Sujet Précédent Sujet Suivant

Winfixer encore et toujours

Résolu
Weblord -  
Rumbacampus Messages postés 1244 Statut Membre -
Salut,

Comme vous l'aurez compris j'ai comme beaucoup cette me...e sur mon PC, et j'ai beau tout essayer par moi même ça part pas, alors je vous poste mon rapport hijack pour avoir si possible une aide personnalisé : 

Logfile of HijackThis v1.99.1
Scan saved at 09:24:20, on 21/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Outlook Express\msimn.exe
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\Multi\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france.exe
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DB3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - http://www.levillage.org/aw/levillage.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/dribnif/fr/win/QuickTimeInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121700363627
O16 - DPF: {B20D9D6A-0DEC-4D76-9BEF-175896006B4A} (RptViewerAX Class) - http://webi.cdiscount.com/wiasp/distribution/RptViewerfr.cab
O16 - DPF: {DF4F4ED9-420B-4F40-AEE6-A620460306E7} (CantocheLivingActorInstaller2 Class) - http://ak.cdiscount.com/plug-ins/LivingActorInstaller2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{023FD111-CAFC-45E2-820D-F9694DFC7483}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{023FD111-CAFC-45E2-820D-F9694DFC7483}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{023FD111-CAFC-45E2-820D-F9694DFC7483}: NameServer = 193.252.19.3,193.252.19.4
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\drband.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

21 réponses

  • 1
  • 2
Réponse 1 / 21
Real Mona Messages postés 1432 Statut Membre 94
 
Bonjour,

Installe si tu ne les as pas :
1/Spybot S&D 1.4 <<nouvelle version
http://www.safer-networking.org/fr/index.html

Démo d’utilisation (merci à Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

2/Ad-Aware SE 1.06 <<nouvelle version
http://www.lavasoftusa.com/software/adaware/
-Une aide:
http://www.tutopat.com/viewtopic.php?t=1191
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/adawrevid.asf

Passe les et vire tout ce qu'ils trouvent + vide les quarantaines.

Puis, fais ces deux scans en ligne :

http://www.bitdefender.com/scan/licence.php
Copie/colle le rapport ici
et
http://www.ewido.net/fr/download/
Tu l'installes et tu le mets à jour.
Fais un scan en mode complet.
Sauvegardes le rapport et copie le ici

Dans la foulée copie un autre log HT avec.

A+
M.
0
Weblord
 
Bon j'ai mis du temps à faire ce que tu m'avais dit real mona, mais bon voilà c'est fait.

Voici le rapport bitdefender : 
Statistiques
 
Temps
 00:59:53
 
Fichiers
 116075
 
Directoires
 3853
 
Secteurs de boot
 5
 
Archives
 1156
 
Paquets programmes
 9388
 
  
  
 
Résultats
 
Virus identifiés
 0
 
Fichiers infectés
 0
 
Fichiers suspects
 0
 
Avertissements
 0
 
Désinfectés
 0
 
Fichiers effacés
 0
 
  
  
 
Info sur les moteurs
 
Définition virus
 231241
 
Version des moteurs
 AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
 
Analyse des plugins
 13
 
Archive des plugins
 39
 
Unpack des plugins
 4
 
E-mail plugins
 6
 
Système plugins
 1
 
  
  
 
Paramètres d'analyse
 
Première action
 Désinfecté
 
Seconde Action
 Supprimé
 
Heuristique
 Oui
 
Acceptez les avertissements
 Oui
 
Extensions analysées
 exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
 
Excludez les extensions
  
 
Analyse d'emails
 Oui
 
Analyse des Archives
 Oui
 
Analyser paquets programmes
 Oui
 
Analyse des fichiers
 Oui
 
Analyse de boot
 Oui
 
  
  
 
  Fichier analysé
  Statut
 
Aucun virus trouvé.


Voici le rapport Ewido : 

---------------------------------------------------------
 ewido security suite - Rapport de scan
---------------------------------------------------------

 + Créé le:		15:32:44, 28/10/2005
 + Somme de contrôle:	88754D1D

 + Résultats du scan:

	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/HDPlugin1015.dll\\.Owner -> Spyware.Gator : Nettoyer et sauvegarder
	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/HDPlugin1015.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Nettoyer et sauvegarder
	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/HDPlugin1018.dll\\.Owner -> Spyware.Gator : Nettoyer et sauvegarder
	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/HDPlugin1018.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Nettoyer et sauvegarder
	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/HDPlugin1019.dll\\.Owner -> Spyware.Gator : Nettoyer et sauvegarder
	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/HDPlugin1019.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Nettoyer et sauvegarder
	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/HDPlugin1018.dll\\.Owner -> Spyware.Gator : Nettoyer et sauvegarder
	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/HDPlugin1018.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Nettoyer et sauvegarder
	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1015.dll\\.Owner -> Spyware.Gator : Nettoyer et sauvegarder
	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1015.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Nettoyer et sauvegarder
	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1018.dll\\.Owner -> Spyware.Gator : Nettoyer et sauvegarder
	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1018.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Nettoyer et sauvegarder
	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/EGAUTH.dll\\.Owner -> Dialer.Generic : Nettoyer et sauvegarder
	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/EGAUTH.dll\\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8} -> Dialer.Generic : Nettoyer et sauvegarder
	[1216] C:\WINDOWS\system32\iclogmsg.dll -> Spyware.Look2Me : Erreur durant le nettoyage
	[1856] C:\WINDOWS\system32\iclogmsg.dll -> Spyware.Look2Me : Erreur durant le nettoyage
	:mozilla.14:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Adbrite : Nettoyer et sauvegarder
	:mozilla.16:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Euroclick : Nettoyer et sauvegarder
	:mozilla.17:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Euroclick : Nettoyer et sauvegarder
	:mozilla.18:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Euroclick : Nettoyer et sauvegarder
	:mozilla.23:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder
	:mozilla.24:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder
	:mozilla.32:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
	:mozilla.33:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
	:mozilla.34:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
	:mozilla.35:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
	:mozilla.36:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
	:mozilla.37:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
	:mozilla.38:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
	:mozilla.68:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.69:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.70:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.71:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.72:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.73:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.74:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.75:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.91:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
	:mozilla.104:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
	:mozilla.108:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Fastclick : Nettoyer et sauvegarder
	:mozilla.109:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Fastclick : Nettoyer et sauvegarder
	:mozilla.170:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Paycounter : Nettoyer et sauvegarder
	:mozilla.176:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Revenue : Nettoyer et sauvegarder
	:mozilla.177:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Revenue : Nettoyer et sauvegarder
	:mozilla.178:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Revenue : Nettoyer et sauvegarder
	:mozilla.179:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Revenue : Nettoyer et sauvegarder
	:mozilla.180:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Revenue : Nettoyer et sauvegarder
	:mozilla.181:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Revenue : Nettoyer et sauvegarder
	:mozilla.182:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Revenue : Nettoyer et sauvegarder
	:mozilla.183:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Revenue : Nettoyer et sauvegarder
	:mozilla.184:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Revenue : Nettoyer et sauvegarder
	:mozilla.189:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder
	:mozilla.190:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder
	:mozilla.191:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder
	:mozilla.192:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder
	:mozilla.202:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.203:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.204:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.205:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.206:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.207:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.208:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.209:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.210:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.211:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.212:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.213:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.214:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.215:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.216:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.217:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.218:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.219:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.220:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.221:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.222:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.223:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.224:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.225:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.226:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.227:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.228:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.229:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.230:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.231:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.232:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.233:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.234:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.235:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.236:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.237:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.238:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.239:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.240:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.241:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.242:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.243:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.244:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.245:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.246:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.247:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.248:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.249:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.250:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.251:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.258:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.259:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.260:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.261:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.262:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.263:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.264:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.265:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.266:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.267:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.268:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.269:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Trafficmp : Nettoyer et sauvegarder
	:mozilla.270:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Trafficmp : Nettoyer et sauvegarder
	:mozilla.271:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Trafficmp : Nettoyer et sauvegarder
	:mozilla.272:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Trafficmp : Nettoyer et sauvegarder
	:mozilla.273:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Trafficmp : Nettoyer et sauvegarder
	:mozilla.274:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Trafficmp : Nettoyer et sauvegarder
	:mozilla.275:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Trafic : Nettoyer et sauvegarder
	:mozilla.276:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Nettoyer et sauvegarder
	:mozilla.282:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
	:mozilla.283:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
	:mozilla.284:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
	:mozilla.329:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Adserver : Nettoyer et sauvegarder
	:mozilla.330:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Adserver : Nettoyer et sauvegarder
	:mozilla.343:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
	:mozilla.344:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
	:mozilla.345:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
	:mozilla.346:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
	:mozilla.347:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
	:mozilla.348:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
	:mozilla.349:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
	:mozilla.350:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
	:mozilla.365:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
	:mozilla.366:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
	:mozilla.367:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
	:mozilla.380:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder
	:mozilla.381:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder
	:mozilla.382:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder
	:mozilla.383:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Comclick : Nettoyer et sauvegarder
	:mozilla.392:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Masterstats : Nettoyer et sauvegarder
	:mozilla.411:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Liveperson : Nettoyer et sauvegarder
	:mozilla.412:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Liveperson : Nettoyer et sauvegarder
	:mozilla.413:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Liveperson : Nettoyer et sauvegarder
	:mozilla.414:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Liveperson : Nettoyer et sauvegarder
	:mozilla.527:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Epilot : Nettoyer et sauvegarder
	:mozilla.529:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Etracker : Nettoyer et sauvegarder
	:mozilla.604:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
	:mozilla.605:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
	:mozilla.606:C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\vvsll62x.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@112.2o7[1].txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@ad.adition[3].txt -> Spyware.Cookie.Adition : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@ad1.clickhype[2].txt -> Spyware.Cookie.Clickhype : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@addcontrol[1].txt -> Spyware.Cookie.Addcontrol : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@ads00.bpath[1].txt -> Spyware.Cookie.Bpath : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@ads05.bpath[1].txt -> Spyware.Cookie.Bpath : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@ads08.bpath[2].txt -> Spyware.Cookie.Bpath : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@ads12.bpath[1].txt -> Spyware.Cookie.Bpath : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@ads13.bpath[1].txt -> Spyware.Cookie.Bpath : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@ads18.bpath[2].txt -> Spyware.Cookie.Bpath : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@ads20.bpath[1].txt -> Spyware.Cookie.Bpath : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@ads27.bpath[1].txt -> Spyware.Cookie.Bpath : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@ads33.bpath[1].txt -> Spyware.Cookie.Bpath : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@ads47.bpath[2].txt -> Spyware.Cookie.Bpath : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@ads49.bpath[2].txt -> Spyware.Cookie.Bpath : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@burstnet[1].txt -> Spyware.Cookie.Burstnet : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@com[2].txt -> Spyware.Cookie.Com : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@cz8.clickzs[2].txt -> Spyware.Cookie.Clickzs : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@e-2dj6wjk4gicjsdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@estat[1].txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@imgserv.adbutler[2].txt -> Spyware.Cookie.Adbutler : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@paypopup[2].txt -> Spyware.Cookie.Paypopup : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@ppms.popularix[1].txt -> Spyware.Cookie.Popularix : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@spms.bpath[1].txt -> Spyware.Cookie.Bpath : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@vip.clickzs[2].txt -> Spyware.Cookie.Clickzs : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@weborama[2].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Cookies\multi@www.tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Local Settings\Temp\Cookies\multi@112.2o7[1].txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Local Settings\Temp\Cookies\multi@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Local Settings\Temp\Cookies\multi@com[2].txt -> Spyware.Cookie.Com : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Local Settings\Temp\Cookies\multi@sfr.122.2o7[2].txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Local Settings\Temp\Cookies\multi@www.epilot[1].txt -> Spyware.Cookie.Epilot : Nettoyer et sauvegarder
	C:\Documents and Settings\Multi\Local Settings\Temporary Internet Files\Content.IE5\SXYFGHUF\upd209[1].exe -> Spyware.Look2Me : Nettoyer et sauvegarder
	:mozilla.10:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder
	:mozilla.52:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.53:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.54:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.55:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.56:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.57:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.58:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.59:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.60:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.61:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.62:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.63:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.64:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.65:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.66:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.67:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.68:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.69:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.70:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.71:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.72:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.73:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.74:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.75:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.76:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.77:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.78:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.79:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.80:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.81:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.82:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.83:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.84:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.85:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.86:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.87:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.88:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.89:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.90:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.91:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.92:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.93:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.94:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.95:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.96:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.97:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.98:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.99:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.100:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.101:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder
	:mozilla.111:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Liveperson : Nettoyer et sauvegarder
	:mozilla.112:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Liveperson : Nettoyer et sauvegarder
	:mozilla.113:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Liveperson : Nettoyer et sauvegarder
	:mozilla.186:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Adbutler : Nettoyer et sauvegarder
	:mozilla.187:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Adbutler : Nettoyer et sauvegarder
	:mozilla.188:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Adbutler : Nettoyer et sauvegarder
	:mozilla.189:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Adbutler : Nettoyer et sauvegarder
	:mozilla.190:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Adbutler : Nettoyer et sauvegarder
	:mozilla.191:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Adbutler : Nettoyer et sauvegarder
	:mozilla.192:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Adbutler : Nettoyer et sauvegarder
	:mozilla.193:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Adbutler : Nettoyer et sauvegarder
	:mozilla.194:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Adbutler : Nettoyer et sauvegarder
	:mozilla.195:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Adbutler : Nettoyer et sauvegarder
	:mozilla.196:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Adbutler : Nettoyer et sauvegarder
	:mozilla.197:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Adbutler : Nettoyer et sauvegarder
	:mozilla.198:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Adbutler : Nettoyer et sauvegarder
	:mozilla.199:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
	:mozilla.200:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
	:mozilla.201:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
	:mozilla.202:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
	:mozilla.203:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
	:mozilla.204:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
	:mozilla.205:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
	:mozilla.206:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
	:mozilla.232:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Falkag : Nettoyer et sauvegarder
	:mozilla.238:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.240:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.241:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.242:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.243:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.244:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.245:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.246:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.247:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.248:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.249:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.250:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder
	:mozilla.252:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
	:mozilla.253:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
	:mozilla.254:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
	:mozilla.255:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
	:mozilla.256:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
	:mozilla.263:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
	:mozilla.264:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
	:mozilla.266:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
	:mozilla.267:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
	:mozilla.268:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
	:mozilla.275:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Nettoyer et sauvegarder
	:mozilla.276:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Nettoyer et sauvegarder
	:mozilla.280:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Nettoyer et sauvegarder
	:mozilla.281:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Nettoyer et sauvegarder
	:mozilla.282:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Nettoyer et sauvegarder
	:mozilla.284:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Trafficmp : Nettoyer et sauvegarder
	:mozilla.293:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Targetnet : Nettoyer et sauvegarder
	:mozilla.294:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Targetnet : Nettoyer et sauvegarder
	:mozilla.300:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Liveperson : Nettoyer et sauvegarder
	:mozilla.301:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Liveperson : Nettoyer et sauvegarder
	:mozilla.302:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.303:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.304:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.305:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.306:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.307:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.308:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.309:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.310:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.311:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.312:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.313:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.314:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.315:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.316:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Nettoyer et sauvegarder
	:mozilla.355:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
	:mozilla.362:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
	:mozilla.363:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
	:mozilla.364:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
	:mozilla.369:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.370:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.371:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.372:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.373:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.374:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.375:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.376:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.377:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.378:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.379:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.380:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.381:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.382:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.383:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.384:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.385:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.386:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.387:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.388:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.389:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.390:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.391:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.392:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.393:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.394:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.395:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.396:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.397:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.398:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.399:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.401:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.402:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.403:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.404:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.405:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.406:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla\Firefox\Profiles\9ev6vrqz.default\cookies.txt -> Spyware.Cookie.Statcounter : Nettoyer et sauvegarder
	:mozilla.407:C:\Documents and Settings\MULTI.SERVEUR_MULTI.old\Application Data\Mozilla
0
Weblord
 
le nouvel hijack : 

Logfile of HijackThis v1.99.1
Scan saved at 15:34:10, on 28/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Documents and Settings\Multi\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france.exe
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DB3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - http://www.levillage.org/aw/levillage.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/dribnif/fr/win/QuickTimeInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121700363627
O16 - DPF: {B20D9D6A-0DEC-4D76-9BEF-175896006B4A} (RptViewerAX Class) - http://webi.cdiscount.com/wiasp/distribution/RptViewerfr.cab
O16 - DPF: {DF4F4ED9-420B-4F40-AEE6-A620460306E7} (CantocheLivingActorInstaller2 Class) - http://ak.cdiscount.com/plug-ins/LivingActorInstaller2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{023FD111-CAFC-45E2-820D-F9694DFC7483}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{023FD111-CAFC-45E2-820D-F9694DFC7483}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{023FD111-CAFC-45E2-820D-F9694DFC7483}: NameServer = 193.252.19.3,193.252.19.4
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\drband.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
0
Réponse 2 / 21
Real Mona Messages postés 1432 Statut Membre 94
 
Bonjour,

Eh beh, ewido a bcp nettoyé ! c'est une bonne chose.

Reste qqs petites choses, mais il faut impérativement que tu te déconnectes du net pour faire ces manips (enlève le cable par exemple).

Imprime ceci pour ne rien oublier de faire :

Méthode à suivre dans l'ordre...

----------------------------------------------------------------------------
Télécharge ces logiciels (si tu ne les as pas) mais que tu n‘utilises pas tout de suite:

1/Spybot S&D 1.4 <<nouvelle version
http://www.safer-networking.org/fr/index.html
Démo d’utilisation (merci à Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

2/Ad-Aware SE 1.06 <<nouvelle version
http://www.lavasoftusa.com/software/adaware/
-Une aide:
http://www.tutopat.com/viewtopic.php?t=1191
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/adawrevid.asf

----------------------------------------------------------------------------
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5)
----------------------------------------------------------------------------
Désactive ta restauration système :
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu coches la case « désactiver la restauration » et applique
----------------------------------------------------------------------------
Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Coche « afficher les fichiers et dossiers cachés »

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.

Et appliquer !
----------------------------------------------------------------------------
Vide tes fichiers temps et tempory internet file:

:: Supprimer les fichiers temporaires ::
vider tout le contenu de ces dossiers.

* C:\Documents and Settings\ton compte\Local Settings\Temp
* C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
* C:\Windows\Temp

:: Le contenu du dossier prefetch ::

* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

* Ne pas oublier de vider la corbeille !
----------------------------------------------------------------------------
Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france.exe
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\drband.dl => ou toute ligne qui apparaîtra en O20, car c’est un fichier mutant

----------------------------------------------------------------------------
Passe Ad-Aware et vire tout ce qu’il trouve + vide la quarantaine
----------------------------------------------------------------------------
Passe Spybot et vire tout ce qu’il trouve + vide la quarantaine
----------------------------------------------------------------------------
> Tu vides ta poubelle et tu redémarres en mode normal et refait un HijackThis que tu postes ici.

Et enfin un petit conseil :
Installe un pare-feu (ou firewall) Si tu utilises celui de XP désactive le et installe http://download.zonelabs.com/bin/free/fr/download/comparison.html
Pour désactiver ton firewall Windows XP tu fais la chose suivante :
clique sur le bouton Démarrer, sur Paramètres, puis double clique sur Connexion Réseau. Sélectionne ta connexion puis clique dessus avec le bouton droit de la souris. Choisis la commande Propriétés. Dans l'onglet Avancé, décoche la case Protéger mon ordinateur et le réseau... Valide par OK
Pour configurer les programmes qui peuvent avoir accès à internet, ouvre ZoneAlarm, va dans "contrôle des programmes" clique sur l'onglet programme. Tu vas voir tous tes programmes. Quand tu cliques dans les colonnes "accès" et "serveur" tu as la possibilité d'autoriser de bloquer ou de demander.
Tuto : http://www.zebulon.fr/articles/configurationZA_1.php

A+
M.
0
Réponse 3 / 21
Weblord
 
Merci real mona, ça au moins c'est de la réponse précise !!!
Alors j'ai fait tout ce que tu as dit, et bingo lors de mon scan spybot en mode sans echec winfixer est apparue dans la liste des spy détectés !! (dingue ça)

alors voici donc un nouveau rapport hijack : 

Logfile of HijackThis v1.99.1
Scan saved at 17:29:19, on 28/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Multi\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DB3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - http://www.levillage.org/aw/levillage.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/dribnif/fr/win/QuickTimeInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121700363627
O16 - DPF: {B20D9D6A-0DEC-4D76-9BEF-175896006B4A} (RptViewerAX Class) - http://webi.cdiscount.com/wiasp/distribution/RptViewerfr.cab
O16 - DPF: {DF4F4ED9-420B-4F40-AEE6-A620460306E7} (CantocheLivingActorInstaller2 Class) - http://ak.cdiscount.com/plug-ins/LivingActorInstaller2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{023FD111-CAFC-45E2-820D-F9694DFC7483}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{023FD111-CAFC-45E2-820D-F9694DFC7483}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{023FD111-CAFC-45E2-820D-F9694DFC7483}: NameServer = 193.252.19.3,193.252.19.4
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\drband.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
0
Réponse 4 / 21
Real Mona Messages postés 1432 Statut Membre 94
 
Tenace la bestiole !
Une autre manip

1/ Télécharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe

2/ Désactive ta restauration système :
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu coches la case « désactiver la restauration » et applique.
----------------------------------------------------------------------------
3/Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
4/ Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

Coche « afficher les fichiers et dossiers cachés »

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.

Et appliquer !
----------------------------------------------------------------------------
5/ Vide tes fichiers temps et tempory internet file avec cleanup
http://pageperso.aol.fr/balltrap34/CleanUp40.exe

----------------------------------------------------------------------------
6/ Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

Pour les lignes O16, tu ne fixes que si tu ne connais pas les sites qui sont référencés
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden.cab
O16 - DPF: {1DB3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - http://www.levillage.org/aw/levillage.cab
O16 - DPF: {B20D9D6A-0DEC-4D76-9BEF-175896006B4A} (RptViewerAX Class) - http://webi.cdiscount.com/wiasp/distribution/RptViewerfr.cab
O16 - DPF: {DF4F4ED9-420B-4F40-AEE6-A620460306E7} (CantocheLivingActorInstaller2 Class) - http://ak.cdiscount.com/plug-ins/LivingActorInstaller2.cab
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\drband.dll = > (ou sur la ligne 020 car la dll va surement changer de nom, mais note le nom exact, on en a besoin plus bas)

7/Double clic sur killbox.exe (Pocket Killbox)

- coche: delete on reboot
- Dans "Full Path of File to Delete"
copie et colle:
C:\WINDOWS\system32\drband.dll
(ou tout autre nom de dll que prendra le fichier en ligne 020)

- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES

Laisse le pc redémarrer.
Et après reposte un log HijackThis.

A+
M.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
Weblord
 
Alors, j'ai fait ce que tu m'as indiqué, sauf que cette fois-ci ça a m.erdé vers la parti killbox.exe. En effet au moment de dire oui pour qu'il redémarre j'ai eu le message suivant :

PendingFile RenameOperations Registry Data has been removed by ExternalProcess!

Et ça a pas rebooté :-((

Efin bon je te met comme demandé un nouveau rapport hijack : 
Logfile of HijackThis v1.99.1
Scan saved at 17:05:35, on 31/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Multi\Bureau\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DB3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - http://www.levillage.org/aw/levillage.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/dribnif/fr/win/QuickTimeInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121700363627
O16 - DPF: {B20D9D6A-0DEC-4D76-9BEF-175896006B4A} (RptViewerAX Class) - http://webi.cdiscount.com/wiasp/distribution/RptViewerfr.cab
O16 - DPF: {DF4F4ED9-420B-4F40-AEE6-A620460306E7} (CantocheLivingActorInstaller2 Class) - http://ak.cdiscount.com/plug-ins/LivingActorInstaller2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{023FD111-CAFC-45E2-820D-F9694DFC7483}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{023FD111-CAFC-45E2-820D-F9694DFC7483}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{023FD111-CAFC-45E2-820D-F9694DFC7483}: NameServer = 193.252.19.3,193.252.19.4
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\drband.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
0
Réponse 6 / 21
Real Mona Messages postés 1432 Statut Membre 94
 
Tu veux pas réessayer avec la manip kill box ? car la
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\drband.dll
est toujours là, et elle est mauvaise !!!

Tiens moi au courant,
Mona
0
Réponse 7 / 21
Weblord
 
Ben j'avais bien évidemment réessayé la manip avec killbox, mais rien n'y faisait. Je viens de réessayer encore à l'instant, et comme tu l'avais indiqué le fichier avait muté, mais le message qui revient est le même et le fichier ne s'efface pas :-(
0
Réponse 8 / 21
Utilisateur anonyme
 
salut Real Mona,
essai d utiliser L2mfix

a+
0
Réponse 9 / 21
Weblord
 
Ok, merci regis59. Que dois-je faire avec l2mfix ? Ou puis-je le trouver ?

Merci.
0
Réponse 10 / 21
Rumbacampus Messages postés 1244 Statut Membre 184
 
Salut

Ici :
http://www.downloads.subratam.org/l2mfix.exe

1/ Télécharge l2mfix.exe
Mets-le sur ton bureau.
Double-clic sur l2mfix.exe
A la 1ère question clic sur Accept, ensuite clic sur Install

2/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 1 puis Entrée
Poste ce 1er rapport.

3/ Ensuite ferme tous les programmes parce qu'il va y avoir reboot automatique
Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
>> Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat
Enfin poste ce 2ème rapport avec un nouveau rapport HJT.

@+
0
Réponse 11 / 21
Weblord
 
Ok merci. Je fais cette manip en mode sans echec ou pas ?
0
Réponse 12 / 21
Weblord
 
Bon ben voilà le premier rapport l2mfix : 
L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\cjodm.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM
(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM
(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs
(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs
(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW  Full access 	BUILTIN\Administrateurs
(ID-IO) ALLOW  Full access 	BUILTIN\Administrateurs
(ID-NI) ALLOW  Full access 	AUTORITE NT\SYSTEM
(ID-IO) ALLOW  Full access 	AUTORITE NT\SYSTEM
(ID-IO) ALLOW  Full access 	CREATEUR PROPRIETAIRE


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{51C93084-F8AB-DC92-E9A5-BE50F0EB62DB}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de Bureau"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{0E6C58A9-F592-4862-B35F-CA45E24003B3}"="CloneCD"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B2285F69-E468-4BE3-A962-EABBA26D4CD7}"=""
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{CBB84B4E-CB73-4496-AFE7-6F4C20E758DA}"=""
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"="TuneUp Shredder Shell Context Menu Extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{4745C201-604F-4519-82CF-70216F9B0F3C}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CBB84B4E-CB73-4496-AFE7-6F4C20E758DA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CBB84B4E-CB73-4496-AFE7-6F4C20E758DA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CBB84B4E-CB73-4496-AFE7-6F4C20E758DA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CBB84B4E-CB73-4496-AFE7-6F4C20E758DA}\InprocServer32]
@="C:\\WINDOWS\\system32\\nrptools.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4745C201-604F-4519-82CF-70216F9B0F3C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4745C201-604F-4519-82CF-70216F9B0F3C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4745C201-604F-4519-82CF-70216F9B0F3C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4745C201-604F-4519-82CF-70216F9B0F3C}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
   browseui.dll   Sat  3 Sep 2005   1:06:12   A....      1 020 416   996,50 K
   cdfview.dll    Sat  3 Sep 2005   1:06:12   A....        152 064   148,50 K
   cdosys.dll     Sat 10 Sep 2005   2:55:14   A....      2 067 968     1,97 M
   cjodm.dll      Mon 31 Oct 2005  17:03:28   .....        417 792   408,00 K
   danim.dll      Sat  3 Sep 2005   1:06:12   A....      1 056 256     1,00 M
   drband.dll     Fri 30 Sep 2005   7:55:02   ..S.R        417 792   408,00 K
   dxtrans.dll    Sat  3 Sep 2005   1:06:12   A....        205 312   200,50 K
   extmgr.dll     Sat  3 Sep 2005   1:06:12   A....         55 808    54,50 K
   iepeers.dll    Sat  3 Sep 2005   1:06:12   A....        251 392   245,50 K
   inseng.dll     Sat  3 Sep 2005   1:06:12   A....         96 768    94,50 K
   legitc~1.dll   Mon 29 Aug 2005  12:27:12   A....        520 968   508,76 K
   linkinfo.dll   Thu  1 Sep 2005   2:43:38   A....         19 968    19,50 K
   mshtml.dll     Tue  4 Oct 2005  16:26:06   A....      3 013 120     2,87 M
   mshtmled.dll   Sat  3 Sep 2005   1:06:12   A....        448 512   438,00 K
   msrating.dll   Sat  3 Sep 2005   1:06:12   A....        146 432   143,00 K
   mstime.dll     Sat  3 Sep 2005   1:06:12   A....        530 432   518,00 K
   netman.dll     Mon 22 Aug 2005  19:35:10   A....        197 632   193,00 K
   nrptools.dll   Wed  2 Nov 2005   9:10:22   ..S.R        417 792   408,00 K
   nwwks.dll      Thu 11 Aug 2005  16:11:40   A....         65 024    63,50 K
   pirfts.dll     Wed  2 Nov 2005   9:04:10   ..S.R        417 792   408,00 K
   pngfilt.dll    Sat  3 Sep 2005   1:06:12   A....         39 424    38,50 K
   quartz.dll     Tue 30 Aug 2005   4:55:44   A....      1 293 312     1,23 M
   shdocvw.dll    Sat  3 Sep 2005   1:06:12   A....      1 484 288     1,41 M
   shell32.dll    Fri 23 Sep 2005   4:07:00   A....      8 506 880     8,11 M
   shlwapi.dll    Sat  3 Sep 2005   1:06:12   A....        474 112   463,00 K
   umpnpmgr.dll   Tue 23 Aug 2005   4:39:36   A....        124 928   122,00 K
   urlmon.dll     Sat  3 Sep 2005   1:06:12   A....        605 696   591,50 K
   wininet.dll    Sat  3 Sep 2005   1:06:12   A....        662 528   647,00 K
   winsrv.dll     Thu  1 Sep 2005   2:43:38   A....        292 352   285,50 K
   wnhisn.dll     Mon 31 Oct 2005   9:01:44   ..S.R        417 792   408,00 K

30 items found:  30 files (4 H/S), 0 directories.
   Total of file sizes:  25 420 552 bytes     24,24 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
   guard.tmp      Mon 31 Oct 2005  16:47:48   ..S.R        417 792   408,00 K

1 item found:  1 file (1 H/S), 0 directories.
   Total of file sizes:  417 792 bytes    408,00 K
**********************************************************************************
Directory Listing of system files:
 Le volume dans le lecteur C n'a pas de nom.
 Le num‚ro de s‚rie du volume est 247A-58C5

 R‚pertoire de C:\WINDOWS\System32

nrptools dll            417ÿ792 02/11/2005  09:10
pirfts   dll            417ÿ792 02/11/2005  09:04
guard    tmp            417ÿ792 31/10/2005  16:47
wnhisn   dll            417ÿ792 31/10/2005  09:01
dllcache      <REP>             20/10/2005  18:09
drband   dll            417ÿ792 30/09/2005  07:55
MICROS~1      <REP>             09/12/2002  08:37
               5 fichier(s)        2ÿ088ÿ960 octets
               2 R‚p(s)  28ÿ005ÿ498ÿ880 octets libres
0
Réponse 13 / 21
Weblord
 
Et voici le second rapport L2mfix : 
Setting Directory
C:\ 
C:\ 
System Rebooted! 
 
Running From:
C:\
 
killing explorer and rundll32.exe 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1456 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1476 'rundll32.exe'
 
Scanning First Pass. Please Wait!
 
First Pass Completed 
 
Second Pass Scanning 
 
Second pass Completed!
Backing Up: C:\WINDOWS\system32\cjodm.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\cjodm.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\drband.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\drband.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\nrptools.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\nrptools.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\pirfts.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\pirfts.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\wnhisn.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\wnhisn.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\guard.tmp
        1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\guard.tmp
        1 fichier(s) copi‚(s).
deleting: C:\WINDOWS\system32\cjodm.dll  
Successfully Deleted: C:\WINDOWS\system32\cjodm.dll
deleting: C:\WINDOWS\system32\cjodm.dll  
Successfully Deleted: C:\WINDOWS\system32\cjodm.dll
deleting: C:\WINDOWS\system32\drband.dll  
Successfully Deleted: C:\WINDOWS\system32\drband.dll
deleting: C:\WINDOWS\system32\drband.dll  
Successfully Deleted: C:\WINDOWS\system32\drband.dll
deleting: C:\WINDOWS\system32\nrptools.dll  
Successfully Deleted: C:\WINDOWS\system32\nrptools.dll
deleting: C:\WINDOWS\system32\nrptools.dll  
Successfully Deleted: C:\WINDOWS\system32\nrptools.dll
deleting: C:\WINDOWS\system32\pirfts.dll  
Successfully Deleted: C:\WINDOWS\system32\pirfts.dll
deleting: C:\WINDOWS\system32\pirfts.dll  
Successfully Deleted: C:\WINDOWS\system32\pirfts.dll
deleting: C:\WINDOWS\system32\wnhisn.dll  
Successfully Deleted: C:\WINDOWS\system32\wnhisn.dll
deleting: C:\WINDOWS\system32\wnhisn.dll  
Successfully Deleted: C:\WINDOWS\system32\wnhisn.dll
deleting: C:\WINDOWS\system32\guard.tmp  
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
deleting: C:\WINDOWS\system32\guard.tmp  
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
 
 
Zipping up files for submission:
  adding: cjodm.dll (208 bytes security) (deflated 48%)
  adding: drband.dll (208 bytes security) (deflated 48%)
  adding: nrptools.dll (208 bytes security) (deflated 48%)
  adding: pirfts.dll (208 bytes security) (deflated 48%)
  adding: wnhisn.dll (208 bytes security) (deflated 48%)
  adding: guard.tmp (208 bytes security) (deflated 48%)
  adding: clear.reg (208 bytes security) (deflated 46%)
  adding: itouch_config_crash_info.txt (208 bytes security) (stored 0%)
  adding: itouch_crash_info.txt (208 bytes security) (stored 0%)
  adding: lo2.txt (208 bytes security) (deflated 82%)
  adding: test.txt (208 bytes security) (deflated 82%)
  adding: test2.txt (208 bytes security) (deflated 27%)
  adding: test3.txt (208 bytes security) (deflated 27%)
  adding: test5.txt (208 bytes security) (deflated 27%)
  adding: xfind.txt (208 bytes security) (deflated 79%)
 
Restoring Registry Permissions: 
 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!

 
Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM
(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM
(NI)    ALLOW  Full access 	AUTORITE NT\SYSTEM
(IO)    ALLOW  Full access 	AUTORITE NT\SYSTEM
(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs
(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs
(ID-NI) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW  Read        	BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW  Full access 	BUILTIN\Administrateurs
(ID-IO) ALLOW  Full access 	BUILTIN\Administrateurs
(ID-NI) ALLOW  Full access 	AUTORITE NT\SYSTEM
(ID-IO) ALLOW  Full access 	AUTORITE NT\SYSTEM
(ID-IO) ALLOW  Full access 	CREATEUR PROPRIETAIRE


Restoring Sedebugprivilege:
 
 Granting SeDebugPrivilege to Administrators   ... failed (GetAccountSid(Administrators)=1332 
 
Restoring Windows Update Certificates.:
 
deleting local copy: cjodm.dll   
deleting local copy: cjodm.dll   
deleting local copy: drband.dll   
deleting local copy: drband.dll   
deleting local copy: nrptools.dll   
deleting local copy: nrptools.dll   
deleting local copy: pirfts.dll   
deleting local copy: pirfts.dll   
deleting local copy: wnhisn.dll   
deleting local copy: wnhisn.dll   
deleting local copy: guard.tmp   
deleting local copy: guard.tmp   
 
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000

 
The following are the files found: 
****************************************************************************
C:\WINDOWS\system32\cjodm.dll 
C:\WINDOWS\system32\cjodm.dll 
C:\WINDOWS\system32\drband.dll 
C:\WINDOWS\system32\drband.dll 
C:\WINDOWS\system32\nrptools.dll 
C:\WINDOWS\system32\nrptools.dll 
C:\WINDOWS\system32\pirfts.dll 
C:\WINDOWS\system32\pirfts.dll 
C:\WINDOWS\system32\wnhisn.dll 
C:\WINDOWS\system32\wnhisn.dll 
C:\WINDOWS\system32\guard.tmp 
C:\WINDOWS\system32\guard.tmp 
 
Registry Entries that were Deleted: 
Please verify that the listing looks ok.  
If there was something deleted wrongly there are backups in the backreg folder. 
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{B2285F69-E468-4BE3-A962-EABBA26D4CD7}"=-
"{CBB84B4E-CB73-4496-AFE7-6F4C20E758DA}"=-
"{4745C201-604F-4519-82CF-70216F9B0F3C}"=-
[-HKEY_CLASSES_ROOT\CLSID\{B2285F69-E468-4BE3-A962-EABBA26D4CD7}]
[-HKEY_CLASSES_ROOT\CLSID\{CBB84B4E-CB73-4496-AFE7-6F4C20E758DA}]
[-HKEY_CLASSES_ROOT\CLSID\{4745C201-604F-4519-82CF-70216F9B0F3C}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents: 
****************************************************************************
****************************************************************************
0
Réponse 14 / 21
Weblord
 
Et enfin, comme demandé, un nouveau rapport HJT : 

Logfile of HijackThis v1.99.1
Scan saved at 10:37:59, on 02/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Multi\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DB3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - http://www.levillage.org/aw/levillage.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/dribnif/fr/win/QuickTimeInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121700363627
O16 - DPF: {B20D9D6A-0DEC-4D76-9BEF-175896006B4A} (RptViewerAX Class) - http://webi.cdiscount.com/wiasp/distribution/RptViewerfr.cab
O16 - DPF: {DF4F4ED9-420B-4F40-AEE6-A620460306E7} (CantocheLivingActorInstaller2 Class) - http://ak.cdiscount.com/plug-ins/LivingActorInstaller2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{023FD111-CAFC-45E2-820D-F9694DFC7483}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{023FD111-CAFC-45E2-820D-F9694DFC7483}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{023FD111-CAFC-45E2-820D-F9694DFC7483}: NameServer = 193.252.19.3,193.252.19.4
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
0
Réponse 15 / 21
Real Mona Messages postés 1432 Statut Membre 94
 
Bonjour

Désolée mais tes deux derniers messages ne s'affichent pas (ils sont vides pour moi).

Peux tu les recopier normalement ? sans code italique ou gras ?

Merci
A+
Mona
0
Réponse 16 / 21
Weblord
 
Ah bon, je les vois bien moi pourtant ??!!

Voici l'avant dernier :

Et voici le second rapport L2mfix :
Setting Directory
C:\
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1456 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1476 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\cjodm.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\cjodm.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\drband.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\drband.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\nrptools.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\nrptools.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\pirfts.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\pirfts.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\wnhisn.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\wnhisn.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\guard.tmp
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\guard.tmp
1 fichier(s) copi‚(s).
deleting: C:\WINDOWS\system32\cjodm.dll
Successfully Deleted: C:\WINDOWS\system32\cjodm.dll
deleting: C:\WINDOWS\system32\cjodm.dll
Successfully Deleted: C:\WINDOWS\system32\cjodm.dll
deleting: C:\WINDOWS\system32\drband.dll
Successfully Deleted: C:\WINDOWS\system32\drband.dll
deleting: C:\WINDOWS\system32\drband.dll
Successfully Deleted: C:\WINDOWS\system32\drband.dll
deleting: C:\WINDOWS\system32\nrptools.dll
Successfully Deleted: C:\WINDOWS\system32\nrptools.dll
deleting: C:\WINDOWS\system32\nrptools.dll
Successfully Deleted: C:\WINDOWS\system32\nrptools.dll
deleting: C:\WINDOWS\system32\pirfts.dll
Successfully Deleted: C:\WINDOWS\system32\pirfts.dll
deleting: C:\WINDOWS\system32\pirfts.dll
Successfully Deleted: C:\WINDOWS\system32\pirfts.dll
deleting: C:\WINDOWS\system32\wnhisn.dll
Successfully Deleted: C:\WINDOWS\system32\wnhisn.dll
deleting: C:\WINDOWS\system32\wnhisn.dll
Successfully Deleted: C:\WINDOWS\system32\wnhisn.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp

Zipping up files for submission:
adding: cjodm.dll (208 bytes security) (deflated 48%)
adding: drband.dll (208 bytes security) (deflated 48%)
adding: nrptools.dll (208 bytes security) (deflated 48%)
adding: pirfts.dll (208 bytes security) (deflated 48%)
adding: wnhisn.dll (208 bytes security) (deflated 48%)
adding: guard.tmp (208 bytes security) (deflated 48%)
adding: clear.reg (208 bytes security) (deflated 46%)
adding: itouch_config_crash_info.txt (208 bytes security) (stored 0%)
adding: itouch_crash_info.txt (208 bytes security) (stored 0%)
adding: lo2.txt (208 bytes security) (deflated 82%)
adding: test.txt (208 bytes security) (deflated 82%)
adding: test2.txt (208 bytes security) (deflated 27%)
adding: test3.txt (208 bytes security) (deflated 27%)
adding: test5.txt (208 bytes security) (deflated 27%)
adding: xfind.txt (208 bytes security) (deflated 79%)

Restoring Registry Permissions:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!

Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332

Restoring Windows Update Certificates.:

deleting local copy: cjodm.dll
deleting local copy: cjodm.dll
deleting local copy: drband.dll
deleting local copy: drband.dll
deleting local copy: nrptools.dll
deleting local copy: nrptools.dll
deleting local copy: pirfts.dll
deleting local copy: pirfts.dll
deleting local copy: wnhisn.dll
deleting local copy: wnhisn.dll
deleting local copy: guard.tmp
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000

The following are the files found:
****************************************************************************
C:\WINDOWS\system32\cjodm.dll
C:\WINDOWS\system32\cjodm.dll
C:\WINDOWS\system32\drband.dll
C:\WINDOWS\system32\drband.dll
C:\WINDOWS\system32\nrptools.dll
C:\WINDOWS\system32\nrptools.dll
C:\WINDOWS\system32\pirfts.dll
C:\WINDOWS\system32\pirfts.dll
C:\WINDOWS\system32\wnhisn.dll
C:\WINDOWS\system32\wnhisn.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{B2285F69-E468-4BE3-A962-EABBA26D4CD7}"=-
"{CBB84B4E-CB73-4496-AFE7-6F4C20E758DA}"=-
"{4745C201-604F-4519-82CF-70216F9B0F3C}"=-
[-HKEY_CLASSES_ROOT\CLSID\{B2285F69-E468-4BE3-A962-EABBA26D4CD7}]
[-HKEY_CLASSES_ROOT\CLSID\{CBB84B4E-CB73-4496-AFE7-6F4C20E758DA}]
[-HKEY_CLASSES_ROOT\CLSID\{4745C201-604F-4519-82CF-70216F9B0F3C}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
0
Réponse 17 / 21
Weblord
 
et le dernier message que j'avais posté :

Et enfin, comme demandé, un nouveau rapport HJT :

Logfile of HijackThis v1.99.1
Scan saved at 10:37:59, on 02/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Multi\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DB3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - http://www.levillage.org/aw/levillage.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/dribnif/fr/win/QuickTimeInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121700363627
O16 - DPF: {B20D9D6A-0DEC-4D76-9BEF-175896006B4A} (RptViewerAX Class) - http://webi.cdiscount.com/wiasp/distribution/RptViewerfr.cab
O16 - DPF: {DF4F4ED9-420B-4F40-AEE6-A620460306E7} (CantocheLivingActorInstaller2 Class) - http://ak.cdiscount.com/plug-ins/LivingActorInstaller2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{023FD111-CAFC-45E2-820D-F9694DFC7483}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{023FD111-CAFC-45E2-820D-F9694DFC7483}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{023FD111-CAFC-45E2-820D-F9694DFC7483}: NameServer = 193.252.19.3,193.252.19.4
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
0
Réponse 18 / 21
Rumbacampus Messages postés 1244 Statut Membre 184
 
Re

Tout parait cool.

1°T'as beaucoup d'inscriptions d'activeX (lignes 016). Regardes si tu utilises encore les programmes correspondants (regardes dans le panneau de configuration dans "ajouts/suppression de programmes" et dans C:\windows\Downloaded Program Files).
Ensuite, copies l'exécutif d'Hijackthis dans un dossier C:\Hijackthis
(pour retrouver facilement la sauvegarde, au cas où..)
Redémarre en mode sans échec, lances hijacthis et fixe les lignes 016 correspondant aux activex que tu n'utilises plus. Ensuite, va dans le gestionnaire de programme de windows (ajout/suppression de programmes) et vire les programmes éventuels, puis va dans C:\windows\Downloaded Program Files et vire les fichiers correspondants.

2°Ensuite, redémarre en mode normal, crée un point de restauration, puis avec "exécuter" du menu "démarrer" tapes
cleanmgr
Dans la fenêtre qui s'ouvre, selectionne SYSTEM (C:) puis OK
ensuite, "Autres options"/Nettoyer (Restauration du système) et OK.
Ceci effacera toutes les restaurations sauf la dernière.

3°T'as aussi quelque programmes chargés en permanence qui ne sont sans doute pas nécessaires.
Télécharge starter ici :
http://www.01net.com/telecharger/windows/Utilitaire/planificateurs_et_lanceurs/fiches/29592.html
Ce programme donne plein d'info et permet de gérer ce qui se charge au démarrage.
Il donne aussi des info sur tous les processus (y compris les cachés)
Une fois installé, lances-le. Mets-le en français à l'aide de configuration/langues puis cliques sur démarrage/all sections
Pour être renseigné sur le programme, clic droit sur la ligne, "recherche sur internet" "google"
Décoches les exécutifs qui ne sont pas nécessaires.

4° IL ne me semble pas avoir vu de pare-feu ?
Si c'est le cas, dépêche-toi d'en installer un !
http://sebsauvage.net/safehex.html

@+
0
Réponse 19 / 21
Real Mona Messages postés 1432 Statut Membre 94
 
Bonjour,

Merci Rubacampus pour ton aide.

Navrée d'avoir été aux abonnées absentes, mais j'ai qqs soucis de santé en ce moment.

Et Rubacampus a raison (et je te l'ai déjà dit), à moins que tu n'aimes vivre dangeureusement, installe impérativement un parefeu (je t'ai mis le lien pour ZoneAlarm si tu veux).

Où en sont tes soucis ?

Mona
0
Rumbacampus Messages postés 1244 Statut Membre 184
 
Salut Mona

Soignes toi bien


bisous et @+
0
Réponse 20 / 21
Weblord
 
Salut,

Et bien je crois bien que je n'ai plus de popup !!
Pour le pare feu, je pensais que celui d'xp suffisait.

Merci à tous et toutes en tout cas, vraiment précieuse votre aide.
J'ai pas encore fait ce que me disait rumbacampus, dès que j'ai le temps.
0

Discussions similaires

Conseils pour effacer WinFixer et Exploit.CHM
chapada -
annibal39 -

28 réponses