Sujet Précédent Sujet Suivant

Affichage intempestif - Erro Safe et autres

Résolu/Fermé
gforce83 Messages postés 14 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 21 juillet 2007 - 17 juil. 2007 à 12:00
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 - 21 juil. 2007 à 16:52
Bonjour,
j'ai depuis quelques jours une fenêtre qui s"ouvre automatiquement avec une Url. Parfois c'est error safe, WinAntivirus, system doctor,... J'ai bien entendu tout essayé et lu tous les posts à ce sujet mais rien n'y fait.
Peut être pourrez vois m'aider. Merci

32 réponses

  • 1
  • 2
Réponse 1 / 32
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
17 juil. 2007 à 16:17
Salut

Telecharge ceci :

http://www.infos-du-net.com/telecharger/HijackThis.html = lien

http://pageperso.aol.fr/balltrap34/demohijack.htm = démo

Choisis l'option "do a scan and a logfile", il va te générer un rapport, copie et colle sur le forum.

++
0
Réponse 2 / 32
gforce83 Messages postés 14 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 21 juillet 2007
17 juil. 2007 à 17:10
j'ai déjà utilisé mais je fais ce que tu me dis 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:12:49, on 17/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Update\1.0.69.0\GoogleUpdate.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nladm\NLAgentSvc.exe
C:\Program Files\Network LookOut\Net Monitor for Employees Professional\bin\NLSAgentSvc.exe
C:\WINDOWS\System32\snmp.exe
c:\wamp\apache2\bin\httpd.exe
c:\wamp\mysql\bin\mysqld-nt.exe
C:\wamp\apache2\bin\httpd.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\FastSysTray\FastsysTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\wamp\wampmanager.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\derwa\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/content/public/choosecountry.aspx?c=us&l=en&s=gen
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/content/public/choosecountry.aspx?c=us&l=en&s=gen
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5694CEA1-DA6C-4D8C-9287-022002E86DFE} - C:\WINDOWS\system32\mljge.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\gebbxvv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Program Files\Common Files\Stardock\TrayServer.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Fast SysTray] C:\Program Files\FastSysTray\FastsysTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [Cobian Backup 8] "C:\Program Files\Cobian Backup 8\Cobian.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O17 - HKLM\Software\..\Telephony: DomainName = bruxelles.eurologos.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O20 - Winlogon Notify: gebbxvv - C:\WINDOWS\SYSTEM32\gebbxvv.dll
O20 - Winlogon Notify: mljge - C:\WINDOWS\system32\mljge.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Program Files\Google\Common\Update\1.0.69.0\GoogleUpdate.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network LookOut Agent (NetworkLookOutAgent) - Unknown owner - C:\WINDOWS\system32\nladm\NLAgentSvc.exe
O23 - Service: Net Monitor for Employees Agent (NMEmployeesAgent) - Unknown owner - C:\Program Files\Network LookOut\Net Monitor for Employees Professional\bin\NLSAgentSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 10876 bytes
0
Réponse 3 / 32
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
17 juil. 2007 à 19:50
ok, evite de mettre les rapport en bleu stp, ce n'est pas très lisible ...


o Prendre connaissance du contenu du lien suivant: http://www.f-secure.com/products/license-terms/eult_fra.pdf
o Vous avez donc pris connaissance et accepté les conditions d'utilisations du programme blacklight qui est inclus dans le dossier compressé navilog1.zip que vous allez télécharger.
o Faire un clic droit sur ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
o Enregistrez la cible (du lien) sous... et enregistrez-le sur le bureau.
o Faire un clic droit sur navilog1.zip et choisir "tout extraire"
o Double-cliquez sur navilog1.bat
o Arriver au menu principal, choisir l'option 1 et valider.
o Patientez jusqu'au message : Analyse Termine le ...
o Le rapport sera en outre sauvegardé à la racine du disque (fixnavi.txt), poste le stp

++
0
Réponse 4 / 32
gforce83 Messages postés 14 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 21 juillet 2007
19 juil. 2007 à 09:37
voilà et désolé pour le retard


Search Navipromo version 2.0.5 commencé le jeu. 19/07/2007 à 9:21:31,00

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\derwa\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.

[+] Started on 07/19/07 at 09:21:36.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ....................................................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 07/19/07 at 09:35:26 (return code = 0).


*** Recherche fichiers ***




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control



*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\egjlm.ini2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\egjlm.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\egjlm.bak2 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********
C:\WINDOWS\system32\atuyjsoy.exe trouvé !
C:\WINDOWS\system32\fgnsskoo.exe trouvé !
C:\WINDOWS\system32\iosrwlei.exe trouvé !
C:\WINDOWS\system32\kdwmyavf.exe trouvé !
C:\WINDOWS\system32\qjkjkgrn.exe trouvé !
C:\WINDOWS\system32\wibcqdyl.exe trouvé !

3)Recherche Certificats :


*** Analyse Terminé le jeu. 19/07/2007 à 9:36:32,64 ***
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 32
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
19 juil. 2007 à 13:31
Salut

pas de soucis pour le retard ! :)

# Double-cliquer sur navilog1.bat
# Arriver au menu principal, choisir l'option 2 et valider.
# Indiquer le mode de nettoyage "automatique"
# Répondre aux questions éventuelles, le bureau disparaîtra, c'est normal !
# Patienter jusqu'au message : Nettoyage Termine le ...
# Sauvegarder le rapport de manière à le retrouver, puis fermer le blocnote, le bureau réapparaîtra
# Le rapport sera en outre sauvegardé à la racine du disque (cleannavi.txt), poste le

ensuite :

Télécharger Vundofix.exe (par Atribune) sur votre Bureau :

http://www.atribune.org/ccount/click.php?id=4

# Double-cliquer sur VundoFix.exe afin de le lancer.
# Cliquer sur le bouton Scan for Vundo.
# Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
# Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
# Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
# Une nouvelle invite de commende annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
# Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp avec un nouveau hijack

@+
0
Réponse 6 / 32
gforce83 Messages postés 14 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 21 juillet 2007
19 juil. 2007 à 15:29
voilà mais je sais pas si ça a nettoyé quelque chose parceque dès que le nettoyage a été terminer une fenêtre avec de la pub est apparue :-s


Clean Navipromo version 2.0.5 commencé le jeu. 19/07/2007 à 15:22:04,24

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Mode suppression automatique avec prise en charge résultats Blacklight



*** fsbl1.txt non trouvé ***
(Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)


*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\derwa\Application Data ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\derwa\Local Settings\Temp effectué !


*** Sauvegarde du registre vers dossier Backupnavi***


sauvegarde du registre réalise avec succes !


*** Nettoyage registre ***


Nettoyage registre Ok

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\egjlm.ini2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\egjlm.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\egjlm.bak2 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche et Suppression Heuristique :

*
**
***
****
*****
******
*******
********
C:\WINDOWS\System32\atuyjsoy.exe trouvé !
Copie C:\WINDOWS\system32\atuyjsoy.exe réalise avec succes !
C:\WINDOWS\system32\atuyjsoy.exe supprimé !

C:\WINDOWS\System32\fgnsskoo.exe trouvé !
Copie C:\WINDOWS\system32\fgnsskoo.exe réalise avec succes !
C:\WINDOWS\system32\fgnsskoo.exe supprimé !

C:\WINDOWS\System32\iosrwlei.exe trouvé !
Copie C:\WINDOWS\system32\iosrwlei.exe réalise avec succes !
C:\WINDOWS\system32\iosrwlei.exe supprimé !

C:\WINDOWS\System32\kdwmyavf.exe trouvé !
Copie C:\WINDOWS\system32\kdwmyavf.exe réalise avec succes !
C:\WINDOWS\system32\kdwmyavf.exe supprimé !

C:\WINDOWS\System32\qjkjkgrn.exe trouvé !
Copie C:\WINDOWS\system32\qjkjkgrn.exe réalise avec succes !
C:\WINDOWS\system32\qjkjkgrn.exe supprimé !

C:\WINDOWS\System32\wibcqdyl.exe trouvé !
Copie C:\WINDOWS\system32\wibcqdyl.exe réalise avec succes !
C:\WINDOWS\system32\wibcqdyl.exe supprimé !


3)Contrôle présence clés Rootkit dans le registre :

Aucune autre clés présente dans le registre !

4)Certificats :


*** Nettoyage termine le jeu. 19/07/2007 à 15:29:27,76 ***
0
Réponse 7 / 32
gforce83 Messages postés 14 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 21 juillet 2007
19 juil. 2007 à 15:39
VundoFix.txt


VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 15:34:49 19/07/2007

Listing files found while scanning....

C:\windows\system32\asdvcwwd.dll
C:\windows\system32\betqckfq.dll
C:\windows\system32\btmjemti.ini
C:\WINDOWS\system32\eyufintk.dll
C:\windows\system32\hiaapnin.exe
C:\windows\system32\hrjensul.dll
C:\windows\system32\iclfpyev.exe
C:\windows\system32\ikhiulnq.exe
C:\windows\system32\itmejmtb.dll
C:\windows\system32\ivcgqbgu.dll
C:\WINDOWS\system32\jmuqvwyd.dll
C:\windows\system32\jqijgcer.ini
C:\windows\system32\ktnifuye.ini
C:\WINDOWS\system32\mljge.dll
C:\windows\system32\qfkcqteb.ini
C:\windows\system32\recgjiqj.dll
C:\windows\system32\ugbqgcvi.ini
C:\windows\system32\upibyiua.dll

Beginning removal...

Attempting to delete C:\windows\system32\asdvcwwd.dll
C:\windows\system32\asdvcwwd.dll Has been deleted!

Attempting to delete C:\windows\system32\betqckfq.dll
C:\windows\system32\betqckfq.dll Has been deleted!

Attempting to delete C:\windows\system32\btmjemti.ini
C:\windows\system32\btmjemti.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\eyufintk.dll
C:\WINDOWS\system32\eyufintk.dll Has been deleted!

Attempting to delete C:\windows\system32\hiaapnin.exe
C:\windows\system32\hiaapnin.exe Has been deleted!

Attempting to delete C:\windows\system32\hrjensul.dll
C:\windows\system32\hrjensul.dll Has been deleted!

Attempting to delete C:\windows\system32\iclfpyev.exe
C:\windows\system32\iclfpyev.exe Has been deleted!

Attempting to delete C:\windows\system32\ikhiulnq.exe
C:\windows\system32\ikhiulnq.exe Has been deleted!

Attempting to delete C:\windows\system32\itmejmtb.dll
C:\windows\system32\itmejmtb.dll Has been deleted!

Attempting to delete C:\windows\system32\ivcgqbgu.dll
C:\windows\system32\ivcgqbgu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jmuqvwyd.dll
C:\WINDOWS\system32\jmuqvwyd.dll Has been deleted!

Attempting to delete C:\windows\system32\jqijgcer.ini
C:\windows\system32\jqijgcer.ini Has been deleted!

Attempting to delete C:\windows\system32\ktnifuye.ini
C:\windows\system32\ktnifuye.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\mljge.dll Has been deleted!

Attempting to delete C:\windows\system32\qfkcqteb.ini
C:\windows\system32\qfkcqteb.ini Has been deleted!

Attempting to delete C:\windows\system32\recgjiqj.dll
C:\windows\system32\recgjiqj.dll Has been deleted!

Attempting to delete C:\windows\system32\ugbqgcvi.ini
C:\windows\system32\ugbqgcvi.ini Has been deleted!

Attempting to delete C:\windows\system32\upibyiua.dll
C:\windows\system32\upibyiua.dll Has been deleted!

Performing Repairs to the registry.
Done!
0
Réponse 8 / 32
gforce83 Messages postés 14 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 21 juillet 2007
19 juil. 2007 à 15:41
hijackthis.log


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:44:03, on 19/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Update\1.0.69.0\GoogleUpdate.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nladm\NLAgentSvc.exe
C:\Program Files\Network LookOut\Net Monitor for Employees Professional\bin\NLSAgentSvc.exe
C:\WINDOWS\System32\snmp.exe
c:\wamp\apache2\bin\httpd.exe
c:\wamp\mysql\bin\mysqld-nt.exe
C:\wamp\apache2\bin\httpd.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\FastSysTray\FastsysTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\wamp\wampmanager.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\derwa\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/content/public/choosecountry.aspx?c=us&l=en&s=gen
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/content/public/choosecountry.aspx?c=us&l=en&s=gen
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\gebbxvv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: (no name) - {D0FF020D-CE07-44BA-A07B-68B6C75BD1C9} - C:\WINDOWS\system32\mljge.dll (file missing)
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll
O2 - BHO: (no name) - {EF308343-077A-4602-A8B9-48BCA4484BA5} - C:\WINDOWS\system32\jkkjh.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Program Files\Common Files\Stardock\TrayServer.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Fast SysTray] C:\Program Files\FastSysTray\FastsysTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [Cobian Backup 8] "C:\Program Files\Cobian Backup 8\Cobian.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O17 - HKLM\Software\..\Telephony: DomainName = bruxelles.eurologos.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O20 - Winlogon Notify: gebbxvv - C:\WINDOWS\SYSTEM32\gebbxvv.dll
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\system32\jkkjh.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Program Files\Google\Common\Update\1.0.69.0\GoogleUpdate.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network LookOut Agent (NetworkLookOutAgent) - Unknown owner - C:\WINDOWS\system32\nladm\NLAgentSvc.exe
O23 - Service: Net Monitor for Employees Agent (NMEmployeesAgent) - Unknown owner - C:\Program Files\Network LookOut\Net Monitor for Employees Professional\bin\NLSAgentSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
0
Réponse 9 / 32
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
19 juil. 2007 à 16:07
ok,

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt , poste le avec un nouveau hijack stp

++
0
Réponse 10 / 32
gforce83 Messages postés 14 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 21 juillet 2007
19 juil. 2007 à 16:57
"derwa" - 2007-07-19 16:40:07 - ComboFix 07-07-14.6 - Service Pack 2 NTFS [SAFE MODE]


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ymsfakit.exe
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.ini2
C:\WINDOWS\system32\egjlm.tmp
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\gebbxvv.dll
C:\WINDOWS\system32\gebbxvv.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\gebbxvv.dll
C:\WINDOWS\system32\gebbxvv.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\yjoxpflb.exe


((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 )))))))))))))))))))))))))))))))


2007-07-19 16:39 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-19 15:43 266,336 --------- C:\WINDOWS\system32\jkkjh.dll
2007-07-19 15:36 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-07-19 15:34 <DIR> d-------- C:\VundoFix Backups
2007-07-18 16:36 <DIR> d-------- C:\Program Files\Navilog1
2007-07-17 12:33 <DIR> d-------- C:\WINDOWS\Prefetch
2007-07-17 12:31 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-07-17 12:31 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-07-17 11:23 <DIR> d-------- C:\WINDOWS\system32\Dell
2007-07-17 11:13 <DIR> d-------- C:\WINDOWS\system32\vmm32
2007-07-16 10:12 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-16 10:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-16 10:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-16 09:23 <DIR> d-------- C:\Program Files\CCleaner
2007-07-16 08:56 <DIR> d-------- C:\Program Files\movie maker
2007-07-13 16:46 <DIR> d-------- C:\Program Files\RogueRemover
2007-07-13 14:18 23 --ahs---- C:\WINDOWS\system32\ac7_r.dll
2007-07-13 14:18 <DIR> d-------- C:\Program Files\jv16 PowerTools 2007
2007-07-13 11:06 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-07-13 11:06 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-13 11:06 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-13 11:06 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-13 11:06 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-13 11:06 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-13 11:06 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-13 11:06 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-07-13 11:06 <DIR> d-------- C:\Program Files\Alwil Software
2007-07-13 10:21 3,090 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-13 10:20 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-13 10:20 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-11 13:15 <DIR> d-------- C:\DOCUME~1\derwa\APPLIC~1\dBpoweramp
2007-07-11 12:49 2,976 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
2007-07-11 12:48 3,494 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
2007-07-11 12:48 3,087 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2007-07-11 12:48 3,076 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2007-07-11 12:48 2,999 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2007-07-11 12:48 2,920 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2007-07-11 12:48 2,814 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
2007-07-11 12:48 14,189 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-07-11 12:29 31,254 --------- C:\WINDOWS\system32\gebbxvv.dll
2007-07-10 12:50 <DIR> d-------- C:\Program Files\Webserver Stress Tool 7
2007-07-10 10:47 <DIR> d-------- C:\Program Files\WinPcap
2007-07-10 10:47 <DIR> d-------- C:\Program Files\EffeTech HTTP Sniffer
2007-07-10 10:37 <DIR> d-------- C:\DriveKey
2007-06-26 12:47 <DIR> d-------- C:\Program Files\Safari
2007-06-25 08:08 <DIR> d-------- C:\WINDOWS\system32\nladm


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-19 13:41:28 -------- d-----w C:\DOCUME~1\derwa\APPLIC~1\SolidDocuments
2007-07-17 14:30:30 -------- d-----w C:\Program Files\Steam
2007-07-17 06:58:40 -------- d-----w C:\Program Files\Winamp
2007-07-16 11:37:16 -------- d-----w C:\DOCUME~1\derwa\APPLIC~1\Azureus
2007-07-13 14:21:14 12,844 ----a-w C:\WINDOWS\mozver.dat
2007-07-13 13:47:55 -------- d-----w C:\Program Files\SlySoft
2007-07-13 13:47:49 -------- d-----w C:\Program Files\Viewpoint
2007-07-13 12:33:40 -------- d-----w C:\Program Files\CyberLink
2007-07-13 12:33:32 -------- d-----w C:\Program Files\themexp
2007-07-13 12:32:07 -------- d-----w C:\Program Files\amsn
2007-07-11 10:48:58 426,872 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-07-10 08:37:31 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-06 07:32:29 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-07-06 07:28:18 -------- d-----w C:\Program Files\Google
2007-06-27 07:15:36 -------- d-----w C:\DOCUME~1\derwa\APPLIC~1\Google
2007-06-26 10:48:01 -------- d-----w C:\DOCUME~1\derwa\APPLIC~1\Apple Computer
2007-06-22 10:05:55 -------- d-----w C:\DOCUME~1\derwa\APPLIC~1\MySQL
2007-06-12 07:15:27 -------- d-----w C:\Program Files\MySQL
2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-24 07:39:43 -------- d-----w C:\Program Files\Lavalys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-20 15:05:49 664 ---ha-w C:\os745025.bin


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]
2004-12-24 02:33 208896 --a------ C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
2003-08-03 00:24 192512 -ra------ C:\Program Files\SpywareGuard\dlprotect.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-10-12 04:25 434279 --a------ C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F044ECC-ECEC-4FEA-B0DA-7E08CF17319E}]
2007-07-19 15:43 266336 --------- C:\WINDOWS\system32\jkkjh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{941508F8-CCD9-44E0-AC29-4F1E141373F7}]
2007-07-11 12:29 31254 --------- C:\WINDOWS\system32\gebbxvv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2006-11-17 16:44 2161728 -ra------ c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC7E636D-39AA-49b6-B511-65413DA137A1}]
2007-01-11 10:35 623992 --a------ C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0FF020D-CE07-44BA-A07B-68B6C75BD1C9}]
C:\WINDOWS\system32\mljge.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
2007-06-10 18:50 872448 --a------ C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 07:10]
"1A:Stardock TrayMonitor"="C:\Program Files\Common Files\Stardock\TrayServer.exe" [2003-02-14 03:57]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"Fast SysTray"="C:\Program Files\FastSysTray\FastsysTray.exe" [2005-10-05 10:39]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"Alt+Q Hotkey Tool"="C:\WINDOWS\Alt+Q Hotkey.exe" [2005-12-18 21:14]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-02-24 02:32]
"Yz Shadow"="C:\Program Files\YzShadow\YzShadow.exe" [2006-02-24 04:51]
"Cobian Backup 8"="C:\Program Files\Cobian Backup 8\Cobian.exe" [2007-02-15 17:44]
"Steam"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{941508F8-CCD9-44E0-AC29-4F1E141373F7}"="C:\WINDOWS\system32\gebbxvv.dll" [2007-07-11 12:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbxvv]
gebbxvv.dll --------- 2007-07-11 12:29 31254 C:\WINDOWS\system32\gebbxvv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjh]
C:\WINDOWS\system32\jkkjh.dll --------- 2007-07-19 15:43 266336 C:\WINDOWS\system32\jkkjh.dll

[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]
~~\SafeBoot\Minimal\RpcSs

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"icq.com"=rundll32.exe "C:\WINDOWS\system32\betqckfq.dll",forkonce
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey


Contents of the 'Scheduled Tasks' folder
2007-07-19 14:49:45 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-19 16:48:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wampmysqld]
"ImagePath"="c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld"

Completion time: 2007-07-19 16:52:47 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-19 16:52

--- E O F ---




HiJackThis:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:57, on 2007-07-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Update\1.0.69.0\GoogleUpdate.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nladm\NLAgentSvc.exe
C:\Program Files\Network LookOut\Net Monitor for Employees Professional\bin\NLSAgentSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\derwa\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7F044ECC-ECEC-4FEA-B0DA-7E08CF17319E} - C:\WINDOWS\system32\jkkjh.dll
O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\gebbxvv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: (no name) - {D0FF020D-CE07-44BA-A07B-68B6C75BD1C9} - C:\WINDOWS\system32\mljge.dll (file missing)
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Program Files\Common Files\Stardock\TrayServer.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Fast SysTray] C:\Program Files\FastSysTray\FastsysTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\pdqhwxcm.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [Cobian Backup 8] "C:\Program Files\Cobian Backup 8\Cobian.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O17 - HKLM\Software\..\Telephony: DomainName = bruxelles.eurologos.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O20 - Winlogon Notify: gebbxvv - C:\WINDOWS\SYSTEM32\gebbxvv.dll
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\system32\jkkjh.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Program Files\Google\Common\Update\1.0.69.0\GoogleUpdate.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network LookOut Agent (NetworkLookOutAgent) - Unknown owner - C:\WINDOWS\system32\nladm\NLAgentSvc.exe
O23 - Service: Net Monitor for Employees Agent (NMEmployeesAgent) - Unknown owner - C:\Program Files\Network LookOut\Net Monitor for Employees Professional\bin\NLSAgentSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
0
Réponse 11 / 32
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
19 juil. 2007 à 17:07
ok,

Télécharger VirtumundoBegone sur le bureau: http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe


Double cliquer sur VirtumundoBeGone.exe et suivre les instructions.
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau .
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu). Comme précédemment, refaire un rapport hijackhthis, et fixer les lignes correspondante comme indiquer plus haut.

++
0
Réponse 12 / 32
gforce83 Messages postés 14 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 21 juillet 2007
19 juil. 2007 à 17:19
mais fixer quelle lignes?



[07/19/2007, 17:15:51] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\derwa\Desktop\VirtumundoBeGone.exe" )
[07/19/2007, 17:16:04] - Detected System Information:
[07/19/2007, 17:16:04] - Windows Version: 5.1.2600, Service Pack 2
[07/19/2007, 17:16:04] - Current Username: derwa (Admin)
[07/19/2007, 17:16:04] - Windows is in NORMAL mode.
[07/19/2007, 17:16:04] - Searching for Browser Helper Objects:
[07/19/2007, 17:16:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/19/2007, 17:16:04] - BHO 2: {259F616C-A300-44F5-B04A-ED001A26C85C} (Solid Converter PDF)
[07/19/2007, 17:16:04] - BHO 3: {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuardDLBLOCK.CBrowserHelper)
[07/19/2007, 17:16:04] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/19/2007, 17:16:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/19/2007, 17:16:04] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/19/2007, 17:16:04] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/19/2007, 17:16:04] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/19/2007, 17:16:04] - BHO 6: {7F044ECC-ECEC-4FEA-B0DA-7E08CF17319E} ()
[07/19/2007, 17:16:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/19/2007, 17:16:04] - Checking for HKLM\...\Winlogon\Notify\jkkjh
[07/19/2007, 17:16:04] - Found: HKLM\...\Winlogon\Notify\jkkjh - This is probably Virtumundo.
[07/19/2007, 17:16:04] - Assigning {7F044ECC-ECEC-4FEA-B0DA-7E08CF17319E} MSEvents Object
[07/19/2007, 17:16:04] - BHO list has been changed! Starting over...
[07/19/2007, 17:16:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/19/2007, 17:16:04] - BHO 2: {259F616C-A300-44F5-B04A-ED001A26C85C} (Solid Converter PDF)
[07/19/2007, 17:16:04] - BHO 3: {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuardDLBLOCK.CBrowserHelper)
[07/19/2007, 17:16:04] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/19/2007, 17:16:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/19/2007, 17:16:04] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/19/2007, 17:16:04] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/19/2007, 17:16:04] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/19/2007, 17:16:04] - BHO 6: {7F044ECC-ECEC-4FEA-B0DA-7E08CF17319E} (MSEvents Object)
[07/19/2007, 17:16:04] - ALERT: Found MSEvents Object!
[07/19/2007, 17:16:04] - BHO 7: {941508F8-CCD9-44E0-AC29-4F1E141373F7} ()
[07/19/2007, 17:16:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/19/2007, 17:16:04] - Checking for HKLM\...\Winlogon\Notify\gebbxvv
[07/19/2007, 17:16:04] - Found: HKLM\...\Winlogon\Notify\gebbxvv - This is probably Virtumundo.
[07/19/2007, 17:16:04] - Assigning {941508F8-CCD9-44E0-AC29-4F1E141373F7} MSEvents Object
[07/19/2007, 17:16:04] - BHO list has been changed! Starting over...
[07/19/2007, 17:16:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/19/2007, 17:16:04] - BHO 2: {259F616C-A300-44F5-B04A-ED001A26C85C} (Solid Converter PDF)
[07/19/2007, 17:16:04] - BHO 3: {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuardDLBLOCK.CBrowserHelper)
[07/19/2007, 17:16:04] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/19/2007, 17:16:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/19/2007, 17:16:04] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/19/2007, 17:16:04] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/19/2007, 17:16:04] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/19/2007, 17:16:04] - BHO 6: {7F044ECC-ECEC-4FEA-B0DA-7E08CF17319E} (MSEvents Object)
[07/19/2007, 17:16:04] - ALERT: Found MSEvents Object!
[07/19/2007, 17:16:04] - BHO 7: {941508F8-CCD9-44E0-AC29-4F1E141373F7} (MSEvents Object)
[07/19/2007, 17:16:04] - ALERT: Found MSEvents Object!
[07/19/2007, 17:16:04] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/19/2007, 17:16:04] - BHO 9: {CC7E636D-39AA-49b6-B511-65413DA137A1} (IE DevToolbar BHO)
[07/19/2007, 17:16:04] - BHO 10: {D0FF020D-CE07-44BA-A07B-68B6C75BD1C9} ()
[07/19/2007, 17:16:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/19/2007, 17:16:04] - Checking for HKLM\...\Winlogon\Notify\mljge
[07/19/2007, 17:16:04] - Key not found: HKLM\...\Winlogon\Notify\mljge, continuing.
[07/19/2007, 17:16:04] - BHO 11: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} (Google Gears Helper)
[07/19/2007, 17:16:04] - Finished Searching Browser Helper Objects
[07/19/2007, 17:16:04] - *** Detected MSEvents Object
[07/19/2007, 17:16:04] - Trying to remove MSEvents Object...
[07/19/2007, 17:16:05] - Terminating Process: IEXPLORE.EXE
[07/19/2007, 17:16:05] - Terminating Process: RUNDLL32.EXE
[07/19/2007, 17:16:05] - Disabling Automatic Shell Restart
[07/19/2007, 17:16:05] - Terminating Process: EXPLORER.EXE
[07/19/2007, 17:16:05] - Suspending the NT Session Manager System Service
[07/19/2007, 17:16:06] - Terminating Windows NT Logon/Logoff Manager
[07/19/2007, 17:16:06] - Re-enabling Automatic Shell Restart
[07/19/2007, 17:16:06] - File to disable: C:\WINDOWS\system32\jkkjh.dll
[07/19/2007, 17:16:06] - Renaming C:\WINDOWS\system32\jkkjh.dll -> C:\WINDOWS\system32\jkkjh.dll.vir
[07/19/2007, 17:16:06] - File successfully renamed!
[07/19/2007, 17:16:06] - Removing HKLM\...\Browser Helper Objects\{7F044ECC-ECEC-4FEA-B0DA-7E08CF17319E}
[07/19/2007, 17:16:06] - Removing HKCR\CLSID\{7F044ECC-ECEC-4FEA-B0DA-7E08CF17319E}
[07/19/2007, 17:16:06] - Adding Kill Bit for ActiveX for GUID: {7F044ECC-ECEC-4FEA-B0DA-7E08CF17319E}
[07/19/2007, 17:16:06] - Deleting ATLEvents/MSEvents Registry entries
[07/19/2007, 17:16:06] - Removing HKLM\...\Winlogon\Notify\jkkjh
[07/19/2007, 17:16:06] - Searching for Browser Helper Objects:
[07/19/2007, 17:16:06] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/19/2007, 17:16:06] - BHO 2: {259F616C-A300-44F5-B04A-ED001A26C85C} (Solid Converter PDF)
[07/19/2007, 17:16:06] - BHO 3: {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuardDLBLOCK.CBrowserHelper)
[07/19/2007, 17:16:06] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/19/2007, 17:16:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/19/2007, 17:16:06] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/19/2007, 17:16:06] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/19/2007, 17:16:06] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/19/2007, 17:16:06] - BHO 6: {941508F8-CCD9-44E0-AC29-4F1E141373F7} (MSEvents Object)
[07/19/2007, 17:16:06] - ALERT: Found MSEvents Object!
[07/19/2007, 17:16:06] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/19/2007, 17:16:06] - BHO 8: {CC7E636D-39AA-49b6-B511-65413DA137A1} (IE DevToolbar BHO)
[07/19/2007, 17:16:06] - BHO 9: {D0FF020D-CE07-44BA-A07B-68B6C75BD1C9} ()
[07/19/2007, 17:16:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/19/2007, 17:16:06] - Checking for HKLM\...\Winlogon\Notify\mljge
[07/19/2007, 17:16:06] - Key not found: HKLM\...\Winlogon\Notify\mljge, continuing.
[07/19/2007, 17:16:06] - BHO 10: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} (Google Gears Helper)
[07/19/2007, 17:16:06] - Finished Searching Browser Helper Objects
[07/19/2007, 17:16:06] - *** Detected MSEvents Object
[07/19/2007, 17:16:06] - Trying to remove MSEvents Object...
[07/19/2007, 17:16:07] - Terminating Process: IEXPLORE.EXE
[07/19/2007, 17:16:07] - Terminating Process: RUNDLL32.EXE
[07/19/2007, 17:16:07] - Disabling Automatic Shell Restart
[07/19/2007, 17:16:07] - Terminating Process: EXPLORER.EXE
[07/19/2007, 17:16:07] - Suspending the NT Session Manager System Service
[07/19/2007, 17:16:07] - Terminating Windows NT Logon/Logoff Manager
[07/19/2007, 17:16:07] - Re-enabling Automatic Shell Restart
[07/19/2007, 17:16:07] - File to disable: C:\WINDOWS\system32\gebbxvv.dll
[07/19/2007, 17:16:07] - Renaming C:\WINDOWS\system32\gebbxvv.dll -> C:\WINDOWS\system32\gebbxvv.dll.vir
[07/19/2007, 17:16:07] - File successfully renamed!
[07/19/2007, 17:16:07] - Removing HKLM\...\Browser Helper Objects\{941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/19/2007, 17:16:07] - Removing HKCR\CLSID\{941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/19/2007, 17:16:07] - Adding Kill Bit for ActiveX for GUID: {941508F8-CCD9-44E0-AC29-4F1E141373F7}
[07/19/2007, 17:16:07] - Deleting ATLEvents/MSEvents Registry entries
[07/19/2007, 17:16:07] - Removing HKLM\...\Winlogon\Notify\gebbxvv
[07/19/2007, 17:16:07] - Searching for Browser Helper Objects:
[07/19/2007, 17:16:07] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/19/2007, 17:16:07] - BHO 2: {259F616C-A300-44F5-B04A-ED001A26C85C} (Solid Converter PDF)
[07/19/2007, 17:16:07] - BHO 3: {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuardDLBLOCK.CBrowserHelper)
[07/19/2007, 17:16:07] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/19/2007, 17:16:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/19/2007, 17:16:07] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/19/2007, 17:16:07] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/19/2007, 17:16:07] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/19/2007, 17:16:07] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/19/2007, 17:16:07] - BHO 7: {CC7E636D-39AA-49b6-B511-65413DA137A1} (IE DevToolbar BHO)
[07/19/2007, 17:16:07] - BHO 8: {D0FF020D-CE07-44BA-A07B-68B6C75BD1C9} ()
[07/19/2007, 17:16:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/19/2007, 17:16:07] - Checking for HKLM\...\Winlogon\Notify\mljge
[07/19/2007, 17:16:07] - Key not found: HKLM\...\Winlogon\Notify\mljge, continuing.
[07/19/2007, 17:16:07] - BHO 9: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} (Google Gears Helper)
[07/19/2007, 17:16:07] - Finished Searching Browser Helper Objects
[07/19/2007, 17:16:07] - Finishing up...
[07/19/2007, 17:16:07] - A restart is needed.
[07/19/2007, 17:16:07] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[07/19/2007, 17:16:30] - Attempting to Restart via STOP error (Blue Screen!)



HiJackThis_v2

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:21, on 2007-07-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Update\1.0.69.0\GoogleUpdate.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nladm\NLAgentSvc.exe
C:\Program Files\Network LookOut\Net Monitor for Employees Professional\bin\NLSAgentSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\FastSysTray\FastsysTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\derwa\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: (no name) - {D0FF020D-CE07-44BA-A07B-68B6C75BD1C9} - C:\WINDOWS\system32\mljge.dll (file missing)
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Program Files\Common Files\Stardock\TrayServer.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Fast SysTray] C:\Program Files\FastSysTray\FastsysTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\pdqhwxcm.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [Cobian Backup 8] "C:\Program Files\Cobian Backup 8\Cobian.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O17 - HKLM\Software\..\Telephony: DomainName = bruxelles.eurologos.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Program Files\Google\Common\Update\1.0.69.0\GoogleUpdate.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network LookOut Agent (NetworkLookOutAgent) - Unknown owner - C:\WINDOWS\system32\nladm\NLAgentSvc.exe
O23 - Service: Net Monitor for Employees Agent (NMEmployeesAgent) - Unknown owner - C:\Program Files\Network LookOut\Net Monitor for Employees Professional\bin\NLSAgentSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
0
Réponse 13 / 32
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
19 juil. 2007 à 22:13
Oups ! le fixage de lignes, c'est pas pour tout de suite ! :)

fais ce qui est indiqué ici :

virus methode preliminaire de desinfection version fr

++
0
Réponse 14 / 32
gforce83 Messages postés 14 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 21 juillet 2007
19 juil. 2007 à 23:09
ok je ferais ça demain vu que c'est le pc du boulot. en tout cas merci pour ton aide.
mais pouquoi oup? serait tu m'expliquer un peu ma situation.

Merci
0
Réponse 15 / 32
gforce83 Messages postés 14 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 21 juillet 2007
20 juil. 2007 à 10:54
rapport AVG


---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 10:57 2007-07-20

+ Résultat de l'analyse:



HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} -> Adware.Generic : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\ymsfakit.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\WINDOWS\system32\qevinibj.exe -> Downloader.Tiny.id : Nettoyé.
:mozilla.221:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.222:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.223:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.224:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.225:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.226:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.227:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.87:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v0a5u9f7.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.404:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.405:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.406:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.407:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.408:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.409:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.410:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.411:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.412:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.413:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.414:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.415:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.416:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.417:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.418:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.419:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.420:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.421:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.422:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.66:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.67:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.6:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Profiles\default\hkf1yl10.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.811:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.849:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Administrator.BRUXELLES\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Nabli\Cookies\nabli@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.367:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.368:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.369:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.122:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Adobe : Nettoyé.
:mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v0a5u9f7.default\cookies.txt -> TrackingCookie.Adobe : Nettoyé.
:mozilla.76:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.77:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.80:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.81:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.553:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.554:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.556:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.557:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.558:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Nabli\Cookies\nabli@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.679:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.680:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.134:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.14:C:\Documents and Settings\derwa\Application Data\Mozilla\Firefox\Profiles\1rd9cmv1.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.8:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Nabli\Cookies\nabli@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.13:C:\Documents and Settings\derwa\Application Data\Mozilla\Firefox\Profiles\1rd9cmv1.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.196:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Nabli\Cookies\nabli@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\Nabli\Cookies\nabli@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.482:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Com : Nettoyé.
:mozilla.483:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Com : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> TrackingCookie.Com : Nettoyé.
C:\Documents and Settings\Nabli\Cookies\nabli@com[2].txt -> TrackingCookie.Com : Nettoyé.
:mozilla.47:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.48:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.49:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.510:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.511:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.513:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.12:C:\Documents and Settings\derwa\Application Data\Mozilla\Firefox\Profiles\1rd9cmv1.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.95:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.28:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.593:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.193:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.194:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.195:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.198:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.199:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.200:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.201:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.436:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.437:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.438:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.440:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.289:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.358:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.359:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.360:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.361:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.856:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Nabli\Cookies\nabli@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Nabli\Cookies\nabli@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.486:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Hitslink : Nettoyé.
:mozilla.101:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.102:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.502:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.503:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.424:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Komtrack : Nettoyé.
:mozilla.425:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Komtrack : Nettoyé.
:mozilla.715:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.716:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.717:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.178:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Nabli\Cookies\nabli@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.120:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.121:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.293:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.294:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Administrator.BRUXELLES\Cookies\administrator@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.16:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Paypal : Nettoyé.
:mozilla.45:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Paypal : Nettoyé.
:mozilla.470:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.471:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.472:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.473:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.169:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.170:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.171:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.27:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Profiles\default\hkf1yl10.slt\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.107:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
:mozilla.108:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
C:\Documents and Settings\Nabli\Cookies\nabli@realmedia[1].txt -> TrackingCookie.Realmedia : Nettoyé.
:mozilla.386:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.387:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.388:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.389:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.390:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.391:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.392:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
C:\Documents and Settings\Nabli\Cookies\nabli@revsci[2].txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.370:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Ru4 : Nettoyé.
:mozilla.371:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Ru4 : Nettoyé.
:mozilla.372:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Ru4 : Nettoyé.
:mozilla.373:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Ru4 : Nettoyé.
:mozilla.374:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Ru4 : Nettoyé.
:mozilla.447:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.448:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.449:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.450:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.451:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.452:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.114:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.115:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.116:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.117:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.305:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.307:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.647:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.6:C:\Documents and Settings\derwa\Application Data\Mozilla\Firefox\Profiles\1rd9cmv1.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@skype[1].txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.204:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.205:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.206:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.31:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.32:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.33:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.850:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Spylog : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@starware[2].txt -> TrackingCookie.Starware : Nettoyé.
:mozilla.333:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.334:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.335:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.336:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.337:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.338:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.339:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.340:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.341:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.342:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.343:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.344:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.345:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.346:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.347:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.348:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.349:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.350:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.351:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.352:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.353:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.354:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.355:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.172:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.174:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.175:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.28:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Profiles\default\hkf1yl10.slt\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.29:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Profiles\default\hkf1yl10.slt\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.44:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.79:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.80:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.81:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.82:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.73:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Trafic : Nettoyé.
:mozilla.110:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.326:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.489:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.59:C:\Documents and Settings\Nabli\Application Data\Mozilla\Firefox\Profiles\79dfqoj3.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyé.
:mozilla.859:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyé.
:mozilla.860:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyé.
:mozilla.861:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyé.
:mozilla.245:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.246:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.247:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.673:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\Administrator.BRUXELLES\Cookies\administrator@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.173:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.383:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.384:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.385:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.691:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.692:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.693:C:\Documents and Settings\Administrator.BRUXELLES\Application Data\Mozilla\Firefox\Profiles\56oy85gf.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.


Fin du rapport
0
Réponse 16 / 32
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
20 juil. 2007 à 13:04
Salut

"oups" parce que je me suis trompé ! :)

poste la suite stp

++
0
Réponse 17 / 32
gforce83 Messages postés 14 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 21 juillet 2007
20 juil. 2007 à 13:50
ben pour la suite il n'y a que l'analyse online mais ça prend exagéré du temps et je ne sais plus travailler pendant ce temps. Autre chose?
0
Réponse 18 / 32
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
20 juil. 2007 à 14:08
Dommage, le scan en ligne est pas mal ...

poste un nouveau hijack, et dis moi où en sont tes soucis !

++
0
Réponse 19 / 32
gforce83 Messages postés 14 Date d'inscription mardi 17 juillet 2007 Statut Membre Dernière intervention 21 juillet 2007
20 juil. 2007 à 14:12
disons que pour l'instant je n'ai plus de fenêtres qui s'ouvrent mais temp en temp j'ai des erreur windows qui me dit que internet explorer ne peut pas exécuter je c pas quoi avec la memoire read.


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:14, on 2007-07-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Update\1.0.69.0\GoogleUpdate.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nladm\NLAgentSvc.exe
C:\Program Files\Network LookOut\Net Monitor for Employees Professional\bin\NLSAgentSvc.exe
C:\WINDOWS\System32\snmp.exe
c:\wamp\apache2\bin\httpd.exe
c:\wamp\mysql\bin\mysqld-nt.exe
C:\wamp\apache2\bin\httpd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\wamp\wampmanager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\derwa\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Program Files\Common Files\Stardock\TrayServer.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Fast SysTray] C:\Program Files\FastSysTray\FastsysTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\pdqhwxcm.dll",forkonce
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [Cobian Backup 8] "C:\Program Files\Cobian Backup 8\Cobian.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O17 - HKLM\Software\..\Telephony: DomainName = bruxelles.eurologos.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = bruxelles.eurologos.local
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Program Files\Google\Common\Update\1.0.69.0\GoogleUpdate.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network LookOut Agent (NetworkLookOutAgent) - Unknown owner - C:\WINDOWS\system32\nladm\NLAgentSvc.exe
O23 - Service: Net Monitor for Employees Agent (NMEmployeesAgent) - Unknown owner - C:\Program Files\Network LookOut\Net Monitor for Employees Professional\bin\NLSAgentSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
0
Réponse 20 / 32
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
20 juil. 2007 à 15:52
Disons donc que c'est plutôt positif ! :)

Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :


O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\pdqhwxcm.dll",forkonce

ensuite, repasse un coup de ccleaner et installe un parefeu et ça sera tout bon normalement !

voir ici :
securite proteger un ordinateur contre les malwares d internet

@+
0

Discussions similaires

adele
marine carnet-pantier -
irongege -

2 réponses
Norton Safe Search
greg35 -
gugu01 -

1 réponse
Problème informatique
NICEKRYZ -
NICEKRYZ -

20 réponses
Leboncoin : j'ai un problème d'affichage
maria1508 -
msi123 -

5 réponses
Les paramètres d'affichage NVIDIA ne sont pas
amouna -
zxk -

25 réponses