Sujet Précédent Sujet Suivant

Écran bleu, your computer is infected

maggie -  
 Utilisateur anonyme -
Bonjour,
j'ai des problèmes avec mon ordi depuis quelques jours, une boîte est afficher dans mon fond d'écran qui indique:'' Your computer is infected'', ensuite c'est inscrit:''System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommeded to use spyware removel tool to prevent data loss. Do not use the computer before all spyware removed.''. Je suis présentement en train d'effectuer la solution élaboré par marlalapocket publié sur votre site. Je ne suis pas une experte en technologie alors...voici.

SmitFraudFix v2.424

Rapport fait à 14:03:57,84, 2008-03-19
Executé à partir de C:\Documents and Settings\PLevin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\PLevin\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Voobys\Voobys.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PLevin

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PLevin\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PLevin\Application Data

C:\Documents and Settings\PLevin\Application Data\SmitFraudFixTool PRESENT !
C:\Documents and Settings\PLevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\PLevin\STARTM~1\Advanced Virus Remover.lnk PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PLevin\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\PLevin\Desktop\Advanced Virus Remover.lnk PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\AdvancedVirusRemover\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Atheros AR5001X+ Wireless Network Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C05E4DC0-AD4F-4E78-A14E-11B100D8C147}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C05E4DC0-AD4F-4E78-A14E-11B100D8C147}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C05E4DC0-AD4F-4E78-A14E-11B100D8C147}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
A voir également:

18 réponses

Réponse 1 / 18
Utilisateur anonyme
 
Bonsoir

1)# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
# Relance le programme Smitfraud :
Cette fois choisis l’option 2, réponds oui à tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

NB: SmitFraudFix utilise process.exe qui est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

2)Pour vérification fait ceci stp merci:

1- Télécharge et installe le logiciel HijackThis :

https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

-->Clique sur le setup pour lancer l'installation : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l’installation, le programme se lance automatiquement : ferme le en cliquant sur la croix rouge.
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

(Ne lance pas ce prg pour l'instant et fais la suite ... )

2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer.

Clic droit sous VISTA (exécuter en tant que…)

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...

-> laisse faire le scan et ne touche pas au PC ...

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-notes).

Poste le contenu de " log.txt " (c'est celui qui apparaît à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante ...
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ...
( Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ... )

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

@+
0
Réponse 2 / 18
maggie
 
Rapport du résultat, par contre je n'ai pas installer hijackthis car plusieurs ont indiqué qu'ils avaient eu des problèmes à la suite de cette installation.

SmitFraudFix v2.424

Rapport fait à 14:42:18,95, 2008-03-19
Executé à partir de C:\Documents and Settings\PLevin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\PLevin\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Voobys\Voobys.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\PLevin\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PLevin

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PLevin\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PLevin\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PLevin\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Atheros AR5001X+ Wireless Network Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C05E4DC0-AD4F-4E78-A14E-11B100D8C147}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C05E4DC0-AD4F-4E78-A14E-11B100D8C147}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C05E4DC0-AD4F-4E78-A14E-11B100D8C147}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 3 / 18
maggie
 
Bon voilà, désolé j,avais oublier ce rapport, celui-ci est celui obtenu en mode sans échec. Et là après tout ca, je n'ai plus de carré qui me dit ''your computer is infected'' mais je ne peux me connecter à mon msn, ni aller sur certain site????? Help!! :)

SmitFraudFix v2.424

Rapport fait à 14:32:33,18, 2008-03-19
Executé à partir de C:\Documents and Settings\PLevin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C05E4DC0-AD4F-4E78-A14E-11B100D8C147}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C05E4DC0-AD4F-4E78-A14E-11B100D8C147}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C05E4DC0-AD4F-4E78-A14E-11B100D8C147}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Utilisateur anonyme
 
Re

Je me répète fait ceci si tu veux que je t'aide.

1- Télécharge et installe le logiciel HijackThis :

https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

-->Clique sur le setup pour lancer l'installation : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l’installation, le programme se lance automatiquement : ferme le en cliquant sur la croix rouge.
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

(Ne lance pas ce prg pour l'instant et fais la suite ... )


2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer.

Clic droit sous VISTA (exécuter en tant que…)

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...


-> laisse faire le scan et ne touche pas au PC ...


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-notes).

Poste le contenu de " log.txt " (c'est celui qui apparaît à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante ...
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ...
( Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ... )

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

@+
0
Réponse 4 / 18
maggie
 
Bon voici, j'ai fais exactement ce qui était inscrit: voici log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Computer User at 2008-03-19 15:41:54
Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (40%) free of 57 GB
Total RAM: 1263 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:08, on 2008-03-19
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Documents and Settings\PLevin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Computer User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.128.0.2:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
;<local>;*.local
R3 - URLSearchHook: FTAtalk Toolbar - {1EAF1D0F-38A8-44F8-A59C-7AE9B35FBA30} - C:\Program Files\FTAtalk\tbFTA1.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FTAtalk Toolbar - {1eaf1d0f-38a8-44f8-a59c-7ae9b35fba30} - C:\Program Files\FTAtalk\tbFTA1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FTAtalk Toolbar - {1eaf1d0f-38a8-44f8-a59c-7ae9b35fba30} - C:\Program Files\FTAtalk\tbFTA1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [InstantAccess] "C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WeatherEye] C:\Documents and Settings\PLevin\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - Startup: Voobys.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\PLevin\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://sera-mtl.cgi.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/bingame/popcaploader_v10.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup156.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/legacy/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
0
Utilisateur anonyme
 
Re

Ton rapport n'est pas complet;mais passons à la suite tout de suite.

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
->Renomme le pour l’enregistrer sur ton bureau en asdehi(tout simplement pour que l’infection ne le contre pas)
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

-Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordinateur (plantage complet)


::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
maggie
 
je sais sa fait 5 fois que j'essai d'envoyer le reste et l'autre rapport et sa fonctionne pas.........
0
Utilisateur anonyme
 
Re

On verra ça plus tard ,fait le post 6 merci.
0
Réponse 6 / 18
maggie
 
voici mon rapport

ComboFix 09-11-19.02 - Computer User 2009-11-19 16:47.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1263.731 [GMT -4:00]
Running from: c:\documents and settings\PLevin\Desktop\asdehi.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PLevin\Application Data\FunWebProducts
c:\documents and settings\PLevin\Application Data\FunWebProducts\Data\Computer User\avatar.dat
c:\documents and settings\PLevin\Application Data\FunWebProducts\Data\Computer User\register.dat
c:\documents and settings\PLevin\Application Data\FunWebProducts\Data\Computer User\zbucks.dat
c:\documents and settings\PLevin\Application Data\inst.exe
c:\documents and settings\PLevin\Local Settings\Temporary Internet Files\pse_350_enu.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\11478.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17421.exe
c:\windows\system32\18467.exe
c:\windows\system32\18716.exe
c:\windows\system32\19169.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\41.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\critical_warning.html
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\twain.dll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\WS2Fix.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2009-10-19 to 2009-11-19 )))))))))))))))))))))))))))))))
.

2009-11-19 21:10 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-19 21:10 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-17 16:21 . 2008-03-19 10:09 744 ----a-w- c:\windows\system32\wininit.dll
2009-11-17 16:21 . 2009-11-17 16:21 100352 ----a-w- c:\windows\system32\7tBvOuVHbQ.dll
2009-11-12 12:53 . 2009-11-12 12:53 -------- d-----w- c:\documents and settings\PLevin\Local Settings\Application Data\MétéoMédia
2009-11-11 01:41 . 2009-11-11 01:41 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-07 01:58 . 2009-11-07 02:08 -------- d-----w- c:\program files\Tournament Indicator
2009-11-07 01:56 . 2009-11-07 01:56 -------- d-----w- c:\windows\WinRAR
2009-11-06 14:10 . 2009-10-21 15:24 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-10-26 00:40 . 2009-10-26 00:40 -------- d-----w- C:\TRANSFORMERS2_D1_VANILLA
2009-10-22 23:23 . 2009-10-22 23:23 -------- d-----w- c:\documents and settings\PLevin\Application Data\Printer Info Cache
2009-10-22 21:54 . 2009-10-22 22:50 19519 ----a-w- c:\windows\hpqins13.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-19 20:42 . 2008-04-24 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-18 01:39 . 2009-09-27 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-11-18 01:39 . 2003-11-21 01:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-17 01:32 . 2008-03-17 02:05 -------- d-----w- c:\documents and settings\PLevin\Application Data\LimeWire
2009-11-11 18:10 . 2008-05-30 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-11-11 01:36 . 2008-05-30 01:05 -------- d-----w- c:\program files\Windows Live
2009-11-07 02:09 . 2008-07-15 01:14 -------- d-----w- c:\program files\Full Tilt Poker
2009-10-23 01:01 . 2008-09-04 23:29 -------- d-----w- c:\documents and settings\PLevin\Application Data\U3
2009-10-18 20:34 . 2009-10-18 20:32 -------- d-----w- c:\documents and settings\PLevin\Application Data\HP
2009-10-18 20:34 . 2009-10-18 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-10-18 20:33 . 2009-10-18 20:09 166421 ----a-w- c:\windows\hpoins31.dat
2009-10-18 20:33 . 2009-10-18 20:11 -------- d-----w- c:\program files\HP
2009-10-18 20:17 . 2009-10-18 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-10-18 20:15 . 2009-10-18 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-10-18 20:14 . 2009-10-18 20:14 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-10-18 20:14 . 2009-10-18 20:14 -------- d-----w- c:\program files\Common Files\HP
2009-10-10 17:32 . 2009-10-10 17:32 3774 ----a-r- c:\documents and settings\PLevin\Application Data\Microsoft\Installer\{B72257D6-189D-4CB0-9CDC-26A93536C34B}\_69525f90.exe
2009-10-10 17:32 . 2009-10-10 17:32 3774 ----a-r- c:\documents and settings\PLevin\Application Data\Microsoft\Installer\{B72257D6-189D-4CB0-9CDC-26A93536C34B}\_5af141bb.exe
2009-10-10 17:32 . 2009-10-10 17:32 3774 ----a-r- c:\documents and settings\PLevin\Application Data\Microsoft\Installer\{B72257D6-189D-4CB0-9CDC-26A93536C34B}\_26e91eb.exe
2009-10-10 17:32 . 2009-10-10 17:32 3774 ----a-r- c:\documents and settings\PLevin\Application Data\Microsoft\Installer\{B72257D6-189D-4CB0-9CDC-26A93536C34B}\_16496df1.exe
2009-10-10 17:32 . 2009-10-10 17:32 -------- d-----w- c:\program files\Voobys
2009-10-02 21:01 . 2009-10-02 21:01 57344 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\v\volcanobonusgame.1f5cd5f4b800bd1a6e740e08a3119e10.dll
2009-10-02 21:01 . 2009-10-02 21:01 61440 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\tikimaskbonusgame.0dc1c149f619ef0a72aacd3abdeb0dfb.dll
2009-10-02 21:01 . 2009-10-02 21:01 213089 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bigkahuna.769fd4a48b95c8614a738f1cad88bcd5.dll
2009-10-02 21:00 . 2009-10-02 21:00 430352 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofyskillbonus.8d56aeea91f0d0bbdf41c578fbf38496.dll
2009-10-02 20:51 . 2009-10-02 20:51 561424 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus_tggg.ca9a61a09a35dc0843cc68f532694746.dll
2009-10-02 20:51 . 2009-10-02 20:51 1056768 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus_flightzone.1f65e9ffaab494fa7dea6b149ec7a671.dll
2009-10-02 20:50 . 2009-10-02 20:50 32768 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_keno.ed975aa9c9bb5e5ec89c8ffeee254e8a.dll
2009-10-02 20:50 . 2009-10-02 20:50 303204 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mpvblackjackplugin.49e5f42fbdf0e1e2df5232e5ea419897.dll
2009-10-02 20:50 . 2009-10-02 20:50 311398 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mpvblackjacktourxxx.e4ccb563efd75763602af7373fbd8cec.dll
2009-10-02 20:50 . 2009-10-02 20:50 327784 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mpvtabletournamentlobby.fea1be7b63b308e9fdb6e8d4bd356052.dll
2009-10-02 20:50 . 2009-10-02 20:50 213264 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\c\choosebonus.df815bbfb8ae7a29a353f0ae65e4af17.dll
2009-10-02 20:50 . 2009-10-02 20:50 323856 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\h\hitmancontractbonus.339a969d902930975b3194643e289fc9.dll
2009-10-02 20:45 . 2009-10-02 20:45 1032192 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_flightzone.4d281f29a7152da50722695b99821fe6.dll
2009-10-02 20:44 . 2009-10-02 20:44 524560 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_tggg.f8ba0ccac248b6026b2705996790640a.dll
2009-10-02 20:44 . 2009-10-02 20:44 618496 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_wealthspa.a58c586ab4d974ea2d4142fb4d851c2b.dll
2009-10-02 20:44 . 2009-10-02 20:44 307472 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_tggg.436ea9e59e2a2b9a2106e598920cba26.dll
2009-09-27 21:02 . 2008-10-16 10:18 -------- d-----w- c:\program files\Norton Security Scan
2009-09-27 21:01 . 2003-11-21 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-27 21:01 . 2009-09-27 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 01:28 . 2009-09-09 22:01 43698 ----a-w- c:\windows\system32\xvid-uninstall.exe
2009-09-09 22:29 . 2009-09-09 22:29 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-30 20:26 . 2009-08-30 20:26 3981824 ----a-w- c:\documents and settings\PLevin\Application Data\CoyoteReplay\Settings\Utility.dll
2009-08-29 08:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 15:10 . 2005-04-20 16:29 73696 -c--a-w- c:\documents and settings\PLevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-25 00:48 . 2009-03-28 16:27 47360 ----a-w- c:\documents and settings\PLevin\Application Data\pcouffin.sys
2009-08-25 00:48 . 2009-03-28 16:27 47360 ----a-w- c:\documents and settings\PLevin\Application Data\pcouffin.sys
2009-01-30 11:39 . 2009-01-30 11:39 2788800 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . 04326322675707ACF006F8E182DA3DA1 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1EAF1D0F-38A8-44F8-A59C-7AE9B35FBA30}"= "c:\program files\FTAtalk\tbFTA1.dll" [2009-11-16 2166296]

[HKEY_CLASSES_ROOT\clsid\{1eaf1d0f-38a8-44f8-a59c-7ae9b35fba30}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1eaf1d0f-38a8-44f8-a59c-7ae9b35fba30}]
2009-11-16 11:07 2166296 ----a-w- c:\program files\FTAtalk\tbFTA1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1eaf1d0f-38a8-44f8-a59c-7ae9b35fba30}"= "c:\program files\FTAtalk\tbFTA1.dll" [2009-11-16 2166296]

[HKEY_CLASSES_ROOT\clsid\{1eaf1d0f-38a8-44f8-a59c-7ae9b35fba30}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1EAF1D0F-38A8-44F8-A59C-7AE9B35FBA30}"= "c:\program files\FTAtalk\tbFTA1.dll" [2009-11-16 2166296]

[HKEY_CLASSES_ROOT\clsid\{1eaf1d0f-38a8-44f8-a59c-7ae9b35fba30}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-01-04 1937408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-16 39408]
"WeatherEye"="c:\documents and settings\PLevin\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-10-27 718232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-07-18 159744]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"DiskeeperSystray"="c:\program files\Executive Software\Diskeeper\DkIcon.exe" [2004-10-04 176216]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-06-29 827904]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2003-11-20 278528]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2003-04-18 88363]

c:\documents and settings\PLevin\Start Menu\Programs\Startup\
Voobys.lnk - c:\documents and settings\PLevin\Application Data\Microsoft\Installer\{B72257D6-189D-4CB0-9CDC-26A93536C34B}\_16496df1.exe [2009-10-10 3774]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2008-03-17 11:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^PLevin^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\documents and settings\PLevin\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lock My PC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"27500:TCP"= 27500:TCP:BitComet 27500 TCP
"27500:UDP"= 27500:UDP:BitComet 27500 UDP
"427:UDP"= 427:UDP:SLP_Port(427)

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2003-11-20 9344]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-04-24 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-04-24 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-17 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-17 297752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-03-21 54752]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\NcBulk.SYS [2004-06-29 23628]
S3 NCBULK;NCBULK;c:\windows\system32\drivers\NcBulk.SYS [2004-06-29 23628]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-09-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyServer = 10.128.0.2:8080
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\PLevin\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-winupdate86.exe - c:\windows\system32\winupdate86.exe
SafeBoot-svcWRSSSDK
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-19 17:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3708)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Executive Software\Diskeeper\DkService.exe
c:\windows\System32\DVDRAMSV.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Voobys\Voobys.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-11-19 17:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-19 21:38

Pre-Run: 26 607 276 032 bytes free
Post-Run: 28 581 232 640 bytes free

- - End Of File - - FF7FE75F0493EE36D66A8E2F75F4B6F0
0
Utilisateur anonyme
 
Bonjour

Bon travail de Combofix

Reposte moi un RSIT stp merci

@+
0
Réponse 7 / 18
maggie
 
Il y seulement une boite qui est apparu.....est-ce que c correct??

Logfile of random's system information tool 1.06 (written by random/random)
Run by Computer User at 2009-11-20 10:03:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 27 GB (47%) free of 57 GB
Total RAM: 1263 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:04, on 2009-11-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\PLevin\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Voobys\Voobys.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\PLevin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Computer User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.128.0.2:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
;<local>;*.local
R3 - URLSearchHook: FTAtalk Toolbar - {1EAF1D0F-38A8-44F8-A59C-7AE9B35FBA30} - C:\Program Files\FTAtalk\tbFTA1.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FTAtalk Toolbar - {1eaf1d0f-38a8-44f8-a59c-7ae9b35fba30} - C:\Program Files\FTAtalk\tbFTA1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FTAtalk Toolbar - {1eaf1d0f-38a8-44f8-a59c-7ae9b35fba30} - C:\Program Files\FTAtalk\tbFTA1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [InstantAccess] "C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WeatherEye] C:\Documents and Settings\PLevin\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - Startup: Voobys.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\PLevin\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://sera-mtl.cgi.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup156.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/legacy/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
0
Réponse 8 / 18
maggie
 
ne pas faire attention au dâte des rapports d'hier et ceux d'aujourd'hui je me suis rendu compte que mon ordi était pas à la bonne dâte........
0
Utilisateur anonyme
 
Re

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

Lors du scan coupe ta connexion internet.

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1. Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

@+
0
Réponse 9 / 18
maggie
 
Voici le rapport:

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Mobile Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : v1.50
USER : Computer User ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.5 (Activated)
C:\ (Local Disk) - NTFS - Total:55 Go (Free:26 Go)
D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 2009-11-20|12:37 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\PLevin\Cookies\computer_user@crawler[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@7search[2].txt
C:\WINDOWS\iun6002.exe

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.ca/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
"Local Page"="C:\\windows\\system32\\blank.htm"
"SearchAssistant"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"CustomizeSearch"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\PLevin\Recent\AZ Crack - RoboHelp 2-25-04.doc.lnk
C:\DOCUME~1\PLevin\Recent\AZ Crack - RoboHelp Inv. 2-25-04.doc.lnk

1 - "C:\ToolBar SD\TB_1.txt" - 2009-11-20|12:38 - Option : [1]

-----------\\ Fin du rapport a 12:38:47,68
0
Utilisateur anonyme
 
Re

1)Relance Toolbar-S&D en double-cliquant(ou clic droit sous Vista) sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".

! Ne ferme pas la fenêtre lors de la suppression !

Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.


2)Télécharge Malwarebytes anti malware ici
http://www.malwarebytes.org/mbam.php

* Installe le (choisis bien "français" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/

* Potasse le tuto pour te familiariser avec le prg :

https://forum.pcastuces.com/sujet.asp?f=31&s=3

(cela dis, il est très simple d’utilisation).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Complet" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)


Poste les rapports au fur et à mesure.
Merci

@+
0
Réponse 10 / 18
maggie
 
Voici le rapport SD:

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Mobile Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : v1.50
USER : Computer User ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.5 (Activated)
C:\ (Local Disk) - NTFS - Total:55 Go (Free:26 Go)
D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 2009-11-20|13:17 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\PLevin\Cookies\computer_user@crawler[2].txt
Supprime! - C:\DOCUME~1\PLevin\Cookies\computer_user@7search[2].txt
Supprime! - C:\WINDOWS\iun6002.exe

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.ca/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.msn.com/fr-fr/"
"Local Page"="C:\\windows\\system32\\blank.htm"
"SearchAssistant"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"CustomizeSearch"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\PLevin\Recent\AZ Crack - RoboHelp 2-25-04.doc.lnk
C:\DOCUME~1\PLevin\Recent\AZ Crack - RoboHelp Inv. 2-25-04.doc.lnk

1 - "C:\ToolBar SD\TB_1.txt" - 2009-11-20|12:38 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2009-11-20|13:18 - Option : [2]

-----------\\ Fin du rapport a 13:18:49,54
0
Réponse 11 / 18
maggie
 
voici mon dernier rapport avec malwarebytes

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2775
Windows 5.1.2600 Service Pack 3

2009-11-20 16:59:02
mbam-log-2009-11-20 (16-59-02).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 257866
Temps écoulé: 1 hour(s), 25 minute(s), 2 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Jackpot Capital\Install.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
0
Utilisateur anonyme
 
Re

Reposte un RSIT stp merci
0
Réponse 12 / 18
maggie
 
voici mon rsit

Logfile of random's system information tool 1.06 (written by random/random)
Run by Computer User at 2009-11-20 17:43:08
Microsoft Windows XP Professional Service Pack 3
System drive C: has 27 GB (47%) free of 57 GB
Total RAM: 1263 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:20, on 2009-11-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\PLevin\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\Voobys\Voobys.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\PLevin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Computer User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.128.0.2:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
;<local>;*.local
R3 - URLSearchHook: FTAtalk Toolbar - {1EAF1D0F-38A8-44F8-A59C-7AE9B35FBA30} - C:\Program Files\FTAtalk\tbFTA1.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FTAtalk Toolbar - {1eaf1d0f-38a8-44f8-a59c-7ae9b35fba30} - C:\Program Files\FTAtalk\tbFTA1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FTAtalk Toolbar - {1eaf1d0f-38a8-44f8-a59c-7ae9b35fba30} - C:\Program Files\FTAtalk\tbFTA1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [InstantAccess] "C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WeatherEye] C:\Documents and Settings\PLevin\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - Startup: Voobys.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\PLevin\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://sera-mtl.cgi.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup156.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/legacy/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
0
Utilisateur anonyme
 
Bonjour

• Télécharge Ad-remover ( de C_XX ) sur ton bureau :

http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe

! Déconnecte toi et ferme toutes applications en cours !

• Double clique ou clic droit (exécuter en tant que admin…sur Vista) sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut.

• Double-clique ou clic droit (exécuter en tant que admin…sur Vista) sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

• Au menu principal choisis l'option "S" et sur [entrée] .

• Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparaît à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Aides en images (Installation) : http://pagesperso-orange.fr/NosTools/tuto_ad_r1.html
Aides en images (Recherche) : http://pagesperso-orange.fr/NosTools/tuto_ad_r2.html


@+
0
Réponse 13 / 18
maggie
 
.
======= LOGFILE OF AD-REMOVER 1.1.4.6_D | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 21.11.2009 at 10:05
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Launch at: 11:02:22, 2009-11-21 | Normal Boot | Option: SCAN
Executed from: C:\Program Files\Ad-Remover\
Operating system: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Computer Name: PL-TOSHIBA | Current user: Computer User
.
============== FOUND ELEMENT(S) ==============
.
C:\WINDOWS\Prefetch\AD-R.EXE-284D0FE5.pf
C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf
C:\WINDOWS\Prefetch\ATTRIB.CFXXE-39B0436E.pf
C:\WINDOWS\Prefetch\ATTRIB.EXE-39EAFB02.pf
C:\WINDOWS\Prefetch\AVGCMGR.EXE-1D29CBA8.pf
C:\WINDOWS\Prefetch\AVGCSRVX.EXE-2F45B5C7.pf
C:\WINDOWS\Prefetch\AVGNSX.EXE-3B2A5A79.pf
C:\WINDOWS\Prefetch\AVGSRMAX.EXE-23586B55.pf
C:\WINDOWS\Prefetch\AVGUPD.EXE-388A6FCA.pf
C:\WINDOWS\Prefetch\CHCP.COM-18156052.pf
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
C:\WINDOWS\Prefetch\COMPUTER USER.EXE-00B6C1E7.pf
C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf
C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf
C:\WINDOWS\Prefetch\FIND.EXE-0EC32F1E.pf
C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf
C:\WINDOWS\Prefetch\FIXCFG.EXE-293DC071.pf
C:\WINDOWS\Prefetch\FTATALKTOOLBARHELPER.EXE-32E8E2EC.pf
C:\WINDOWS\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-3629C61D.pf
C:\WINDOWS\Prefetch\GOOGLEUPDATERSERVICE.EXE-3AB369BE.pf
C:\WINDOWS\Prefetch\GREP.CFXXE-280F1D83.pf
C:\WINDOWS\Prefetch\GREP.COM-30632777.pf
C:\WINDOWS\Prefetch\HPQBAM08.EXE-1ED43757.pf
C:\WINDOWS\Prefetch\HPQDIREC.EXE-251E91FC.pf
C:\WINDOWS\Prefetch\HPQGPC01.EXE-271E6A7F.pf
C:\WINDOWS\Prefetch\HPQSTE08.EXE-18A7280B.pf
C:\WINDOWS\Prefetch\HPQUSGL.EXE-1A66A7E1.pf
C:\WINDOWS\Prefetch\HPRBLOG.EXE-16B72A6F.pf
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf
C:\WINDOWS\Prefetch\IPODSERVICE.EXE-3192DE38.pf
C:\WINDOWS\Prefetch\ISADMIN.COM-2460FC13.pf
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf
C:\WINDOWS\Prefetch\MBAM-SETUP.EXE-2355211C.pf
C:\WINDOWS\Prefetch\MBAM-SETUP.TMP-002EBF3A.pf
C:\WINDOWS\Prefetch\MBAM.EXE-0BEE0439.pf
C:\WINDOWS\Prefetch\MBAMGUI.EXE-1286D63B.pf
C:\WINDOWS\Prefetch\MODE.COM-31685BAE.pf
C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf
C:\WINDOWS\Prefetch\MSNMSGR.EXE-030AB647.pf
C:\WINDOWS\Prefetch\NIRCMD.COM-35BF857A.pf
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf
C:\WINDOWS\Prefetch\OSV.EXE-1A4D2F4B.pf
C:\WINDOWS\Prefetch\PEV.CFXXE-082AB828.pf
C:\WINDOWS\Prefetch\PROCESS.COM-0458B762.pf
C:\WINDOWS\Prefetch\PV.COM-006EB813.pf
C:\WINDOWS\Prefetch\PV.EXE-02C569DD.pf
C:\WINDOWS\Prefetch\QTTASK.EXE-342507FB.pf
C:\WINDOWS\Prefetch\REG.EXE-0D2A95F7.pf
C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf
C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf
C:\WINDOWS\Prefetch\RSIT.EXE-13921E15.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-158F4659.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3D9C0233.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf
C:\WINDOWS\Prefetch\SC.EXE-012262AF.pf
C:\WINDOWS\Prefetch\SEARCHWITHGOOGLEUPDATE.EXE-0ADE873A.pf
C:\WINDOWS\Prefetch\SED.CFXXE-0B44C23F.pf
C:\WINDOWS\Prefetch\SED.COM-281CC846.pf
C:\WINDOWS\Prefetch\SETPATH.COM-048AD5CE.pf
C:\WINDOWS\Prefetch\SETPATH.EXE-38F85A52.pf
C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf
C:\WINDOWS\Prefetch\SWREG.COM-3A277B41.pf
C:\WINDOWS\Prefetch\SWREG.EXE-0937BD77.pf
C:\WINDOWS\Prefetch\SWSC.COM-0DAE31A0.pf
C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf
C:\WINDOWS\Prefetch\TOOLBARSD.EXE-05B45564.pf
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf
C:\WINDOWS\Prefetch\VOOBYS.EXE-079F6946.pf
C:\WINDOWS\Prefetch\WLCOMM.EXE-04AE9009.pf
C:\WINDOWS\Prefetch\WLLOGINPROXY.EXE-1781D844.pf
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf
C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf
C:\WINDOWS\Prefetch\WSCRIPT.EXE-32960AB9.pf
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf
C:\DOCUME~1\PLevin\Cookies\computer user@bettycrocker[1].txt
C:\DOCUME~1\PLevin\Cookies\computer user@c.live[2].txt
C:\DOCUME~1\PLevin\Cookies\computer user@guichetemplois.gc[1].txt
C:\DOCUME~1\PLevin\Cookies\computer user@kraftcanada[1].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[10].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[11].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[12].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[13].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[14].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[15].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[16].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[17].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[18].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[19].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[1].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[20].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[21].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[22].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[23].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[24].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[25].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[26].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[27].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[28].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[29].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[2].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[30].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[31].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[32].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[33].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[34].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[35].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[36].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[37].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[38].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[39].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[3].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[40].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[41].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[4].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[5].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[6].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[7].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[8].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[9].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[10].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[11].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[12].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[13].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[14].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[15].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[16].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[17].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[18].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[19].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[1].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[20].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[2].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[3].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[4].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[5].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[6].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[7].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[8].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[9].txt
C:\DOCUME~1\PLevin\Cookies\computer user@wm1.foodtv[1].txt
C:\DOCUME~1\PLevin\Cookies\computer user@www.bettycrocker[2].txt
C:\DOCUME~1\PLevin\Cookies\computer user@www.ftatalk[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@1-plus[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@206.161.121[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@206.161.121[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@abadss[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@abrn.search-autoparts[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@accubid.app7.hubspot[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ad.doctissimo[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ad2.doublepimp[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@adnxs[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ads.bootcampmedia[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ads.monster[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ads.networldmedia[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ads.networldmedia[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ads.networldmedia[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ads.techguy[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ads.us.e-planning[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@adserver.adtechus[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@adserverpremium[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@advanced-virusremover-2010[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@aldoshoes[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@alliancerealty.nb[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@amgdgt[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@amhersttoyota[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ancestry[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ancestry[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@app.infoaa.7700.gnb[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@apps.facebook[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@apps.facebook[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@archambault[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@as.autoforums[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@asiancammodels[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@asiancammodels[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@asn.advolution[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@atdmt[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@aubainerieconceptmode[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@autoexpert[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@automotix[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@autos.lespac[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@avgtechnologies.112.2o7[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@bellcan.adbureau[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@bell[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@bidsystem[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@billetterie.spectart[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@bing[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@bing[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@bluekai[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@bposervers[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@brandreachsys[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@buymitchell1[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@by.adshuffle[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@c.bing[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@c.live[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@c.msn[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@c.msn[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@c.msn[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ca.ebayrtm[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ca.msn[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@cafr.ebayrtm[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@cafr.ebayrtm[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@campbellsoup[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@canadapost.112.2o7[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@canadapost[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@canadiens.nhl[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@canoe.112.2o7[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@capterra[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@carcraft[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@careerbeacon[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@carriere.jobboom[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@casalemedia[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@casinorewards[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@casinorewards[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@cdj.nbed.nb[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@cegepadistance[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ch.monemploi[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@changement.monster[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@checkout.google[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@chitika[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@clearspring[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@clicktorrent[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@clientclick.mls[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@cnet[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@collective-media[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@commentcamarche[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@computing[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@content.monster[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@contenu.monster[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@cookie.monster[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@corporateportal.ppg[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@dico.monemploi[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@diffusion.duproprio[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@district1.nbed.nb[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@dmtracker[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@doctissimo[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@download.cnet[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@dssgeeks[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@dtv100[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@duproprio[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@eastwood[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ebayrtm[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ebayrtm[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ebay[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ebay[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ebay[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ehow[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@enquisite[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@expedia[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@extremetesting[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@facebook[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@facebook[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@facebook[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@facebook[5].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@facebook[6].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@farhatguitar[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@fe.brandreachsys[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@firedogred[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@foodtv[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@formation.jobboom[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@forums.techguy[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@fridaychat[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ftabins[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ftaconcept[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ftaeasy[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ftatalk[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ftatalk[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@futureshop[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@globoshoes[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@gnb[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[10].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[5].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[6].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[7].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[8].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[9].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@h.msn[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@hallmark[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@hotmail.msn[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@id.ancestry[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@iga[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@intellitxt[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@jeuxvideo[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@jobbank.gc[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@jobboom[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@kijiji[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@knorr[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@kontera[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@latoiledesrecruteurs[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@lecercle.canoe[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@lequipeur[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@lespac[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@lespac[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@live[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@live[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@live[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@live[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@login.live[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@login.live[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@login.live[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@login.live[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@looksmart[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@magasin.iga[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@mail.live[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@malwarebytes[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@malwareremovalbot[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@malwareremoval[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@manteaux[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@maps.google[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@marinsm[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@marmiton[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@media.photobucket[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@mediaonenetwork[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@membres.lycos[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@messenger.msn[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@microsoft[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@mitchell[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@modywi[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@moncton.kijiji[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@moncton.kijiji[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@monemploi[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@monster[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@monster[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@msnportal.112.2o7[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@msn[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@msn[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@msn[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@msn[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@msn[5].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@msn[6].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@my.thehairstyler[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@my.ultimate-guitar[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@mybabecams[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@myspringshoes[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@nait[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@nerobianco[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@networldmedia[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@nhl[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@occupationdouble.canoe[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@office.microsoft[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ok.facebook[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@onlinestores.metaservices.microsoft[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@origin-www.reitmans[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@partyaccount[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@partypoker[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@paypal.112.2o7[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@paypal[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@pctools[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@photobucket[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@portailfad.qc[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@postescanada[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ppg[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@publique.radio-canada[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@publique.radio-canada[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@quantserve[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@rad.microsoft[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@rad.msn[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@rad.msn[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@radio-canada[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@radioenergie[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@rambit.qc[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@recettesecretes[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@recherche.monster[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@reitmans[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@repertoirenb.gnb[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@resources.rootsweb.ancestry[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@revsci[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@rootsweb.ancestry[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@roundanatolian[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@rsl.rootsweb.ancestry[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@rts.pgmediaserve[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@rubiconproject[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@scorecardresearch[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@sdc2.radio-canada[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@sdc3.radio-canada[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@search.ancestry[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@search.ancestry[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@search.conduit[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@search.conduit[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@searches.rootsweb.ancestry[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@sears[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@secure.partyaccount[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@secure.reitmans[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@securestudies[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@smartadserver[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@smitfraudfixtool[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@spywareterminator[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@stats.paypal[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@support.microsoft[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@t.msn[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@t.msn[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@t.msn[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@t.msn[5].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@tap.rubiconproject[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@tcadops.recettes.qc[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@tcpglobal[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@techguy[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@teluq.uquebec[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@thehairstyler[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@thepiratebay[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@theweathernetwork[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@toseeka[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@translate.google[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ultimate-guitar[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@uqar.uquebec[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@video.google[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@vitamine.networldmedia[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@voobys[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@walmartphotocentre[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@windowsmarketplace[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@workopolis[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@workopolis[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@worldconnect.rootsweb.ancestry[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www-ssl.futureshop[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.1-plus[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.accubid[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.aldoshoes[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ancestry[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.bell[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.bing[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.bodegle[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.bouclair[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.burstbeacon[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.canadapost[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.carrieres.gouv.qc[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.cca1[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.cegep-rimouski.qc[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.clarkscanada[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.cmhc-schl.gc[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.commentcamarche[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.csphares.qc[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.darkfta[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.dssgeeks[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.e-flyer.reitmans[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.eastwood[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ehow[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.elabs3[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.elabs3[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.foodtv[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ftaconcept[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ftatalk[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ftatalk[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.futureshop[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.globoshoes[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.google[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.groupelenavigateur[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.jeuxvideo[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.jobbom[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.knorr[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.kraftcanada[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.latoiledesrecruteurs[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.lespac[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.lespac[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.mapquest[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.meteomedia[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.meteomedia[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.microsoft[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.mls[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.monemploi[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.myspringshoes[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.nait[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.partitions101[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.partypoker[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.prorepairsoftware[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.radio-canada[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.radioenergie[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.radioenergie[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.realtor[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.recettes.qc[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.recettes.qc[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.recettes.qc[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.reitmans[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.sears[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.spywareterminator[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.tcpglobal[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.thehairstyler[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ultimate-guitar[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ultimate-guitar[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ultimate-guitar[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ultimate-guitar[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ultimate-guitar[5].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.walmartphotocentre[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.workopolis[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.xvideos[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www04.cmhc-schl.gc[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www1.gnb[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www20.search.rogers[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@xiti[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@xvideos[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@xvideos[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@yieldbuild[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@youtube[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@youtube[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@zune[2].txt
.
HKCU\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
HKCU\software\PartyGaming
HKLM\Software\Classes\TypeLib\{7D3F5DE4-E980-4407-A10F-9AC771ABAAE6}
HKLM\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor
HKLM\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin
HKLM\software\Trymedia Systems
HKU\s-1-5-21-3863305717-2947136512-206517199-1007\software\PartyGaming
.
============== Added scan ==============
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://www.google.ca/
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.msn.com/
SearchAssistant: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\All Users\Application Data\Intuit\QuickBooks 2008\Components\DownloadQB18\Patch\qbpatch.exe
.
===================================
.
31806 Byte(s) - C:\Ad-Report-SCAN[1].log
.
14 File(s) - C:\DOCUME~1\PLevin\LOCALS~1\Temp
31 File(s) - C:\WINDOWS\Temp
.
1 File(s) - C:\Program Files\Ad-Remover\BACKUP
0 File(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
End at: 11:20:59 | 2009-11-21 - SCAN[1]
.
============== E.O.F ==============
0
Utilisateur anonyme
 
Re

• Relance Ad-remover,
• Au menu principal choisis l'option "L" et tape sur [entrée] .

• Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé sous C:\Ad-report-clean.log )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )


0
Réponse 14 / 18
maggie
 
======= LOGFILE OF AD-REMOVER 1.1.4.6_D | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 21.11.2009 at 10:05
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Launch at: 11:37:20, 2009-11-21 | Normal Boot | Option: CLEAN
Executed from: C:\Program Files\Ad-Remover\
Operating system: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Computer Name: PL-TOSHIBA | Current user: Computer User
.
============== NEUTRALIZED ELEMENT(S) ==============
.
C:\WINDOWS\Prefetch\AD-R.EXE-284D0FE5.pf
C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf
C:\WINDOWS\Prefetch\ATTRIB.CFXXE-39B0436E.pf
C:\WINDOWS\Prefetch\ATTRIB.EXE-39EAFB02.pf ... [b]NOT DELETED !![/b]
C:\WINDOWS\Prefetch\AVGCMGR.EXE-1D29CBA8.pf
C:\WINDOWS\Prefetch\AVGCSRVX.EXE-2F45B5C7.pf
C:\WINDOWS\Prefetch\AVGNSX.EXE-3B2A5A79.pf
C:\WINDOWS\Prefetch\AVGSRMAX.EXE-23586B55.pf
C:\WINDOWS\Prefetch\AVGUPD.EXE-388A6FCA.pf
C:\WINDOWS\Prefetch\CHCP.COM-18156052.pf
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
C:\WINDOWS\Prefetch\COMPUTER USER.EXE-00B6C1E7.pf
C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf
C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf
C:\WINDOWS\Prefetch\ERUNT.COM-3A876921.pf
C:\WINDOWS\Prefetch\FIND.EXE-0EC32F1E.pf
C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf
C:\WINDOWS\Prefetch\FIXCFG.EXE-293DC071.pf
C:\WINDOWS\Prefetch\FTATALKTOOLBARHELPER.EXE-32E8E2EC.pf
C:\WINDOWS\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-3629C61D.pf
C:\WINDOWS\Prefetch\GOOGLEUPDATERSERVICE.EXE-3AB369BE.pf
C:\WINDOWS\Prefetch\GREP.CFXXE-280F1D83.pf
C:\WINDOWS\Prefetch\GREP.COM-30632777.pf
C:\WINDOWS\Prefetch\HPQBAM08.EXE-1ED43757.pf
C:\WINDOWS\Prefetch\HPQDIREC.EXE-251E91FC.pf
C:\WINDOWS\Prefetch\HPQGPC01.EXE-271E6A7F.pf
C:\WINDOWS\Prefetch\HPQSTE08.EXE-18A7280B.pf
C:\WINDOWS\Prefetch\HPQUSGL.EXE-1A66A7E1.pf
C:\WINDOWS\Prefetch\HPRBLOG.EXE-16B72A6F.pf
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf
C:\WINDOWS\Prefetch\IPODSERVICE.EXE-3192DE38.pf
C:\WINDOWS\Prefetch\ISADMIN.COM-2460FC13.pf
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf
C:\WINDOWS\Prefetch\MBAM-SETUP.EXE-2355211C.pf
C:\WINDOWS\Prefetch\MBAM-SETUP.TMP-002EBF3A.pf
C:\WINDOWS\Prefetch\MBAM.EXE-0BEE0439.pf
C:\WINDOWS\Prefetch\MBAMGUI.EXE-1286D63B.pf
C:\WINDOWS\Prefetch\MODE.COM-31685BAE.pf
C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf
C:\WINDOWS\Prefetch\MSNMSGR.EXE-030AB647.pf
C:\WINDOWS\Prefetch\NIRCMD.COM-35BF857A.pf
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf
C:\WINDOWS\Prefetch\OSV.EXE-1A4D2F4B.pf
C:\WINDOWS\Prefetch\PEV.CFXXE-082AB828.pf
C:\WINDOWS\Prefetch\PROCESS.COM-0458B762.pf
C:\WINDOWS\Prefetch\PV.COM-006EB813.pf
C:\WINDOWS\Prefetch\PV.EXE-02C569DD.pf
C:\WINDOWS\Prefetch\QTTASK.EXE-342507FB.pf
C:\WINDOWS\Prefetch\REG.EXE-0D2A95F7.pf
C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf
C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf
C:\WINDOWS\Prefetch\RSIT.EXE-13921E15.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-158F4659.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3D9C0233.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf
C:\WINDOWS\Prefetch\SC.EXE-012262AF.pf
C:\WINDOWS\Prefetch\SEARCHWITHGOOGLEUPDATE.EXE-0ADE873A.pf
C:\WINDOWS\Prefetch\SED.CFXXE-0B44C23F.pf
C:\WINDOWS\Prefetch\SED.COM-281CC846.pf
C:\WINDOWS\Prefetch\SETPATH.COM-048AD5CE.pf
C:\WINDOWS\Prefetch\SETPATH.EXE-38F85A52.pf
C:\WINDOWS\Prefetch\SORT.EXE-194AE83C.pf
C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf
C:\WINDOWS\Prefetch\SWREG.COM-3A277B41.pf
C:\WINDOWS\Prefetch\SWREG.EXE-0937BD77.pf
C:\WINDOWS\Prefetch\SWSC.COM-0DAE31A0.pf
C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf
C:\WINDOWS\Prefetch\TOOLBARSD.EXE-05B45564.pf
C:\WINDOWS\Prefetch\UNIQ.COM-1121C69B.pf
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf
C:\WINDOWS\Prefetch\VOOBYS.EXE-079F6946.pf
C:\WINDOWS\Prefetch\WLCOMM.EXE-04AE9009.pf
C:\WINDOWS\Prefetch\WLLOGINPROXY.EXE-1781D844.pf
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf
C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf
C:\WINDOWS\Prefetch\WSCRIPT.EXE-32960AB9.pf
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf
C:\DOCUME~1\PLevin\Cookies\computer user@bettycrocker[1].txt
C:\DOCUME~1\PLevin\Cookies\computer user@c.live[2].txt
C:\DOCUME~1\PLevin\Cookies\computer user@guichetemplois.gc[1].txt
C:\DOCUME~1\PLevin\Cookies\computer user@kraftcanada[1].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[10].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[11].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[12].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[13].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[14].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[15].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[16].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[17].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[18].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[19].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[1].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[20].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[21].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[22].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[23].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[24].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[25].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[26].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[27].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[28].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[29].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[2].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[30].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[31].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[32].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[33].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[34].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[35].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[36].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[37].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[38].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[39].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[3].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[40].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[41].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[4].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[5].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[6].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[7].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[8].txt
C:\DOCUME~1\PLevin\Cookies\computer user@live[9].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[10].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[11].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[12].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[13].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[14].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[15].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[16].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[17].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[18].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[19].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[1].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[20].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[2].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[3].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[4].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[5].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[6].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[7].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[8].txt
C:\DOCUME~1\PLevin\Cookies\computer user@msn[9].txt
C:\DOCUME~1\PLevin\Cookies\computer user@wm1.foodtv[1].txt
C:\DOCUME~1\PLevin\Cookies\computer user@www.bettycrocker[2].txt
C:\DOCUME~1\PLevin\Cookies\computer user@www.ftatalk[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@1-plus[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@206.161.121[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@206.161.121[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@abadss[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@abrn.search-autoparts[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@accubid.app7.hubspot[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ad.doctissimo[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ad2.doublepimp[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@adnxs[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ads.bootcampmedia[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ads.monster[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ads.networldmedia[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ads.networldmedia[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ads.networldmedia[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ads.techguy[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ads.us.e-planning[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@adserver.adtechus[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@adserverpremium[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@advanced-virusremover-2010[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@aldoshoes[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@alliancerealty.nb[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@amgdgt[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@amhersttoyota[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ancestry[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ancestry[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@app.infoaa.7700.gnb[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@apps.facebook[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@apps.facebook[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@archambault[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@as.autoforums[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@asiancammodels[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@asiancammodels[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@asn.advolution[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@atdmt[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@aubainerieconceptmode[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@autoexpert[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@automotix[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@autos.lespac[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@avgtechnologies.112.2o7[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@bellcan.adbureau[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@bell[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@bidsystem[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@billetterie.spectart[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@bing[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@bing[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@bluekai[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@bposervers[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@brandreachsys[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@buymitchell1[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@by.adshuffle[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@c.bing[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@c.live[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@c.msn[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@c.msn[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@c.msn[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ca.ebayrtm[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ca.msn[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@cafr.ebayrtm[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@cafr.ebayrtm[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@campbellsoup[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@canadapost.112.2o7[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@canadapost[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@canadiens.nhl[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@canoe.112.2o7[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@capterra[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@carcraft[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@careerbeacon[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@carriere.jobboom[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@casalemedia[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@casinorewards[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@casinorewards[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@cdj.nbed.nb[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@cegepadistance[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ch.monemploi[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@changement.monster[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@checkout.google[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@chitika[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@clearspring[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@clicktorrent[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@clientclick.mls[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@cnet[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@collective-media[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@commentcamarche[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@computing[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@content.monster[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@contenu.monster[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@cookie.monster[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@corporateportal.ppg[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@dico.monemploi[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@diffusion.duproprio[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@district1.nbed.nb[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@dmtracker[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@doctissimo[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@download.cnet[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@dssgeeks[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@dtv100[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@duproprio[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@eastwood[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ebayrtm[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ebayrtm[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ebay[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ebay[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ebay[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ehow[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@enquisite[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@expedia[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@extremetesting[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@facebook[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@facebook[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@facebook[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@facebook[5].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@facebook[6].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@farhatguitar[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@fe.brandreachsys[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@firedogred[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@foodtv[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@formation.jobboom[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@forums.techguy[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@fridaychat[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ftabins[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ftaconcept[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ftaeasy[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ftatalk[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ftatalk[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@futureshop[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@globoshoes[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@gnb[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[10].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[5].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[6].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[7].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[8].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@google[9].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@h.msn[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@hallmark[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@hotmail.msn[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@id.ancestry[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@iga[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@intellitxt[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@jeuxvideo[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@jobbank.gc[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@jobboom[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@kijiji[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@knorr[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@kontera[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@latoiledesrecruteurs[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@lecercle.canoe[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@lequipeur[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@lespac[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@lespac[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@live[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@live[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@live[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@live[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@login.live[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@login.live[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@login.live[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@login.live[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@looksmart[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@magasin.iga[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@mail.live[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@malwarebytes[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@malwareremovalbot[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@malwareremoval[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@manteaux[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@maps.google[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@marinsm[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@marmiton[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@media.photobucket[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@mediaonenetwork[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@membres.lycos[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@messenger.msn[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@microsoft[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@mitchell[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@modywi[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@moncton.kijiji[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@moncton.kijiji[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@monemploi[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@monster[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@monster[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@msnportal.112.2o7[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@msn[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@msn[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@msn[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@msn[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@msn[5].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@msn[6].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@my.thehairstyler[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@my.ultimate-guitar[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@mybabecams[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@myspringshoes[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@nait[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@nerobianco[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@networldmedia[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@nhl[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@occupationdouble.canoe[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@office.microsoft[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ok.facebook[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@onlinestores.metaservices.microsoft[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@origin-www.reitmans[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@partyaccount[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@partypoker[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@paypal.112.2o7[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@paypal[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@pctools[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@photobucket[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@portailfad.qc[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@postescanada[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ppg[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@publique.radio-canada[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@publique.radio-canada[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@quantserve[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@rad.microsoft[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@rad.msn[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@rad.msn[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@radio-canada[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@radioenergie[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@rambit.qc[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@recettesecretes[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@recherche.monster[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@reitmans[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@repertoirenb.gnb[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@resources.rootsweb.ancestry[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@revsci[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@rootsweb.ancestry[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@roundanatolian[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@rsl.rootsweb.ancestry[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@rts.pgmediaserve[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@rubiconproject[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@scorecardresearch[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@sdc2.radio-canada[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@sdc3.radio-canada[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@search.ancestry[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@search.ancestry[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@search.conduit[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@search.conduit[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@searches.rootsweb.ancestry[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@sears[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@secure.partyaccount[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@secure.reitmans[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@securestudies[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@smartadserver[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@smitfraudfixtool[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@spywareterminator[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@stats.paypal[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@support.microsoft[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@t.msn[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@t.msn[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@t.msn[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@t.msn[5].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@tap.rubiconproject[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@tcadops.recettes.qc[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@tcpglobal[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@techguy[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@teluq.uquebec[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@thehairstyler[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@thepiratebay[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@theweathernetwork[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@toseeka[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@translate.google[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@ultimate-guitar[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@uqar.uquebec[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@video.google[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@vitamine.networldmedia[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@voobys[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@walmartphotocentre[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@windowsmarketplace[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@workopolis[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@workopolis[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@worldconnect.rootsweb.ancestry[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www-ssl.futureshop[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.1-plus[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.accubid[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.aldoshoes[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ancestry[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.bell[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.bing[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.bodegle[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.bouclair[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.burstbeacon[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.canadapost[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.carrieres.gouv.qc[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.cca1[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.cegep-rimouski.qc[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.clarkscanada[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.cmhc-schl.gc[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.commentcamarche[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.csphares.qc[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.darkfta[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.dssgeeks[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.e-flyer.reitmans[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.eastwood[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ehow[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.elabs3[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.elabs3[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.foodtv[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ftaconcept[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ftatalk[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ftatalk[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.futureshop[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.globoshoes[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.google[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.groupelenavigateur[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.jeuxvideo[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.jobbom[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.knorr[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.kraftcanada[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.latoiledesrecruteurs[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.lespac[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.lespac[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.mapquest[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.meteomedia[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.meteomedia[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.microsoft[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.mls[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.monemploi[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.myspringshoes[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.nait[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.partitions101[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.partypoker[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.prorepairsoftware[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.radio-canada[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.radioenergie[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.radioenergie[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.realtor[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.recettes.qc[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.recettes.qc[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.recettes.qc[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.reitmans[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.sears[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.spywareterminator[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.tcpglobal[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.thehairstyler[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ultimate-guitar[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ultimate-guitar[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ultimate-guitar[3].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ultimate-guitar[4].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.ultimate-guitar[5].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.walmartphotocentre[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.workopolis[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www.xvideos[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www04.cmhc-schl.gc[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www1.gnb[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@www20.search.rogers[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@xiti[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@xvideos[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@xvideos[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@yieldbuild[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@youtube[1].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@youtube[2].txt
C:\DOCUME~1\PLevin\Cookies\computer_user@zune[2].txt
.
HKCU\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
HKCU\software\PartyGaming
HKLM\Software\Classes\TypeLib\{7D3F5DE4-E980-4407-A10F-9AC771ABAAE6}
HKLM\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor
HKLM\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin
HKLM\software\Trymedia Systems

(!) -- Temp files deleted.

.
============== Added scan ==============
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\All Users\Application Data\Intuit\QuickBooks 2008\Components\DownloadQB18\Patch\qbpatch.exe
.
===================================
.
31514 Byte(s) - C:\Ad-Report-CLEAN[1].log
32122 Byte(s) - C:\Ad-Report-SCAN[1].log
.
3 File(s) - C:\DOCUME~1\PLevin\LOCALS~1\Temp
2 File(s) - C:\WINDOWS\Temp
.
18 File(s) - C:\Program Files\Ad-Remover\BACKUP
504 File(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
End at: 11:46:08 | 2009-11-21 - CLEAN[1]
.
============== E.O.F ==============
.
0
Utilisateur anonyme
 
Re

Impeccable.

Lance un scan complet avec ton antivirus et poste moi le rapport a l'issue.
Merci et@+
0
Réponse 15 / 18
maggie
 
Bonjour à toi, sa prends plusieurs heures pour faire mon scan avec mon anti-virus alors........ Mais je ne suis pas certaine que je vais avoir un rapport, il ne semble que non. Est-ce que tu sais comment je peux en sortir un ou comment je peux le trouver. J'utilise AVG comme anti-virus. Merci
0
Utilisateur anonyme
 
Re

Le scan est-il toujours en cours?
0
Réponse 16 / 18
maggie
 
Bon après avoir fait mon scan(qui a prit 3h), sa dit qu'il n'y a : no infection found during the scan.

Scan "Scan whole computer" was finished.
No infection was found during this scan
Folders selected for scanning:;"Scan whole computer"
Scan started:;"21 novembre 2009, 12:03:14"
Scan finished:;"21 novembre 2009, 15:28:18 (3 hour(s) 25 minute(s) 3 second(s))"
Total object scanned:;"619259"
User who launched the scan:;"Computer User"

Warnings
File;"Infection";"Result"
C:\ToolBar SD\Backup-TB\DOCUME~1\PLevin\Cookies\computer_user@7search[2].txt:\7search.com.f2cc2494;"Found Tracking cookie.7search";"Moved to Virus Vault"
C:\ToolBar SD\Backup-TB\DOCUME~1\PLevin\Cookies\computer_user@7search[2].txt:\7search.com.5bc4302d;"Found Tracking cookie.7search";"Moved to Virus Vault"
C:\ToolBar SD\Backup-TB\DOCUME~1\PLevin\Cookies\computer_user@7search[2].txt;"Found Tracking cookie.7search";"Moved to Virus Vault"
C:\Documents and Settings\PLevin\Cookies\computer_user@smartadserver[2].txt:\smartadserver.com.c5827141;"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
C:\Documents and Settings\PLevin\Cookies\computer_user@smartadserver[2].txt:\smartadserver.com.bf8b766;"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
C:\Documents and Settings\PLevin\Cookies\computer_user@smartadserver[2].txt:\smartadserver.com.5550c4ed;"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
C:\Documents and Settings\PLevin\Cookies\computer_user@smartadserver[2].txt:\smartadserver.com.3e749ab9;"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
C:\Documents and Settings\PLevin\Cookies\computer_user@smartadserver[2].txt:\smartadserver.com.321a5cf8;"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
C:\Documents and Settings\PLevin\Cookies\computer_user@smartadserver[2].txt;"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
C:\Documents and Settings\PLevin\Cookies\computer_user@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Documents and Settings\PLevin\Cookies\computer_user@msnportal.112.2o7[1].txt;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Documents and Settings\PLevin\Cookies\computer_user@atdmt[2].txt:\atdmt.com.9e6d7fd3;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\PLevin\Cookies\computer_user@atdmt[2].txt:\atdmt.com.74c5668;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\PLevin\Cookies\computer_user@atdmt[2].txt;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
0
Utilisateur anonyme
 
Bonsoir

1)Télécharges tools cleaner afin de supprimer les logiciels de désinfection inutiles

---> Télécharge Toolscleaner sur ton Bureau.
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

2)La désinstallation de Norton s'avère souvent incomplète, il faut systématiquement utiliser l'utilitaire de désinstallation Norton pour tout supprimer : Norton Removal Tool
http://service1.symantec.com/

3)Pour vérifier les mises à jour logiciels à appliquer sur ton PC
https://www.flexera.com/products/operations/software-vulnerability-management.html
Divers liens te seront proposés pour les logiciels non à jour.

4)C - Ccleaner :

https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/

.enregistres le sur le bureau
.double-cliques sur le fichier pour lancer l'installation
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur <gras>suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur installer
.cliques sur fermer
.double-cliques sur <gras>l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur <gras>option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
. coches la première case vieilles données du perfetch ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vérifies en appuyant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.clique maintenant sur registre et puis sur rechercher les erreurs
.laisse tout coché et clique sur réparer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.clique sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et <gras>fermer tu vérifies en relançant <gras>rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner.

Tuto : https://jesses.pagesperso-orange.fr/Docs/Logiciels/CCleaner.htm

0
Réponse 17 / 18
maggie
 
[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\PLevin\Desktop\HijackThis.lnk: trouvé !
C:\Documents and Settings\PLevin\Desktop\HJTInstall.exe: trouvé !
C:\Documents and Settings\PLevin\Desktop\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\PLevin\Desktop\Ad-R.exe: trouvé !
C:\Documents and Settings\PLevin\Desktop\ToolBarSD.exe: trouvé !
C:\Documents and Settings\PLevin\Desktop\Rsit.exe: trouvé !
C:\Documents and Settings\PLevin\Desktop\SmitFraudfix: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Ad-Remover\BACKUP\Ad-R.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\WINDOWS\mbr.exe: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\PLevin\Desktop\HijackThis.lnk: supprimé !
C:\Documents and Settings\PLevin\Desktop\HJTInstall.exe: supprimé !
C:\Documents and Settings\PLevin\Desktop\SmitFraudFix.exe: supprimé !
C:\Documents and Settings\PLevin\Desktop\Ad-R.exe: supprimé !
C:\Documents and Settings\PLevin\Desktop\ToolBarSD.exe: supprimé !
C:\Program Files\Ad-Remover\BACKUP\Ad-R.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\PLevin\Desktop\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\WINDOWS\mbr.exe: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: supprimé !
C:\Documents and Settings\PLevin\Desktop\SmitFraudfix: supprimé !
C:\Program Files\Ad-remover: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis: supprimé !
0
Réponse 18 / 18
maggie
 
Et voilà tout est fait!!!!
0
Utilisateur anonyme
 
Bonjour

Il reste ceci :Purge la restauration comme ceci :
http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924

Cela supprime toutes traces des diverses infections ;et permettra une éventuelle restauration sans infections

Comment se comporte ton PC?

@+
0

Discussions similaires

Page bleue : your PC ran into a problem and needs to restart
pitchalou -
Malekal_morte- -

2 réponses
mon image prend une dominante bleue
herve -
Dany -

4 réponses