Win32 bho kd trj

Résolu
Mab24 Messages postés 15 Statut Membre -  
 Auudrey -
Bonjour,

Bonne année à tous.

Je suis également infecté par un trojan détecté par avast : win32bho kd trj

Avast ne peut ni le mettre en quarantaine, ni le supprimer.

Que faire ?

Merci par avance.
Configuration: Windows XP
Firefox 2.0.0.11

34 réponses

  • 1
  • 2
  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    commence par ceci

    Télécharge sur le bureau
    ftp://ftp.commentcamarche.com/download/HJTInstall.exe

    => Double-clic dessus
    => installe
    => Clic Do a system scan and save the log
    => coller le rapport
    si problème voir l'aide
    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
    @+
    0
    1. sofi
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:11:38, on 21/02/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\airsvcu.exe
      C:\Program Files\Fichiers communs\NMSAccessU.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\VM_STI.EXE
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\TomTom HOME 2\HOMERunner.exe
      C:\Program Files\Fichiers communs\SansenDommagement\strpmon.exe
      C:\Program Files\Fichiers communs\Nettordinateur\stm.exe
      C:\Program Files\Fichiers communs\TrojansFiltre\bm.exe
      C:\Program Files\Fichiers communs\NettoyeurDePC\stm.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\PROGRA~1\INCRED~1\bin\IMApp.exe
      C:\PROGRA~1\INCRED~1\bin\ImNotfy.exe
      C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
      O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {90389E6E-C44D-4FF0-A216-C612C185BF1B} - C:\WINDOWS\system32\d3dxo.dll
      O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsl44B.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
      O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
      O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\SansenDommagement\strpmon.exe" dm=http://sansendommagement.com; ad=http://sansendommagement.com
      O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
      O4 - HKLM\..\Run: [Salestart(2)] "C:\Program Files\Fichiers communs\Nettordinateur\stm.exe" dm=http://nettordinateur.com ad=http://nettordinateur.com sd=http://paylogs.nettordinateur.com
      O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\TrojansFiltre\bm.exe" dm=http://trojansfiltre.com ad=http://trojansfiltre.com sd=http://gregistre.trojansfiltre.com
      O4 - HKLM\..\Run: [ptask] C:\Program Files\TrojansFiltre\ptask.exe
      O4 - HKLM\..\Run: [Salestart(3)] "C:\Program Files\Fichiers communs\NettoyeurDePC\stm.exe" dm=http://nettoyeurdepc.com ad=http://nettoyeurdepc.com sd=http://paylogs.nettoyeurdepc.com
      O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Présentation de Media Manager.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\SPLASHA.EXE
      O4 - Startup: WKCALREM.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
      O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
      O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://www.msnjeux.com/online2/MSN_INTL_FRANCE/panda_craze/pandaonline.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://www.photobox.fr/?channel=1005
      O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/realarcade-webgames/insaniquarium/popcaploader.cab
      O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/insaniquarium/Oberongamesloader.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
      0
  2. Mab24 Messages postés 15 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:33:23, on 02/01/2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Winamp3\winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\WINDOWS\System32\sstray.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\WinPortrait\wpctrl.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\BeClean\bca.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\WinPortrait\floater.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\PowerArchiver\POWERARC.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.fr.netscape.com/fr/home/winsearch.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.fr.netscape.com/fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.fr.netscape.com/fr/home/winsearch.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.fr.netscape.com/fr/home/winsearch.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.fr.netscape.com/fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.fr.netscape.com/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    N1 - Netscape 4: user_pref("browser.startup.homepage", ""); (C:\Program Files\Netscape\Users\jluc\prefs.js)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {49C1BF4E-99D8-4B5F-B58D-C4B3E48B9C69} - c:\windows\system32\ekfpixguide.dll
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
    O2 - BHO: (no name) - {A58292AC-4B5C-4808-AC1D-72B6ED98ECB0} - C:\WINDOWS\System32\avwavh.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [BeClean Start-Up Clean] C:\Program Files\BeClean\BeClean.exe /s
    O4 - HKLM\..\Run: [BeClean Agent] C:\Program Files\BeClean\bca.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2328ee0e86968d964622/netzip/RdxIE601_fr.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O20 - Winlogon Notify: dmcepizw - C:\WINDOWS\SYSTEM32\ekfpixguide.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/dubos/LOCALS~1/Temp/msohtml1/01/clip_image003.gif
    0
  3. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Télécharge sur le Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    => Double-clic VundoFix.exe.
    => Clic OK
    => Attendre le redemarrage de Vundofix
    => Clic Scan for Vundo
    => Le scan est assez long , à la fin
    => Clic Remove Vundo
    => Puis yes
    => Le Bureau disparaît un moment lors de la suppression des fichiers.
    => Message shutdown
    => clic OK
    => Redémarrage auto
    => copier le rapport qui est dans C:vundofix.txt

    -------------
    ensuite
    Télécharge sur le bureau
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    => Double clic sur VirtumundoBeGone.exe
    => Clic Continue ==> clic Start
    => Clic Oui
    => A la fin si Vundo est présent , le PC s’éteint et redémarre
    => Si Ecran bleu et message : Erreur fatale .. pas de problème
    => Poster le rapport VBG.TXT qui est sur le bureau

    ensuite une fois ceci fait refais un rapport hijack
    @+
    0
  4. Mab24 Messages postés 15 Statut Membre
     
    [01/03/2008, 1:03:48] - VirtumundoBeGone v1.5 ( "F:\Downloads\applications\VirtumundoBeGone.exe" )
    [01/03/2008, 1:03:54] - Detected System Information:
    [01/03/2008, 1:03:54] - Windows Version: 5.1.2600, Service Pack 1
    [01/03/2008, 1:03:54] - Current Username: xxxxx (Admin)
    [01/03/2008, 1:03:54] - Windows is in NORMAL mode.
    [01/03/2008, 1:03:54] - Searching for Browser Helper Objects:
    [01/03/2008, 1:03:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [01/03/2008, 1:03:54] - BHO 2: {49C1BF4E-99D8-4B5F-B58D-C4B3E48B9C69} ()
    [01/03/2008, 1:03:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/03/2008, 1:03:54] - Checking for HKLM\...\Winlogon\Notify\ekfpixguide
    [01/03/2008, 1:03:54] - Key not found: HKLM\...\Winlogon\Notify\ekfpixguide, continuing.
    [01/03/2008, 1:03:54] - BHO 3: {A5366673-E8CA-11D3-9CD9-0090271D075B} ()
    [01/03/2008, 1:03:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/03/2008, 1:03:54] - No filename found. Continuing.
    [01/03/2008, 1:03:54] - BHO 4: {A58292AC-4B5C-4808-AC1D-72B6ED98ECB0} ()
    [01/03/2008, 1:03:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/03/2008, 1:03:54] - Checking for HKLM\...\Winlogon\Notify\avwavh
    [01/03/2008, 1:03:54] - Key not found: HKLM\...\Winlogon\Notify\avwavh, continuing.
    [01/03/2008, 1:03:54] - Finished Searching Browser Helper Objects
    [01/03/2008, 1:03:54] - Finishing up...
    [01/03/2008, 1:03:55] - Nothing found! Exiting...
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Mab24 Messages postés 15 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:06:39, on 03/01/2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Winamp3\winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\WINDOWS\System32\sstray.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\WinPortrait\wpctrl.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\BeClean\bca.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\WinPortrait\floater.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.fr.netscape.com/fr/home/winsearch.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.fr.netscape.com/fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.fr.netscape.com/fr/home/winsearch.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.fr.netscape.com/fr/home/winsearch.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.fr.netscape.com/fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.fr.netscape.com/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    N1 - Netscape 4: user_pref("browser.startup.homepage", ""); (C:\Program Files\Netscape\Users\jluc\prefs.js)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {49C1BF4E-99D8-4B5F-B58D-C4B3E48B9C69} - c:\windows\system32\ekfpixguide.dll
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
    O2 - BHO: (no name) - {A58292AC-4B5C-4808-AC1D-72B6ED98ECB0} - C:\WINDOWS\System32\avwavh.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [BeClean Start-Up Clean] C:\Program Files\BeClean\BeClean.exe /s
    O4 - HKLM\..\Run: [BeClean Agent] C:\Program Files\BeClean\bca.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2328ee0e86968d964622/netzip/RdxIE601_fr.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O20 - Winlogon Notify: dmcepizw - C:\WINDOWS\SYSTEM32\ekfpixguide.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/dubos/LOCALS~1/Temp/msohtml1/01/clip_image003.gif
    0
  7. Mab24 Messages postés 15 Statut Membre
     
    Bonjour,

    Avast me détecte toujours le même trojan.

    Ai je fait une mauvaise manip ?
    0
  8. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    Ai je fait une mauvaise manip ?

    non mais la bête résiste ;-)

    Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix,
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    @+
    0
  9. agnes07
     
    j ai le meme probleme apres avoir installe zonne alarm spyware teminator avoir installe adware spybot unlocker le trojan est toujours j ai esaye sous dos de detruire le fichier de faire une copie de fichier avec le meme nom rien a faire
    que peut on faire pour le detruire
    merci
    0
  10. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Salut il faut créer ton propre sujet
    http://perso.orange.fr/rginformatique/section%20virus/demofairesontmessage.htm
    merci
    @+
    0
  11. Mab24 Messages postés 15 Statut Membre
     
    Voici le rapport.
    Je crains que le résultat ne soit guère concluant.

    Je précise que j'ai effectué les premières manip

    ComboFix 08-01-04.1 - dubos 2008-01-04 23:05:42.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.1649 [GMT 1:00]
    Running from: C:\Documents and Settings\xxxxx\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\symavc32.sys
    C:\WINDOWS\system32\drivers\XPOF43.sys
    C:\WINDOWS\system32\winsys.exe
    C:\WINDOWS\system32\ekfpixguide.dll . . . . Echec de suppression

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_XPOF43

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-04 23:10 . 2008-01-04 23:10 456 --a------ C:\WINDOWS\system32\miniPortInfo.dat
    2008-01-03 22:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-03 00:50 . 2008-01-03 00:50 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
    2008-01-03 00:27 . 2008-01-03 00:50 <REP> d-------- C:\VundoFix Backups
    2008-01-02 20:32 . 2008-01-02 20:32 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-02 18:44 . 2008-01-02 18:44 <REP> d-------- C:\part2
    2008-01-01 20:46 . 2001-08-10 07:00 1,262,956 --------- C:\WINDOWS\system32\XMNT2001.EXE
    2007-12-25 19:09 . 2007-12-25 19:09 <REP> d-------- C:\Documents and Settings\dubos\Application Data\Lavasoft
    2007-12-25 14:59 . 2007-12-25 16:13 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-12-24 02:02 . 2007-12-24 02:02 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
    2007-12-24 02:02 . 2007-12-24 02:02 741,632 --a------ C:\WINDOWS\system32\wpxekrqr.dat
    2007-12-24 02:02 . 2007-12-24 02:02 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
    2007-12-24 02:02 . 2007-12-24 02:02 42,240 --a------ C:\WINDOWS\system32\pnwbfdhn.dat
    2007-12-24 02:02 . 2007-12-24 02:02 36,096 --a------ C:\WINDOWS\system32\msdrgcyo.dat
    2007-12-24 02:02 . 2007-12-24 02:02 35,072 --a------ C:\WINDOWS\system32\gvziiuby.dat
    2007-12-23 21:35 . 2007-12-23 21:35 <REP> d-------- C:\Language-pack 2
    2007-12-23 12:47 . 2007-12-25 19:09 <REP> d-------- C:\Program Files\Lavasoft
    2007-12-23 01:57 . 2007-12-26 02:21 120,576 --a------ C:\WINDOWS\system32\vdvmzugh.dat
    2007-12-23 01:50 . 2007-12-24 02:02 84,992 --a------ C:\WINDOWS\system32\ekfpixguide.dll
    2007-12-23 01:50 . 1999-05-07 20:38 84,480 --a------ C:\WINDOWS\system32\ekfpixguide.dll.bak
    2007-12-23 01:50 . 19,584 C:\WINDOWS\system32\drivers\lwzosdpg.dat
    2007-12-23 01:50 . 2007-12-23 01:50 29 --a------ C:\WINDOWS\system32\rfqwpias.tmp
    2007-12-23 01:49 . 2001-08-28 13:00 84,992 --a------ C:\WINDOWS\system32\avwavh.dll
    2007-12-20 23:54 . 2007-12-23 21:20 22 --a------ C:\Spanned001.zip
    2007-12-20 11:44 . 2007-12-23 01:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-12-20 11:44 . 2007-12-20 11:44 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-12-19 22:54 . 2008-01-03 03:16 <REP> d-------- C:\Mes Sites Web
    2007-12-19 22:51 . 2007-12-19 22:51 <REP> d-------- C:\Program Files\WinHTTrack
    2007-12-18 22:43 . 2007-12-18 22:43 <REP> d-------- C:\Program Files\Google
    2007-12-18 22:43 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-12-18 22:43 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-12-16 18:37 . 2007-12-16 20:50 <REP> d-------- C:\Documents and Settings\dubos\Application Data\gtk-2.0
    2007-12-16 15:38 . 2007-12-16 15:38 <REP> d-------- C:\Documents and Settings\dubos\Application Data\Inkscape
    2007-12-16 15:37 . 2007-12-16 15:37 <REP> d-------- C:\Program Files\Inkscape
    2007-12-09 21:52 . 2007-12-09 21:52 <REP> d-------- C:\Program Files\LightWork Design
    2007-12-09 21:10 . 2007-12-09 21:10 <REP> d-------- C:\Program Files\Epson
    2007-12-09 20:38 . 2007-12-09 22:30 <REP> d-------- C:\Program Files\Adobe Type Manager
    2007-12-09 20:36 . 2007-12-09 22:30 <REP> d-------- C:\Program Files\PhotoDeluxe HE 3(2).1
    2007-12-09 19:26 . 2007-12-09 22:32 <REP> d-------- C:\Program Files\Microsoft Picture It!(2)
    2007-12-09 19:11 . 2007-12-09 22:32 <REP> d-------- C:\Program Files\Picture Page
    2007-12-09 13:42 . 2007-12-09 14:47 5,210 --a------ C:\logfile
    2007-12-09 12:50 . 2007-12-09 12:56 <REP> d-------- C:\Program Files\Kodak(2)
    2007-12-09 11:31 . 2007-12-09 11:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
    2007-12-09 02:56 . 2007-12-09 22:32 <REP> d-------- C:\Program Files\PACard
    2007-12-09 02:52 . 2007-12-09 22:32 <REP> d-------- C:\pmw
    2007-12-09 02:50 . 2007-12-09 02:50 <REP> d-------- C:\SIERRA
    2007-12-09 02:44 . 2007-12-09 22:32 <REP> d-------- C:\WINDOWS\COREL
    2007-12-09 02:44 . 2007-12-09 22:32 <REP> d-------- C:\Program Files\Corel(2)
    2007-12-08 22:02 . 2007-12-09 02:35 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\PhotoParade
    2007-12-08 20:58 . 2007-12-09 22:32 <REP> d-------- C:\Program Files\Scribus 1.3.4
    2007-12-08 20:58 . 2007-12-09 22:32 <REP> d-------- C:\Documents and Settings\dubos\Application Data\Scribus
    2007-12-08 13:16 . 2007-12-09 22:32 <REP> d-------- C:\Program Files\gs
    2007-12-07 22:33 . 2007-12-18 22:45 <REP> d-------- C:\Program Files\Picasa2
    2007-12-06 23:22 . 2008-01-02 18:59 <REP> d-------- C:\Program Files\PhotoFiltre

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-04 22:11 --------- d-----w C:\Program Files\BeClean
    2008-01-03 02:06 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-01-02 11:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-02 11:52 --------- d-----w C:\Program Files\PowerQuest
    2008-01-02 11:19 --------- d-----w C:\Program Files\eMule
    2007-12-09 21:33 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-12-09 21:29 --------- d-----w C:\Program Files\Fichiers communs\FotoNation
    2007-12-06 21:47 --------- d-----w C:\Documents and Settings\dubos\Application Data\ZoomBrowser EX
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-12-01 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
    2007-11-25 21:33 --------- d-----w C:\Documents and Settings\dubos\Application Data\Canon
    2007-11-25 21:15 --------- d-----w C:\Program Files\Canon
    2007-11-25 21:01 --------- d-----w C:\Program Files\Fichiers communs\Canon
    2007-11-18 20:06 --------- d-----w C:\Program Files\Anuman Interactive
    2007-11-18 13:56 --------- d-----w C:\Program Files\Common Files
    2007-11-18 12:35 540 ---ha-w C:\os062307.bin
    2007-11-18 12:27 --------- d-----w C:\Program Files\IMSI
    2007-11-18 12:25 --------- d-----w C:\Program Files\FloorPlan 3D v7 Setup
    2007-11-18 11:21 --------- d-----w C:\Program Files\D-Tools
    2007-11-17 23:53 --------- d-----w C:\Program Files\QuickTime
    2007-11-17 23:53 --------- d-----w C:\Program Files\Apple Software Update
    2007-11-17 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-11-17 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-11-17 22:30 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
    2007-11-17 22:14 60,968 ----a-w C:\WINDOWS\system32\wpfb_nv4_disp.dll
    2007-11-17 22:14 16,384 ----a-w C:\WINDOWS\system32\WINKRNME.DLL
    2007-11-17 22:14 --------- d-----w C:\Program Files\WinPortrait
    2007-11-17 21:48 --------- d-----w C:\Program Files\Mozilla Firefox(2)
    2007-11-17 21:25 --------- d-----w C:\Program Files\Micro Application
    2007-11-16 21:53 --------- d-----w C:\Program Files\Western Digital
    2007-11-16 21:34 --------- d-----w C:\Documents and Settings\dubos\Application Data\Leadertech
    2007-11-14 23:29 --------- d-----w C:\Program Files\Setup Files
    2007-11-14 23:01 --------- d-----w C:\Program Files\MSI
    2007-11-14 18:35 --------- d-----w C:\Documents and Settings\dubos\Application Data\Qualcomm
    2007-11-14 18:31 --------- d-----w C:\Program Files\Qualcomm
    2007-11-14 18:30 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-11-14 17:05 --------- d-----w C:\Documents and Settings\dubos\Application Data\Thunderbird
    2007-11-14 12:22 --------- d-----w C:\Program Files\Symantec
    2007-11-14 12:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-11-14 09:55 --------- d-----w C:\Program Files\Alwil Software
    2003-12-21 09:04 809 ------w C:\Program Files\INSTALL.LOG
    2002-03-31 10:36 2,749 -c----w C:\Program Files\readme.txt
    2000-04-24 20:15 3,500 -c----w C:\Program Files\cOuGaR-zOnE.nfo
    1999-08-18 14:36 135,168 ------w C:\WINDOWS\inf\AGFA\message.exe
    1999-08-16 20:05 14,336 ------w C:\Program Files\mod.dll
    1995-09-20 15:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49C1BF4E-99D8-4B5F-B58D-C4B3E48B9C69}]
    2007-12-24 02:02 84992 --a------ c:\windows\system32\ekfpixguide.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A58292AC-4B5C-4808-AC1D-72B6ED98ECB0}]
    2001-08-28 13:00 84992 --a------ C:\WINDOWS\System32\avwavh.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 10:45 13312]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 15:08 1511453]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Ptipbmf"="ptipbmf.dll" [2003-06-05 14:49 118784 C:\WINDOWS\system32\ptipbmf.dll]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-06-29 00:43 8466432]
    "nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
    "WinampAgent"="C:\Program Files\Winamp3\winampa.exe" [2003-12-21 10:06 12288]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "CloneCDTray"="C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 15:17 73728]
    "CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 07:33 45056]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02 919280]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2007-01-17 17:01 496640]
    "nForce Tray Options"="sstray.exe" [2003-10-24 13:13 73728 C:\WINDOWS\system32\sstray.exe]
    "WinSys2"="C:\WINDOWS\System32\winsys2.exe" [2006-04-29 11:36 208896]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-06-29 00:43 81920]
    "PivotSoftware"="C:\Program Files\WinPortrait\wpctrl.exe" [2003-07-02 23:57 692008]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
    "BeClean Start-Up Clean"="C:\Program Files\BeClean\BeClean.exe" [2003-12-01 07:00 249856]
    "BeClean Agent"="C:\Program Files\BeClean\bca.exe" [2003-12-01 07:00 36864]
    "combofix"="C:\WINDOWS\system32\cmd.exe" [2001-08-28 13:00 388096]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 10:45 13312]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dmcepizw]
    ekfpixguide.dll 2007-12-24 02:02 84992 C:\WINDOWS\system32\ekfpixguide.dll

    R0 axwhisky;axwhisky;C:\WINDOWS\System32\DRIVERS\axwhisky.sys [2003-07-02 17:41]
    R0 axwskbus;axwskbus;C:\WINDOWS\System32\DRIVERS\axwskbus.sys [2003-07-02 16:49]
    R0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys [2002-11-28 11:43]
    R0 taoebowt;taoebowt;C:\WINDOWS\System32\drivers\lwzosdpg.dat []
    R1 pivot;pivot;C:\WINDOWS\System32\drivers\pivot.sys [2003-07-02 23:56]
    R3 fhlppppoe;PPPOE/ADSL miniport;C:\WINDOWS\System32\DRIVERS\fhlpppoe.sys [2002-11-21 18:35]
    R3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINDOWS\system32\drivers\pivotmou.sys [2003-07-02 23:56]
    S2 wxpwwvql;AGP Bus g201a Controller;C:\WINDOWS\System32\svchost.exe [2001-08-28 13:00]
    S3 Ip6FwHlp;Pare-feu de connexion Internet IPv6;C:\WINDOWS\System32\svchost.exe [2001-08-28 13:00]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 01:48]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 01:32]
    S4 WEBNTACCESS;WEBNTACCESS;C:\WINDOWS\System32\NTACCESS.SYS [2006-05-18 13:14]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    wxpwwvql

    *Newly Created Service* - WEBNTACCESS
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-12-28 07:16:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-11-14 22:23:52 C:\WINDOWS\Tasks\Gestionnaire d'utilitaires.job"
    - C:\WINDOWS\system32\utilman.exe./start
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-04 23:11:28
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\System32\NavLogon.dll
    .
    Completion time: 2008-01-04 23:13:42 - machine was rebooted [dubos]
    ComboFix-quarantined-files.txt 2008-01-04 22:13:38
    0
  12. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    selectionne ceci

    registry::

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49C1BF4E-99D8-4B5F-B58D-C4B3E48B9C69}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A58292AC-4B5C-4808-AC1D-72B6ED98ECB0}]

    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dmcepizw]

    File::

    C:\WINDOWS\system32\wpxekrqr.dat
    C:\WINDOWS\system32\libeay32.dll
    C:\WINDOWS\system32\libssl32.dll
    C:\WINDOWS\system32\pnwbfdhn.dat
    C:\WINDOWS\system32\msdrgcyo.dat
    C:\WINDOWS\system32\gvziiuby.dat
    C:\WINDOWS\system32\vdvmzugh.dat
    C:\WINDOWS\system32\ekfpixguide.dll
    C:\WINDOWS\system32\ekfpixguide.dll.bak
    C:\WINDOWS\system32\drivers\lwzosdpg.dat
    C:\WINDOWS\system32\rfqwpias.tmp
    C:\WINDOWS\system32\avwavh.dll


    => Copie le texte sélectionné (CTRL+C).
    => Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    => Colle le texte copié dans ce bloc-notes (CTRL+V).
    => Sauvegarde ce fichier sous le nom de CFScript.txt
    => Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
    => Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    => Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    => Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
    => Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    @+
    0
  13. Mab24 Messages postés 15 Statut Membre
     
    Voici le rapport.

    Les fichiers système supprimés doivent ils être réintroduits ? De quelle façon ?

    Merci encore.

    ComboFix 08-01-04.1 - xxxxx 2008-01-05 1:26:22.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.1591 [GMT 1:00]
    Running from: C:\Documents and Settings\xxxxx\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\dubos\Bureau\CFScript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\system32\avwavh.dll
    C:\WINDOWS\system32\drivers\lwzosdpg.dat
    C:\WINDOWS\system32\ekfpixguide.dll
    C:\WINDOWS\system32\ekfpixguide.dll.bak
    C:\WINDOWS\system32\gvziiuby.dat
    C:\WINDOWS\system32\libeay32.dll
    C:\WINDOWS\system32\libssl32.dll
    C:\WINDOWS\system32\msdrgcyo.dat
    C:\WINDOWS\system32\pnwbfdhn.dat
    C:\WINDOWS\system32\rfqwpias.tmp
    C:\WINDOWS\system32\vdvmzugh.dat
    C:\WINDOWS\system32\wpxekrqr.dat
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\avwavh.dll
    C:\WINDOWS\system32\drivers\lwzosdpg.dat
    C:\WINDOWS\system32\ekfpixguide.dll
    C:\WINDOWS\system32\ekfpixguide.dll.bak
    C:\WINDOWS\system32\gvziiuby.dat
    C:\WINDOWS\system32\libeay32.dll
    C:\WINDOWS\system32\libssl32.dll
    C:\WINDOWS\system32\msdrgcyo.dat
    C:\WINDOWS\system32\pnwbfdhn.dat
    C:\WINDOWS\system32\rfqwpias.tmp
    C:\WINDOWS\system32\vdvmzugh.dat
    C:\WINDOWS\system32\wpxekrqr.dat

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-05 01:29 . 2008-01-05 01:29 456 --a------ C:\WINDOWS\system32\miniPortInfo.dat
    2008-01-03 22:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-03 00:50 . 2008-01-03 00:50 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
    2008-01-03 00:27 . 2008-01-03 00:50 <REP> d-------- C:\VundoFix Backups
    2008-01-02 20:32 . 2008-01-02 20:32 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-02 18:44 . 2008-01-02 18:44 <REP> d-------- C:\part2
    2008-01-01 20:46 . 2001-08-10 07:00 1,262,956 --------- C:\WINDOWS\system32\XMNT2001.EXE
    2007-12-25 19:09 . 2007-12-25 19:09 <REP> d-------- C:\Documents and Settings\dubos\Application Data\Lavasoft
    2007-12-25 14:59 . 2007-12-25 16:13 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-12-23 21:35 . 2007-12-23 21:35 <REP> d-------- C:\Language-pack 2
    2007-12-23 12:47 . 2007-12-25 19:09 <REP> d-------- C:\Program Files\Lavasoft
    2007-12-20 23:54 . 2007-12-23 21:20 22 --a------ C:\Spanned001.zip
    2007-12-20 11:44 . 2007-12-23 01:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-12-20 11:44 . 2007-12-20 11:44 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-12-19 22:54 . 2008-01-03 03:16 <REP> d-------- C:\Mes Sites Web
    2007-12-19 22:51 . 2007-12-19 22:51 <REP> d-------- C:\Program Files\WinHTTrack
    2007-12-18 22:43 . 2007-12-18 22:43 <REP> d-------- C:\Program Files\Google
    2007-12-18 22:43 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-12-18 22:43 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-12-16 18:37 . 2007-12-16 20:50 <REP> d-------- C:\Documents and Settings\dubos\Application Data\gtk-2.0
    2007-12-16 15:38 . 2007-12-16 15:38 <REP> d-------- C:\Documents and Settings\dubos\Application Data\Inkscape
    2007-12-16 15:37 . 2007-12-16 15:37 <REP> d-------- C:\Program Files\Inkscape
    2007-12-09 21:52 . 2007-12-09 21:52 <REP> d-------- C:\Program Files\LightWork Design
    2007-12-09 21:10 . 2007-12-09 21:10 <REP> d-------- C:\Program Files\Epson
    2007-12-09 20:38 . 2007-12-09 22:30 <REP> d-------- C:\Program Files\Adobe Type Manager
    2007-12-09 20:36 . 2007-12-09 22:30 <REP> d-------- C:\Program Files\PhotoDeluxe HE 3(2).1
    2007-12-09 19:26 . 2007-12-09 22:32 <REP> d-------- C:\Program Files\Microsoft Picture It!(2)
    2007-12-09 19:11 . 2007-12-09 22:32 <REP> d-------- C:\Program Files\Picture Page
    2007-12-09 13:42 . 2007-12-09 14:47 5,210 --a------ C:\logfile
    2007-12-09 12:50 . 2007-12-09 12:56 <REP> d-------- C:\Program Files\Kodak(2)
    2007-12-09 11:31 . 2007-12-09 11:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
    2007-12-09 02:56 . 2007-12-09 22:32 <REP> d-------- C:\Program Files\PACard
    2007-12-09 02:52 . 2007-12-09 22:32 <REP> d-------- C:\pmw
    2007-12-09 02:50 . 2007-12-09 02:50 <REP> d-------- C:\SIERRA
    2007-12-09 02:44 . 2007-12-09 22:32 <REP> d-------- C:\WINDOWS\COREL
    2007-12-09 02:44 . 2007-12-09 22:32 <REP> d-------- C:\Program Files\Corel(2)
    2007-12-08 22:02 . 2007-12-09 02:35 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\PhotoParade
    2007-12-08 20:58 . 2007-12-09 22:32 <REP> d-------- C:\Program Files\Scribus 1.3.4
    2007-12-08 20:58 . 2007-12-09 22:32 <REP> d-------- C:\Documents and Settings\dubos\Application Data\Scribus
    2007-12-08 13:16 . 2007-12-09 22:32 <REP> d-------- C:\Program Files\gs
    2007-12-07 22:33 . 2007-12-18 22:45 <REP> d-------- C:\Program Files\Picasa2
    2007-12-06 23:22 . 2008-01-02 18:59 <REP> d-------- C:\Program Files\PhotoFiltre

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-05 00:30 --------- d-----w C:\Program Files\BeClean
    2008-01-04 22:31 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-01-02 11:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-02 11:52 --------- d-----w C:\Program Files\PowerQuest
    2008-01-02 11:19 --------- d-----w C:\Program Files\eMule
    2007-12-09 21:33 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-12-09 21:29 --------- d-----w C:\Program Files\Fichiers communs\FotoNation
    2007-12-06 21:47 --------- d-----w C:\Documents and Settings\dubos\Application Data\ZoomBrowser EX
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-01 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
    2007-11-25 21:33 --------- d-----w C:\Documents and Settings\dubos\Application Data\Canon
    2007-11-25 21:15 --------- d-----w C:\Program Files\Canon
    2007-11-25 21:01 --------- d-----w C:\Program Files\Fichiers communs\Canon
    2007-11-18 20:06 --------- d-----w C:\Program Files\Anuman Interactive
    2007-11-18 13:56 --------- d-----w C:\Program Files\Common Files
    2007-11-18 12:35 540 ---ha-w C:\os062307.bin
    2007-11-18 12:27 --------- d-----w C:\Program Files\IMSI
    2007-11-18 12:25 --------- d-----w C:\Program Files\FloorPlan 3D v7 Setup
    2007-11-18 11:21 --------- d-----w C:\Program Files\D-Tools
    2007-11-17 23:53 --------- d-----w C:\Program Files\QuickTime
    2007-11-17 23:53 --------- d-----w C:\Program Files\Apple Software Update
    2007-11-17 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-11-17 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-11-17 22:30 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
    2007-11-17 22:14 --------- d-----w C:\Program Files\WinPortrait
    2007-11-17 21:48 --------- d-----w C:\Program Files\Mozilla Firefox(2)
    2007-11-17 21:25 --------- d-----w C:\Program Files\Micro Application
    2007-11-16 21:53 --------- d-----w C:\Program Files\Western Digital
    2007-11-16 21:34 --------- d-----w C:\Documents and Settings\dubos\Application Data\Leadertech
    2007-11-14 23:29 --------- d-----w C:\Program Files\Setup Files
    2007-11-14 23:01 --------- d-----w C:\Program Files\MSI
    2007-11-14 18:35 --------- d-----w C:\Documents and Settings\dubos\Application Data\Qualcomm
    2007-11-14 18:31 --------- d-----w C:\Program Files\Qualcomm
    2007-11-14 18:30 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-11-14 17:05 --------- d-----w C:\Documents and Settings\dubos\Application Data\Thunderbird
    2007-11-14 12:22 --------- d-----w C:\Program Files\Symantec
    2007-11-14 12:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-11-14 09:55 --------- d-----w C:\Program Files\Alwil Software
    2003-12-21 09:04 809 ------w C:\Program Files\INSTALL.LOG
    2002-03-31 10:36 2,749 -c----w C:\Program Files\readme.txt
    2000-04-24 20:15 3,500 -c----w C:\Program Files\cOuGaR-zOnE.nfo
    1999-08-18 14:36 135,168 ------w C:\WINDOWS\inf\AGFA\message.exe
    1999-08-16 20:05 14,336 ------w C:\Program Files\mod.dll
    1995-09-20 15:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-04_23.13.16.01 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-04 21:57:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-01-04 22:10:20 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-01-04 21:57:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-01-04 22:10:20 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2008-01-04 21:57:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-01-04 22:10:20 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2008-01-04 22:05:35 245,760 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    + 2008-01-05 00:26:09 245,760 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    + 2008-01-05 00:29:42 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6a4.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    0
  14. vever
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:40:07, on 04/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\atievxx.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\VM_STI.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\BlueSynchroManager\BlueSynchroManager.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
    C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9F4AF0A8-D602-4BC7-9BBE-8ACC13454A06} - C:\WINDOWS\system32\btse.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
    O4 - Startup: BlueSynchroManager.lnk = C:\Program Files\BlueSynchroManager\BlueSynchroManager.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Moniteur de réseau sans fil G.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?e0aac62f1ba24a7795ed30465788df80
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?e0aac62f1ba24a7795ed30465788df80
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
    0
  15. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir mab24,
    les fichiers supprimés sont des infections

    pour la suite suit ceci

    Télécharge:
    http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware

    => Installer
    => Le lancer
    => Clic : Mise à jour
    ------
    = Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------
    => Dans ANALYSE ( en forme de loupe )
    => Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
    => Clic : Analyse complète du système
    -------
    => à la fin du scan ( qui est assez long)
    => Clic Appliquer toutes les actions <== ceci Très important
    => Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
    -------
    En mode normal
    colle le rapport

    ensuite un nouveau rapport hijack

    @+
    0
  16. Mab24 Messages postés 15 Statut Membre
     
    Bonjour EP 44

    Voici le rapport du scan AVG :

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 03:45:41 06/01/2008

    + Résultat de l'analyse:

    D:\Downloads\PDA\Jeux pda\[Pocket PC] - Full Cd - Games and Apps\new\StorageCard26.zip/StorageCard26/hpc-StorageCard26.zip/patch.exe -> Backdoor.Theef.111 : Nettoyé.
    F:\Downloads\PDA\Jeux pda\[Pocket PC] - Full Cd - Games and Apps\new\StorageCard26.zip/StorageCard26/hpc-StorageCard26.zip/patch.exe -> Backdoor.Theef.111 : Nettoyé.
    D:\Downloads\applications\Imsi Floorplan 3D Design Suite v9.0 Incl Keygen-Ssg.rar/setup_pack\keygen.exe -> Heuristic.Win32.Morphine-Crypted : Nettoyé.
    F:\Downloads\applications\Imsi Floorplan 3D Design Suite v9.0 Incl Keygen-Ssg.rar/setup_pack\keygen.exe -> Heuristic.Win32.Morphine-Crypted : Nettoyé.
    :mozilla.489:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.490:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.858:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.859:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.870:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.871:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.883:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.144:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.145:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.146:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.147:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.148:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.149:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.150:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.151:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.152:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.153:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.154:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.155:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.156:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.157:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.158:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.365:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.369:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.462:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.463:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.464:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.465:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.46:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.532:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.568:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.586:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.609:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.688:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.721:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.865:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.916:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@fnac.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@karavel.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@maxis.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@snapfish.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.520:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Adjuggler : Nettoyé.
    :mozilla.521:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Adjuggler : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Nettoyé.
    :mozilla.161:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.162:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.163:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.164:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.165:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.166:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.148:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
    :mozilla.45:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
    :mozilla.56:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
    :mozilla.57:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
    :mozilla.122:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.123:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.124:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.125:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.126:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.138:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.139:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.140:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.141:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.26:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.27:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.28:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.29:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    C:\Documents and Settings\dubos\Cookies\dubos@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.104:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
    :mozilla.255:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
    :mozilla.864:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
    C:\Documents and Settings\dubos\Cookies\dubos@adviva[1].txt -> TrackingCookie.Adviva : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@adviva[1].txt -> TrackingCookie.Adviva : Nettoyé.
    :mozilla.193:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
    :mozilla.198:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
    :mozilla.70:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    :mozilla.778:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Bfast : Nettoyé.
    :mozilla.849:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Bfast : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@bfast[1].txt -> TrackingCookie.Bfast : Nettoyé.
    :mozilla.39:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
    :mozilla.52:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
    :mozilla.62:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@www.burstnet[1].txt -> TrackingCookie.Burstnet : Nettoyé.
    :mozilla.761:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Centrport : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@centrport[1].txt -> TrackingCookie.Centrport : Nettoyé.
    :mozilla.201:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.202:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.203:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.625:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.627:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.628:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.639:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.642:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.88:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.90:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.91:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.92:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.93:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.94:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.95:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.787:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@connextra[2].txt -> TrackingCookie.Connextra : Nettoyé.
    :mozilla.404:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Dealtime : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Nettoyé.
    :mozilla.142:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
    :mozilla.24:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
    :mozilla.25:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    :mozilla.20:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
    :mozilla.21:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
    :mozilla.21:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
    :mozilla.687:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
    C:\Documents and Settings\dubos\Cookies\dubos@estat[2].txt -> TrackingCookie.Estat : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@www.etracker[1].txt -> TrackingCookie.Etracker : Nettoyé.
    :mozilla.141:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
    :mozilla.466:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
    :mozilla.467:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
    :mozilla.73:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.75:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.833:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.834:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.232:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.315:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.484:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.501:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.519:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.553:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.583:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.852:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.887:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.896:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.912:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.10:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.11:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.178:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.179:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.180:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.20:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.630:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.668:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.695:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.696:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.712:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@ehg-atariinc.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@ehg-finaref.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@ehg-gamespot.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@ehg-upcchellomedia.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@ehg-youtube.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@ehg-yvesrocher.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.343:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
    :mozilla.344:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
    :mozilla.707:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
    :mozilla.796:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
    :mozilla.893:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
    :mozilla.894:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Nettoyé.
    :mozilla.134:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
    :mozilla.213:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
    :mozilla.25:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
    F:\Documents and Settings\xp\Cookies\xp@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
    :mozilla.517:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
    :mozilla.518:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
    :mozilla.519:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
    :mozilla.523:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
    :mozilla.573:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
    :mozilla.575:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
    :mozilla.577:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@ie.search.msn[1].txt -> TrackingCookie.Msn : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@search.msn[1].txt -> TrackingCookie.Msn : Nettoyé.
    :mozilla.276:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
    :mozilla.382:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
    :mozilla.115:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.116:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.117:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.37:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.38:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.39:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.71:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    C:\Documents and Settings\dubos\Cookies\dubos@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.572:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Paycounter : Nettoyé.
    :mozilla.427:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Planetactive : Nettoyé.
    :mozilla.81:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Planetactive : Nettoyé.
    :mozilla.846:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
    :mozilla.853:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
    :mozilla.854:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
    :mozilla.857:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
    :mozilla.909:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Pro-market : Nettoyé.
    :mozilla.910:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Pro-market : Nettoyé.
    :mozilla.441:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
    :mozilla.442:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
    :mozilla.481:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
    :mozilla.482:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyé.
    :mozilla.534:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Real : Nettoyé.
    :mozilla.693:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Real : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@france.real[1].txt -> TrackingCookie.Real : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@real[1].txt -> TrackingCookie.Real : Nettoyé.
    :mozilla.484:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
    :mozilla.486:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
    :mozilla.487:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@realmedia[2].txt -> TrackingCookie.Realmedia : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.459:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
    :mozilla.483:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@revsci[2].txt -> TrackingCookie.Revsci : Nettoyé.
    :mozilla.169:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.170:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.171:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.172:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.173:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.174:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.184:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.185:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.186:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.187:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.188:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.189:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.190:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.75:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.76:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.77:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.78:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.79:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.80:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.368:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.609:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.610:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.612:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.807:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.812:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.873:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.875:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.22:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.23:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.24:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.25:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.30:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.31:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.32:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.87:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.89:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.90:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.91:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\dubos\Cookies\dubos@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
    F:\Documents and Settings\xp\Cookies\xp@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.135:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.370:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.371:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.372:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.373:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.374:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.375:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.706:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.709:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.710:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.711:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.712:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.713:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.714:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.20:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.212:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.213:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.23:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.24:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.64:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.66:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.67:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.68:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.69:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.377:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Trafic : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@trafic[1].txt -> TrackingCookie.Trafic : Nettoyé.
    :mozilla.408:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
    :mozilla.335:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyé.
    :mozilla.338:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@valueclick[1].txt -> TrackingCookie.Valueclick : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@valueclick[2].txt -> TrackingCookie.Valueclick : Nettoyé.
    :mozilla.129:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.130:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.131:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.27:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.28:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.29:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.47:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.50:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\dubos\Cookies\dubos@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
    F:\Documents and Settings\xp\Cookies\xp@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.193:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\560rplta.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
    :mozilla.206:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
    :mozilla.207:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
    :mozilla.394:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
    :mozilla.546:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
    :mozilla.698:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
    :mozilla.713:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
    C:\Documents and Settings\dubos\Cookies\dubos@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Nettoyé.
    :mozilla.832:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé.
    :mozilla.847:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.856:F:\Disque local (L)\Documents and Settings\xp f\Application Data\Mozilla\Firefox\Profiles\crkx381v.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.867:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.868:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.869:C:\Documents and Settings\dubos\Application Data\Mozilla\Firefox\Profiles\jfdr827e.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    F:\Disque local (L)\Documents and Settings\xp f\Cookies\xp f@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
    C:\QooBox\Quarantine\catchme2008-01-05_ 12949.07.zip/avwavh.dll -> Trojan.BHO.agz : Nettoyé.
    D:\WINDOWS\system32\dllcache\hnetmon.dll -> Trojan.Susear.a : Nettoyé.
    F:\WINDOWS\WINDOWS\system32\dllcache\hnetmon.dll -> Trojan.Susear.a : Nettoyé.
    F:\WINDOWS\system32\dllcache\hnetmon.dll -> Trojan.Susear.a : Nettoyé.

    Fin du rapport
    0
  17. Mab24 Messages postés 15 Statut Membre
     
    et celui de hijack :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:30:12, on 06/01/2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Winamp3\winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\WINDOWS\System32\sstray.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\WinPortrait\wpctrl.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\BeClean\bca.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\WinPortrait\floater.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.fr.netscape.com/fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.fr.netscape.com/fr/home/winsearch.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.fr.netscape.com/fr/home/winsearch.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.fr.netscape.com/fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.fr.netscape.com/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    N1 - Netscape 4: user_pref("browser.startup.homepage", ""); (C:\Program Files\Netscape\Users\jluc\prefs.js)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [BeClean Start-Up Clean] C:\Program Files\BeClean\BeClean.exe /s
    O4 - HKLM\..\Run: [BeClean Agent] C:\Program Files\BeClean\bca.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2328ee0e86968d964622/netzip/RdxIE601_fr.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/dubos/LOCALS~1/Temp/msohtml1/01/clip_image003.gif
    0
  18. Mab24 Messages postés 15 Statut Membre
     
    Avast ne me détecte plus le trojan incriminé mais me trouve celui ci en quatre endroits différents : Win32:Obfuscated-BPP [Trj]

    Ep44, je comprends que les fichiers supprimés sont des infections, mais j'imagine que l'on supprime, avec les infections, les fichiers infectés ?

    A ce stade, je veux te remercier de ton coaching très efficace.

    C'est assez impressionnant toutes ces manips sans forcément tout comprendre, et donc faire le pari de la confiance aveugle ! ;)
    0
  19. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour Mab24,

    on supprime en effet l'infection, si tu prend ceci par exemple
    C:\WINDOWS\system32\wpxekrqr.dat
    on supprime que wpxekrqr.dat on supprime aussi les clés de lancement
    si ensuite plusieurs fichiers on était infectés des nettoyage en ligne font parfaitement ça
    ce que tu vas faire
    donc Fais un scan antivirus en ligne avec Internet Explorer
    https://www.bitdefender.fr/

    => En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
    => Dans la nouvelle fenêtre, clique sur I agree
    => La fenêtre change encore, clique sur Click here to scan
    => Les signatures se chargent, etc.
    => copie colle le résultat ici

    tuto en image

    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    et
    reposte un nouveau rapport hijackthis
    0
  20. Mab24 Messages postés 15 Statut Membre
     
    Bonjour,

    Voici le raaport bit defender :

    BitDefender Online Scanner

    Rapport d'analyse généré à: Mon, Jan 07, 2008 - 08:51:17

    Voie d'analyse: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;M:\;N:\;O:\;P:\;

    Statistiques

    Temps

    18:32:48

    Fichiers

    2403931

    Directoires

    39958

    Secteurs de boot

    6

    Archives

    401760

    Paquets programmes

    69558

    Résultats

    Virus identifiés

    91

    Fichiers infectés

    150

    Fichiers suspects

    0

    Avertissements

    0

    Désinfectés

    0

    Fichiers effacés

    0

    Info sur les moteurs

    Définition virus

    885530

    Version des moteurs

    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Analyse des plugins

    14

    Archive des plugins

    38

    Unpack des plugins

    7

    E-mail plugins

    6

    Système plugins

    1

    Paramètres d'analyse

    Première action

    Rapport

    Seconde Action

    __SECACT__

    Heuristique

    Oui

    Acceptez les avertissements

    Oui

    Extensions analysées

    *;

    Excludez les extensions

    Analyse d'emails

    Oui

    Analyse des Archives

    Oui

    Analyser paquets programmes

    Oui

    Analyse des fichiers

    Oui

    Analyse de boot

    Oui

    Fichier analysé

    Statut

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Inbox=>(message 16967)

    Infecté par: Generic.Peed.Eml.21C9FF8B

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1792)

    Infecté par: Generic.Peed.Eml.4708C3B3

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1794)

    Infecté par: Generic.Peed.Eml.460DEBCF

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1797)

    Infecté par: Generic.Peed.Eml.CB455CC5

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1802)

    Infecté par: Generic.Peed.Eml.F001A4CE

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1806)

    Infecté par: Generic.Peed.Eml.CF9EAF80

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1818)

    Infecté par: Generic.Peed.Eml.8C0D549E

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1820)

    Infecté par: Generic.Peed.Eml.72B1CF21

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1823)

    Infecté par: Generic.Peed.Eml.B4081D8C

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1828)

    Infecté par: Generic.Peed.Eml.8B65EA36

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1829)

    Infecté par: Generic.Peed.Eml.EBE40DC9

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1832)

    Infecté par: Generic.Peed.Eml.6864FAB4

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1838)

    Infecté par: Generic.Peed.Eml.712BB407

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1846)

    Infecté par: Generic.Peed.Eml.56A8FA51

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1849)

    Infecté par: Generic.Peed.Eml.27F65588

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1850)

    Infecté par: Generic.Peed.Eml.1A7E0A24

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1851)

    Infecté par: Generic.Peed.Eml.F12E7CDF

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1852)

    Infecté par: Generic.Peed.Eml.0669F95E

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1853)

    Infecté par: Generic.Peed.Eml.76A0E38B

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1854)

    Infecté par: Generic.Peed.Eml.F49FCDAA

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1855)

    Infecté par: Generic.Peed.Eml.225A23AE

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1857)

    Infecté par: Generic.Peed.Eml.F2BFA659

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1876)

    Infecté par: Generic.Peed.Eml.55379FD5

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1878)

    Infecté par: Generic.Peed.Eml.EB539359

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1879)

    Infecté par: Generic.Peed.Eml.7F795C67

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1880)

    Infecté par: Generic.Peed.Eml.F52BFCA6

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1885)

    Infecté par: Generic.Peed.Eml.A9E6DF5A

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders\Trash=>(message 1889)

    Infecté par: Generic.Peed.Eml.C15A78D2

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Boîte de réception=>(message 7988)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 21 Jun 2006 04:05:01 +0300]=>(MIME part)=>(MIME part)=>(message body)

    Infecté par: Exploit.Iframe.Vulnerability.B

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 897)

    Infecté par: Generic.Peed.Eml.4708C3B3

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 899)

    Infecté par: Generic.Peed.Eml.460DEBCF

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 902)

    Infecté par: Generic.Peed.Eml.CB455CC5

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 907)

    Infecté par: Generic.Peed.Eml.F001A4CE

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 911)

    Infecté par: Generic.Peed.Eml.CF9EAF80

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 923)

    Infecté par: Generic.Peed.Eml.8C0D549E

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 925)

    Infecté par: Generic.Peed.Eml.72B1CF21

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 928)

    Infecté par: Generic.Peed.Eml.B4081D8C

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 933)

    Infecté par: Generic.Peed.Eml.8B65EA36

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 934)

    Infecté par: Generic.Peed.Eml.EBE40DC9

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 937)

    Infecté par: Generic.Peed.Eml.6864FAB4

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 943)

    Infecté par: Generic.Peed.Eml.712BB407

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 951)

    Infecté par: Generic.Peed.Eml.56A8FA51

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 954)

    Infecté par: Generic.Peed.Eml.27F65588

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 955)

    Infecté par: Generic.Peed.Eml.1A7E0A24

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 956)

    Infecté par: Generic.Peed.Eml.F12E7CDF

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 957)

    Infecté par: Generic.Peed.Eml.0669F95E

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 958)

    Infecté par: Generic.Peed.Eml.76A0E38B

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 959)

    Infecté par: Generic.Peed.Eml.F49FCDAA

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 960)

    Infecté par: Generic.Peed.Eml.225A23AE

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 962)

    Infecté par: Generic.Peed.Eml.F2BFA659

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 981)

    Infecté par: Generic.Peed.Eml.55379FD5

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 983)

    Infecté par: Generic.Peed.Eml.EB539359

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 984)

    Infecté par: Generic.Peed.Eml.7F795C67

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 985)

    Infecté par: Generic.Peed.Eml.F52BFCA6

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 990)

    Infecté par: Generic.Peed.Eml.A9E6DF5A

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\Local Folders2\Éléments supprimés=>(message 994)

    Infecté par: Generic.Peed.Eml.C15A78D2

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Boîte de réception=>(message 7988)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 21 Jun 2006 04:05:01 +0300]=>(MIME part)=>(MIME part)=>(message body)

    Infecté par: Exploit.Iframe.Vulnerability.B

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 897)

    Infecté par: Generic.Peed.Eml.4708C3B3

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 899)

    Infecté par: Generic.Peed.Eml.460DEBCF

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 902)

    Infecté par: Generic.Peed.Eml.CB455CC5

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 907)

    Infecté par: Generic.Peed.Eml.F001A4CE

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 911)

    Infecté par: Generic.Peed.Eml.CF9EAF80

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 923)

    Infecté par: Generic.Peed.Eml.8C0D549E

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 925)

    Infecté par: Generic.Peed.Eml.72B1CF21

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 928)

    Infecté par: Generic.Peed.Eml.B4081D8C

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 933)

    Infecté par: Generic.Peed.Eml.8B65EA36

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 934)

    Infecté par: Generic.Peed.Eml.EBE40DC9

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 937)

    Infecté par: Generic.Peed.Eml.6864FAB4

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 943)

    Infecté par: Generic.Peed.Eml.712BB407

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 951)

    Infecté par: Generic.Peed.Eml.56A8FA51

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 954)

    Infecté par: Generic.Peed.Eml.27F65588

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 955)

    Infecté par: Generic.Peed.Eml.1A7E0A24

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 956)

    Infecté par: Generic.Peed.Eml.F12E7CDF

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 957)

    Infecté par: Generic.Peed.Eml.0669F95E

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 958)

    Infecté par: Generic.Peed.Eml.76A0E38B

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 959)

    Infecté par: Generic.Peed.Eml.F49FCDAA

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 960)

    Infecté par: Generic.Peed.Eml.225A23AE

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 962)

    Infecté par: Generic.Peed.Eml.F2BFA659

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 981)

    Infecté par: Generic.Peed.Eml.55379FD5

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 983)

    Infecté par: Generic.Peed.Eml.EB539359

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 984)

    Infecté par: Generic.Peed.Eml.7F795C67

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 985)

    Infecté par: Generic.Peed.Eml.F52BFCA6

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 990)

    Infecté par: Generic.Peed.Eml.A9E6DF5A

    C:\Documents and Settings\dubos\Application Data\Thunderbird\Profiles\kfs6vvyn.default\Mail\pop.tiscali.fr\Éléments supprimés=>(message 994)

    Infecté par: Generic.Peed.Eml.C15A78D2

    C:\QooBox\Quarantine\C\WINDOWS\system32\avwavh.dll.vir

    Infecté par: Trojan.Spy.Bzub.NGP

    C:\System Volume Information\_restore{90FEB88B-5CE9-42F4-BFE3-0D0D3AF97BD4}\RP3\A0000143.dll

    Infecté par: Trojan.Spy.Bzub.NGP

    D:\Downloads\applications\Alcohol120.v1.4.6.(Build.711)-crack.rar=>REGPATCH.EXE

    Infecté par: Trojan.Regpat.A

    D:\Downloads\applications\IMSI.FLOORPLAN.3D.DESIGN.SUITE.V9.0-TDA.bin=>CRACK/ssg-fp9.exe

    Infecté par: Packer.FSG.A

    F:\Documents and Settings\xp\.housecall6.6\Quarantine\Alcatel (Unlock - Débloquer - Programme).rar.bac_a02300=>(Quarantine-4)=>Alcatel\DIVERS\989_alcabe5unleuro.zip=>alcabe5unl.exe

    Infecté par: Trojan.Win32.Belocker.A

    F:\Documents and Settings\xp\.housecall6.6\Quarantine\Alcatel (Unlock - Débloquer - Programme).rar.bac_a03456=>(Quarantine-4)=>Alcatel\DIVERS\989_alcabe5unleuro.zip=>alcabe5unl.exe

    Infecté par: Trojan.Win32.Belocker.A

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Boîte de réception=>(message 7988)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 21 Jun 2006 04:05:01 +0300]=>(MIME part)=>(MIME part)=>(message body)

    Infecté par: Exploit.Iframe.Vulnerability.B

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 897)

    Infecté par: Generic.Peed.Eml.4708C3B3

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 899)

    Infecté par: Generic.Peed.Eml.460DEBCF

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 902)

    Infecté par: Generic.Peed.Eml.CB455CC5

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 907)

    Infecté par: Generic.Peed.Eml.F001A4CE

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 911)

    Infecté par: Generic.Peed.Eml.CF9EAF80

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 923)

    Infecté par: Generic.Peed.Eml.8C0D549E

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 925)

    Infecté par: Generic.Peed.Eml.72B1CF21

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 928)

    Infecté par: Generic.Peed.Eml.B4081D8C

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 933)

    Infecté par: Generic.Peed.Eml.8B65EA36

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 934)

    Infecté par: Generic.Peed.Eml.EBE40DC9

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 937)

    Infecté par: Generic.Peed.Eml.6864FAB4

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 943)

    Infecté par: Generic.Peed.Eml.712BB407

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 951)

    Infecté par: Generic.Peed.Eml.56A8FA51

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 954)

    Infecté par: Generic.Peed.Eml.27F65588

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 955)

    Infecté par: Generic.Peed.Eml.1A7E0A24

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 956)

    Infecté par: Generic.Peed.Eml.F12E7CDF

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 957)

    Infecté par: Generic.Peed.Eml.0669F95E

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 958)

    Infecté par: Generic.Peed.Eml.76A0E38B

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 959)

    Infecté par: Generic.Peed.Eml.F49FCDAA

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 960)

    Infecté par: Generic.Peed.Eml.225A23AE

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 962)

    Infecté par: Generic.Peed.Eml.F2BFA659

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 981)

    Infecté par: Generic.Peed.Eml.55379FD5

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 983)

    Infecté par: Generic.Peed.Eml.EB539359

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 984)

    Infecté par: Generic.Peed.Eml.7F795C67

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 985)

    Infecté par: Generic.Peed.Eml.F52BFCA6

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 990)

    Infecté par: Generic.Peed.Eml.A9E6DF5A

    F:\Documents and Settings\xp\Application Data\Thunderbird\Profiles\k9hlrrjg.default\Mail\Local Folders\Éléments supprimés=>(message 994)

    Infecté par: Generic.Peed.Eml.C15A78D2

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{1E85803C-686D-443F-A20D-8A2F6118520D}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 710)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 21 Jun 2006 04:05:01 +0300]=>(MIME part)=>(MIME part)=>(message body)

    Infecté par: Exploit.Iframe.Vulnerability.B

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 1177)

    Infecté par: Generic.Peed.Eml.994272CC

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 9448)=>[Subject: [avast! - INFECTED] Mail Delivery (f][Date: Wed, 21 Jun 2006 04:05:01 +0300]=>(MIME part)=>(MIME part)=>(message body)

    Infecté par: Exploit.Iframe.Vulnerability.B

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 443)

    Infecté par: Generic.Peed.Eml.7FDDA6E7

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 447)

    Infecté par: Generic.Peed.Eml.FE2620C0

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 452)

    Infecté par: Generic.Peed.Eml.E75E80BD

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 453)

    Infecté par: Generic.Peed.Eml.8EF237FC

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 454)

    Infecté par: Generic.Peed.Eml.42813806

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 456)

    Infecté par: Generic.Peed.Eml.2827D352

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 474)

    Infecté par: Generic.Peed.Eml.0656427A

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 475)

    Infecté par: Generic.Peed.Eml.6CA051FD

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 477)

    Infecté par: Generic.Peed.Eml.12304A99

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 478)

    Infecté par: Generic.Peed.Eml.F3D3AED9

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 479)

    Infecté par: Generic.Peed.Eml.B6139B37

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 480)

    Infecté par: Generic.Peed.Eml.971334DF

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 481)

    Infecté par: Generic.Peed.Eml.04F7A03F

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 482)

    Infecté par: Generic.Peed.Eml.BBC52364

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 483)

    Infecté par: Generic.Peed.Eml.53E3FBCB

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 486)

    Infecté par: Generic.Peed.Eml.24298EFC

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 494)

    Infecté par: Generic.Peed.Eml.DD7F637A

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 500)

    Infecté par: Generic.Peed.Eml.8CE296A6

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 503)

    Infecté par: Generic.Peed.Eml.7066AF07

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 504)

    Infecté par: Generic.Peed.Eml.7CF77B69

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 509)

    Infecté par: Generic.Peed.Eml.6277048A

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 512)

    Infecté par: Generic.Peed.Eml.E473C81A

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 514)

    Infecté par: Generic.Peed.Eml.0B96069E

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 530)

    Infecté par: Generic.Peed.Eml.0092F140

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 535)

    Infecté par: Generic.Peed.Eml.0494A5CB

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 538)

    Infecté par: Generic.Peed.Eml.AB0CD9EF

    F:\Documents and Settings\xp\Local Settings\Application Data\Identities\{E82D4491-88D9-4E90-8BF3-963B52DB179D}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 540)

    Infecté par: Generic.Peed.Eml.3009189A

    F:\Downloads\applications\Alcohol120.v1.4.6.(Build.711)-crack.rar=>REGPATCH.EXE

    Infecté par: Trojan.Regpat.A

    F:\Downloads\applications\IMSI.FLOORPLAN.3D.DESIGN.SUITE.V9.0-TDA.bin=>CRACK/ssg-fp9.exe

    Infecté par: Packer.FSG.A

    0
  21. Mab24 Messages postés 15 Statut Membre
     
    Et celui de hijack !

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:53:41, on 07/01/2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Winamp3\winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\WINDOWS\System32\sstray.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\WinPortrait\wpctrl.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\BeClean\bca.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\WinPortrait\floater.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Alwil Software\Avast4\ashLogV.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.fr.netscape.com/fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.fr.netscape.com/fr/home/winsearch.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.fr.netscape.com/fr/home/winsearch.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.fr.netscape.com/fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.fr.netscape.com/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    N1 - Netscape 4: user_pref("browser.startup.homepage", ""); (C:\Program Files\Netscape\Users\jluc\prefs.js)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [BeClean Start-Up Clean] C:\Program Files\BeClean\BeClean.exe /s
    O4 - HKLM\..\Run: [BeClean Agent] C:\Program Files\BeClean\bca.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2328ee0e86968d964622/netzip/RdxIE601_fr.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/dubos/LOCALS~1/Temp/msohtml1/01/clip_image003.gif
    0
  • 1
  • 2