Infection par msn

philwak Messages postés 25 Statut Membre -  
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,
Depuis hier soir, je crois que mon pc est infecté par un virus ou autre bestiole de ce genre. Ma fille qui surfait sur msn à cliquée sur un lien et à enregistrer un fichier sur le disque dur. aprés avoir allumé le pc, les icones disparaissent et l'ordi s'éteind et se rallume en boucle. Il fonctionne par contre en mode sans échec, je suis connecté à internet par ce biais. J'ai fait un scan général avec avast, ccleaner, spybot mais rien n'y fait. Pouvez vous m'aider? Je colle ci dessous le rapport hijackthis. Merci beaucoup pour votre aide.

Logfile of HijackThis v1.99.1
Scan saved at 21:44:07, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules Blog Webcam\CamService.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
O4 - HKCU\..\RunOnce: [IE7-10] rundll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\NR_IE7en.inf,AfterUserStart,,4,N
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CS1\Services\Tcpip\..\{7ECAAFBE-96BC-413D-8CA0-F0854A018295}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Configuration: Windows XP
Firefox 2.0.0.11

18 réponses

  1. philwak Messages postés 25 Statut Membre
     
    Je précise que le nom du fichier enregistré sur le bureau était naked164
    0
  2. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    pas bon internet en MSE

    suit ceci
    Télécharge:
    http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware

    => Installer
    => Le lancer
    => Clic : Mise à jour
    ------
    = Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------
    => Dans ANALYSE ( en forme de loupe )
    => Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
    => Clic : Analyse complète du système
    -------
    => à la fin du scan ( qui est assez long)
    => Clic Appliquer toutes les actions <== ceci Très important
    => Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
    -------
    En mode normal
    colle le rapport
    -------------

    Télécharge sur le bureau
    http://sosvirus.changelog.fr/MSNFix.zip

    => Clic-Droit sur MSNFix.zip
    => Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
    => Double-Clic sur le dossier MSNfix qui vient de se créer
    => Double-Clic MSNfix ==> Symbole roue dentée
    => Choisir R
    => Choisir ensuite N ( si infection)
    => Enregistre le rapport
    redémarre le PC et relancer MSN tu sauras ainsi si tout est supprimé
    =======================

    et pour contrôle
    Télécharge sur le bureau
    ftp://ftp.commentcamarche.com/download/HJTInstall.exe

    => Clic-droit sur Hijackthis
    => Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
    => clic droit sur Hijackthis ==> renommer ==> écrire : test.exe ( à la place de hijackthis.exe)<== Important
    =>Double-clic dessus
    => Clic Do a system scan and save the log
    => ensuite colle le rapport

    @+
    0
  3. philwak Messages postés 25 Statut Membre
     
    voici le rapport avg

    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 22:38:36 25/01/2008

    + Résultat de l'analyse:

    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OZL8635Z\ddos[1].txt -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{460B3684-9612-4632-A2E3-6C82077ED460}\RP188\A0025276.exe -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
    C:\d.exe -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
    [1020] VM_13110000 -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{460B3684-9612-4632-A2E3-6C82077ED460}\RP188\A0022218.exe -> Backdoor.IRCBot.acd : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Administrator\Desktop\Upload_Me.zip/DOCUME~1/ADMINI~1/Desktop/Upload_Me/kkynn.exe -> Proxy.Wopla.ao : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Administrator\My Documents\Mes fichiers reçus\msnscan\MSNFix\25012008_22041932.zip/backup/kkynn.exe -> Proxy.Wopla.ao : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{460B3684-9612-4632-A2E3-6C82077ED460}\RP188\A0025286.exe -> Proxy.Wopla.ao : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Administrator\Desktop\Upload_Me.zip/DOCUME~1/ADMINI~1/Desktop/Upload_Me/ylru.exe -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Z9ANF9DW\eixnlapsu[1].htm -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Administrator\My Documents\Mes fichiers reçus\msnscan\MSNFix\25012008_22041932.zip/backup/ylru.exe -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\All Users\Documents\Settings\partnership.dll~ -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{460B3684-9612-4632-A2E3-6C82077ED460}\RP188\A0025287.exe -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
    C:\ylru.exe -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
    [676] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\parBC70.tmp -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
    C:\WINDOWS\system32\drivers\ip6fw.sys -> Rootkit.Agent.pr : Nettoyé et sauvegardé (mise en quarantaine).
    :mozilla.284:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.285:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.286:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.287:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.288:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.289:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.19:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.20:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.21:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.23:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.668:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.685:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.911:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.93:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@msnaccountservices.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@msnlivefavorites.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.182:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
    :mozilla.183:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
    :mozilla.184:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
    :mozilla.185:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
    :mozilla.444:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.445:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.446:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.447:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.448:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.449:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.38:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
    :mozilla.213:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.214:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.215:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.216:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.217:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.397:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
    :mozilla.159:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    :mozilla.111:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    :mozilla.419:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.420:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.421:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.422:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.423:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.424:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.425:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.426:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.427:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.160:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.161:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.162:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.15:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
    :mozilla.252:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
    :mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
    :mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
    :mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
    :mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
    :mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
    :mozilla.353:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
    :mozilla.354:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
    :mozilla.355:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
    :mozilla.356:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
    :mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@as1.falkag[2].txt -> TrackingCookie.Falkag : Nettoyé.
    :mozilla.205:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.206:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.207:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.209:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.210:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.393:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.441:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.450:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.552:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.599:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.609:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.644:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.652:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.687:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.756:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.777:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.811:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.172:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.173:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.174:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.564:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.730:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.731:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@ehg-foxsports.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@ehg-neuftelecom.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.177:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
    :mozilla.178:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
    C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Nettoyé.
    :mozilla.28:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
    :mozilla.876:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Ne : Nettoyé.
    :mozilla.684:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
    :mozilla.225:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.226:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.227:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
    :mozilla.733:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
    :mozilla.734:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
    :mozilla.735:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
    :mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.73:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.75:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.76:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.77:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.78:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.79:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.83:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@serving-sys[3].txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.329:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.655:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.908:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.909:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.74:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.80:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.81:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.82:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@h.starware[2].txt -> TrackingCookie.Starware : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@try.starware[2].txt -> TrackingCookie.Starware : Nettoyé.
    :mozilla.379:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.380:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.381:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.382:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.383:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.384:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.385:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.66:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.67:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.68:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.69:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.70:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.189:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
    :mozilla.465:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyé.
    :mozilla.466:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyé.
    :mozilla.469:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyé.
    :mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.24:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.26:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.27:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\Administrator\Cookies\administrator@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\Administrator\Cookies\administrator@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
    :mozilla.346:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Nettoyé.
    :mozilla.261:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé.
    :mozilla.175:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.176:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.179:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.180:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.181:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
    C:\Documents and Settings\salon\Cookies\salon@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9CCVXH1M\cprdshtvt[1].htm -> Trojan.Sinowal.gf : Nettoyé et sauvegardé (mise en quarantaine).

    Fin du rapport
    0
  4. philwak Messages postés 25 Statut Membre
     
    Voici le hijackthis de ce matin, je n'arrive pas a avoir de rapport msnfix, a la fin du scan il est indiqué que l'infection est toujours présente ....mais pas de rapport.

    Logfile of HijackThis v1.99.1
    Scan saved at 09:33:23, on 26/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20696)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate/v6/default.aspx
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules Blog Webcam\CamService.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunOnce: [MSNFix] C:\Documents and Settings\Administrator\My Documents\Mes fichiers reçus\msnscan\MSNFix\MSNFix.bat /pass2
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
    O4 - HKCU\..\RunOnce: [IE7-10] rundll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\NR_IE7en.inf,AfterUserStart,,4,N
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O11 - Options group: [TABS] Tabbed Browsing
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O17 - HKLM\System\CS1\Services\Tcpip\..\{7ECAAFBE-96BC-413D-8CA0-F0854A018295}: NameServer = 192.168.1.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. philwak Messages postés 25 Statut Membre
     
    Bonjour,
    y a a t'il quelqu'un qui puisse m'aider?

    Merci d'avance
    0
  7. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour philwak,

    on laisse MSNfix que tu peux supprimer

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec

    ------
    => Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------

    => Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    => Appuie sur Y pour commencer le processus de nettoyage.
    => Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    => Appuie sur une touche pour redémarrer le PC.
    => Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    => Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    => Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    => Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    => Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse
    @+
    0
  8. philwak Messages postés 25 Statut Membre
     
    voila, c'est fait:

    SDFix: Version 1.131

    Run by Administrator on 26/01/2008 at 10:25

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\DOCUME~1\ADMINI~1\MYDOCU~1\MESFIC~1\SDFix

    Safe Mode:
    Checking Services:

    Name:
    ldrsvc
    msupdate

    Path:
    %SystemRoot%\System32\svchost.exe -k netsvcs
    c:\windows\system32\msvcrtd.exe

    ldrsvc - Deleted
    msupdate - Deleted

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Missing Security Center Service
    Restoring Missing SharedAccess Service

    Merci pour ton aide.
    0
  9. philwak Messages postés 25 Statut Membre
     
    Quelqu'un peut t'il m'aider?

    Merci d'avance
    0
  10. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Télécharge Combofix sUBs : http://www.pc-xpress.ca/download/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix,
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    0
  11. philwak Messages postés 25 Statut Membre
     
    le voila, merci de t'occuper de mon cas:

    ComboFix 07-08-09.3 - "Administrator" 2008-01-26 23:05:40.1 - NTFSx86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.755 [GMT 1:00]

    /wow section - STAGE 6
    /wow section - STAGE 7
    /wow section - STAGE 8
    /wow section - STAGE 11

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system32\9_exception.nls
    C:\WINDOWS\system32\DefLib.sys
    C:\WINDOWS\system32\msvcrtd.exe

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\LEGACY_LDRSVC
    -------\LEGACY_NTNDIS
    -------\ldrsvc
    -------\msupdate
    -------\runtime
    -------\SysLibrary

    ((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))

    2008-01-26 23:05 51,200 --a------ C:\WINDOWS\nircmd.exe
    2008-01-26 22:58 7,680 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys
    2008-01-26 22:58 25,984 --a------ C:\WINDOWS\system32\drivers\Cfw47.sys
    2008-01-26 22:58 18,176 --a------ C:\WINDOWS\system32\drivers\smtpdrv.sys
    2008-01-26 22:58 16,384 --a------ C:\WINDOWS\system32\mmmsblbbl.dll
    2008-01-26 22:57 58,368 --a------ C:\blhhjtpx.exe
    2008-01-26 22:57 54,764 --a------ C:\WINDOWS\system32\drivers\khtml.sys
    2008-01-26 22:57 3,584 --a------ C:\kxhacvkl.exe
    2008-01-26 22:57 22,016 --a------ C:\DOCUME~1\ADMINI~1\sljtok.exe
    2008-01-26 22:57 13,312 --a------ C:\WINDOWS\system32\mssrv32.exe
    2008-01-26 22:52 34,305 --a------ C:\DOCUME~1\ADMINI~1\saekhwtt.exe
    2008-01-26 22:45 34,305 --a------ C:\DOCUME~1\salon\saekhwtt.exe
    2008-01-26 19:11 12,288 --a------ C:\WINDOWS\system32\rtxemd.exe
    2008-01-26 18:45 <DIR> d-------- C:\Program Files\Avira
    2008-01-26 18:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    2008-01-26 18:18 <DIR> d-------- C:\WINDOWS\AU_Temp
    2008-01-26 17:30 <DIR> d-------- C:\WINDOWS\McAfee.com
    2008-01-26 15:23 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2008-01-26 15:23 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2008-01-26 15:23 <DIR> d-------- C:\WINDOWS\AU_Backup
    2008-01-26 15:04 <DIR> d-------- C:\DOCUME~1\ADMINI~1\internet explorer
    2008-01-26 12:59 <DIR> d-------- C:\WINDOWS\system32\appmgmt
    2008-01-26 12:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MSNInstaller
    2008-01-26 11:32 <DIR> d-------- C:\MSNFix
    2008-01-26 10:25 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-01-25 21:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Contacts
    2008-01-25 21:28 <DIR> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2008-01-25 21:23 <DIR> d-------- C:\Program Files\Trend Micro
    2008-01-25 20:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2008-01-25 12:46 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-01-25 12:46 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-01-25 12:46 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-01-25 12:46 <DIR> d-------- C:\WINDOWS\AU_Log
    2008-01-24 23:18 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\TuneUp Software
    2008-01-24 21:42 <DIR> d--hs---- C:\WINDOWS\CSC
    2008-01-24 21:31 2,359,296 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2008-01-23 19:05 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2008-01-23 19:05 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
    2008-01-23 19:05 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2008-01-23 19:05 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2008-01-23 19:05 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2008-01-23 19:05 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2008-01-23 19:05 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2008-01-23 19:05 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2008-01-06 15:35 <DIR> d-------- C:\DOCUME~1\salon\APPLIC~1\Skyline

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2007-05-24 09:49 C:\WINDOWS\system32\HDAShCut.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43]
    "nwiz"="nwiz.exe" [2006-08-11 14:43 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 02:11]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-26 19:22]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 14:35]
    "HerculesCamService"="C:\Program Files\Hercules\Hercules Blog Webcam\CamService.exe" [2006-10-04 17:44]
    "SDFix"="C:\SDFix\RunThis.bat /second" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
    "ShowDeskFix"=regsvr32 /s /n /i:u shell32
    "IE7-10"=rundll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\NR_IE7en.inf,AfterUserStart,,4,N

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "SDFix"=C:\SDFix\RunThis.bat /second

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "ShowDeskFix"=regsvr32 /s /n /i:u shell32

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-06-27 14:45 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\WINDOWS\system32\mmmsblbbl.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cfw47.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
    R1 smtpdrv;smtpdrv;C:\WINDOWS\system32\DRIVERS\smtpdrv.sys
    R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    S1 avgio;avgio;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
    S1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
    S1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
    S1 khtml;kernel html parser;\??\C:\WINDOWS\system32\drivers\khtml.sys
    S1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    S2 rspndr;Link-Layer Topology Discovery Responder;C:\WINDOWS\system32\DRIVERS\rspndr.sys
    S3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
    S3 APL531;Hercules Blog Webcam;C:\WINDOWS\system32\Drivers\BLvid.sys
    S3 avgntflt;avgntflt;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
    S3 camfilt;camfilt;C:\WINDOWS\system32\Drivers\camfilt.sys
    S3 Cfw47;Cfw47;\??\C:\WINDOWS\System32\drivers\Cfw47.sys
    S3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-26 23:10:03
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    C:\Documents and Settings\Administrator\saekhwtt.exe [1756] 0x86AABDA0

    scanning hidden registry entries ...

    ça a été un peu difficile car je suis en mode sans échec et une fenêtre pop up s'ouvrait contemment voulant envoyer le rapport à microsoft.....
    0
  12. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    selectionne ceci

    registry::

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=-

    File::

    C:\WINDOWS\system32\mmmsblbbl.dll
    C:\blhhjtpx.exe
    C:\kxhacvkl.exe
    C:\WINDOWS\system32\drivers\khtml.sys
    C:\DOCUME~1\ADMINI~1\sljtok.exe
    C:\WINDOWS\system32\mssrv32.exe
    C:\DOCUME~1\ADMINI~1\saekhwtt.exe
    C:\DOCUME~1\salon\saekhwtt.exe
    C:\WINDOWS\system32\rtxemd.exe



    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    * Colle le texte copié dans ce bloc-notes (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    @+
    0
  13. philwak Messages postés 25 Statut Membre
     
    dsl, ça ne marche pas, le programme est viré par des pop upme demandant d'envoyer le rapport à microsoft!!!
    a tu une autre solution?

    Merci d'avance
    0
  14. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour
    il faut réssayer

    tu as fait CFScript.txt avec bloc notes ?
    0
  15. philwak Messages postés 25 Statut Membre
     
    oui ça c'est fait, puis je l'ai glissé /déposé sur le ureau sur l'icone combofix
    0
  16. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    ok donc regarde dans c: tu dois le trouver
    0
  17. philwak Messages postés 25 Statut Membre
     
    c'est ça?

    [code]
    2008-01-26 22:57 35840 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\msvcrtd.exe.vir
    2008-01-26 22:57 7923 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\DefLib.sys.vir
    2008-01-26 22:58 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\9_exception.nls.vir
    2008-01-26 23:06 1028 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_LDRSVC.reg.cf
    2008-01-26 23:06 157 --a------ C:\Qoobox\Quarantine\catchme.log
    2008-01-26 23:06 21525 --a------ C:\Qoobox\Quarantine\catchme2008-01-26_231001.73.zip
    2008-01-26 23:06 3436 --a------ C:\Qoobox\Quarantine\Registry_backups\services_ldrsvc.reg.cf
    2008-01-26 23:06 368 --a------ C:\Qoobox\Quarantine\Registry_backups\services_SysLibrary.reg.cf
    2008-01-26 23:06 430 --a------ C:\Qoobox\Quarantine\Registry_backups\services_runtime.reg.cf
    2008-01-26 23:06 786 --a------ C:\Qoobox\Quarantine\Registry_backups\services_msupdate.reg.cf
    2008-01-26 23:06 852 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NTNDIS.reg.cf

    Folder PATH listing
    Volume serial number is 6CF3-6A65
    C:\QOOBOX
    \---Quarantine
    | catchme.log
    | catchme2008-01-26_231001.73.zip
    |
    +---C
    | \---WINDOWS
    | \---system32
    | 9_exception.nls.vir
    | DefLib.sys.vir
    | msvcrtd.exe.vir
    |
    \---Registry_backups
    LEGACY_LDRSVC.reg.cf
    LEGACY_NTNDIS.reg.cf
    services_ldrsvc.reg.cf
    services_msupdate.reg.cf
    services_runtime.reg.cf
    services_SysLibrary.reg.cf

    /code
    0
  18. philwak Messages postés 25 Statut Membre
     
    j'ai ça aussi:

    2008/01/25 12:46:35:171 HTML parameter

    ScanAllDrives = 0
    Cleanable = 1
    AutoClean = 0
    ZipClean = 1
    SpecialTSC = 0
    EnableTSC = 1
    AdUrl =
    VirusAction = 0
    ScanFileExtensOnly =
    RenameToFileExtens = .VIR
    MoveToPath = C:\HouseCallQuarantine
    ShowErrorInAction = 0
    TrendUserId =
    TrendScanCompletedURL =
    ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
    ScanMemoryVirus = 1
    ScanBootVirus = 1
    ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
    HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/

    2008/01/25 12:46:35:234 3BBC68::OnCreate()
    2008/01/25 12:46:35:234 3BBC68::COleControl::OnCreate() Pass!
    2008/01/25 12:46:35:234 3BBC68::XP platform.
    2008/01/25 12:46:35:234 3BBC68::Mutex = AF0
    2008/01/25 12:46:35:234 3BBC68::OnCreate() Web server List checking ...
    2008/01/25 12:46:35:234 3BBC68::OnCreate() Get AddressBarText => 'http://www.secuser.com'
    2008/01/25 12:46:35:234 3BBC68::OnCreate() Parsing hostname form AddressBarText => 'http://www.secuser.com'
    2008/01/25 12:46:35:234 3BBC68::OnCreate() Found 'www.secuser.com' in server list
    2008/01/25 12:46:35:234 m_strClientIP=192.168.1.20

    2008/01/25 12:46:35:453 3BBC68::OnCreate() Pass!
    2008/01/25 12:46:35:468 3BBC68::ActveUpdateGetNewestPatternEngine() begin
    2008/01/25 12:46:36:406 (Xscan):nCurPatVer=0

    2008/01/25 12:46:36:406 (Xscan):HouseCallWorkDir = C:\WINDOWS
    2008/01/25 12:46:36:406 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
    2008/01/25 12:46:36:421 (Xscan):vscinfo.vi_Version=
    2008/01/25 12:46:36:421 (Xscan):version.build=0
    2008/01/25 12:46:36:421 server.ini path = C:\WINDOWS\AU_Temp\server.ini
    2008/01/25 12:46:36:421 HC client's product version 0 in uint32_t is 0x0, Build no is 0
    2008/01/25 12:46:36:421 (Xscan):nNewPatVer=0

    2008/01/25 12:46:36:421 (Xscan):HouseCallWorkDir=C:\WINDOWS

    2008/01/25 12:47:42:343 3BBC68::HcTmuUpdate() fail! url=http://housecall-p.activeupdate.trendmicro.com/activeupdate/ proxy=:0 ret=7,Update failed
    2008/01/25 12:47:47:750 3BBC68::ActveUpdateGetNewestPatternEngine() end
    2008/01/25 12:47:47:875 3BBC68::OnSafeStateToFireEvent()
    2008/01/25 12:47:58:703 (Xscan) : DuplicatePatternForTSC() cannot find pattern to covert

    2008/01/25 12:47:58:703 (Xscan):AddTail path(C:\)
    2008/01/25 12:47:58:703 3BBC68::VScanDlg.Create(619C8CA0)
    2008/01/25 12:47:58:781 try to FormatSysInfoString()....

    2008/01/25 12:47:58:781 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2

    2008/01/25 12:47:58:781 Internal Pattern Version = 0.000.00

    2008/01/25 12:48:11:375 After call NewEncryptStr => !CRYPT!8407629C8DD628E7773194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0B267A!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
    2008/01/25 12:48:11:375 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8407629C8DD628E7773194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0B267A!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
    2008/01/25 12:48:12:078 Send log fail (405)! retry later ...
    2008/01/25 12:48:12:140 Get log from queue ok! data : 01,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8407629C8DD628E7773194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0B267A!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
    2008/01/25 12:48:12:843 Send log fail (405)! retry later ...
    2008/01/25 12:48:12:906 Get log from queue ok! data : 02,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8407629C8DD628E7773194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0B267A!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
    2008/01/25 12:48:13:609 Send log fail (405)! retry later ...
    2008/01/25 12:48:13:609 3BBC68::~CXscanCtrl()
    2008/01/25 20:36:04:375 HTML parameter

    ScanAllDrives = 0
    Cleanable = 1
    AutoClean = 0
    ZipClean = 1
    SpecialTSC = 0
    EnableTSC = 1
    AdUrl =
    VirusAction = 0
    ScanFileExtensOnly =
    RenameToFileExtens = .VIR
    MoveToPath = C:\HouseCallQuarantine
    ShowErrorInAction = 0
    TrendUserId =
    TrendScanCompletedURL =
    ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
    ScanMemoryVirus = 1
    ScanBootVirus = 1
    ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
    HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/

    2008/01/25 20:36:04:421 1D39918::OnCreate()
    2008/01/25 20:36:04:421 1D39918::COleControl::OnCreate() Pass!
    2008/01/25 20:36:04:421 1D39918::XP platform.
    2008/01/25 20:36:04:421 1D39918::Mutex = 87C
    2008/01/25 20:36:04:437 1D39918::OnCreate() Web server List checking ...
    2008/01/25 20:36:16:640 1D39918::OnCreate() Pass!
    2008/01/25 20:36:16:718 Get log from queue ok! data : 03,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8407629C8DD628E7773194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0B267A!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
    2008/01/25 20:36:17:015 Send log fail (405)! retry later ...
    2008/01/25 20:36:17:015 1D39918::OnSafeStateToFireEvent()
    2008/01/25 20:36:17:937 After call NewEncryptStr => !CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
    2008/01/25 20:36:17:937 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
    2008/01/25 20:36:18:640 Send log fail (405)! retry later ...
    2008/01/25 20:36:18:703 Get log from queue ok! data : 01,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
    2008/01/25 20:36:19:406 Send log fail (405)! retry later ...
    2008/01/25 20:36:19:468 Get log from queue ok! data : 02,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
    2008/01/25 20:36:20:171 Send log fail (405)! retry later ...
    2008/01/25 20:36:20:171 1D39918::~CXscanCtrl()
    2008/01/25 20:38:02:562 HTML parameter

    ScanAllDrives = 0
    Cleanable = 1
    AutoClean = 0
    ZipClean = 1
    SpecialTSC = 0
    EnableTSC = 1
    AdUrl =
    VirusAction = 0
    ScanFileExtensOnly =
    RenameToFileExtens = .VIR
    MoveToPath = C:\HouseCallQuarantine
    ShowErrorInAction = 0
    TrendUserId =
    TrendScanCompletedURL =
    ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
    ScanMemoryVirus = 1
    ScanBootVirus = 1
    ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
    HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/

    2008/01/25 20:38:02:578 1D2A010::OnCreate()
    2008/01/25 20:38:02:578 1D2A010::COleControl::OnCreate() Pass!
    2008/01/25 20:38:02:578 1D2A010::XP platform.
    2008/01/25 20:38:02:578 1D2A010::Mutex = 620
    2008/01/25 20:38:02:578 1D2A010::OnCreate() Web server List checking ...
    2008/01/25 20:38:04:531 1D2A010::OnCreate() Pass!
    2008/01/25 20:38:04:609 Get log from queue ok! data : 03,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
    2008/01/25 20:38:04:906 Send log fail (405)! retry later ...
    2008/01/25 20:38:04:906 1D2A010::OnSafeStateToFireEvent()
    2008/01/25 20:38:05:234 After call NewEncryptStr => !CRYPT!840E874D8E13CA6F4A0194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4B0B59!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
    2008/01/25 20:38:05:234 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!840E874D8E13CA6F4A0194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4B0B59!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
    2008/01/25 20:38:05:937 Send log fail (405)! retry later ...
    2008/01/25 20:38:06:000 Get log from queue ok! data : 04,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
    2008/01/25 20:38:06:703 Send log fail (405)! retry later ...
    2008/01/25 20:38:06:765 Get log from queue ok! data : 05,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
    2008/01/25 20:38:07:468 Send log fail (405)! retry later ...
    2008/01/25 20:38:07:468 1D2A010::~CXscanCtrl()
    2008/01/26 15:22:02:421 HTML parameter

    ScanAllDrives = 0
    Cleanable = 1
    AutoClean = 0
    ZipClean = 1
    SpecialTSC = 0
    EnableTSC = 1
    AdUrl =
    VirusAction = 0
    ScanFileExtensOnly =
    RenameToFileExtens = .VIR
    MoveToPath = C:\HouseCallQuarantine
    ShowErrorInAction = 0
    TrendUserId =
    TrendScanCompletedURL =
    ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
    ScanMemoryVirus = 1
    ScanBootVirus = 1
    ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
    HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/

    2008/01/26 15:22:02:437 24F8DD0::OnCreate()
    2008/01/26 15:22:02:437 24F8DD0::COleControl::OnCreate() Pass!
    2008/01/26 15:22:02:437 24F8DD0::XP platform.
    2008/01/26 15:22:02:437 24F8DD0::Mutex = AB4
    2008/01/26 15:22:02:437 24F8DD0::OnCreate() Web server List checking ...
    2008/01/26 15:22:02:437 24F8DD0::OnCreate() Get AddressBarText => 'http://www.secuser.com'
    2008/01/26 15:22:02:437 24F8DD0::OnCreate() Parsing hostname form AddressBarText => 'http://www.secuser.com'
    2008/01/26 15:22:02:437 24F8DD0::OnCreate() Found 'www.secuser.com' in server list
    2008/01/26 15:22:02:437 m_strClientIP=192.168.1.20

    2008/01/26 15:22:03:093 24F8DD0::OnCreate() Pass!
    2008/01/26 15:22:03:093 24F8DD0::ActveUpdateGetNewestPatternEngine() begin
    2008/01/26 15:22:04:031 (Xscan):nCurPatVer=0

    2008/01/26 15:22:04:031 (Xscan):HouseCallWorkDir = C:\WINDOWS
    2008/01/26 15:22:04:031 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
    2008/01/26 15:22:04:078 (Xscan):vscinfo.vi_Version=
    2008/01/26 15:22:04:078 (Xscan):version.build=0
    2008/01/26 15:22:04:078 server.ini path = C:\WINDOWS\AU_Temp\server.ini
    2008/01/26 15:22:04:109 HC client's product version 5.70.930 in uint32_t is 0x57000, Build no is 930
    2008/01/26 15:22:04:109 (Xscan):nNewPatVer=0

    2008/01/26 15:22:04:109 (Xscan):HouseCallWorkDir=C:\WINDOWS

    2008/01/26 15:23:08:265 (Xscan):MoveFile(C:\WINDOWS\LPT$VPN.961,C:\WINDOWS\VPTNFILE.961)

    2008/01/26 15:23:08:265 (Xscan):MoveFile(C:\WINDOWS\LPT$VPN.963,C:\WINDOWS\VPTNFILE.963)

    2008/01/26 15:23:08:265 24F8DD0::ActveUpdateGetNewestPatternEngine() end
    2008/01/26 15:23:08:375 24F8DD0::OnSafeStateToFireEvent()
    2008/01/26 15:23:26:609 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.961 to C:\WINDOWS\LPT$VPN.961

    2008/01/26 15:23:26:625 (Xscan):AddTail path(C:\)
    2008/01/26 15:23:26:625 24F8DD0::VScanDlg.Create(619C8CA0)
    2008/01/26 15:23:26:656 try to FormatSysInfoString()....

    2008/01/26 15:23:26:656 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2

    2008/01/26 15:23:28:796 Internal Pattern Version = 4.963.00

    2008/01/26 15:27:22:937 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.961 to C:\WINDOWS\LPT$VPN.961

    2008/01/26 15:27:22:937 (Xscan):AddTail path(C:\)
    2008/01/26 15:27:22:937 24F8DD0::VScanDlg.Create(619C8CA0)
    2008/01/26 15:27:22:953 try to FormatSysInfoString()....

    2008/01/26 15:27:22:953 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2

    2008/01/26 15:27:24:843 Internal Pattern Version = 4.963.00

    2008/01/26 15:27:58:296 After call NewEncryptStr => !CRYPT!8409509DCAFC323587E194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F4858E6C6B82D7FC31BD88352B87E04F280F733E321AF52D3A01CFCC52158617ACDA632F5279!840965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0966B5876E5CA76982A2E7867!8402A2F575CBF2DFB8CA827117D208614D680810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3076FCE03547A97E35962042D3D!20B7EF2114C8ADE6EB8FA3F3BD0DF6DED6C4960436D
    2008/01/26 15:27:58:296 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8409509DCAFC323587E194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F4858E6C6B82D7FC31BD88352B87E04F280F733E321AF52D3A01CFCC52158617ACDA632F5279!840965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0966B5876E5CA76982A2E7867!8402A2F575CBF2DFB8CA827117D208614D680810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3076FCE03547A97E35962042D3D!20B7EF2114C8ADE6EB8FA3F3BD0DF6DED6C4960436D
    2008/01/26 15:27:59:015 Send log fail (405)! retry later ...
    2008/01/26 15:27:59:078 Get log from queue ok! data : 01,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8409509DCAFC323587E194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F4858E6C6B82D7FC31BD88352B87E04F280F733E321AF52D3A01CFCC52158617ACDA632F5279!840965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0966B5876E5CA76982A2E7867!8402A2F575CBF2DFB8CA827117D208614D680810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3076FCE03547A97E35962042D3D!20B7EF2114C8ADE6EB8FA3F3BD0DF6DED6C4960436D
    2008/01/26 15:27:59:781 Send log fail (405)! retry later ...
    2008/01/26 15:27:59:843 Get log from queue ok! data : 02,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8409509DCAFC323587E194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F4858E6C6B82D7FC31BD88352B87E04F280F733E321AF52D3A01CFCC52158617ACDA632F5279!840965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0966B5876E5CA76982A2E7867!8402A2F575CBF2DFB8CA827117D208614D680810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3076FCE03547A97E35962042D3D!20B7EF2114C8ADE6EB8FA3F3BD0DF6DED6C4960436D
    2008/01/26 15:28:00:546 Send log fail (405)! retry later ...
    2008/01/26 15:28:00:546 24F8DD0::~CXscanCtrl()
    2008/01/26 18:12:59:984 HTML parameter

    ScanAllDrives = 0
    Cleanable = 1
    AutoClean = 0
    ZipClean = 1
    SpecialTSC = 0
    EnableTSC = 1
    AdUrl =
    VirusAction = 0
    ScanFileExtensOnly =
    RenameToFileExtens = .VIR
    MoveToPath = C:\HouseCallQuarantine
    ShowErrorInAction = 0
    TrendUserId =
    TrendScanCompletedURL =
    ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
    ScanMemoryVirus = 1
    ScanBootVirus = 1
    ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
    HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/

    2008/01/26 18:13:00:078 260F520::OnCreate()
    2008/01/26 18:13:00:078 260F520::COleControl::OnCreate() Pass!
    2008/01/26 18:13:00:078 260F520::XP platform.
    2008/01/26 18:13:00:078 260F520::Mutex = AA4
    2008/01/26 18:13:00:109 260F520::OnCreate() Web server List checking ...
    2008/01/26 18:13:00:109 260F520::OnCreate() Get AddressBarText => 'http://www.secuser.com'
    2008/01/26 18:13:00:109 260F520::OnCreate() Parsing hostname form AddressBarText => 'http://www.secuser.com'
    2008/01/26 18:13:00:109 260F520::OnCreate() Found 'www.secuser.com' in server list
    2008/01/26 18:13:00:125 m_strClientIP=192.168.1.20

    2008/01/26 18:13:01:312 260F520::OnCreate() Pass!
    2008/01/26 18:13:01:390 260F520::ActveUpdateGetNewestPatternEngine() begin
    2008/01/26 18:13:20:937 (Xscan):nCurPatVer=963

    2008/01/26 18:13:20:953 (Xscan):CopyFile(C:\WINDOWS\VPTNFILE.963,C:\WINDOWS\LPT$VPN.963)

    2008/01/26 18:13:22:203 (Xscan):HouseCallWorkDir = C:\WINDOWS
    2008/01/26 18:13:22:203 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
    2008/01/26 18:13:22:234 (Xscan):vscinfo.vi_Version=8.500-1002
    2008/01/26 18:13:22:234 (Xscan):version.build=1002
    2008/01/26 18:13:22:234 server.ini path = C:\WINDOWS\AU_Temp\server.ini
    2008/01/26 18:13:22:234 HC client's product version 5.70.930 in uint32_t is 0x57000, Build no is 930
    2008/01/26 18:13:22:953 (Xscan):nNewPatVer=496300

    2008/01/26 18:13:22:953 (Xscan):HouseCallWorkDir=C:\WINDOWS

    2008/01/26 18:13:28:187 (Xscan):DeleteFile(C:\WINDOWS\LPT$VPN.963)

    2008/01/26 18:13:28:187 (Xscan):MoveFile(C:\WINDOWS\LPT$VPN.961,C:\WINDOWS\VPTNFILE.961)

    2008/01/26 18:13:28:187 260F520::ActveUpdateGetNewestPatternEngine() end
    2008/01/26 18:13:28:343 Get log from queue ok! data : 03,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8409509DCAFC323587E194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F4858E6C6B82D7FC31BD88352B87E04F280F733E321AF52D3A01CFCC52158617ACDA632F5279!840965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0966B5876E5CA76982A2E7867!8402A2F575CBF2DFB8CA827117D208614D680810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3076FCE03547A97E35962042D3D!20B7EF2114C8ADE6EB8FA3F3BD0DF6DED6C4960436D
    2008/01/26 18:13:28:687 Send log fail (405)! retry later ...
    2008/01/26 18:13:28:687 260F520::OnSafeStateToFireEvent()
    2008/01/26 18:13:41:984 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.961 to C:\WINDOWS\LPT$VPN.961

    2008/01/26 18:13:41:984 (Xscan):AddTail path(C:\)
    2008/01/26 18:13:41:984 260F520::VScanDlg.Create(619C8CA0)
    2008/01/26 18:13:42:125 try to FormatSysInfoString()....

    2008/01/26 18:13:42:125 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2

    2008/01/26 18:13:52:453 Internal Pattern Version = 0.000.00

    2008/01/26 18:13:52:781 After call NewEncryptStr => !CRYPT!8405431711D8BBF4D16194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0A2679!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
    2008/01/26 18:13:52:781 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8405431711D8BBF4D16194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0A2679!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
    2008/01/26 18:13:53:484 Send log fail (405)! retry later ...
    2008/01/26 18:13:53:546 Get log from queue ok! data : 01,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8405431711D8BBF4D16194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0A2679!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
    2008/01/26 18:13:54:250 Send log fail (405)! retry later ...
    2008/01/26 18:13:54:265 Get log from queue ok! data : 04,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8409509DCAFC323587E194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F4858E6C6B82D7FC31BD88352B87E04F280F733E321AF52D3A01CFCC52158617ACDA632F5279!840965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0966B5876E5CA76982A2E7867!8402A2F575CBF2DFB8CA827117D208614D680810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3076FCE03547A97E35962042D3D!20B7EF2114C8ADE6EB8FA3F3BD0DF6DED6C4960436D
    2008/01/26 18:13:54:968 Send log fail (405)! retry later ...
    2008/01/26 18:13:54:968 260F520::~CXscanCtrl()
    2008/01/26 18:17:18:453 HTML parameter

    ScanAllDrives = 0
    Cleanable = 1
    AutoClean = 0
    ZipClean = 1
    SpecialTSC = 0
    EnableTSC = 1
    AdUrl =
    VirusAction = 0
    ScanFileExtensOnly =
    RenameToFileExtens = .VIR
    MoveToPath = C:\HouseCallQuarantine
    ShowErrorInAction = 0
    TrendUserId =
    TrendScanCompletedURL =
    ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
    ScanMemoryVirus = 1
    ScanBootVirus = 1
    ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
    HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/

    2008/01/26 18:17:18:468 260F520::OnCreate()
    2008/01/26 18:17:18:468 260F520::COleControl::OnCreate() Pass!
    2008/01/26 18:17:18:468 260F520::XP platform.
    2008/01/26 18:17:18:468 260F520::Mutex = AC0
    2008/01/26 18:17:18:468 260F520::OnCreate() Web server List checking ...
    2008/01/26 18:17:18:468 260F520::OnCreate() Get AddressBarText => 'http://www.secuser.com'
    2008/01/26 18:17:18:468 260F520::OnCreate() Parsing hostname form AddressBarText => 'http://www.secuser.com'
    2008/01/26 18:17:18:468 260F520::OnCreate() Found 'www.secuser.com' in server list
    2008/01/26 18:17:18:468 m_strClientIP=192.168.1.20

    2008/01/26 18:17:18:546 260F520::OnCreate() Pass!
    2008/01/26 18:17:18:546 260F520::ActveUpdateGetNewestPatternEngine() begin
    2008/01/26 18:17:21:968 (Xscan):nCurPatVer=0

    2008/01/26 18:17:23:062 (Xscan):HouseCallWorkDir = C:\WINDOWS
    2008/01/26 18:17:23:062 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
    2008/01/26 18:17:23:062 (Xscan):vscinfo.vi_Version=
    2008/01/26 18:17:23:062 (Xscan):version.build=0
    2008/01/26 18:17:23:062 server.ini path = C:\WINDOWS\AU_Temp\server.ini
    2008/01/26 18:17:23:078 HC client's product version 5.70.930 in uint32_t is 0x57000, Build no is 930
    2008/01/26 18:17:23:656 (Xscan):nNewPatVer=0

    2008/01/26 18:17:23:656 (Xscan):HouseCallWorkDir=C:\WINDOWS

    2008/01/26 18:18:22:703 260F520::HcTmuUpdate() fail! url=http://housecall-p.activeupdate.trendmicro.com/activeupdate/ proxy=:0 ret=7,Update failed
    2008/01/26 18:18:31:484 (Xscan):HouseCallWorkDir = C:\WINDOWS
    2008/01/26 18:18:31:484 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
    2008/01/26 18:18:31:484 (Xscan):vscinfo.vi_Version=
    2008/01/26 18:18:31:484 (Xscan):version.build=0
    2008/01/26 18:18:31:484 server.ini path = C:\WINDOWS\AU_Temp\server.ini
    2008/01/26 18:18:31:484 HC client's product version 5.70.930 in uint32_t is 0x57000, Build no is 930
    2008/01/26 18:18:31:765 (Xscan):nNewPatVer=0

    2008/01/26 18:18:31:765 (Xscan):HouseCallWorkDir=C:\WINDOWS

    2008/01/26 18:18:32:281 (Xscan):MoveFile(C:\WINDOWS\LPT$VPN.961,C:\WINDOWS\VPTNFILE.961)

    2008/01/26 18:18:32:281 (Xscan):MoveFile(C:\WINDOWS\LPT$VPN.963,C:\WINDOWS\VPTNFILE.963)

    2008/01/26 18:18:32:281 260F520::ActveUpdateGetNewestPatternEngine() end
    2008/01/26 18:18:32:343 Get log from queue ok! data : 02,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8405431711D8BBF4D16194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0A2679!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
    2008/01/26 18:18:33:062 Send log fail (405)! retry later ...
    2008/01/26 18:18:33:062 260F520::OnSafeStateToFireEvent()
    2008/01/26 18:18:44:093 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.961 to C:\WINDOWS\LPT$VPN.961

    2008/01/26 18:18:44:156 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.963 to C:\WINDOWS\LPT$VPN.963

    2008/01/26 18:18:44:156 (Xscan):AddTail path(C:\)
    2008/01/26 18:18:44:156 260F520::VScanDlg.Create(619C8CA0)
    2008/01/26 18:18:44:171 try to FormatSysInfoString()....

    2008/01/26 18:18:44:171 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2

    2008/01/26 18:18:45:250 Internal Pattern Version = 0.000.00

    2008/01/26 18:19:09:531 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.961 to C:\WINDOWS\LPT$VPN.961

    2008/01/26 18:19:09:531 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.963 to C:\WINDOWS\LPT$VPN.963

    2008/01/26 18:19:09:531 (Xscan):AddTail path(C:\)
    2008/01/26 18:19:09:531 260F520::VScanDlg.Create(619C8CA0)
    2008/01/26 18:19:09:546 try to FormatSysInfoString()....

    2008/01/26 18:19:09:546 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2

    2008/01/26 18:19:10:406 Internal Pattern Version = 0.000.00

    2008/01/26 18:19:19:656 After call NewEncryptStr => !CRYPT!84005B4D64EEEB00E1C194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F072F79!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
    2008/01/26 18:19:19:656 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!84005B4D64EEEB00E1C194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F072F79!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
    2008/01/26 18:19:20:375 Send log fail (405)! retry later ...
    2008/01/26 18:19:20:437 Get log from queue ok! data : 03,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8405431711D8BBF4D16194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0A2679!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
    2008/01/26 18:19:21:140 Send log fail (405)! retry later ...
    2008/01/26 18:19:21:140 Get log from queue ok! data : 01,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!84005B4D64EEEB00E1C194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F072F79!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
    2008/01/26 18:19:21:843 Send log fail (405)! retry later ...
    2008/01/26 18:19:21:843 260F520::~CXscanCtrl()
    0
  19. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    non ce n'est pas ça
    il doit ressembler à l'autre rapport mais avec les suppressions en plus
    0