\ # Disque amovible # 3,81 Go (3,71 Go free) [VAL 1] # FAT32
 
############################## [ Processus actifs ] 
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32
vvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32undll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vVX6000.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\PROGRA~1\FREEDO~1\FDM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
 
################## [ Fichiers / Dossiers infectieux C:\ ] 
 
 
################## [ C:\Windows ] 
 
 
################## [ C:\Windows\system32 ] 
 
 
################## [ C:\Windows\system32\drivers ] 
 
 
################## [ C:\.. Application Data ... ] 
 
 
################## [ Registre / Clés infectieuses ] 
 
 
 
################## [ Recherche dans supports amovibles] 
 
 
# Contenu de l'autorun : F:\autorun.inf  

[AutoRun] 
open=LaunchU3.exe -a
icon=LaunchU3.exe,0 

[Definitions]
Launchpad=LaunchPad.exe
Vtype=2

[CopyFiles]
FileNumber=1
File1=LaunchPad.zip

[Update]
URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.4.0.4&brand=cruzer


[Comment]
brand=cruzer
 
# Contenu de l'autorun : I:\autorun.inf  

[AutoRun] 
open=LaunchU3.exe -a
icon=LaunchU3.exe,0 

[Definitions]
Launchpad=LaunchPad.exe
Vtype=2

[CopyFiles]
FileNumber=1
File1=LaunchPad.zip

[Update]
URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.4.0.4&brand=cruzer


[Comment]
brand=cruzer
# Presence des fichiers :  

Found ! [12/02/2007 20:53][-r-------] - F:\autorun.inf 
Found ! [12/02/2007 20:53][-r-------] - I:\autorun.inf 
 
################## [ Registre / Mountpoint2 ] 
 
# -> Not found ! 
 
################## [ ! Fin du rapport # FindyKill V4.720 ! ]  
 
es résultats de findykill option 1 :

pimprenelle27 · Answer

Etape 3/

Branche toutes tes sources de données externes au PC (clés USB, disques durs externes, lecteurs mp3, iPod...) sans les ouvrir- Relance FindyKill,
- Cette fois, sélectionne l'option 2 (Suppression) au menu principal.
- Il y aura 1 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "Nettoyage effectué !"
- Ensuite poste le rapport C:\FindyKill.txt

vistav · Answer

et voici maintenant les résultats de l'option 4 :


################################### [ FindyKill V4.720 ] 

# User : titival (Administrateurs) # VAL
# Update on 22/03/09 by Chiquitine29
# Start at: 11:59:27 | 24/03/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 Processor 3700+
# Microsoft© Windows VistaT dition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1201 [VPS 000000-0] 4.8.1201 [ (!) Disabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # 126,95 Go (84,34 Go free) [VISTA] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 596,17 Go (570,38 Go free) [DISQUE DUR] # NTFS
# F:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
# G:\ # Disque amovible # 3,81 Go (3,72 Go free) [VAL 2] # FAT32
# H:\ # Disque amovible # 1,88 Go (1,88 Go free) [VAL] # FAT32
# I:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
# J:\ # Disque amovible # 3,81 Go (3,71 Go free) [VAL 1] # FAT32
 
################################### [ Cracks / Keygens ... ] 
################## [ ! Fin du rapport # FindyKill V4.720 ! ]

vistav · Answer

voici les résultats de l'option 2 :


############################## [ FindyKill V4.720 ] 

# User : titival (Administrateurs) # VAL
# Update on 22/03/09 by Chiquitine29
# Start at: 12:02:30 | 24/03/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 Processor 3700+
# Microsoft© Windows VistaT dition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1201 [VPS 000000-0] 4.8.1201 [ (!) Disabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # 126,95 Go (84,34 Go free) [VISTA] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 596,17 Go (570,38 Go free) [DISQUE DUR] # NTFS
# F:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
# G:\ # Disque amovible # 3,81 Go (3,72 Go free) [VAL 2] # FAT32
# H:\ # Disque amovible # 1,88 Go (1,88 Go free) [VAL] # FAT32
# I:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
# J:\ # Disque amovible # 3,81 Go (3,71 Go free) [VAL 1] # FAT32
 
############################## [ Active Processes ] 
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32
vvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32undll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\vVX6000.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\PROGRA~1\FREEDO~1\FDM.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
 
################## [ Infected Files / Folders C:\ ] 
 
 
################## [ C:\Windows ] 
 
 
################## [ C:\Windows\system32 ] 
 
 
################## [ C:\Windows\system32\drivers ] 
 
 
################## [ C:\.. Application Data ... ] 
 
 
################## [  Registry / Infected keys ]   
 
 
################## [ Cleaning Removable drives ]  
 
# Deleting files : 
 
Not deleted !! - F:\autorun.inf  
Not deleted !! - I:\autorun.inf  
 
################## [ Registry / Mountpoint2 ] 
 
# -> Not found ! 
 
################## [ Searching Other Infections ] 
 
# -> Nothing found.
 
################## [ ! End of Report # FindyKill V4.720 ! ]

pimprenelle27 · Answer

Not deleted !! - F:\autorun.inf
Not deleted !! - I:\autorun.inf 


ça n'a pas marché, tu n'a pas enlever tes lecteur F et I?

vistav · Answer

voici le rapport sans les lecteurs.


############################## [ FindyKill V4.720 ] 

# User : titival (Administrateurs) # VAL
# Update on 22/03/09 by Chiquitine29
# Start at: 17:54:52 | 24/03/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 Processor 3700+
# Microsoft© Windows VistaT dition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1201 [VPS 000000-0] 4.8.1201 [ (!) Disabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # 126,95 Go (84,32 Go free) [VISTA] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 596,17 Go (570,38 Go free) [DISQUE DUR] # NTFS
 
############################## [ Active Processes ] 
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32
vvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32undll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Defender\msascui.exe
C:\Windows\System32\svchost.exe
C:\Windows\helppane.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\wbem\wmiprvse.exe

pimprenelle27 · Answer

le rapport doit pas être complet.

vistav · Answer

voici le rapport option 1 et 4 :


############################## [ FindyKill V4.720 ] 

# User : titival (Administrateurs) # VAL
# Update on 22/03/09 by Chiquitine29
# Start at: 18:38:10 | 24/03/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 Processor 3700+
# Microsoft© Windows VistaT dition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1201 [VPS 000000-0] 4.8.1201 [ (!) Disabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # 126,95 Go (84,36 Go free) [VISTA] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 596,17 Go (570,38 Go free) [DISQUE DUR] # NTFS
 
############################## [ Processus actifs ] 
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32
vvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32undll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
 
################## [ Fichiers / Dossiers infectieux C:\ ] 
 
 
################## [ C:\Windows ] 
 
 
################## [ C:\Windows\system32 ] 
 
 
################## [ C:\Windows\system32\drivers ] 
 
 
################## [ C:\.. Application Data ... ] 
 
 
################## [ Registre / Clés infectieuses ] 
 
 
 
################## [ Recherche dans supports amovibles] 
 
# Presence des fichiers :  

 
################## [ Registre / Mountpoint2 ] 
 
# -> Not found ! 
 
################## [ ! Fin du rapport # FindyKill V4.720 ! ]  
 
################################### [ FindyKill V4.720 ] 

# User : titival (Administrateurs) # VAL
# Update on 22/03/09 by Chiquitine29
# Start at: 18:39:23 | 24/03/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 Processor 3700+
# Microsoft© Windows VistaT dition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1201 [VPS 000000-0] 4.8.1201 [ (!) Disabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # 126,95 Go (84,36 Go free) [VISTA] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 596,17 Go (570,38 Go free) [DISQUE DUR] # NTFS
 
################################### [ Cracks / Keygens ... ] 
 


 
################## [ ! Fin du rapport # FindyKill V4.720 ! ]  
 
Attent réponse pour faire option 4.

vistav · Answer

je les ai enlevé. C'était 3 clé amovibles. Je pensais avoir mis tous les rapports.

pimprenelle27 · Answer

il ne fallait pas les enlever car il y avait quelque chose dessus et ces sur ceux là qui n'a pas pu enlever ce qu'il voulait.

vistav · Answer

Ok mais toute les fois je ne les avait pas mise pendant les analyses. c'est quand j'ai du tranférer des fichiers qui venais de mon portable qui beuge lui aussi et que j'ai eu des soucis avec les clés que j'ai voulu les faires analysé aussi, justement pour voir si y'avait pas de problème. Donc demain matin je refait findykill avec les option 1, 4 et 2 et je le poste sur le forum. Si vous me dite ok pour le faire. Bonne soiré et a demain.

pimprenelle27 · Answer

oui avec toute les clefs.

vistav · Answer

voici les rapports avec toutes les clés :


############################## [ FindyKill V4.720 ] 

# User : titival (Administrateurs) # VAL
# Update on 22/03/09 by Chiquitine29
# Start at: 07:13:32 | 25/03/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 Processor 3700+
# Microsoft© Windows VistaT dition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1201 [VPS 000000-0] 4.8.1201 [ (!) Disabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # 126,95 Go (84,36 Go free) [VISTA] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 596,17 Go (570,38 Go free) [DISQUE DUR] # NTFS
# F:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
# G:\ # Disque amovible # 3,81 Go (3,72 Go free) [VAL 2] # FAT32
# H:\ # Disque amovible # 1,88 Go (1,88 Go free) [VAL] # FAT32
# I:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
# J:\ # Disque amovible # 3,81 Go (3,72 Go free) [VAL 1] # FAT32
 
############################## [ Processus actifs ] 
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32
vvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32undll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32	askmgr.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
 
################## [ Fichiers / Dossiers infectieux C:\ ] 
 
 
################## [ C:\Windows ] 
 
 
################## [ C:\Windows\system32 ] 
 
 
################## [ C:\Windows\system32\drivers ] 
 
 
################## [ C:\.. Application Data ... ] 
 
 
################## [ Registre / Clés infectieuses ] 
 
 
 
################## [ Recherche dans supports amovibles] 
 
 
# Contenu de l'autorun : F:\autorun.inf  

[AutoRun] 
open=LaunchU3.exe -a
icon=LaunchU3.exe,0 

[Definitions]
Launchpad=LaunchPad.exe
Vtype=2

[CopyFiles]
FileNumber=1
File1=LaunchPad.zip

[Update]
URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.4.0.4&brand=cruzer


[Comment]
brand=cruzer
 
# Contenu de l'autorun : I:\autorun.inf  

[AutoRun] 
open=LaunchU3.exe -a
icon=LaunchU3.exe,0 

[Definitions]
Launchpad=LaunchPad.exe
Vtype=2

[CopyFiles]
FileNumber=1
File1=LaunchPad.zip

[Update]
URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.4.0.4&brand=cruzer


[Comment]
brand=cruzer
# Presence des fichiers :  

Found ! [12/02/2007 20:53][-r-------] - F:\autorun.inf 
Found ! [12/02/2007 20:53][-r-------] - I:\autorun.inf 
 
################## [ Registre / Mountpoint2 ] 
 
# -> Not found ! 
 
################## [ ! Fin du rapport # FindyKill V4.720 ! ]  
 

################################### [ FindyKill V4.720 ] 

# User : titival (Administrateurs) # VAL
# Update on 22/03/09 by Chiquitine29
# Start at: 07:14:33 | 25/03/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 Processor 3700+
# Microsoft© Windows VistaT dition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1201 [VPS 000000-0] 4.8.1201 [ (!) Disabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # 126,95 Go (84,36 Go free) [VISTA] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 596,17 Go (570,38 Go free) [DISQUE DUR] # NTFS
# F:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
# G:\ # Disque amovible # 3,81 Go (3,72 Go free) [VAL 2] # FAT32
# H:\ # Disque amovible # 1,88 Go (1,88 Go free) [VAL] # FAT32
# I:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
# J:\ # Disque amovible # 3,81 Go (3,72 Go free) [VAL 1] # FAT32
 
################################### [ Cracks / Keygens ... ] 
  
################## [ ! Fin du rapport # FindyKill V4.720 ! ]  

 
############################## [ FindyKill V4.720 ] 

# User : titival (Administrateurs) # VAL
# Update on 22/03/09 by Chiquitine29
# Start at: 07:18:40 | 25/03/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 Processor 3700+
# Microsoft© Windows VistaT dition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1201 [VPS 000000-0] 4.8.1201 [ (!) Disabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # 126,95 Go (84,35 Go free) [VISTA] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 596,17 Go (570,38 Go free) [DISQUE DUR] # NTFS
# F:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
# G:\ # Disque amovible # 3,81 Go (3,72 Go free) [VAL 2] # FAT32
# H:\ # Disque amovible # 1,88 Go (1,88 Go free) [VAL] # FAT32
# I:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
# J:\ # Disque amovible # 3,81 Go (3,72 Go free) [VAL 1] # FAT32
 
############################## [ Active Processes ] 
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32
vvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32undll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\conime.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
 
################## [ Infected Files / Folders C:\ ] 
 
 
################## [ C:\Windows ] 
 
 
################## [ C:\Windows\system32 ] 
 
 
################## [ C:\Windows\system32\drivers ] 
 
 
################## [ C:\.. Application Data ... ] 
 
 
################## [  Registry / Infected keys ]   
 
 
################## [ Cleaning Removable drives ]  
 
# Deleting files : 
 
Not deleted !! - F:\autorun.inf  
Not deleted !! - I:\autorun.inf  
 
################## [ Registry / Mountpoint2 ] 
 
# -> Not found ! 
 
################## [ Searching Other Infections ] 
 
# -> Nothing found.
 
################## [ ! End of Report # FindyKill V4.720 ! ]

vistav · Answer

Désolé j'ai du refaire les manip car j'avais oublier d'enlevé la sécurité sur 2 des clé usb.

Voici le rapport :


############################## [ FindyKill V4.720 ] 

# User : titival (Administrateurs) # VAL
# Update on 22/03/09 by Chiquitine29
# Start at: 07:41:27 | 25/03/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 Processor 3700+
# Microsoft© Windows VistaT dition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1201 [VPS 000000-0] 4.8.1201 [ (!) Disabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # 126,95 Go (84,32 Go free) [VISTA] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 596,17 Go (570,38 Go free) [DISQUE DUR] # NTFS
# F:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
# G:\ # Disque amovible # 3,81 Go (3,72 Go free) [VAL 2] # FAT32
# H:\ # Disque amovible # 1,88 Go (1,88 Go free) [VAL] # FAT32
# I:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
# J:\ # Disque amovible # 3,81 Go (3,72 Go free) [VAL 1] # FAT32
 
############################## [ Processus actifs ] 
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32
vvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32undll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users	itival\AppData\Roaming\U3\0000184CF471DF1C\LaunchPad.exe
C:\Users	itival\AppData\Roaming\U3\0000184CF471CA4D\LaunchPad.exe
C:\Windows\system32\wbem\wmiprvse.exe
 
################## [ Fichiers / Dossiers infectieux C:\ ] 
 
 
################## [ C:\Windows ] 
 
 
################## [ C:\Windows\system32 ] 
 
 
################## [ C:\Windows\system32\drivers ] 
 
 
################## [ C:\.. Application Data ... ] 
 
 
################## [ Registre / Clés infectieuses ] 
 
 
 
################## [ Recherche dans supports amovibles] 
 
 
# Contenu de l'autorun : F:\autorun.inf  

[AutoRun] 
open=LaunchU3.exe -a
icon=LaunchU3.exe,0 

[Definitions]
Launchpad=LaunchPad.exe
Vtype=2

[CopyFiles]
FileNumber=1
File1=LaunchPad.zip

[Update]
URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.4.0.4&brand=cruzer


[Comment]
brand=cruzer
 
# Contenu de l'autorun : I:\autorun.inf  

[AutoRun] 
open=LaunchU3.exe -a
icon=LaunchU3.exe,0 

[Definitions]
Launchpad=LaunchPad.exe
Vtype=2

[CopyFiles]
FileNumber=1
File1=LaunchPad.zip

[Update]
URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.4.0.4&brand=cruzer


[Comment]
brand=cruzer
# Presence des fichiers :  

Found ! [12/02/2007 20:53][-r-------] - F:\autorun.inf 
Found ! [12/02/2007 20:53][-r-------] - I:\autorun.inf 
 
################## [ Registre / Mountpoint2 ] 
 
# -> Not found ! 
 
################## [ ! Fin du rapport # FindyKill V4.720 ! ]  
 

################################### [ FindyKill V4.720 ] 

# User : titival (Administrateurs) # VAL
# Update on 22/03/09 by Chiquitine29
# Start at: 07:42:23 | 25/03/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 Processor 3700+
# Microsoft© Windows VistaT dition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1201 [VPS 000000-0] 4.8.1201 [ (!) Disabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # 126,95 Go (84,32 Go free) [VISTA] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 596,17 Go (570,38 Go free) [DISQUE DUR] # NTFS
# F:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
# G:\ # Disque amovible # 3,81 Go (3,72 Go free) [VAL 2] # FAT32
# H:\ # Disque amovible # 1,88 Go (1,88 Go free) [VAL] # FAT32
# I:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
# J:\ # Disque amovible # 3,81 Go (3,72 Go free) [VAL 1] # FAT32
 
################################### [ Cracks / Keygens ... ] 
 
################## [ ! Fin du rapport # FindyKill V4.720 ! ]

pimprenelle27 · Answer

Etape 3/

Branche toutes tes sources de données externes au PC (clés USB, disques durs externes, lecteurs mp3, iPod...) sans les ouvrir- Relance FindyKill,
- Cette fois, sélectionne l'option 2 (Suppression) au menu principal.
- Il y aura 1 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "Nettoyage effectué !"
- Ensuite poste le rapport C:\FindyKill.txt

vistav · Answer

voici le rapport findykill :


############################## [ FindyKill V4.720 ] 

# User : titival (Administrateurs) # VAL
# Update on 22/03/09 by Chiquitine29
# Start at: 16:53:49 | 25/03/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 Processor 3700+
# Microsoft© Windows VistaT dition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1201 [VPS 000000-0] 4.8.1201 [ (!) Disabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 « pouces
# C:\ # Disque fixe local # 126,95 Go (84,34 Go free) [VISTA] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 596,17 Go (570,38 Go free) [DISQUE DUR] # NTFS
# F:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
# G:\ # Disque amovible # 3,81 Go (3,72 Go free) [VAL 2] # FAT32
# H:\ # Disque amovible # 1,88 Go (1,88 Go free) [VAL] # FAT32
# I:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
# J:\ # Disque amovible # 3,81 Go (3,72 Go free) [VAL 1] # FAT32
 
############################## [ Active Processes ] 
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32
vvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32undll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
 
################## [ Infected Files / Folders C:\ ] 
 
 
################## [ C:\Windows ] 
 
 
################## [ C:\Windows\system32 ] 
 
 
################## [ C:\Windows\system32\drivers ] 
 
 
################## [ C:\.. Application Data ... ] 
 
 
################## [  Registry / Infected keys ]   
 
 
################## [ Cleaning Removable drives ]  
 
# Deleting files : 
 
Not deleted !! - F:\autorun.inf  
Not deleted !! - I:\autorun.inf  
 
################## [ Registry / Mountpoint2 ] 
 
# -> Not found ! 
 
################## [ Searching Other Infections ] 
 
# -> Nothing found.
 
################## [ ! End of Report # FindyKill V4.720 ! ]