Bonjour, Mon ordi est infecté par Rootkit.Win32.Agent.q dans c:\windows\system32\drivers\winik.sys et je n'arrive pas à régler le problème. Mon anti-virus est Kaspersky. J'ai installé Spybot, trojan remover, hijackthis mais rien à faire. Surout que, lorsque je lance ces logiciels, au bout de quelques minutes mon ordi s'éteint. Et pour le rallumer, il me faut attendre 3 ou 4 tentatives (l'ordi démarre et s'arrête aussitôt...). Je ne peux pas non plus supprimer manuellement ce fichier en mode sans échec (impossible de supprimer le fichier, fichier protégé en écriture ou en cours d'utilisation...) J'ai vraiment besoin d'aide. Merci d'avance.

Mon ordi est infecté par Rootkit.Win32.Agent.

Réponse 21 / 38

FillPCA Messages postés 2264 Statut Contributeur sécurité 123

Re,

1/
* Sélectionne le texte suivant :

Driver::
WinIK

File::
C:\Windows\System32\Drivers\WinIK.sys

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

2/ Edite le rapport Combofix et un nouveau rapport SREng.

FillPCA

Réponse 22 / 38

c3s4eva Messages postés 44 Statut Membre

re,

ComboFix 07-10-17.8 - Stef 2007-10-18 21:38:54.4 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.1.1252.1.1036.18.183 [GMT 2:00]
Running from: C:\Documents and Settings\Stef\Bureau\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Stef\Bureau\CFScript.txt
* Created a new restore point

FILE::
C:\Windows\System32\Drivers\WinIK.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\Drivers\WinIK.sys
C:\Windows\System32\Drivers\WinIK.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_WINIK
-------\WinIK

((((((((((((((((((((((((((((( Fichiers créés 2007-09-18 to 2007-10-18 ))))))))))))))))))))))))))))))))))))
.

2007-10-18 09:13 <REP> d-------- C:\Program Files\Motive
2007-10-17 21:33 <REP> d-------- C:\Documents and Settings\Stef\Application Data\Comodo
2007-10-17 21:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-10-17 21:28 <REP> d-------- C:\Program Files\Comodo
2007-10-17 20:55 <REP> d-------- C:\Program Files\Navilog1
2007-10-17 17:55 164 --a------ C:\install.dat
2007-10-17 16:23 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-10-17 16:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-17 16:01 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-15 21:36 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-15 21:35 <REP> d-------- C:\Program Files\Trojan Remover
2007-10-15 21:35 <REP> d-------- C:\Documents and Settings\Stef\Application Data\Simply Super Software
2007-10-15 21:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-10-04 20:57 <REP> d-------- C:\Documents and Settings\LEO\Application Data\OpenOffice.org2
2007-10-04 20:55 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2007-10-04 20:54 <REP> d-------- C:\Program Files\Java
2007-10-04 20:54 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-10-04 18:04 <REP> d-------- C:\Documents and Settings\Stef\Application Data\Image Zone Express
2007-09-29 11:41 <REP> d-------- C:\Program Files\DK

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 19:50 52,256 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-18 19:50 3,888,672 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-18 19:48 54,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-18 19:48 5,900 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-18 19:11 20,848 ----a-w C:\Documents and Settings\Stef\Application Data\wklnhst.dat
2007-10-17 14:34 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-10-17 14:34 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-10-16 21:05 25,380 ----a-w C:\Documents and Settings\LEO\Application Data\wklnhst.dat
2007-10-15 15:13 63,712 ----a-w C:\Documents and Settings\LEO\Application Data\GDIPFONTCACHEV1.DAT
2007-10-14 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-13 10:03 --------- d-----w C:\Documents and Settings\Stef\Application Data\U3
2007-10-03 08:34 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-09-29 09:39 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-09-28 19:26 --------- d-----w C:\Documents and Settings\LEO\Application Data\Image Zone Express
2007-09-25 17:53 --------- d-----w C:\Documents and Settings\Stef\Application Data\AdobeUM
2007-09-11 11:59 --------- d-----w C:\Documents and Settings\Stef\Application Data\Motive
2007-09-10 16:49 --------- d-----w C:\Documents and Settings\LEO\Application Data\AdobeUM
2007-09-10 16:00 --------- d-----w C:\Program Files\AOL 8.0
2007-09-09 12:35 61,736 ----a-w C:\Documents and Settings\Stef\Application Data\GDIPFONTCACHEV1.DAT
2007-09-09 07:11 228,676 ----a-w C:\WINDOWS\Blubster_Toolbar_Uninstaller_4000.exe
2007-09-08 15:25 --------- d-----w C:\Documents and Settings\Stef\Application Data\HP
2007-09-03 10:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2007-09-03 10:27 --------- d-----w C:\Documents and Settings\LEO\Application Data\Motive
2007-09-01 08:52 --------- d-----w C:\Program Files\Winamp
2007-09-01 07:23 --------- d-----w C:\Program Files\Club-Internet
2007-09-01 06:49 --------- d-----w C:\Program Files\Fichiers communs\Motive
2007-09-01 06:49 --------- d-----w C:\Program Files\Common Files
2007-09-01 06:48 --------- d-----w C:\Program Files\BroadJump
2007-08-30 19:27 --------- d-----w C:\Program Files\eMule
2007-08-25 09:08 --------- d-----w C:\Documents and Settings\LEO\Application Data\U3
.

((((((((((((((((((((((((((((( snapshot@2007-10-18_11.40.43.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-18 09:38:52 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-10-18 19:49:43 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-10-18 09:38:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-10-18 19:49:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-10-18 09:38:52 114,688 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-18 19:49:43 114,688 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-18 15:53:35 75,520 ----a-w C:\WINDOWS\system32\drivers\cmdmon.sys
+ 2007-10-18 15:53:36 51,328 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09AA6C75-179E-42E0-82F7-302603339A82}]
C:\Program Files\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"Cmaudio"="cmicnfg.cpl" [2003-10-14 18:31 C:\WINDOWS\CMICNFG.CPL]
"Dit"="Dit.exe" [2002-08-28 13:43 C:\WINDOWS\Dit.exe]
"CHotkey"="mHotkey.exe" [2003-06-27 15:39 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2003-06-27 09:36 C:\WINDOWS\CNYHKey.exe]
"PCMService"="C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe" [2003-06-24 15:23]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-12 22:10]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"PRISMSTA.EXE"="PRISMSTA.exe" [2003-08-04 15:54 C:\WINDOWS\system32\PRISMSTA.exe]
"AdslTaskBar"="rundll32.exe" [2002-08-30 14:00 C:\WINDOWS\system32\rundll32.exe]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-10-06 14:01]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2002-08-30 14:00]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-02 09:09]
"posdyuqq"="C:\WINDOWS\System32\tuhzusbi.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2005-11-15 21:31]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-09-30 19:38]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-20 13:04]
"Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-10-18 17:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-30 14:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
@=

R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\System32\DRIVERS\Cap7134.sys
R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\System32\DRIVERS\ctxs51.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\System32\DRIVERS\PhTVTune.sys
R3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\System32\DRIVERS\PRISMA00.sys
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\System32\DRIVERS\stmatm.sys
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
S3 Ip6FwHlp;Pare-feu de connexion Internet IPv6;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\System32\DRIVERS\torususb.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-18 19:49:43 C:\WINDOWS\Tasks\Connexion Bureau à distance.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-18 21:50:00
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-18 21:53:31 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-18 11:42
.
--- E O F ---

Réponse 23 / 38

c3s4eva Messages postés 44 Statut Membre

[CODE]

2007-10-18,21:55:12

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 1 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<CTFMON.EXE><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
<SpybotSD TeaTimer><"C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"> [(Verified)Safer Networking Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Dit><Dit.exe> []
<CHotkey><mHotkey.exe> [Chicony]
<ledpointer><CNYHKey.exe> [Chicony]
<PCMService><"C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"> []
<ATIPTA><"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.]
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<PRISMSTA.EXE><"PRISMSTA.EXE" START> [N/A]
<AdslTaskBar><"rundll32.exe" stmctrl.dll,TaskBar> [BeWAN systems ]
<TkBellExe><"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<Synchronization Manager><"C:\WINDOWS\system32\mobsync.exe" /logon> [(Verified)Microsoft Windows XP Publisher]
<REGSHAVE><"C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN> [FUJI PHOTO FILM CO., LTD.]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<posdyuqq><C:\WINDOWS\System32\tuhzusbi.exe> [N/A]
<HP Software Update><"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"> [Hewlett-Packard Co.]
<BJCFD><"C:\Program Files\BroadJump\Client Foundation\CFD.exe"> []
<WinampAgent><"C:\Program Files\Winamp\winampa.exe"> []
<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<TrojanScanner><"C:\Program Files\Trojan Remover\Trjscan.exe"> [(Verified)Simply Super Software]
<AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"> [(Verified)Kaspersky Lab]
<Motive SmartBridge><C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe> [Motive Communications, Inc.]
<COMODO Firewall Pro><"C:\Program Files\Comodo\Firewall\CPF.exe" /background> [(Verified)Comodo CA Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\System32\klogon.dll> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Lecteur Windows Media Microsoft 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
<N/A><"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",HideIconsUser> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows XP Publisher]

==================================
Startup Folders
[Digital Image Monitor]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Image Monitor.lnk --> C:\PROGRA~1\DIGITA~1\Monitor.exe []><N>
[HP Digital Imaging Monitor]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[LE COMPAGNON CLUB]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LE COMPAGNON CLUB.lnk --> C:\PROGRA~1\CLUB-I~1\LECOMP~1\bin\matcli.exe [Motive Communications, Inc.]><N>
[WinZip Quick Pick]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk --> C:\PROGRA~1\WinZip\WZQKPICK.EXE [WinZip Computing, Inc.]><N>

==================================
Services
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Kaspersky Anti-Virus 7.0 / AVP][Running/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r><Kaspersky Lab>
[Client de licence CA / CA_LIC_CLNT][Stopped/Manual Start]
<C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe><Computer Associates>
[Serveur de licence CA / CA_LIC_SRVR][Stopped/Manual Start]
<C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe><Computer Associates>
[Comodo Application Agent / CmdAgent][Running/Auto Start]
<C:\Program Files\Comodo\Firewall\cmdagent.exe><COMODO>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Event Log Watch / LogWatch][Running/Auto Start]
<C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe><Computer Associates>
[Machine Debug Manager / MDM][Running/Auto Start]
<"C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Auto Start]
<C:\WINDOWS\System32\HPZipm12.exe><HP>
[WAN Miniport (ATW) Service / WANMiniportService][Running/Auto Start]
<"C:\WINDOWS\wanmpsvc.exe"><America Online, Inc.>
[X10 Device Network Service / x10nets][Running/Manual Start]
<C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe><X10>

==================================
Drivers
[ASAPIW2K / ASAPIW2K][Running/Manual Start]
<System32\Drivers\ASAPIW2K.sys><VOB Computersysteme GmbH>
[ati2mtag / ati2mtag][Running/Manual Start]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[MEDION (7134) WDM Video Capture / Cap7134][Running/Manual Start]
<System32\DRIVERS\Cap7134.sys><Philips Semiconductors>
[catchme / catchme][Running/Manual Start]
<\??\C:\DOCUME~1\Stef\LOCALS~1\Temp\catchme.sys><N/A>
[Comodo Application Engine / CmdMon][Running/System Start]
<System32\DRIVERS\cmdmon.sys><Comodo Research Lab., Inc.>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
<system32\drivers\cmuda.sys><C-Media Inc>
[Pilote de la carte EtherLink XL 90XB/C 3Com / EL90XBC][Stopped/Manual Start]
<System32\DRIVERS\el90xbc5.sys><3Com Corporation>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
<System32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
<System32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
<System32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
<System32\DRIVERS\HPZius12.sys><HP>
[Comodo Network Engine / Inspect][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\inspect.sys><COMODO>
[Creatix V.9X DSP Data Fax Modem / Intels51][Running/Manual Start]
<System32\DRIVERS\ctxs51.sys><Intel Corporation>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
<\??\C:\WINDOWS\System32\drivers\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
<System32\DRIVERS\klim5.sys><Kaspersky Lab>
[MRENDIS5 NDIS Protocol Driver / MRENDIS5][Stopped/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS><Motive, Inc.>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[MEDION TV-TUNER 7134 MK2/3 / PhTVTune][Running/Manual Start]
<System32\DRIVERS\PhTVTune.sys><Philips Semiconductors>
[PRISM 802.11g Driver / PRISM_A00][Running/Manual Start]
<System32\DRIVERS\PRISMA00.sys><Intersil Americas Inc.>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[ATM/ADSL miniport / Stmatm][Running/Manual Start]
<System32\DRIVERS\stmatm.sys><STMicroelectronics>
[ADSL Modem USB Service / TaurusUsb][Stopped/Manual Start]
<System32\DRIVERS\torususb.sys><>
[WAN Miniport (ATW) / wanatw][Running/Manual Start]
<System32\DRIVERS\wanatw4.sys><America Online, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[%DESCRIPTION% / X10UIF][Running/Manual Start]
<System32\Drivers\x10uif.sys><X10 Wireless Technology, Inc.>

==================================
Browser Add-ons
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Blubster Toolbar Helper]
{09AA6C75-179E-42E0-82F7-302603339A82} <C:\Program Files\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll, N/A>
[Spybot-S&D IE Protection]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Statistiques d’Anti-Virus Internet]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll, Kaspersky Lab>
[Real.com]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\System32\Shdocvw.dll, Microsoft Corporation>
[Spybot-S&D IE Protection]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll, N/A>
[&Radio]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[TDServer Control]
{0246ECA8-996F-11D1-BE2F-00A0C9037DFE} <C:\WINDOWS\DOWNLO~1\tdserver.ocx, N/A>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[RdxIE Class]
{56336BCB-3D8A-11D6-A00B-0050DA18DE71} <C:\WINDOWS\Downloaded Program Files\RdxIE.dll, RealNetworks, Inc.>
[HouseCall Control]
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} <C:\WINDOWS\DOWNLO~1\xscan53.ocx, Trend Micro Inc.>
[AvxScanOnline Control]
{80DD2229-B8E4-4C77-B72F-F22972D723EA} <C:\WINDOWS\DOWNLO~1\BITDEF~1.OCX, N/A>
[Java Plug-in 1.6.0_02]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>

==================================
Running Processes
[PID: 864 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 956 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 980 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\WINDOWS\System32\klogon.dll] [Kaspersky Lab, 7.0.0.123]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1024 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1036 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 1236 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 1368 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\WINDOWS\System32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1580 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1644 / SERVICE LOCAL][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 1888 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.123]
[C:\WINDOWS\system32\HpTcpMon.dll] [Hewlett Packard, 5.01.00.011]
[C:\WINDOWS\system32\hpzjrd01.dll] [Hewlett Packard, 2.01.00.001]
[C:\WINDOWS\system32\HPTcpMUI.dll] [Microsoft Corporation, 5.01.00.011]
[C:\WINDOWS\system32\hptcpmib.dll] [Hewlett Packard, 5.01.00.011]
[C:\WINDOWS\system32\hpzsnt12.dll] [HP, 14.00.00.41711]
[PID: 400 / Stef][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1221 (xpsp2.030511-1403)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.123]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\HKCYDLL.dll] [N/A, ]
[C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\SBHook.dll] [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[PID: 1344 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1700 / SYSTEM][C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe] [Computer Associates, 1.52]
[C:\Program Files\CA\SharedComponents\CA_LIC\lic98.dll] [Computer Associates, 01.52]
[PID: 464 / SYSTEM][C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe] [Microsoft Corporation, 7.00.9064.9150]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 556 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 448 / SERVICE LOCAL][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 440 / SYSTEM][C:\WINDOWS\wanmpsvc.exe] [America Online, Inc., 7, 0, 0, 2]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 2040 / Stef][C:\WINDOWS\System32\RunDll32.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system\cmicnfg.cpl] [C-Media Corporation, 1, 0, 40, 17]
[C:\WINDOWS\System32\udaprop.dll] [C-Media Corporation, 1.0.2.2]
[PID: 764 / Stef][C:\WINDOWS\Dit.exe] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 540 / Stef][C:\WINDOWS\mHotkey.exe] [Chicony, 3, 0, 0, 6]
[C:\WINDOWS\HIDMNT.dll] [N/A, ]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\PIC.DLL] [N/A, ]
[PID: 1592 / Stef][C:\WINDOWS\CNYHKey.exe] [Chicony, 2, 2, 0, 0]
[C:\WINDOWS\CNYUSB.dll] [N/A, ]
[C:\WINDOWS\HKCYDLL.dll] [N/A, ]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2060 / Stef][C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe] [, 1, 0, 0, 1]
[C:\Program Files\Medion Home Cinema XL II\PowerCinema\RC.dll] [Cyberlink Corp., 1, 0, 0, 1]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\Common Files\X10\Common\x10net.dll] [X10 Wireless Technology, Inc., 3, 0, 0, 84]
[C:\WINDOWS\System32\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0]
[PID: 2088 / Stef][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5029]
[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.FRA] [ATI Technologies, Inc., 6.14.10.5029]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5029]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5029]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 2168 / Stef][C:\WINDOWS\DitExp.exe] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\SBHook.dll] [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
[PID: 2184 / Stef][C:\WINDOWS\System32\PRISMSTA.EXE] [Intersil Americas Inc., 1.00.20]
[C:\WINDOWS\System32\PRISMIOC.dll] [Intersil Americas Inc., 1.00.20]
[C:\WINDOWS\System32\PRISMRES.DLL] [Intersil Americas Inc., 1.00.20]
[PID: 2208 / SYSTEM][C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe] [X10, 1, 0, 0, 1]
[C:\PROGRA~1\COMMON~1\X10\Common\x10net.DLL] [X10 Wireless Technology, Inc., 3, 0, 0, 84]
[C:\WINDOWS\System32\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 2236 / Stef][C:\WINDOWS\System32\rundll32.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\stmctrl.dll] [BeWAN systems , 1.9.0.9]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 2348 / Stef][C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.1622]
[PID: 2580 / Stef][C:\Program Files\QuickTime\qttask.exe] [Apple Computer, Inc., 7.0.3]
[PID: 2584 / Stef][C:\WINDOWS\system32\mobsync.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 2616 / Stef][C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] [Hewlett-Packard Co., 53.0.13.000]
[PID: 2680 / Stef][C:\Program Files\BroadJump\Client Foundation\CFD.exe] [N/A, ]
[C:\WINDOWS\System32\stlport_4_0_0_DDR.dll] [, 4,0,0,0]
[C:\Program Files\BroadJump\Client Foundation\BJComRT.dll] [N/A, ]
[C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll] [N/A, ]
[C:\Program Files\BroadJump\Client Foundation\AppProperties.dll] [N/A, ]
[C:\Program Files\BroadJump\Client Foundation\Marshaller.dll] [N/A, ]
[C:\Program Files\BroadJump\Client Foundation\TimerManager.dll] [N/A, ]
[C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 2712 / Stef][C:\Program Files\Winamp\winampa.exe] [N/A, ]
[PID: 2748 / Stef][C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe] [Adobe Systems Incorporated, 8.0.0.0]
[PID: 2768 / Stef][C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.20.5]
[PID: 2860 / Stef][C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe] [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
[C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\httpclient52.dll] [Motive Communications, Inc., 1.07.01]
[C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\clientutil52.dll] [Motive Communications, Inc., 1.07.01]
[C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\SBRes.dll] [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\alertfilter.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.123]
[C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\SBHook.dll] [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
[PID: 2912 / Stef][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 2928 / Stef][C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] [Safer Networking Limited, 1, 5, 0, 9]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\Spybot - Search & Destroy\advcheck.dll] [Safer Networking Limited, 1, 5, 3, 0]
[C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\SBHook.dll] [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
[C:\WINDOWS\HKCYDLL.dll] [N/A, ]
[PID: 3028 / Stef][C:\Program Files\Digital Image\Monitor.exe] [, 1, 0, 0, 1]
[C:\Program Files\Digital Image\Autoplay.dll] [N/A, ]
[C:\Program Files\Digital Image\PnPModule.dll] [, 1, 0, 0, 6]
[C:\Program Files\Digital Image\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\Program Files\Digital Image\rsRes.dll] [, 1, 2, 0, 1]
[C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\SBHook.dll] [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
[PID: 3144 / Stef][C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll] [Hewlett-Packard Co., 50.0.206.000]
[C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc] [Hewlett-Packard Co., 50.0.206.000]
[C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpoddcomm09.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\WINDOWS\System32\hpzidr12.dll] [HP, 9, 0, 0, 0]
[C:\WINDOWS\System32\hpzipr12.dll] [HP, 9, 0, 0, 0]
[C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\SBHook.dll] [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
[PID: 3288 / Stef][C:\Program Files\WinZip\WZQKPICK.EXE] [WinZip Computing, Inc., 1.0 (32-bit)]
[PID: 3556 / SYSTEM][C:\WINDOWS\System32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\WINDOWS\System32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 176 / Stef][C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe] [N/A, ]
[C:\Program Files\Club-Internet\Le Compagnon Club\bin\clientutil52.dll] [Motive Communications, Inc., 1.07.01]
[C:\Program Files\Club-Internet\Le Compagnon Club\bin\AsstCatalog.dll] [N/A, ]
[C:\Program Files\Club-Internet\Le Compagnon Club\bin\resource.dll] [Motive Communications, Inc., 1.0.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 328 / Stef][C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqmfc09.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.rsc] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\WINDOWS\System32\hpzipr12.dll] [HP, 9, 0, 0, 0]
[C:\WINDOWS\System32\hpzidr12.dll] [HP, 9, 0, 0, 0]
[C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc] [Hewlett-Packard Co., 53.0.13.000]
[PID: 3196 / Stef][C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe] [Hewlett-Packard Co., 53.0.13.000]
[C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbutil.dll] [Hewlett-Packard Co., 53.0.13.000]
[C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\SBHook.dll] [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 3792 / Stef][C:\WINDOWS\System32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\WINDOWS\System32\wucltui.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\SBHook.dll] [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
[C:\WINDOWS\System32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\WINDOWS\System32\wucltui.dll.mui] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 2472 / Stef][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\SBHook.dll] [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\WINDOWS\HKCYDLL.dll] [N/A, ]
[PID: 3124 / Stef][C:\Documents and Settings\Stef\Bureau\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\SBHook.dll] [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
[C:\WINDOWS\HKCYDLL.dll] [N/A, ]
[C:\Documents and Settings\Stef\Bureau\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.123]
[C:\PROGRA~1\MICROS~4\Office10\MCPS.DLL] [Microsoft Corporation, 10.0.2625]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 464, C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 440, C:\WINDOWS\WANMPSVC.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 764, C:\WINDOWS\DIT.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 540, C:\WINDOWS\MHOTKEY.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1592, C:\WINDOWS\CNYHKEY.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2060, C:\PROGRAM FILES\MEDION HOME CINEMA XL II\POWERCINEMA\PCMSERVICE.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2088, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2168, C:\WINDOWS\DITEXP.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2208, C:\PROGRA~1\COMMON~1\X10\COMMON\X10NETS.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2348, C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2580, C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2616, C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2680, C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2712, C:\PROGRAM FILES\WINAMP\WINAMPA.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2860, C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MOTIVESB.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3028, C:\PROGRAM FILES\DIGITAL IMAGE\MONITOR.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3144, C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3288, C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 176, C:\PROGRAM FILES\CLUB-INTERNET\LE COMPAGNON CLUB\BIN\MPBTN.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 328, C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3196, C:\PROGRAM FILES\HP\DIGITAL IMAGING\PRODUCT ASSISTANT\BIN\HPRBLOG.EXE]

==================================
API HOOK
RVA Error: LoadLibraryA (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)
RVA Error: LoadLibraryExA (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)
RVA Error: LoadLibraryExW (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)
RVA Error: LoadLibraryW (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)
RVA Error: GetProcAddress (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)

==================================
Hidden Process
N/A

==================================

[/CODE]

Réponse 24 / 38

FillPCA Messages postés 2264 Statut Contributeur sécurité 123

Bien joué !

Peux-tu éditer un rapport Hijackthis et un nouveau rapport Diaghelp. Ce rootkit installe des dossiers un peu partout. Maintenant qu'il est neutralisé, on s'occupe de ces dossiers.

FillPCA

Réponse 25 / 38

c3s4eva Messages postés 44 Statut Membre

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:47, on 18/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\System32\PRISMSTA.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\mobsync.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Image\Monitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Stef\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Blubster Toolbar Helper - {09AA6C75-179E-42E0-82F7-302603339A82} - C:\Program Files\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PRISMSTA.EXE] "PRISMSTA.EXE" START
O4 - HKLM\..\Run: [AdslTaskBar] "rundll32.exe" stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Manager] "C:\WINDOWS\system32\mobsync.exe" /logon
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [posdyuqq] C:\WINDOWS\System32\tuhzusbi.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] "C:\Program Files\Trojan Remover\Trjscan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Image Monitor.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/06515a6300000e48c405/netzip/RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {C396DE7B-E4C2-41E7-98EA-303A37124A6C} - http://alerts.instantalbert.com/install/albertrun.CAB
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Réponse 26 / 38

c3s4eva Messages postés 44 Statut Membre

DiagHelp version v1.2 - http://www.malekal.com
excute le 18/10/2007 à 22:03:19,01

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->18/10/2007 22:03:16
C:\WINDOWS\prefetch\HPZIPM12.EXE-145E7369.pf -->18/10/2007 22:02:33
C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf -->18/10/2007 21:55:37
C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf -->18/10/2007 21:54:01
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->18/10/2007 21:53:46
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->18/10/2007 21:53:17
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->18/10/2007 21:51:51
C:\WINDOWS\prefetch\MOTIVE~1.EXE-34114D40.pf -->18/10/2007 21:51:35
C:\WINDOWS\prefetch\HPQSTE08.EXE-18A7280B.pf -->18/10/2007 21:51:35
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->18/10/2007 21:51:34

C:\WINDOWS\System32\drivers\fidbox.dat -->18/10/2007 22:00:16
C:\WINDOWS\System32\drivers\fidbox2.dat -->18/10/2007 21:55:46
C:\WINDOWS\System32\drivers\fidbox2.idx -->18/10/2007 21:48:04
C:\WINDOWS\System32\drivers\fidbox.idx -->18/10/2007 21:48:04
C:\WINDOWS\System32\drivers\inspect.sys -->18/10/2007 17:53:36
C:\WINDOWS\System32\drivers\cmdmon.sys -->18/10/2007 17:53:35
C:\WINDOWS\System32\drivers\klif.sys -->17/10/2007 16:35:05

C:\WINDOWS\System32\perfh00C.dat -->17/10/2007 21:54:48
C:\WINDOWS\System32\perfh009.dat -->17/10/2007 21:54:48
C:\WINDOWS\System32\perfc00C.dat -->17/10/2007 21:54:48
C:\WINDOWS\System32\perfc009.dat -->17/10/2007 21:54:47
C:\WINDOWS\System32\PerfStringBackup.INI -->17/10/2007 21:54:46
C:\WINDOWS\System32\wpa.dbl -->14/10/2007 21:26:24
C:\WINDOWS\System32\FNTCACHE.DAT -->05/10/2007 12:31:46
C:\WINDOWS\System32\swreg.exe -->05/10/2007 10:07:31
C:\WINDOWS\System32\jupdate-1.6.0_02-b05.log -->04/10/2007 20:55:03
C:\WINDOWS\System32\wuaucpl.cpl.mui -->30/07/2007 19:20:06
C:\WINDOWS\System32\wuapi.dll.mui -->30/07/2007 19:19:52
C:\WINDOWS\System32\wuaueng.dll -->30/07/2007 19:19:42
C:\WINDOWS\System32\wuapi.dll -->30/07/2007 19:19:36
C:\WINDOWS\System32\wucltui.dll -->30/07/2007 19:19:32
C:\WINDOWS\System32\wuweb.dll -->30/07/2007 19:19:28
C:\WINDOWS\System32\wuaucpl.cpl -->30/07/2007 19:19:28
C:\WINDOWS\System32\cdm.dll -->30/07/2007 19:19:20
C:\WINDOWS\System32\wuauclt.exe -->30/07/2007 19:19:16
C:\WINDOWS\System32\wups2.dll -->30/07/2007 19:19:12
C:\WINDOWS\System32\wucltui.dll.mui -->30/07/2007 19:19:04
C:\WINDOWS\System32\wuaueng.dll.mui -->30/07/2007 19:18:48
C:\WINDOWS\System32\wups.dll -->30/07/2007 19:18:40
C:\WINDOWS\System32\vsdatant.sys -->21/06/2007 21:54:52
C:\WINDOWS\System32\zpeng24.dll -->21/06/2007 21:54:40
C:\WINDOWS\System32\zlcommdb.dll -->21/06/2007 21:54:34

C:\WINDOWS\WindowsUpdate.log -->18/10/2007 21:51:29
C:\WINDOWS\setupapi.log -->18/10/2007 21:51:08
C:\WINDOWS\0.log -->18/10/2007 21:50:18
C:\WINDOWS\ModemLog_Creatix V.9X DSP Data Fax Modem.txt -->18/10/2007 21:50:09
C:\WINDOWS\wiadebug.log -->18/10/2007 21:50:08
C:\WINDOWS\wiaservc.log -->18/10/2007 21:49:58
C:\WINDOWS\bootstat.dat -->18/10/2007 21:49:41
C:\WINDOWS\SchedLgU.Txt -->18/10/2007 21:47:44
C:\WINDOWS\ntbtlog.txt -->18/10/2007 21:18:16
C:\WINDOWS\BJCFDins.log -->18/10/2007 09:12:55
C:\WINDOWS\win.ini -->17/10/2007 17:57:24
C:\WINDOWS\QTFont.qfn -->15/10/2007 20:10:13
C:\WINDOWS\catchme.exe -->28/09/2007 09:06:08
C:\WINDOWS\wmsetup.log -->17/09/2007 18:15:41
C:\WINDOWS\spupdsvc.log -->14/09/2007 19:55:18

MD5 des fichiers sensibles
tcpip.sys 244a2f9816bc9b593957281ef577d976
ndis.sys 09b38768036508b51564201afb000950
null.sys 73c1e1f395918bc2c6dd67af7591a3ad
svchost.exe 333a4db8410d8e24db06d6aebecdc7c2

Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 04E9-2E4A

Répertoire de C:\WINDOWS\system32

30/08/2002 14:00 4 096 csrss.exe
1 fichier(s) 4 096 octets
0 Rép(s) 12 698 677 248 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 04E9-2E4A

Répertoire de C:\WINDOWS\Downloaded Program Files

18/10/2007 21:17 <REP> .
18/10/2007 21:17 <REP> ..
05/10/2003 12:25 65 desktop.ini
14/10/1997 18:52 697 DirectAnimation Java Classes.osd
12/07/2000 03:02 36 864 fxfileop.dll
25/08/2003 18:12 1 096 iuctl.inf
20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd
08/10/2004 16:01 372 736 MsnPUpld.dll
08/10/2004 16:13 587 MSNPupld.inf
22/09/2004 15:59 110 592 PURen-us.dll
15/10/2004 07:59 110 592 PURfr-xx.dll
09/10/2003 11:32 144 QTPlugin.inf
05/03/2003 17:23 524 404 RdxIE.dll
28/06/2001 00:02 40 960 setacceptlang.dll
13/12/2004 16:20 310 SpamBlockerUtility.inf
30/05/2002 00:12 9 488 sporder.dll
11/06/2007 12:21 5 021 swflash.inf
02/08/2000 13:33 224 tdserver.inf
31/10/2001 11:37 118 uninst.bat
24/03/2004 18:17 1 777 xscan.inf
24/03/2004 18:22 435 712 xscan53.ocx
19 fichier(s) 1 652 549 octets

Total des fichiers listés :
19 fichier(s) 1 652 549 octets
2 Rép(s) 12 698 673 152 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-18 22:03:47
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000002cf

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Accessing \device\physicalmemory via NtCreateSymbolicLinkObject

Process list by traversal of KiWaitListHead

4 - System
328 - hpqste08.exe
400 - explorer.exe
464 - mdm.exe
540 - mHotkey.exe
956 - csrss.exe
980 - winlogon.exe
1024 - services.exe
1036 - lsass.exe
1104 - cmd.exe
1236 - svchost.exe
1344 - alg.exe
1368 - svchost.exe
1440 - avp.exe
1528 - cmdagent.exe
1592 - CNYHKey.exe
1644 - svchost.exe
1700 - LogWatNT.exe
2088 - atiptaxx.exe
2184 - PRISMSTA.exe
2208 - X10nets.exe
2236 - rundll32.exe
2680 - CFD.exe
2808 - avp.exe
2860 - MotiveSB.exe
2888 - cpf.exe
2912 - ctfmon.exe
2928 - TeaTimer.exe
3028 - Monitor.exe
3144 - hpqtra08.exe
3780 - firefox.exe
3792 - wuauclt.exe

Total number of processes = 32
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Accessing \device\physicalmemory via NtCreateSymbolicLinkObject

Driver/Module list by traversal of PsLoadedModuleList

804D4000 - \WINDOWS\system32\ntoskrnl.exe
806BA000 - \WINDOWS\system32\hal.dll
F8A35000 - \WINDOWS\system32\KDCOM.DLL
F8945000 - \WINDOWS\system32\BOOTVID.dll
F84E8000 - ACPI.sys
F8A37000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
F8535000 - pci.sys
F8545000 - isapnp.sys
F8AFD000 - pciide.sys
F87B5000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F8555000 - MountMgr.sys
F84C9000 - ftdisk.sys
F87BD000 - PartMgr.sys
F8565000 - VolSnap.sys
F84B3000 - atapi.sys
F8575000 - disk.sys
F8585000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F84A2000 - sr.sys
F8595000 - PxHelp20.sys
F848E000 - KSecDD.sys
F8404000 - Ntfs.sys
F85A5000 - inspect.sys
F83DC000 - \WINDOWS\System32\DRIVERS\NDIS.SYS
F85B5000 - ComboFix.sys
F85C5000 - ohci1394.sys
F85D5000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS
F83C2000 - Mup.sys
F83A6000 - kl1.sys
F8949000 - \WINDOWS\System32\drivers\TDI.SYS
F87C5000 - agp440.sys
F8605000 - \SystemRoot\System32\DRIVERS\nic1394.sys
F8615000 - \SystemRoot\System32\DRIVERS\processr.sys
F7C6B000 - \SystemRoot\System32\DRIVERS\ati2mtag.sys
F7C59000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F887D000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
F7C37000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F8885000 - \SystemRoot\System32\DRIVERS\usbehci.sys
F7BDE000 - \SystemRoot\System32\DRIVERS\PRISMA00.sys
F7B88000 - \SystemRoot\System32\DRIVERS\Cap7134.sys
F7DBF000 - \SystemRoot\System32\DRIVERS\STREAM.SYS
F7B68000 - \SystemRoot\System32\DRIVERS\ks.sys
F7ACC000 - \SystemRoot\System32\DRIVERS\ctxs51.sys
F888D000 - \SystemRoot\System32\Drivers\Modem.SYS
F7DAF000 - \SystemRoot\System32\DRIVERS\fetnd5b.sys
F8895000 - \SystemRoot\System32\DRIVERS\fdc.sys
F7D9F000 - \SystemRoot\System32\DRIVERS\serial.sys
F8372000 - \SystemRoot\System32\DRIVERS\serenum.sys
F7AB9000 - \SystemRoot\System32\DRIVERS\parport.sys
F8C52000 - \SystemRoot\system32\drivers\msmpu401.sys
F7A98000 - \SystemRoot\system32\drivers\portcls.sys
F7D8F000 - \SystemRoot\system32\drivers\drmk.sys
F836E000 - \SystemRoot\system32\drivers\pfc.sys
F889D000 - \SystemRoot\System32\Drivers\ASAPIW2K.sys
F7D7F000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F7D6F000 - \SystemRoot\System32\DRIVERS\redbook.sys
F7D5F000 - \SystemRoot\System32\DRIVERS\imapi.sys
F79E1000 - \SystemRoot\system32\drivers\cmuda.sys
F88A5000 - \SystemRoot\System32\DRIVERS\klim5.sys
F8C57000 - \SystemRoot\System32\DRIVERS\audstub.sys
F7D4F000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F835E000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F79CB000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F7D3F000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F7D2F000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F88AD000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F88B5000 - \SystemRoot\System32\DRIVERS\raspti.sys
F88BD000 - \SystemRoot\System32\DRIVERS\wanatw4.sys
F8625000 - \SystemRoot\System32\DRIVERS\termdd.sys
F88C5000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F88CD000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F8635000 - \SystemRoot\System32\DRIVERS\stmatm.sys
F8C58000 - \SystemRoot\System32\DRIVERS\swenum.sys
F79A9000 - \SystemRoot\System32\DRIVERS\update.sys
F8645000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F8675000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F8A73000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F88D5000 - \SystemRoot\System32\DRIVERS\PhTVTune.sys
F88DD000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
F8A77000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F8C2C000 - \SystemRoot\System32\Drivers\Null.SYS
F8A79000 - \SystemRoot\System32\Drivers\Beep.SYS
F88ED000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
F88F5000 - \SystemRoot\System32\drivers\vga.sys
F8A7B000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F8A7D000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F88FD000 - \SystemRoot\System32\Drivers\Msfs.SYS
F8905000 - \SystemRoot\System32\Drivers\Npfs.SYS
F8A09000 - \SystemRoot\System32\DRIVERS\rasacd.sys
F86A5000 - \SystemRoot\System32\DRIVERS\ipsec.sys
F86B5000 - \SystemRoot\System32\DRIVERS\msgpc.sys
B2A62000 - \SystemRoot\System32\DRIVERS\tcpip.sys
B2A4F000 - \SystemRoot\System32\DRIVERS\cmdmon.sys
F86C5000 - \SystemRoot\System32\DRIVERS\wanarp.sys
B2A2A000 - \SystemRoot\System32\DRIVERS\netbt.sys
F86D5000 - \SystemRoot\System32\DRIVERS\arp1394.sys
F86E5000 - \SystemRoot\System32\DRIVERS\netbios.sys
B2A02000 - \SystemRoot\System32\DRIVERS\rdbss.sys
B29A2000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
B2964000 - \??\C:\WINDOWS\System32\drivers\klif.sys
F8705000 - \SystemRoot\System32\Drivers\Fips.SYS
F890D000 - \SystemRoot\System32\DRIVERS\USBSTOR.SYS
F7D1B000 - \SystemRoot\System32\Drivers\x10uif.sys
F8915000 - \SystemRoot\System32\DRIVERS\usbccgp.sys
F7D17000 - \SystemRoot\System32\DRIVERS\hidusb.sys
F8715000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
F7D0F000 - \SystemRoot\System32\DRIVERS\kbdhid.sys
F7D0B000 - \SystemRoot\System32\DRIVERS\mouhid.sys
B2918000 - \SystemRoot\System32\Drivers\Fastfat.SYS
B2902000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F8A85000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
B2F4C000 - \SystemRoot\System32\watchdog.sys
B2F48000 - \SystemRoot\System32\drivers\Dxapi.sys
BFF80000 - \SystemRoot\System32\drivers\dxg.sys
F8B20000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9B7000 - \SystemRoot\System32\ati2dvag.dll
BFA16000 - \SystemRoot\System32\ati3duag.dll
B2779000 - \SystemRoot\System32\drivers\afd.sys
B294C000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
B2F70000 - \SystemRoot\system32\drivers\sysaudio.sys
B249B000 - \SystemRoot\system32\drivers\wdmaud.sys
B22D9000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
F8AD5000 - \SystemRoot\System32\Drivers\ParVdm.SYS
B219A000 - \SystemRoot\System32\DRIVERS\srv.sys
B1DC6000 - \SystemRoot\System32\DRIVERS\ipnat.sys
B2559000 - \SystemRoot\System32\Drivers\Cdfs.SYS
B1932000 - \??\C:\DOCUME~1\Stef\LOCALS~1\Temp\catchme.sys
B16BF000 - \SystemRoot\system32\drivers\kmixer.sys
F8B38000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 129

Liste des programmes installes

COMODO Firewall Pro
HijackThis 2.0.2

Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 04E9-2E4A

Répertoire de C:\Program Files

18/10/2007 21:17 <REP> .
18/10/2007 21:17 <REP> ..
03/10/2007 10:34 <REP> Adobe
03/11/2003 13:11 <REP> Ahead
10/09/2007 18:00 <REP> AOL 8.0
06/10/2003 13:38 <REP> AOL Compagnon
29/12/2006 15:32 <REP> a-squared
03/11/2003 12:54 <REP> ATI Technologies
26/12/2006 13:11 <REP> Auralog
07/09/2005 16:02 <REP> BeWAN ADSL V1.9.0.10
01/09/2007 08:48 <REP> BroadJump
03/11/2003 12:59 <REP> CA
01/09/2007 09:23 <REP> Club-Internet
03/11/2003 12:34 <REP> C-Media 3D Audio
01/09/2007 08:49 <REP> Common Files
18/10/2007 17:46 <REP> Comodo
05/10/2003 12:25 <REP> ComPlus Applications
06/10/2003 09:22 <REP> CyberLink
01/01/2005 11:39 <REP> Digital Image
29/09/2007 11:41 <REP> DK
13/04/2005 10:48 <REP> eChanblard
30/08/2007 21:27 <REP> eMule
17/10/2007 16:01 <REP> Fichiers communs
09/05/2005 16:16 <REP> FinePixViewer
02/04/2006 11:01 <REP> Google
17/10/2007 16:19 <REP> Grisoft
21/01/2006 18:52 <REP> Hewlett-Packard
21/01/2006 18:55 <REP> HP
05/10/2003 12:42 <REP> Intel
05/09/2007 08:13 <REP> Internet Explorer
04/10/2007 20:55 <REP> Java
17/10/2007 16:23 <REP> Kaspersky Lab
18/02/2005 10:03 <REP> K-Lite Codec Pack
26/03/2006 10:00 <REP> Lavasoft
12/06/2004 17:19 <REP> Medion Home Cinema XL II
05/10/2003 16:25 <REP> Medion Tools
05/10/2003 15:58 <REP> Microsoft AutoRoute
05/10/2003 16:03 <REP> Microsoft Encarta
28/04/2005 20:07 <REP> microsoft frontpage
22/01/2006 11:01 <REP> Microsoft Office
05/10/2003 16:02 <REP> Microsoft Picture It! 9
06/09/2004 17:33 <REP> Microsoft Référence
05/10/2003 15:53 <REP> Microsoft Visual Studio
05/10/2003 15:54 <REP> Microsoft Works
05/10/2003 15:49 <REP> Microsoft Works Suite 2004
18/10/2007 09:14 <REP> Motive
05/10/2003 12:31 <REP> Movie Maker
19/09/2007 18:32 <REP> Mozilla Firefox
05/10/2003 12:24 <REP> MSN Gaming Zone
11/04/2005 12:02 <REP> MUSICMATCH
17/10/2007 20:59 <REP> Navilog1
03/05/2004 17:10 <REP> NetMeeting
06/10/2003 13:38 <REP> Nullsoft
04/10/2007 20:55 <REP> OpenOffice.org 2.3
21/02/2005 20:34 <REP> Outlook Express
09/01/2004 16:35 <REP> PCFriendly
09/05/2005 16:17 <REP> PIXELA
02/11/2005 09:09 <REP> QuickTime
06/10/2003 13:38 <REP> Real
09/05/2005 16:15 <REP> REGSHAVE
05/10/2003 12:25 <REP> Services en ligne
24/02/2005 11:33 <REP> sopwxxxs
11/12/2005 09:35 <REP> SpamBlockerUtility_Icons
14/10/2007 21:28 <REP> Spybot - Search & Destroy
18/10/2007 21:50 <REP> Trojan Remover
05/10/2003 13:30 <REP> USB Wireless Keyboard Driver Ver1.24M
13/04/2005 10:57 <REP> VideoLAN
06/10/2003 13:38 <REP> Viewpoint
01/09/2007 10:52 <REP> Winamp
26/03/2006 11:31 <REP> Windows ControlAd
05/10/2003 12:31 <REP> Windows Journal Viewer
14/09/2007 13:13 <REP> Windows Media Player
05/10/2003 12:24 <REP> Windows NT
18/02/2005 10:06 <REP> WinZip
06/10/2003 09:23 <REP> X10 Hardware
05/10/2003 12:26 <REP> xerox
0 fichier(s) 0 octets
76 Rép(s) 12 702 556 160 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 04E9-2E4A

Répertoire de C:\Program Files\fichiers communs

17/10/2007 16:01 <REP> .
17/10/2007 16:01 <REP> ..
03/10/2007 10:34 <REP> Adobe
03/11/2003 13:11 <REP> Ahead
06/10/2003 13:38 <REP> AOL
06/10/2003 13:38 <REP> aolshare
05/10/2003 15:53 <REP> Designer
26/03/2006 11:30 <REP> GMT
21/01/2006 18:51 <REP> Hewlett-Packard
21/01/2006 18:54 <REP> HP
29/09/2007 11:39 <REP> InstallShield
04/10/2007 20:54 <REP> Java
28/04/2005 20:20 <REP> Microsoft Shared
01/09/2007 08:49 <REP> Motive
05/10/2003 12:25 <REP> MSSoap
05/10/2003 13:22 <REP> ODBC
06/10/2003 14:02 <REP> Real
05/10/2003 12:25 <REP> Services
05/10/2003 13:22 <REP> SpeechEngines
28/04/2005 20:20 <REP> System
17/10/2007 16:01 <REP> Wise Installation Wizard
06/10/2003 14:02 <REP> xing shared
0 fichier(s) 0 octets
22 Rép(s) 12 702 556 160 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 04E9-2E4A

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

28/04/2005 20:20 <REP> .
28/04/2005 20:20 <REP> ..
05/10/2003 15:53 <REP> 1033
05/10/2003 15:53 <REP> 1036
15/02/2001 05:45 1 318 912 MSONSEXT.DLL
13/02/2001 08:23 58 784 MSOSV.DLL
03/06/1999 14:09 122 937 MSOWS409.DLL
07/03/2001 09:00 127 033 MSOWS40c.DLL
06/08/2000 09:04 401 462 MSVCP60.DLL
22/01/2001 03:25 69 632 PKMAXCTL.DLL
22/01/2001 03:25 872 448 PKMCDO.DLL
22/01/2001 03:25 159 744 PKMCORE.DLL
07/02/2001 09:59 106 496 PKMFORMS.DLL
12/02/2001 04:03 684 032 PKMRES.DLL
22/01/2001 03:25 28 672 PKMSSTLB.DLL
22/01/2001 03:25 40 960 PKMTEMPL.DLL
22/01/2001 03:25 24 576 PKMTRACE.DLL
22/01/2001 03:25 86 016 PKMWS.DLL
22/01/2001 03:25 237 568 PROMDEMO.DLL
22/01/2001 03:25 184 320 SECMGR.DLL
22/01/2001 03:25 323 584 VAIDDMGR.DLL
22/01/2001 03:25 32 768 VAIMEM.DLL
18 fichier(s) 4 879 944 octets
4 Rép(s) 12 702 552 064 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 04E9-2E4A

Répertoire de C:\Program Files\common files

01/09/2007 08:49 <REP> .
01/09/2007 08:49 <REP> ..
06/09/2004 17:33 <REP> Microsoft Shared
01/09/2007 08:49 <REP> Motive
21/02/2005 20:34 <REP> System
06/10/2003 09:23 <REP> X10
0 fichier(s) 0 octets
6 Rép(s) 12 702 552 064 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 04E9-2E4A

Répertoire de C:\

24/05/2001 13:59 162 304 UNWISE.EXE
1 fichier(s) 162 304 octets
0 Rép(s) 12 702 552 064 octets libres

c:\Documents and Settings\LEO\Application Data\Microsoft\Installer\{FADB55D0-403F-4413-A268-CF0A6F1185C2}\soffice.exe
c:\Documents and Settings\LEO\Application Data\U3\temp\cleanup.exe
c:\Documents and Settings\LEO\Mes documents\Logiciels\avwinsfx.exe
c:\Documents and Settings\LEO\Mes documents\Logiciels\editadsl.exe
c:\Documents and Settings\LEO\Mes documents\Logiciels\eMule0.30e-Installer.exe
c:\Documents and Settings\LEO\Mes documents\Logiciels\eMule0.47a-Installer.exe
c:\Documents and Settings\LEO\Mes documents\Logiciels\FirefoxGoogleToolbarSetup.exe
c:\Documents and Settings\LEO\Mes documents\Logiciels\GoogleToolbarInstaller.exe
c:\Documents and Settings\LEO\Mes documents\Logiciels\klcodec220f.exe
c:\Documents and Settings\LEO\Mes documents\Logiciels\setup.exe
c:\Documents and Settings\LEO\Mes documents\Logiciels\SetupDl.exe
c:\Documents and Settings\LEO\Mes documents\Logiciels\stmchart.exe
c:\Documents and Settings\LEO\Mes documents\Logiciels\zlsSetup_51_025_000.exe
c:\Documents and Settings\LEO\Mes documents\Logiciels\zlsSetup_51_033_000.exe
c:\Documents and Settings\LEO\Mes documents\Logiciels\zlsSetup_55_109_000.exe
c:\Documents and Settings\LEO\Mes documents\Logiciels\zlsSetup_60_667_000.exe
c:\Documents and Settings\LEO\Mes documents\Logiciels\zlsSetup_61_744_001_fr.exe
c:\Documents and Settings\LEO\Mes documents\Logiciels\zp320std.exe
c:\Documents and Settings\Stef\Application Data\Simply Super Software\Trojan Remover\sfm14.exe
c:\Documents and Settings\Stef\Application Data\U3\temp\cleanup.exe
c:\Documents and Settings\Stef\Bureau\CFP_Setup_English_French_2.4.16.174.exe
c:\Documents and Settings\Stef\Bureau\ComboFix(2).exe
c:\Documents and Settings\Stef\Bureau\ComboFix.exe
c:\Documents and Settings\Stef\Bureau\HiJackThis.exe
c:\Documents and Settings\Stef\Bureau\HiJackThis_v2.exe
c:\Documents and Settings\Stef\Bureau\Navilog1.exe
c:\Documents and Settings\Stef\Bureau\SDFix.exe
c:\Documents and Settings\Stef\Bureau\SREngPS.EXE
c:\Documents and Settings\Stef\Bureau\ssftrialsnrsetup1_14232331.exe
c:\Documents and Settings\Stef\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Stef\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Stef\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Stef\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Stef\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Stef\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Stef\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Stef\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Stef\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Stef\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Stef\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Stef\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Stef\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Stef\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Stef\Mes documents\Logiciels\AdbeRdr810_fr_FR.exe
c:\Documents and Settings\Stef\Mes documents\Logiciels\BlubsterSetup.exe
c:\Documents and Settings\Stef\Mes documents\Logiciels\kav700123fr_1645.exe
c:\Documents and Settings\Stef\Mes documents\Logiciels\spybotsd15.exe
c:\Documents and Settings\Stef\Mes documents\Logiciels\trsetup.exe
c:\Documents and Settings\Stef\Mes documents\Logiciels\winamp535_full_emusic-7plus.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
c:\Documents and Settings\Stef\Application Data\Mozilla\Firefox\Profiles\jh37dfhq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\Stef\Application Data\Mozilla\Firefox\Profiles\jh37dfhq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

****** Fin du rapport DiagHelp

Réponse 27 / 38

FillPCA Messages postés 2264 Statut Contributeur sécurité 123

Re,

1/ * Télécharge OTMoveIt (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste List Of Files/Folders to be moved" :

C:\WINDOWS\Downloaded Program Files\SpamBlockerUtility.inf
C:\Program Files\sopwxxxs
C:\Program Files\SpamBlockerUtility_Icons
C:\Program Files\Blubster Toolbar
C:\WINDOWS\System32\tuhzusbi.exe

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

2/ Ouvre Hijackthis>"Do a scan only" et coche ceci :
O2 - BHO: Blubster Toolbar Helper - {09AA6C75-179E-42E0-82F7-302603339A82} - C:\Program Files\Blubster Toolbar\v3.2.0.0\Blubster_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [posdyuqq] C:\WINDOWS\System32\tuhzusbi.exe
O16 - DPF: {C396DE7B-E4C2-41E7-98EA-303A37124A6C} - http://alerts.instantalbert.com/install/albertrun.CAB

Clique sur fix/réparer.

3/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

Ouvre Ccleaner, clique sur "lancer le nettoyage".

4/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

5/ * Fais un scan en ligne en cliquant ici : https://www.bitdefender.com/toolbox/
* Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
* Réalise un scan complet du système.
* Sauvegarde le rapport en mode texte à l'issue du scan.

6/ Edite les rapports suivants :
OTMoveIt, AVGantispyware, Bit defender et Hijackthis.

Dis-moi si tu as encore des problèmes. Ensuite, on termine le nettoyage avec les dernières mesures. A demain soir sans doute.

FillPCA

Réponse 28 / 38

c3s4eva Messages postés 44 Statut Membre

1) Move it

C:\WINDOWS\Downloaded Program Files\SpamBlockerUtility.inf moved successfully.
C:\Program Files\sopwxxxs moved successfully.
C:\Program Files\SpamBlockerUtility_Icons moved successfully.
File/Folder C:\Program Files\Blubster Toolbar not found.
File/Folder C:\WINDOWS\System32\tuhzusbi.exe not found.

Created on 10/18/2007 22:21:28

Réponse 29 / 38

FillPCA Messages postés 2264 Statut Contributeur sécurité 123

OK. A demain en fin d'après-midi pour la suite car les scans dureront un moment.

FillPCA

Réponse 30 / 38

c3s4eva

AVG

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 23:26:01 18/10/2007

+ Résultat de l'analyse:

HKLM\SOFTWARE\Microsoft\UPnP Device Host\Description\{C9F92794-7C54-419B-834D-8BB4A0E071AF}\UDN Mappings\DummyUDN2\\ -> Adware.CoolWebSearch : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-16200881-200128891-4242867363-1015\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C9D4939E-1D21-4856-B31C-89202670BFBC}\RP2\A0001489.dll -> Adware.Hotbar : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\C\Program Files\SpamBlockerUtility\bin\4.7.1.0\SbHostOL.dll.vir -> Adware.Hotbar : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\SearchRelevancy -> Adware.SearchRelevancy : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\SearchRelevancy\Update -> Adware.SearchRelevancy : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\catchme2007-10-18_214953.10.zip/WinIK.sys -> Rootkit.Agent.q : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.235:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.247realmedia : Erreur lors du nettoyage.
:mozilla.236:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.247realmedia : Erreur lors du nettoyage.
:mozilla.93:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.94:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.156:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.285:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.2o7 : Erreur lors du nettoyage.
:mozilla.362:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.2o7 : Erreur lors du nettoyage.
:mozilla.495:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.2o7 : Erreur lors du nettoyage.
:mozilla.509:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.2o7 : Erreur lors du nettoyage.
:mozilla.542:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.2o7 : Erreur lors du nettoyage.
:mozilla.553:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.2o7 : Erreur lors du nettoyage.
:mozilla.95:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.2o7 : Erreur lors du nettoyage.
:mozilla.99:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.2o7 : Erreur lors du nettoyage.
C:\Documents and Settings\LEO\Cookies\leo@112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\LEO\Cookies\leo@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\LEO\Cookies\leo@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\LEO\Cookies\leo@powellsbooks.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\LEO\Cookies\leo@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\LEO\Cookies\leo@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.260:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Adbrite : Erreur lors du nettoyage.
:mozilla.261:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Adbrite : Erreur lors du nettoyage.
:mozilla.262:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Adbrite : Erreur lors du nettoyage.
C:\Documents and Settings\LEO\Cookies\leo@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
:mozilla.119:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.121:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.122:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.124:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.125:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.213:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Adtech : Erreur lors du nettoyage.
:mozilla.214:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Adtech : Erreur lors du nettoyage.
:mozilla.142:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.143:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.144:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.145:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.146:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.109:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.108:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.186:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Atdmt : Erreur lors du nettoyage.
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\0000000e.bak -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\LEO\Cookies\leo@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.33:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.166:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Comclick : Erreur lors du nettoyage.
:mozilla.167:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Comclick : Erreur lors du nettoyage.
:mozilla.168:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Comclick : Erreur lors du nettoyage.
:mozilla.8:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\LEO\Cookies\leo@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.25:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Estat : Erreur lors du nettoyage.
:mozilla.6:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000022.bak -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\LEO\Cookies\leo@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.67:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Euroclick : Erreur lors du nettoyage.
:mozilla.68:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Euroclick : Erreur lors du nettoyage.
:mozilla.69:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Euroclick : Erreur lors du nettoyage.
:mozilla.70:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Euroclick : Erreur lors du nettoyage.
:mozilla.71:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Euroclick : Erreur lors du nettoyage.
:mozilla.72:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Euroclick : Erreur lors du nettoyage.
C:\Documents and Settings\LEO\Cookies\leo@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\LEO\Cookies\leo@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.91:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.92:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\LEO\Cookies\leo@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\LEO\Cookies\leo@c.goclick[2].txt -> TrackingCookie.Goclick : Nettoyé.
:mozilla.52:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.734:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Googleadservices : Erreur lors du nettoyage.
:mozilla.735:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Googleadservices : Erreur lors du nettoyage.
:mozilla.736:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Googleadservices : Erreur lors du nettoyage.
:mozilla.737:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Googleadservices : Erreur lors du nettoyage.
:mozilla.738:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Googleadservices : Erreur lors du nettoyage.
:mozilla.739:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Googleadservices : Erreur lors du nettoyage.
:mozilla.740:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Googleadservices : Erreur lors du nettoyage.
:mozilla.741:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Googleadservices : Erreur lors du nettoyage.
:mozilla.742:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Googleadservices : Erreur lors du nettoyage.
:mozilla.743:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Googleadservices : Erreur lors du nettoyage.
C:\Documents and Settings\LEO\Cookies\leo@ehg-housevaluesinc.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.420:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Imrworldwide : Erreur lors du nettoyage.
:mozilla.421:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Imrworldwide : Erreur lors du nettoyage.
C:\Documents and Settings\LEO\Cookies\leo@searchportal.information[1].txt -> TrackingCookie.Information : Nettoyé.
:mozilla.58:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\LEO\Cookies\leo@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\LEO\Cookies\leo@search.msn[1].txt -> TrackingCookie.Msn : Nettoyé.
:mozilla.8:C:\Documents and Settings\Stef\Application Data\Mozilla\Firefox\Profiles\jh37dfhq.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.499:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Overture : Erreur lors du nettoyage.
C:\Documents and Settings\LEO\Cookies\leo@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.116:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Paypal : Nettoyé.
:mozilla.789:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Paypal : Erreur lors du nettoyage.
:mozilla.239:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Planetactive : Erreur lors du nettoyage.
C:\Documents and Settings\LEO\Cookies\leo@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.531:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Questionmarket : Erreur lors du nettoyage.
:mozilla.532:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Questionmarket : Erreur lors du nettoyage.
C:\Documents and Settings\LEO\Cookies\leo@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.61:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Serving-sys : Erreur lors du nettoyage.
:mozilla.62:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Serving-sys : Erreur lors du nettoyage.
:mozilla.63:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Serving-sys : Erreur lors du nettoyage.
:mozilla.64:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Serving-sys : Erreur lors du nettoyage.
:mozilla.65:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Serving-sys : Erreur lors du nettoyage.
:mozilla.66:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Serving-sys : Erreur lors du nettoyage.
:mozilla.82:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.83:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.84:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.85:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.86:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.87:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\0000001e.bak -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000024.bak -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.659:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Sitestat : Erreur lors du nettoyage.
:mozilla.660:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Sitestat : Erreur lors du nettoyage.
:mozilla.10:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.11:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.12:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.21:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Smartadserver : Erreur lors du nettoyage.
:mozilla.22:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Smartadserver : Erreur lors du nettoyage.
:mozilla.23:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Smartadserver : Erreur lors du nettoyage.
:mozilla.24:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Smartadserver : Erreur lors du nettoyage.
:mozilla.9:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000006.bak -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\LEO\Cookies\leo@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\LEO\Cookies\leo@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.566:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Tacoda : Erreur lors du nettoyage.
:mozilla.567:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Tacoda : Erreur lors du nettoyage.
:mozilla.568:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Tacoda : Erreur lors du nettoyage.
:mozilla.65:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.66:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.6:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Tribalfusion : Erreur lors du nettoyage.
C:\Documents and Settings\LEO\Cookies\leo@webstat[1].txt -> TrackingCookie.Web-stat : Nettoyé.
:mozilla.20:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.21:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.22:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.73:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Weborama : Erreur lors du nettoyage.
:mozilla.74:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Weborama : Erreur lors du nettoyage.
:mozilla.75:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Weborama : Erreur lors du nettoyage.
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000018.bak -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\LEO\Cookies\leo@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\LEO\Cookies\leo@wreport.weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000017.bak -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\LEO\Cookies\leo@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.621:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Yadro : Erreur lors du nettoyage.
:mozilla.54:C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\zgrjezz8.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.638:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Yieldmanager : Erreur lors du nettoyage.
:mozilla.639:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Yieldmanager : Erreur lors du nettoyage.
:mozilla.640:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Yieldmanager : Erreur lors du nettoyage.
:mozilla.641:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Yieldmanager : Erreur lors du nettoyage.
:mozilla.642:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\c60.6365D34A01C811C5.history\00000223.bak -> TrackingCookie.Yieldmanager : Erreur lors du nettoyage.
C:\Documents and Settings\LEO\Cookies\leo@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.

Fin du rapport

A demain

Réponse 31 / 38

FillPCA Messages postés 2264 Statut Contributeur sécurité 123

Bonsoir,

OK pour le rapport AVG AS.
Je ne serai pas là ce soir donc je regarderai ton rapport tard en soirée ou demain.

FillPCA

Réponse 32 / 38

c3s4eva Messages postés 44 Statut Membre

Bonsoir FillPCA,

J'ai fait toutes les étapes comme tu peux le voir mais problème pour Bit defender.
J'ai lancé 2 fois le scan et 2 fois il s'est bloqué sur C:\\Windows\inf
Du coup, pas de rapport pour Bit defender !
Est-ce que c'est gênant ? Par contre, j'ai l'impression qu'il a eu le temps de supprimer plusieurs fichiers infectés étant donné que le blocage est apparu à 10 minutes de la fin du scan...

Réponse 33 / 38

c3s4eva Messages postés 44 Statut Membre

BitDefender Online Scanner

Scan report generated at: Fri, Oct 19, 2007 - 21:32:37

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;I:\;J:\;K:\;L:\;

Statistics

Time

01:16:45

Files

299882

Folders

5976

Boot Sectors

4

Archives

6818

Packed Files

11518

Results

Identified Viruses

0

Infected Files

0

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

0

Engines Info

Virus Definitions

840732

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins

14

Archive plugins

38

Unpack plugins

7

E-mail plugins

6

System plugins

1

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

No virus found.

Réponse 34 / 38

c3s4eva Messages postés 44 Statut Membre

La troisième tentative a été la bonne...

Réponse 35 / 38

FillPCA Messages postés 2264 Statut Contributeur sécurité 123

Bonsoir,

1/ * Lance OTmoveIT.
* Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargés).

NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder à internet, Autorise le.

* Une liste apparaît dans la partie gauche d'OTmoveIT.
* Un message apparaît pour confirmer le nettoyage. Confirme.
* Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi.

2/ Tu dois désactiver puis réactiver la restauration système. Pour cela, fais un clic droit sur « poste de travail ». Dans l’onglet « restauration du système », coche la case « désactiver la restauration système ». Clique sur appliquer>OK.
Décoche cette case, clique sur appliquer>OK et redémarre le PC.

As-tu toujours des soucis ?

FillPCA

Réponse 36 / 38

c3s4eva Messages postés 44 Statut Membre

Bonjour FillPCA,
Je tenais vraiment à te remercier pour tes précieux conseils et le temps que tu m'as consacré puisque, à priori, il n'y a plus aucun virus. Pourtant c'était mal barré. A ce sujet, j'en profite pour te poser quelques questions... et ainsi éviter de me retrouver dans la même situation :

- Pour avoir une protection efficace, quels logiciels choisir : Comodo pour lefirewall ? Kaspersky pour l'anti-virus ? et pour le reste ?

- D'ailleurs, parmi les logiciels que j'ai téléchargé (diaghelp, OTmoveIT, hijackthis, combofix...etc), est-ce que je dois en garder certains ?

- Y a-t-il un risque d'attraper des virus lorsque je regarde des vidéos en streaming ?

Encore merci !

Réponse 37 / 38

FillPCA Messages postés 2264 Statut Contributeur sécurité 123

Re,

Tu gardes Comodo, Kaspersky, AVG antispyware et Ccleaner.
Les autres doivent être supprimés car ce sont des fixes consacrés à des infections précises.

Plus généralemement, tu trouveras des infos ici : http://perso.orange.fr/Le-site-de-Fill/S%E9curit%E9/Logiciels%20de%20protection.html

Evite le p2p et les cracks.
Pas de risque pour les vidéos en streaming.

Tu peux marquer ton sujet comme "résolu".

Content d'avoir pu t'aider.

FillPCA

Réponse 38 / 38

c3s4eva Messages postés 44 Statut Membre

Encore merci

Mon ordi est infecté par Rootkit.Win32.Agent.

38 réponses

Votre réponse

Discussions similaires

Newsletters