Infection par msn
philwak
Messages postés
25
Statut
Membre
-
ep44 Messages postés 7432 Statut Contributeur -
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,
Depuis hier soir, je crois que mon pc est infecté par un virus ou autre bestiole de ce genre. Ma fille qui surfait sur msn à cliquée sur un lien et à enregistrer un fichier sur le disque dur. aprés avoir allumé le pc, les icones disparaissent et l'ordi s'éteind et se rallume en boucle. Il fonctionne par contre en mode sans échec, je suis connecté à internet par ce biais. J'ai fait un scan général avec avast, ccleaner, spybot mais rien n'y fait. Pouvez vous m'aider? Je colle ci dessous le rapport hijackthis. Merci beaucoup pour votre aide.
Logfile of HijackThis v1.99.1
Scan saved at 21:44:07, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules Blog Webcam\CamService.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
O4 - HKCU\..\RunOnce: [IE7-10] rundll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\NR_IE7en.inf,AfterUserStart,,4,N
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CS1\Services\Tcpip\..\{7ECAAFBE-96BC-413D-8CA0-F0854A018295}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Depuis hier soir, je crois que mon pc est infecté par un virus ou autre bestiole de ce genre. Ma fille qui surfait sur msn à cliquée sur un lien et à enregistrer un fichier sur le disque dur. aprés avoir allumé le pc, les icones disparaissent et l'ordi s'éteind et se rallume en boucle. Il fonctionne par contre en mode sans échec, je suis connecté à internet par ce biais. J'ai fait un scan général avec avast, ccleaner, spybot mais rien n'y fait. Pouvez vous m'aider? Je colle ci dessous le rapport hijackthis. Merci beaucoup pour votre aide.
Logfile of HijackThis v1.99.1
Scan saved at 21:44:07, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules Blog Webcam\CamService.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
O4 - HKCU\..\RunOnce: [IE7-10] rundll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\NR_IE7en.inf,AfterUserStart,,4,N
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CS1\Services\Tcpip\..\{7ECAAFBE-96BC-413D-8CA0-F0854A018295}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
A voir également:
- Infection par msn
- Telecharger msn - Télécharger - Messagerie
- Msn messenger - Télécharger - Messagerie
- Msn explorer - Télécharger - Divers Web & Internet
- Msn plus - Télécharger - Messagerie
- Msn actu - Télécharger - Médias et Actualité
18 réponses
Bonsoir
pas bon internet en MSE
suit ceci
Télécharge:
http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware
=> Installer
=> Le lancer
=> Clic : Mise à jour
------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
=> Dans ANALYSE ( en forme de loupe )
=> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
=> Clic : Analyse complète du système
-------
=> à la fin du scan ( qui est assez long)
=> Clic Appliquer toutes les actions <== ceci Très important
=> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
-------
En mode normal
colle le rapport
-------------
Télécharge sur le bureau
http://sosvirus.changelog.fr/MSNFix.zip
=> Clic-Droit sur MSNFix.zip
=> Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
=> Double-Clic sur le dossier MSNfix qui vient de se créer
=> Double-Clic MSNfix ==> Symbole roue dentée
=> Choisir R
=> Choisir ensuite N ( si infection)
=> Enregistre le rapport
redémarre le PC et relancer MSN tu sauras ainsi si tout est supprimé
=======================
et pour contrôle
Télécharge sur le bureau
ftp://ftp.commentcamarche.com/download/HJTInstall.exe
=> Clic-droit sur Hijackthis
=> Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
=> clic droit sur Hijackthis ==> renommer ==> écrire : test.exe ( à la place de hijackthis.exe)<== Important
=>Double-clic dessus
=> Clic Do a system scan and save the log
=> ensuite colle le rapport
@+
pas bon internet en MSE
suit ceci
Télécharge:
http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware
=> Installer
=> Le lancer
=> Clic : Mise à jour
------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
=> Dans ANALYSE ( en forme de loupe )
=> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
=> Clic : Analyse complète du système
-------
=> à la fin du scan ( qui est assez long)
=> Clic Appliquer toutes les actions <== ceci Très important
=> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
-------
En mode normal
colle le rapport
-------------
Télécharge sur le bureau
http://sosvirus.changelog.fr/MSNFix.zip
=> Clic-Droit sur MSNFix.zip
=> Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
=> Double-Clic sur le dossier MSNfix qui vient de se créer
=> Double-Clic MSNfix ==> Symbole roue dentée
=> Choisir R
=> Choisir ensuite N ( si infection)
=> Enregistre le rapport
redémarre le PC et relancer MSN tu sauras ainsi si tout est supprimé
=======================
et pour contrôle
Télécharge sur le bureau
ftp://ftp.commentcamarche.com/download/HJTInstall.exe
=> Clic-droit sur Hijackthis
=> Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
=> clic droit sur Hijackthis ==> renommer ==> écrire : test.exe ( à la place de hijackthis.exe)<== Important
=>Double-clic dessus
=> Clic Do a system scan and save the log
=> ensuite colle le rapport
@+
voici le rapport avg
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:38:36 25/01/2008
+ Résultat de l'analyse:
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OZL8635Z\ddos[1].txt -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{460B3684-9612-4632-A2E3-6C82077ED460}\RP188\A0025276.exe -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
C:\d.exe -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
[1020] VM_13110000 -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{460B3684-9612-4632-A2E3-6C82077ED460}\RP188\A0022218.exe -> Backdoor.IRCBot.acd : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrator\Desktop\Upload_Me.zip/DOCUME~1/ADMINI~1/Desktop/Upload_Me/kkynn.exe -> Proxy.Wopla.ao : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrator\My Documents\Mes fichiers reçus\msnscan\MSNFix\25012008_22041932.zip/backup/kkynn.exe -> Proxy.Wopla.ao : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{460B3684-9612-4632-A2E3-6C82077ED460}\RP188\A0025286.exe -> Proxy.Wopla.ao : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrator\Desktop\Upload_Me.zip/DOCUME~1/ADMINI~1/Desktop/Upload_Me/ylru.exe -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Z9ANF9DW\eixnlapsu[1].htm -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrator\My Documents\Mes fichiers reçus\msnscan\MSNFix\25012008_22041932.zip/backup/ylru.exe -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Documents\Settings\partnership.dll~ -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{460B3684-9612-4632-A2E3-6C82077ED460}\RP188\A0025287.exe -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
C:\ylru.exe -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
[676] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\parBC70.tmp -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\drivers\ip6fw.sys -> Rootkit.Agent.pr : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.284:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.285:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.286:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.287:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.288:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.289:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.19:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.20:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.21:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.23:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.668:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.685:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.911:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.93:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@msnaccountservices.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@msnlivefavorites.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.182:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.183:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.184:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.185:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.444:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.445:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.446:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.447:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.448:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.449:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.38:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.213:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.214:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.215:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.216:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.217:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.397:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.159:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.111:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.419:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.420:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.421:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.422:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.423:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.424:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.425:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.426:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.427:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.160:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.161:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.162:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.15:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.252:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.353:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.354:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.355:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.356:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@as1.falkag[2].txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.205:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.206:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.207:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.209:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.210:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.393:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.441:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.450:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.552:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.599:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.609:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.644:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.652:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.687:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.756:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.777:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.811:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.172:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.173:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.174:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.564:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.730:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.731:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@ehg-foxsports.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@ehg-neuftelecom.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.177:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.178:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.28:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.876:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Ne : Nettoyé.
:mozilla.684:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.225:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.226:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.227:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.733:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.734:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.735:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.73:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.75:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.76:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.77:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.78:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.79:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.83:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@serving-sys[3].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.329:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.655:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.908:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.909:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.74:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.80:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.81:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.82:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@h.starware[2].txt -> TrackingCookie.Starware : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@try.starware[2].txt -> TrackingCookie.Starware : Nettoyé.
:mozilla.379:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.380:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.381:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.382:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.383:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.384:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.385:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.66:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.67:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.68:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.69:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.70:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.189:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.465:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyé.
:mozilla.466:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyé.
:mozilla.469:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyé.
:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.24:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.26:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.27:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.346:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.261:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé.
:mozilla.175:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.176:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.179:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.180:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.181:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9CCVXH1M\cprdshtvt[1].htm -> Trojan.Sinowal.gf : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:38:36 25/01/2008
+ Résultat de l'analyse:
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OZL8635Z\ddos[1].txt -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{460B3684-9612-4632-A2E3-6C82077ED460}\RP188\A0025276.exe -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
C:\d.exe -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
[1020] VM_13110000 -> Backdoor.Agent.alm : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{460B3684-9612-4632-A2E3-6C82077ED460}\RP188\A0022218.exe -> Backdoor.IRCBot.acd : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrator\Desktop\Upload_Me.zip/DOCUME~1/ADMINI~1/Desktop/Upload_Me/kkynn.exe -> Proxy.Wopla.ao : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrator\My Documents\Mes fichiers reçus\msnscan\MSNFix\25012008_22041932.zip/backup/kkynn.exe -> Proxy.Wopla.ao : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{460B3684-9612-4632-A2E3-6C82077ED460}\RP188\A0025286.exe -> Proxy.Wopla.ao : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrator\Desktop\Upload_Me.zip/DOCUME~1/ADMINI~1/Desktop/Upload_Me/ylru.exe -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Z9ANF9DW\eixnlapsu[1].htm -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Administrator\My Documents\Mes fichiers reçus\msnscan\MSNFix\25012008_22041932.zip/backup/ylru.exe -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\All Users\Documents\Settings\partnership.dll~ -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{460B3684-9612-4632-A2E3-6C82077ED460}\RP188\A0025287.exe -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
C:\ylru.exe -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
[676] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\parBC70.tmp -> Proxy.Xorpix.cs : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\drivers\ip6fw.sys -> Rootkit.Agent.pr : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.284:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.285:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.286:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.287:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.288:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.289:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.19:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.20:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.21:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.23:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.668:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.685:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.911:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.93:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@msnaccountservices.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@msnlivefavorites.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.182:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.183:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.184:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.185:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.444:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.445:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.446:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.447:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.448:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.449:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.38:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.213:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.214:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.215:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.216:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.217:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.397:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.159:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.111:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.419:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.420:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.421:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.422:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.423:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.424:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.425:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.426:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.427:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.160:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.161:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.162:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.15:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.252:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.353:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.354:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.355:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.356:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@as1.falkag[2].txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.205:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.206:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.207:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.209:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.210:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.393:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.441:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.450:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.552:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.599:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.609:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.644:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.652:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.687:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.756:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.777:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.811:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.172:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.173:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.174:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.564:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.730:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.731:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@ehg-foxsports.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@ehg-neuftelecom.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.177:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.178:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.28:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.876:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Ne : Nettoyé.
:mozilla.684:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.225:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.226:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.227:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.733:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.734:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.735:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.73:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.75:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.76:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.77:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.78:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.79:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.83:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@serving-sys[3].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.329:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.655:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.908:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.909:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.74:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.80:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.81:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.82:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@h.starware[2].txt -> TrackingCookie.Starware : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@try.starware[2].txt -> TrackingCookie.Starware : Nettoyé.
:mozilla.379:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.380:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.381:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.382:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.383:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.384:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.385:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.66:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.67:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.68:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.69:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.70:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.189:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.465:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyé.
:mozilla.466:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyé.
:mozilla.469:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyé.
:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p5tx6f43.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.24:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.26:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.27:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Administrator\Cookies\administrator@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.346:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.261:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé.
:mozilla.175:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.176:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.179:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.180:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.181:C:\Documents and Settings\salon\Application Data\Mozilla\Firefox\Profiles\fy2c0z19.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\salon\Cookies\salon@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9CCVXH1M\cprdshtvt[1].htm -> Trojan.Sinowal.gf : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
Voici le hijackthis de ce matin, je n'arrive pas a avoir de rapport msnfix, a la fin du scan il est indiqué que l'infection est toujours présente ....mais pas de rapport.
Logfile of HijackThis v1.99.1
Scan saved at 09:33:23, on 26/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules Blog Webcam\CamService.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [MSNFix] C:\Documents and Settings\Administrator\My Documents\Mes fichiers reçus\msnscan\MSNFix\MSNFix.bat /pass2
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
O4 - HKCU\..\RunOnce: [IE7-10] rundll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\NR_IE7en.inf,AfterUserStart,,4,N
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CS1\Services\Tcpip\..\{7ECAAFBE-96BC-413D-8CA0-F0854A018295}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 09:33:23, on 26/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules Blog Webcam\CamService.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [MSNFix] C:\Documents and Settings\Administrator\My Documents\Mes fichiers reçus\msnscan\MSNFix\MSNFix.bat /pass2
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
O4 - HKCU\..\RunOnce: [IE7-10] rundll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\NR_IE7en.inf,AfterUserStart,,4,N
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CS1\Services\Tcpip\..\{7ECAAFBE-96BC-413D-8CA0-F0854A018295}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour philwak,
on laisse MSNfix que tu peux supprimer
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec
------
=> Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
=> Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
=> Appuie sur Y pour commencer le processus de nettoyage.
=> Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
=> Appuie sur une touche pour redémarrer le PC.
=> Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
=> Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
=> Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
=> Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
=> Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse
@+
on laisse MSNfix que tu peux supprimer
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec
------
=> Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
=> Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
=> Appuie sur Y pour commencer le processus de nettoyage.
=> Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
=> Appuie sur une touche pour redémarrer le PC.
=> Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
=> Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
=> Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
=> Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
=> Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse
@+
voila, c'est fait:
SDFix: Version 1.131
Run by Administrator on 26/01/2008 at 10:25
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\ADMINI~1\MYDOCU~1\MESFIC~1\SDFix
Safe Mode:
Checking Services:
Name:
ldrsvc
msupdate
Path:
%SystemRoot%\System32\svchost.exe -k netsvcs
c:\windows\system32\msvcrtd.exe
ldrsvc - Deleted
msupdate - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Merci pour ton aide.
SDFix: Version 1.131
Run by Administrator on 26/01/2008 at 10:25
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\ADMINI~1\MYDOCU~1\MESFIC~1\SDFix
Safe Mode:
Checking Services:
Name:
ldrsvc
msupdate
Path:
%SystemRoot%\System32\svchost.exe -k netsvcs
c:\windows\system32\msvcrtd.exe
ldrsvc - Deleted
msupdate - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Merci pour ton aide.
Télécharge Combofix sUBs : http://www.pc-xpress.ca/download/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
le voila, merci de t'occuper de mon cas:
ComboFix 07-08-09.3 - "Administrator" 2008-01-26 23:05:40.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.755 [GMT 1:00]
/wow section - STAGE 6
/wow section - STAGE 7
/wow section - STAGE 8
/wow section - STAGE 11
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\9_exception.nls
C:\WINDOWS\system32\DefLib.sys
C:\WINDOWS\system32\msvcrtd.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_LDRSVC
-------\LEGACY_NTNDIS
-------\ldrsvc
-------\msupdate
-------\runtime
-------\SysLibrary
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
2008-01-26 23:05 51,200 --a------ C:\WINDOWS\nircmd.exe
2008-01-26 22:58 7,680 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys
2008-01-26 22:58 25,984 --a------ C:\WINDOWS\system32\drivers\Cfw47.sys
2008-01-26 22:58 18,176 --a------ C:\WINDOWS\system32\drivers\smtpdrv.sys
2008-01-26 22:58 16,384 --a------ C:\WINDOWS\system32\mmmsblbbl.dll
2008-01-26 22:57 58,368 --a------ C:\blhhjtpx.exe
2008-01-26 22:57 54,764 --a------ C:\WINDOWS\system32\drivers\khtml.sys
2008-01-26 22:57 3,584 --a------ C:\kxhacvkl.exe
2008-01-26 22:57 22,016 --a------ C:\DOCUME~1\ADMINI~1\sljtok.exe
2008-01-26 22:57 13,312 --a------ C:\WINDOWS\system32\mssrv32.exe
2008-01-26 22:52 34,305 --a------ C:\DOCUME~1\ADMINI~1\saekhwtt.exe
2008-01-26 22:45 34,305 --a------ C:\DOCUME~1\salon\saekhwtt.exe
2008-01-26 19:11 12,288 --a------ C:\WINDOWS\system32\rtxemd.exe
2008-01-26 18:45 <DIR> d-------- C:\Program Files\Avira
2008-01-26 18:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
2008-01-26 18:18 <DIR> d-------- C:\WINDOWS\AU_Temp
2008-01-26 17:30 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-01-26 15:23 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-01-26 15:23 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-01-26 15:23 <DIR> d-------- C:\WINDOWS\AU_Backup
2008-01-26 15:04 <DIR> d-------- C:\DOCUME~1\ADMINI~1\internet explorer
2008-01-26 12:59 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2008-01-26 12:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MSNInstaller
2008-01-26 11:32 <DIR> d-------- C:\MSNFix
2008-01-26 10:25 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-25 21:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Contacts
2008-01-25 21:28 <DIR> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2008-01-25 21:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-25 20:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-01-25 12:46 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-01-25 12:46 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-01-25 12:46 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-01-25 12:46 <DIR> d-------- C:\WINDOWS\AU_Log
2008-01-24 23:18 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\TuneUp Software
2008-01-24 21:42 <DIR> d--hs---- C:\WINDOWS\CSC
2008-01-24 21:31 2,359,296 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2008-01-23 19:05 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-01-23 19:05 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-01-23 19:05 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-01-23 19:05 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-01-23 19:05 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-01-23 19:05 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-01-23 19:05 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-01-23 19:05 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-01-06 15:35 <DIR> d-------- C:\DOCUME~1\salon\APPLIC~1\Skyline
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2007-05-24 09:49 C:\WINDOWS\system32\HDAShCut.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43]
"nwiz"="nwiz.exe" [2006-08-11 14:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 02:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-26 19:22]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 14:35]
"HerculesCamService"="C:\Program Files\Hercules\Hercules Blog Webcam\CamService.exe" [2006-10-04 17:44]
"SDFix"="C:\SDFix\RunThis.bat /second" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32
"IE7-10"=rundll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\NR_IE7en.inf,AfterUserStart,,4,N
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SDFix"=C:\SDFix\RunThis.bat /second
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-06-27 14:45 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\mmmsblbbl.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cfw47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 smtpdrv;smtpdrv;C:\WINDOWS\system32\DRIVERS\smtpdrv.sys
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
S1 avgio;avgio;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
S1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
S1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
S1 khtml;kernel html parser;\??\C:\WINDOWS\system32\drivers\khtml.sys
S1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
S2 rspndr;Link-Layer Topology Discovery Responder;C:\WINDOWS\system32\DRIVERS\rspndr.sys
S3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
S3 APL531;Hercules Blog Webcam;C:\WINDOWS\system32\Drivers\BLvid.sys
S3 avgntflt;avgntflt;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
S3 camfilt;camfilt;C:\WINDOWS\system32\Drivers\camfilt.sys
S3 Cfw47;Cfw47;\??\C:\WINDOWS\System32\drivers\Cfw47.sys
S3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 23:10:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
C:\Documents and Settings\Administrator\saekhwtt.exe [1756] 0x86AABDA0
scanning hidden registry entries ...
ça a été un peu difficile car je suis en mode sans échec et une fenêtre pop up s'ouvrait contemment voulant envoyer le rapport à microsoft.....
ComboFix 07-08-09.3 - "Administrator" 2008-01-26 23:05:40.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.755 [GMT 1:00]
/wow section - STAGE 6
/wow section - STAGE 7
/wow section - STAGE 8
/wow section - STAGE 11
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\9_exception.nls
C:\WINDOWS\system32\DefLib.sys
C:\WINDOWS\system32\msvcrtd.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_LDRSVC
-------\LEGACY_NTNDIS
-------\ldrsvc
-------\msupdate
-------\runtime
-------\SysLibrary
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
2008-01-26 23:05 51,200 --a------ C:\WINDOWS\nircmd.exe
2008-01-26 22:58 7,680 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys
2008-01-26 22:58 25,984 --a------ C:\WINDOWS\system32\drivers\Cfw47.sys
2008-01-26 22:58 18,176 --a------ C:\WINDOWS\system32\drivers\smtpdrv.sys
2008-01-26 22:58 16,384 --a------ C:\WINDOWS\system32\mmmsblbbl.dll
2008-01-26 22:57 58,368 --a------ C:\blhhjtpx.exe
2008-01-26 22:57 54,764 --a------ C:\WINDOWS\system32\drivers\khtml.sys
2008-01-26 22:57 3,584 --a------ C:\kxhacvkl.exe
2008-01-26 22:57 22,016 --a------ C:\DOCUME~1\ADMINI~1\sljtok.exe
2008-01-26 22:57 13,312 --a------ C:\WINDOWS\system32\mssrv32.exe
2008-01-26 22:52 34,305 --a------ C:\DOCUME~1\ADMINI~1\saekhwtt.exe
2008-01-26 22:45 34,305 --a------ C:\DOCUME~1\salon\saekhwtt.exe
2008-01-26 19:11 12,288 --a------ C:\WINDOWS\system32\rtxemd.exe
2008-01-26 18:45 <DIR> d-------- C:\Program Files\Avira
2008-01-26 18:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
2008-01-26 18:18 <DIR> d-------- C:\WINDOWS\AU_Temp
2008-01-26 17:30 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-01-26 15:23 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-01-26 15:23 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-01-26 15:23 <DIR> d-------- C:\WINDOWS\AU_Backup
2008-01-26 15:04 <DIR> d-------- C:\DOCUME~1\ADMINI~1\internet explorer
2008-01-26 12:59 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2008-01-26 12:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MSNInstaller
2008-01-26 11:32 <DIR> d-------- C:\MSNFix
2008-01-26 10:25 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-25 21:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Contacts
2008-01-25 21:28 <DIR> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2008-01-25 21:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-25 20:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-01-25 12:46 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-01-25 12:46 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-01-25 12:46 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-01-25 12:46 <DIR> d-------- C:\WINDOWS\AU_Log
2008-01-24 23:18 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\TuneUp Software
2008-01-24 21:42 <DIR> d--hs---- C:\WINDOWS\CSC
2008-01-24 21:31 2,359,296 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2008-01-23 19:05 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-01-23 19:05 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-01-23 19:05 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-01-23 19:05 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-01-23 19:05 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-01-23 19:05 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-01-23 19:05 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-01-23 19:05 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-01-06 15:35 <DIR> d-------- C:\DOCUME~1\salon\APPLIC~1\Skyline
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2007-05-24 09:49 C:\WINDOWS\system32\HDAShCut.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43]
"nwiz"="nwiz.exe" [2006-08-11 14:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 02:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-26 19:22]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 14:35]
"HerculesCamService"="C:\Program Files\Hercules\Hercules Blog Webcam\CamService.exe" [2006-10-04 17:44]
"SDFix"="C:\SDFix\RunThis.bat /second" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32
"IE7-10"=rundll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\NR_IE7en.inf,AfterUserStart,,4,N
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SDFix"=C:\SDFix\RunThis.bat /second
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-06-27 14:45 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\mmmsblbbl.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cfw47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 smtpdrv;smtpdrv;C:\WINDOWS\system32\DRIVERS\smtpdrv.sys
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
S1 avgio;avgio;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
S1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
S1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
S1 khtml;kernel html parser;\??\C:\WINDOWS\system32\drivers\khtml.sys
S1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
S2 rspndr;Link-Layer Topology Discovery Responder;C:\WINDOWS\system32\DRIVERS\rspndr.sys
S3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
S3 APL531;Hercules Blog Webcam;C:\WINDOWS\system32\Drivers\BLvid.sys
S3 avgntflt;avgntflt;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
S3 camfilt;camfilt;C:\WINDOWS\system32\Drivers\camfilt.sys
S3 Cfw47;Cfw47;\??\C:\WINDOWS\System32\drivers\Cfw47.sys
S3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 23:10:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
C:\Documents and Settings\Administrator\saekhwtt.exe [1756] 0x86AABDA0
scanning hidden registry entries ...
ça a été un peu difficile car je suis en mode sans échec et une fenêtre pop up s'ouvrait contemment voulant envoyer le rapport à microsoft.....
selectionne ceci
registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-
File::
C:\WINDOWS\system32\mmmsblbbl.dll
C:\blhhjtpx.exe
C:\kxhacvkl.exe
C:\WINDOWS\system32\drivers\khtml.sys
C:\DOCUME~1\ADMINI~1\sljtok.exe
C:\WINDOWS\system32\mssrv32.exe
C:\DOCUME~1\ADMINI~1\saekhwtt.exe
C:\DOCUME~1\salon\saekhwtt.exe
C:\WINDOWS\system32\rtxemd.exe
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
@+
registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-
File::
C:\WINDOWS\system32\mmmsblbbl.dll
C:\blhhjtpx.exe
C:\kxhacvkl.exe
C:\WINDOWS\system32\drivers\khtml.sys
C:\DOCUME~1\ADMINI~1\sljtok.exe
C:\WINDOWS\system32\mssrv32.exe
C:\DOCUME~1\ADMINI~1\saekhwtt.exe
C:\DOCUME~1\salon\saekhwtt.exe
C:\WINDOWS\system32\rtxemd.exe
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
@+
dsl, ça ne marche pas, le programme est viré par des pop upme demandant d'envoyer le rapport à microsoft!!!
a tu une autre solution?
Merci d'avance
a tu une autre solution?
Merci d'avance
c'est ça?
[code]
2008-01-26 22:57 35840 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\msvcrtd.exe.vir
2008-01-26 22:57 7923 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\DefLib.sys.vir
2008-01-26 22:58 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\9_exception.nls.vir
2008-01-26 23:06 1028 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_LDRSVC.reg.cf
2008-01-26 23:06 157 --a------ C:\Qoobox\Quarantine\catchme.log
2008-01-26 23:06 21525 --a------ C:\Qoobox\Quarantine\catchme2008-01-26_231001.73.zip
2008-01-26 23:06 3436 --a------ C:\Qoobox\Quarantine\Registry_backups\services_ldrsvc.reg.cf
2008-01-26 23:06 368 --a------ C:\Qoobox\Quarantine\Registry_backups\services_SysLibrary.reg.cf
2008-01-26 23:06 430 --a------ C:\Qoobox\Quarantine\Registry_backups\services_runtime.reg.cf
2008-01-26 23:06 786 --a------ C:\Qoobox\Quarantine\Registry_backups\services_msupdate.reg.cf
2008-01-26 23:06 852 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NTNDIS.reg.cf
Folder PATH listing
Volume serial number is 6CF3-6A65
C:\QOOBOX
\---Quarantine
| catchme.log
| catchme2008-01-26_231001.73.zip
|
+---C
| \---WINDOWS
| \---system32
| 9_exception.nls.vir
| DefLib.sys.vir
| msvcrtd.exe.vir
|
\---Registry_backups
LEGACY_LDRSVC.reg.cf
LEGACY_NTNDIS.reg.cf
services_ldrsvc.reg.cf
services_msupdate.reg.cf
services_runtime.reg.cf
services_SysLibrary.reg.cf
/code
[code]
2008-01-26 22:57 35840 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\msvcrtd.exe.vir
2008-01-26 22:57 7923 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\DefLib.sys.vir
2008-01-26 22:58 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\9_exception.nls.vir
2008-01-26 23:06 1028 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_LDRSVC.reg.cf
2008-01-26 23:06 157 --a------ C:\Qoobox\Quarantine\catchme.log
2008-01-26 23:06 21525 --a------ C:\Qoobox\Quarantine\catchme2008-01-26_231001.73.zip
2008-01-26 23:06 3436 --a------ C:\Qoobox\Quarantine\Registry_backups\services_ldrsvc.reg.cf
2008-01-26 23:06 368 --a------ C:\Qoobox\Quarantine\Registry_backups\services_SysLibrary.reg.cf
2008-01-26 23:06 430 --a------ C:\Qoobox\Quarantine\Registry_backups\services_runtime.reg.cf
2008-01-26 23:06 786 --a------ C:\Qoobox\Quarantine\Registry_backups\services_msupdate.reg.cf
2008-01-26 23:06 852 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NTNDIS.reg.cf
Folder PATH listing
Volume serial number is 6CF3-6A65
C:\QOOBOX
\---Quarantine
| catchme.log
| catchme2008-01-26_231001.73.zip
|
+---C
| \---WINDOWS
| \---system32
| 9_exception.nls.vir
| DefLib.sys.vir
| msvcrtd.exe.vir
|
\---Registry_backups
LEGACY_LDRSVC.reg.cf
LEGACY_NTNDIS.reg.cf
services_ldrsvc.reg.cf
services_msupdate.reg.cf
services_runtime.reg.cf
services_SysLibrary.reg.cf
/code
j'ai ça aussi:
2008/01/25 12:46:35:171 HTML parameter
ScanAllDrives = 0
Cleanable = 1
AutoClean = 0
ZipClean = 1
SpecialTSC = 0
EnableTSC = 1
AdUrl =
VirusAction = 0
ScanFileExtensOnly =
RenameToFileExtens = .VIR
MoveToPath = C:\HouseCallQuarantine
ShowErrorInAction = 0
TrendUserId =
TrendScanCompletedURL =
ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
ScanMemoryVirus = 1
ScanBootVirus = 1
ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/
2008/01/25 12:46:35:234 3BBC68::OnCreate()
2008/01/25 12:46:35:234 3BBC68::COleControl::OnCreate() Pass!
2008/01/25 12:46:35:234 3BBC68::XP platform.
2008/01/25 12:46:35:234 3BBC68::Mutex = AF0
2008/01/25 12:46:35:234 3BBC68::OnCreate() Web server List checking ...
2008/01/25 12:46:35:234 3BBC68::OnCreate() Get AddressBarText => 'http://www.secuser.com'
2008/01/25 12:46:35:234 3BBC68::OnCreate() Parsing hostname form AddressBarText => 'http://www.secuser.com'
2008/01/25 12:46:35:234 3BBC68::OnCreate() Found 'www.secuser.com' in server list
2008/01/25 12:46:35:234 m_strClientIP=192.168.1.20
2008/01/25 12:46:35:453 3BBC68::OnCreate() Pass!
2008/01/25 12:46:35:468 3BBC68::ActveUpdateGetNewestPatternEngine() begin
2008/01/25 12:46:36:406 (Xscan):nCurPatVer=0
2008/01/25 12:46:36:406 (Xscan):HouseCallWorkDir = C:\WINDOWS
2008/01/25 12:46:36:406 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
2008/01/25 12:46:36:421 (Xscan):vscinfo.vi_Version=
2008/01/25 12:46:36:421 (Xscan):version.build=0
2008/01/25 12:46:36:421 server.ini path = C:\WINDOWS\AU_Temp\server.ini
2008/01/25 12:46:36:421 HC client's product version 0 in uint32_t is 0x0, Build no is 0
2008/01/25 12:46:36:421 (Xscan):nNewPatVer=0
2008/01/25 12:46:36:421 (Xscan):HouseCallWorkDir=C:\WINDOWS
2008/01/25 12:47:42:343 3BBC68::HcTmuUpdate() fail! url=http://housecall-p.activeupdate.trendmicro.com/activeupdate/ proxy=:0 ret=7,Update failed
2008/01/25 12:47:47:750 3BBC68::ActveUpdateGetNewestPatternEngine() end
2008/01/25 12:47:47:875 3BBC68::OnSafeStateToFireEvent()
2008/01/25 12:47:58:703 (Xscan) : DuplicatePatternForTSC() cannot find pattern to covert
2008/01/25 12:47:58:703 (Xscan):AddTail path(C:\)
2008/01/25 12:47:58:703 3BBC68::VScanDlg.Create(619C8CA0)
2008/01/25 12:47:58:781 try to FormatSysInfoString()....
2008/01/25 12:47:58:781 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2
2008/01/25 12:47:58:781 Internal Pattern Version = 0.000.00
2008/01/25 12:48:11:375 After call NewEncryptStr => !CRYPT!8407629C8DD628E7773194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0B267A!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/25 12:48:11:375 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8407629C8DD628E7773194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0B267A!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/25 12:48:12:078 Send log fail (405)! retry later ...
2008/01/25 12:48:12:140 Get log from queue ok! data : 01,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8407629C8DD628E7773194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0B267A!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/25 12:48:12:843 Send log fail (405)! retry later ...
2008/01/25 12:48:12:906 Get log from queue ok! data : 02,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8407629C8DD628E7773194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0B267A!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/25 12:48:13:609 Send log fail (405)! retry later ...
2008/01/25 12:48:13:609 3BBC68::~CXscanCtrl()
2008/01/25 20:36:04:375 HTML parameter
ScanAllDrives = 0
Cleanable = 1
AutoClean = 0
ZipClean = 1
SpecialTSC = 0
EnableTSC = 1
AdUrl =
VirusAction = 0
ScanFileExtensOnly =
RenameToFileExtens = .VIR
MoveToPath = C:\HouseCallQuarantine
ShowErrorInAction = 0
TrendUserId =
TrendScanCompletedURL =
ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
ScanMemoryVirus = 1
ScanBootVirus = 1
ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/
2008/01/25 20:36:04:421 1D39918::OnCreate()
2008/01/25 20:36:04:421 1D39918::COleControl::OnCreate() Pass!
2008/01/25 20:36:04:421 1D39918::XP platform.
2008/01/25 20:36:04:421 1D39918::Mutex = 87C
2008/01/25 20:36:04:437 1D39918::OnCreate() Web server List checking ...
2008/01/25 20:36:16:640 1D39918::OnCreate() Pass!
2008/01/25 20:36:16:718 Get log from queue ok! data : 03,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8407629C8DD628E7773194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0B267A!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/25 20:36:17:015 Send log fail (405)! retry later ...
2008/01/25 20:36:17:015 1D39918::OnSafeStateToFireEvent()
2008/01/25 20:36:17:937 After call NewEncryptStr => !CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
2008/01/25 20:36:17:937 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
2008/01/25 20:36:18:640 Send log fail (405)! retry later ...
2008/01/25 20:36:18:703 Get log from queue ok! data : 01,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
2008/01/25 20:36:19:406 Send log fail (405)! retry later ...
2008/01/25 20:36:19:468 Get log from queue ok! data : 02,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
2008/01/25 20:36:20:171 Send log fail (405)! retry later ...
2008/01/25 20:36:20:171 1D39918::~CXscanCtrl()
2008/01/25 20:38:02:562 HTML parameter
ScanAllDrives = 0
Cleanable = 1
AutoClean = 0
ZipClean = 1
SpecialTSC = 0
EnableTSC = 1
AdUrl =
VirusAction = 0
ScanFileExtensOnly =
RenameToFileExtens = .VIR
MoveToPath = C:\HouseCallQuarantine
ShowErrorInAction = 0
TrendUserId =
TrendScanCompletedURL =
ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
ScanMemoryVirus = 1
ScanBootVirus = 1
ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/
2008/01/25 20:38:02:578 1D2A010::OnCreate()
2008/01/25 20:38:02:578 1D2A010::COleControl::OnCreate() Pass!
2008/01/25 20:38:02:578 1D2A010::XP platform.
2008/01/25 20:38:02:578 1D2A010::Mutex = 620
2008/01/25 20:38:02:578 1D2A010::OnCreate() Web server List checking ...
2008/01/25 20:38:04:531 1D2A010::OnCreate() Pass!
2008/01/25 20:38:04:609 Get log from queue ok! data : 03,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
2008/01/25 20:38:04:906 Send log fail (405)! retry later ...
2008/01/25 20:38:04:906 1D2A010::OnSafeStateToFireEvent()
2008/01/25 20:38:05:234 After call NewEncryptStr => !CRYPT!840E874D8E13CA6F4A0194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4B0B59!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
2008/01/25 20:38:05:234 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!840E874D8E13CA6F4A0194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4B0B59!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
2008/01/25 20:38:05:937 Send log fail (405)! retry later ...
2008/01/25 20:38:06:000 Get log from queue ok! data : 04,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
2008/01/25 20:38:06:703 Send log fail (405)! retry later ...
2008/01/25 20:38:06:765 Get log from queue ok! data : 05,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
2008/01/25 20:38:07:468 Send log fail (405)! retry later ...
2008/01/25 20:38:07:468 1D2A010::~CXscanCtrl()
2008/01/26 15:22:02:421 HTML parameter
ScanAllDrives = 0
Cleanable = 1
AutoClean = 0
ZipClean = 1
SpecialTSC = 0
EnableTSC = 1
AdUrl =
VirusAction = 0
ScanFileExtensOnly =
RenameToFileExtens = .VIR
MoveToPath = C:\HouseCallQuarantine
ShowErrorInAction = 0
TrendUserId =
TrendScanCompletedURL =
ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
ScanMemoryVirus = 1
ScanBootVirus = 1
ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/
2008/01/26 15:22:02:437 24F8DD0::OnCreate()
2008/01/26 15:22:02:437 24F8DD0::COleControl::OnCreate() Pass!
2008/01/26 15:22:02:437 24F8DD0::XP platform.
2008/01/26 15:22:02:437 24F8DD0::Mutex = AB4
2008/01/26 15:22:02:437 24F8DD0::OnCreate() Web server List checking ...
2008/01/26 15:22:02:437 24F8DD0::OnCreate() Get AddressBarText => 'http://www.secuser.com'
2008/01/26 15:22:02:437 24F8DD0::OnCreate() Parsing hostname form AddressBarText => 'http://www.secuser.com'
2008/01/26 15:22:02:437 24F8DD0::OnCreate() Found 'www.secuser.com' in server list
2008/01/26 15:22:02:437 m_strClientIP=192.168.1.20
2008/01/26 15:22:03:093 24F8DD0::OnCreate() Pass!
2008/01/26 15:22:03:093 24F8DD0::ActveUpdateGetNewestPatternEngine() begin
2008/01/26 15:22:04:031 (Xscan):nCurPatVer=0
2008/01/26 15:22:04:031 (Xscan):HouseCallWorkDir = C:\WINDOWS
2008/01/26 15:22:04:031 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
2008/01/26 15:22:04:078 (Xscan):vscinfo.vi_Version=
2008/01/26 15:22:04:078 (Xscan):version.build=0
2008/01/26 15:22:04:078 server.ini path = C:\WINDOWS\AU_Temp\server.ini
2008/01/26 15:22:04:109 HC client's product version 5.70.930 in uint32_t is 0x57000, Build no is 930
2008/01/26 15:22:04:109 (Xscan):nNewPatVer=0
2008/01/26 15:22:04:109 (Xscan):HouseCallWorkDir=C:\WINDOWS
2008/01/26 15:23:08:265 (Xscan):MoveFile(C:\WINDOWS\LPT$VPN.961,C:\WINDOWS\VPTNFILE.961)
2008/01/26 15:23:08:265 (Xscan):MoveFile(C:\WINDOWS\LPT$VPN.963,C:\WINDOWS\VPTNFILE.963)
2008/01/26 15:23:08:265 24F8DD0::ActveUpdateGetNewestPatternEngine() end
2008/01/26 15:23:08:375 24F8DD0::OnSafeStateToFireEvent()
2008/01/26 15:23:26:609 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.961 to C:\WINDOWS\LPT$VPN.961
2008/01/26 15:23:26:625 (Xscan):AddTail path(C:\)
2008/01/26 15:23:26:625 24F8DD0::VScanDlg.Create(619C8CA0)
2008/01/26 15:23:26:656 try to FormatSysInfoString()....
2008/01/26 15:23:26:656 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2
2008/01/26 15:23:28:796 Internal Pattern Version = 4.963.00
2008/01/26 15:27:22:937 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.961 to C:\WINDOWS\LPT$VPN.961
2008/01/26 15:27:22:937 (Xscan):AddTail path(C:\)
2008/01/26 15:27:22:937 24F8DD0::VScanDlg.Create(619C8CA0)
2008/01/26 15:27:22:953 try to FormatSysInfoString()....
2008/01/26 15:27:22:953 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2
2008/01/26 15:27:24:843 Internal Pattern Version = 4.963.00
2008/01/26 15:27:58:296 After call NewEncryptStr => !CRYPT!8409509DCAFC323587E194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F4858E6C6B82D7FC31BD88352B87E04F280F733E321AF52D3A01CFCC52158617ACDA632F5279!840965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0966B5876E5CA76982A2E7867!8402A2F575CBF2DFB8CA827117D208614D680810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3076FCE03547A97E35962042D3D!20B7EF2114C8ADE6EB8FA3F3BD0DF6DED6C4960436D
2008/01/26 15:27:58:296 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8409509DCAFC323587E194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F4858E6C6B82D7FC31BD88352B87E04F280F733E321AF52D3A01CFCC52158617ACDA632F5279!840965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0966B5876E5CA76982A2E7867!8402A2F575CBF2DFB8CA827117D208614D680810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3076FCE03547A97E35962042D3D!20B7EF2114C8ADE6EB8FA3F3BD0DF6DED6C4960436D
2008/01/26 15:27:59:015 Send log fail (405)! retry later ...
2008/01/26 15:27:59:078 Get log from queue ok! data : 01,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8409509DCAFC323587E194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F4858E6C6B82D7FC31BD88352B87E04F280F733E321AF52D3A01CFCC52158617ACDA632F5279!840965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0966B5876E5CA76982A2E7867!8402A2F575CBF2DFB8CA827117D208614D680810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3076FCE03547A97E35962042D3D!20B7EF2114C8ADE6EB8FA3F3BD0DF6DED6C4960436D
2008/01/26 15:27:59:781 Send log fail (405)! retry later ...
2008/01/26 15:27:59:843 Get log from queue ok! data : 02,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8409509DCAFC323587E194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F4858E6C6B82D7FC31BD88352B87E04F280F733E321AF52D3A01CFCC52158617ACDA632F5279!840965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0966B5876E5CA76982A2E7867!8402A2F575CBF2DFB8CA827117D208614D680810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3076FCE03547A97E35962042D3D!20B7EF2114C8ADE6EB8FA3F3BD0DF6DED6C4960436D
2008/01/26 15:28:00:546 Send log fail (405)! retry later ...
2008/01/26 15:28:00:546 24F8DD0::~CXscanCtrl()
2008/01/26 18:12:59:984 HTML parameter
ScanAllDrives = 0
Cleanable = 1
AutoClean = 0
ZipClean = 1
SpecialTSC = 0
EnableTSC = 1
AdUrl =
VirusAction = 0
ScanFileExtensOnly =
RenameToFileExtens = .VIR
MoveToPath = C:\HouseCallQuarantine
ShowErrorInAction = 0
TrendUserId =
TrendScanCompletedURL =
ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
ScanMemoryVirus = 1
ScanBootVirus = 1
ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/
2008/01/26 18:13:00:078 260F520::OnCreate()
2008/01/26 18:13:00:078 260F520::COleControl::OnCreate() Pass!
2008/01/26 18:13:00:078 260F520::XP platform.
2008/01/26 18:13:00:078 260F520::Mutex = AA4
2008/01/26 18:13:00:109 260F520::OnCreate() Web server List checking ...
2008/01/26 18:13:00:109 260F520::OnCreate() Get AddressBarText => 'http://www.secuser.com'
2008/01/26 18:13:00:109 260F520::OnCreate() Parsing hostname form AddressBarText => 'http://www.secuser.com'
2008/01/26 18:13:00:109 260F520::OnCreate() Found 'www.secuser.com' in server list
2008/01/26 18:13:00:125 m_strClientIP=192.168.1.20
2008/01/26 18:13:01:312 260F520::OnCreate() Pass!
2008/01/26 18:13:01:390 260F520::ActveUpdateGetNewestPatternEngine() begin
2008/01/26 18:13:20:937 (Xscan):nCurPatVer=963
2008/01/26 18:13:20:953 (Xscan):CopyFile(C:\WINDOWS\VPTNFILE.963,C:\WINDOWS\LPT$VPN.963)
2008/01/26 18:13:22:203 (Xscan):HouseCallWorkDir = C:\WINDOWS
2008/01/26 18:13:22:203 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
2008/01/26 18:13:22:234 (Xscan):vscinfo.vi_Version=8.500-1002
2008/01/26 18:13:22:234 (Xscan):version.build=1002
2008/01/26 18:13:22:234 server.ini path = C:\WINDOWS\AU_Temp\server.ini
2008/01/26 18:13:22:234 HC client's product version 5.70.930 in uint32_t is 0x57000, Build no is 930
2008/01/26 18:13:22:953 (Xscan):nNewPatVer=496300
2008/01/26 18:13:22:953 (Xscan):HouseCallWorkDir=C:\WINDOWS
2008/01/26 18:13:28:187 (Xscan):DeleteFile(C:\WINDOWS\LPT$VPN.963)
2008/01/26 18:13:28:187 (Xscan):MoveFile(C:\WINDOWS\LPT$VPN.961,C:\WINDOWS\VPTNFILE.961)
2008/01/26 18:13:28:187 260F520::ActveUpdateGetNewestPatternEngine() end
2008/01/26 18:13:28:343 Get log from queue ok! data : 03,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8409509DCAFC323587E194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F4858E6C6B82D7FC31BD88352B87E04F280F733E321AF52D3A01CFCC52158617ACDA632F5279!840965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0966B5876E5CA76982A2E7867!8402A2F575CBF2DFB8CA827117D208614D680810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3076FCE03547A97E35962042D3D!20B7EF2114C8ADE6EB8FA3F3BD0DF6DED6C4960436D
2008/01/26 18:13:28:687 Send log fail (405)! retry later ...
2008/01/26 18:13:28:687 260F520::OnSafeStateToFireEvent()
2008/01/26 18:13:41:984 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.961 to C:\WINDOWS\LPT$VPN.961
2008/01/26 18:13:41:984 (Xscan):AddTail path(C:\)
2008/01/26 18:13:41:984 260F520::VScanDlg.Create(619C8CA0)
2008/01/26 18:13:42:125 try to FormatSysInfoString()....
2008/01/26 18:13:42:125 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2
2008/01/26 18:13:52:453 Internal Pattern Version = 0.000.00
2008/01/26 18:13:52:781 After call NewEncryptStr => !CRYPT!8405431711D8BBF4D16194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0A2679!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/26 18:13:52:781 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8405431711D8BBF4D16194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0A2679!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/26 18:13:53:484 Send log fail (405)! retry later ...
2008/01/26 18:13:53:546 Get log from queue ok! data : 01,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8405431711D8BBF4D16194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0A2679!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/26 18:13:54:250 Send log fail (405)! retry later ...
2008/01/26 18:13:54:265 Get log from queue ok! data : 04,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8409509DCAFC323587E194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F4858E6C6B82D7FC31BD88352B87E04F280F733E321AF52D3A01CFCC52158617ACDA632F5279!840965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0966B5876E5CA76982A2E7867!8402A2F575CBF2DFB8CA827117D208614D680810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3076FCE03547A97E35962042D3D!20B7EF2114C8ADE6EB8FA3F3BD0DF6DED6C4960436D
2008/01/26 18:13:54:968 Send log fail (405)! retry later ...
2008/01/26 18:13:54:968 260F520::~CXscanCtrl()
2008/01/26 18:17:18:453 HTML parameter
ScanAllDrives = 0
Cleanable = 1
AutoClean = 0
ZipClean = 1
SpecialTSC = 0
EnableTSC = 1
AdUrl =
VirusAction = 0
ScanFileExtensOnly =
RenameToFileExtens = .VIR
MoveToPath = C:\HouseCallQuarantine
ShowErrorInAction = 0
TrendUserId =
TrendScanCompletedURL =
ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
ScanMemoryVirus = 1
ScanBootVirus = 1
ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/
2008/01/26 18:17:18:468 260F520::OnCreate()
2008/01/26 18:17:18:468 260F520::COleControl::OnCreate() Pass!
2008/01/26 18:17:18:468 260F520::XP platform.
2008/01/26 18:17:18:468 260F520::Mutex = AC0
2008/01/26 18:17:18:468 260F520::OnCreate() Web server List checking ...
2008/01/26 18:17:18:468 260F520::OnCreate() Get AddressBarText => 'http://www.secuser.com'
2008/01/26 18:17:18:468 260F520::OnCreate() Parsing hostname form AddressBarText => 'http://www.secuser.com'
2008/01/26 18:17:18:468 260F520::OnCreate() Found 'www.secuser.com' in server list
2008/01/26 18:17:18:468 m_strClientIP=192.168.1.20
2008/01/26 18:17:18:546 260F520::OnCreate() Pass!
2008/01/26 18:17:18:546 260F520::ActveUpdateGetNewestPatternEngine() begin
2008/01/26 18:17:21:968 (Xscan):nCurPatVer=0
2008/01/26 18:17:23:062 (Xscan):HouseCallWorkDir = C:\WINDOWS
2008/01/26 18:17:23:062 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
2008/01/26 18:17:23:062 (Xscan):vscinfo.vi_Version=
2008/01/26 18:17:23:062 (Xscan):version.build=0
2008/01/26 18:17:23:062 server.ini path = C:\WINDOWS\AU_Temp\server.ini
2008/01/26 18:17:23:078 HC client's product version 5.70.930 in uint32_t is 0x57000, Build no is 930
2008/01/26 18:17:23:656 (Xscan):nNewPatVer=0
2008/01/26 18:17:23:656 (Xscan):HouseCallWorkDir=C:\WINDOWS
2008/01/26 18:18:22:703 260F520::HcTmuUpdate() fail! url=http://housecall-p.activeupdate.trendmicro.com/activeupdate/ proxy=:0 ret=7,Update failed
2008/01/26 18:18:31:484 (Xscan):HouseCallWorkDir = C:\WINDOWS
2008/01/26 18:18:31:484 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
2008/01/26 18:18:31:484 (Xscan):vscinfo.vi_Version=
2008/01/26 18:18:31:484 (Xscan):version.build=0
2008/01/26 18:18:31:484 server.ini path = C:\WINDOWS\AU_Temp\server.ini
2008/01/26 18:18:31:484 HC client's product version 5.70.930 in uint32_t is 0x57000, Build no is 930
2008/01/26 18:18:31:765 (Xscan):nNewPatVer=0
2008/01/26 18:18:31:765 (Xscan):HouseCallWorkDir=C:\WINDOWS
2008/01/26 18:18:32:281 (Xscan):MoveFile(C:\WINDOWS\LPT$VPN.961,C:\WINDOWS\VPTNFILE.961)
2008/01/26 18:18:32:281 (Xscan):MoveFile(C:\WINDOWS\LPT$VPN.963,C:\WINDOWS\VPTNFILE.963)
2008/01/26 18:18:32:281 260F520::ActveUpdateGetNewestPatternEngine() end
2008/01/26 18:18:32:343 Get log from queue ok! data : 02,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8405431711D8BBF4D16194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0A2679!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/26 18:18:33:062 Send log fail (405)! retry later ...
2008/01/26 18:18:33:062 260F520::OnSafeStateToFireEvent()
2008/01/26 18:18:44:093 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.961 to C:\WINDOWS\LPT$VPN.961
2008/01/26 18:18:44:156 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.963 to C:\WINDOWS\LPT$VPN.963
2008/01/26 18:18:44:156 (Xscan):AddTail path(C:\)
2008/01/26 18:18:44:156 260F520::VScanDlg.Create(619C8CA0)
2008/01/26 18:18:44:171 try to FormatSysInfoString()....
2008/01/26 18:18:44:171 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2
2008/01/26 18:18:45:250 Internal Pattern Version = 0.000.00
2008/01/26 18:19:09:531 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.961 to C:\WINDOWS\LPT$VPN.961
2008/01/26 18:19:09:531 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.963 to C:\WINDOWS\LPT$VPN.963
2008/01/26 18:19:09:531 (Xscan):AddTail path(C:\)
2008/01/26 18:19:09:531 260F520::VScanDlg.Create(619C8CA0)
2008/01/26 18:19:09:546 try to FormatSysInfoString()....
2008/01/26 18:19:09:546 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2
2008/01/26 18:19:10:406 Internal Pattern Version = 0.000.00
2008/01/26 18:19:19:656 After call NewEncryptStr => !CRYPT!84005B4D64EEEB00E1C194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F072F79!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/26 18:19:19:656 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!84005B4D64EEEB00E1C194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F072F79!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/26 18:19:20:375 Send log fail (405)! retry later ...
2008/01/26 18:19:20:437 Get log from queue ok! data : 03,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8405431711D8BBF4D16194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0A2679!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/26 18:19:21:140 Send log fail (405)! retry later ...
2008/01/26 18:19:21:140 Get log from queue ok! data : 01,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!84005B4D64EEEB00E1C194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F072F79!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/26 18:19:21:843 Send log fail (405)! retry later ...
2008/01/26 18:19:21:843 260F520::~CXscanCtrl()
2008/01/25 12:46:35:171 HTML parameter
ScanAllDrives = 0
Cleanable = 1
AutoClean = 0
ZipClean = 1
SpecialTSC = 0
EnableTSC = 1
AdUrl =
VirusAction = 0
ScanFileExtensOnly =
RenameToFileExtens = .VIR
MoveToPath = C:\HouseCallQuarantine
ShowErrorInAction = 0
TrendUserId =
TrendScanCompletedURL =
ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
ScanMemoryVirus = 1
ScanBootVirus = 1
ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/
2008/01/25 12:46:35:234 3BBC68::OnCreate()
2008/01/25 12:46:35:234 3BBC68::COleControl::OnCreate() Pass!
2008/01/25 12:46:35:234 3BBC68::XP platform.
2008/01/25 12:46:35:234 3BBC68::Mutex = AF0
2008/01/25 12:46:35:234 3BBC68::OnCreate() Web server List checking ...
2008/01/25 12:46:35:234 3BBC68::OnCreate() Get AddressBarText => 'http://www.secuser.com'
2008/01/25 12:46:35:234 3BBC68::OnCreate() Parsing hostname form AddressBarText => 'http://www.secuser.com'
2008/01/25 12:46:35:234 3BBC68::OnCreate() Found 'www.secuser.com' in server list
2008/01/25 12:46:35:234 m_strClientIP=192.168.1.20
2008/01/25 12:46:35:453 3BBC68::OnCreate() Pass!
2008/01/25 12:46:35:468 3BBC68::ActveUpdateGetNewestPatternEngine() begin
2008/01/25 12:46:36:406 (Xscan):nCurPatVer=0
2008/01/25 12:46:36:406 (Xscan):HouseCallWorkDir = C:\WINDOWS
2008/01/25 12:46:36:406 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
2008/01/25 12:46:36:421 (Xscan):vscinfo.vi_Version=
2008/01/25 12:46:36:421 (Xscan):version.build=0
2008/01/25 12:46:36:421 server.ini path = C:\WINDOWS\AU_Temp\server.ini
2008/01/25 12:46:36:421 HC client's product version 0 in uint32_t is 0x0, Build no is 0
2008/01/25 12:46:36:421 (Xscan):nNewPatVer=0
2008/01/25 12:46:36:421 (Xscan):HouseCallWorkDir=C:\WINDOWS
2008/01/25 12:47:42:343 3BBC68::HcTmuUpdate() fail! url=http://housecall-p.activeupdate.trendmicro.com/activeupdate/ proxy=:0 ret=7,Update failed
2008/01/25 12:47:47:750 3BBC68::ActveUpdateGetNewestPatternEngine() end
2008/01/25 12:47:47:875 3BBC68::OnSafeStateToFireEvent()
2008/01/25 12:47:58:703 (Xscan) : DuplicatePatternForTSC() cannot find pattern to covert
2008/01/25 12:47:58:703 (Xscan):AddTail path(C:\)
2008/01/25 12:47:58:703 3BBC68::VScanDlg.Create(619C8CA0)
2008/01/25 12:47:58:781 try to FormatSysInfoString()....
2008/01/25 12:47:58:781 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2
2008/01/25 12:47:58:781 Internal Pattern Version = 0.000.00
2008/01/25 12:48:11:375 After call NewEncryptStr => !CRYPT!8407629C8DD628E7773194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0B267A!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/25 12:48:11:375 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8407629C8DD628E7773194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0B267A!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/25 12:48:12:078 Send log fail (405)! retry later ...
2008/01/25 12:48:12:140 Get log from queue ok! data : 01,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8407629C8DD628E7773194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0B267A!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/25 12:48:12:843 Send log fail (405)! retry later ...
2008/01/25 12:48:12:906 Get log from queue ok! data : 02,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8407629C8DD628E7773194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0B267A!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/25 12:48:13:609 Send log fail (405)! retry later ...
2008/01/25 12:48:13:609 3BBC68::~CXscanCtrl()
2008/01/25 20:36:04:375 HTML parameter
ScanAllDrives = 0
Cleanable = 1
AutoClean = 0
ZipClean = 1
SpecialTSC = 0
EnableTSC = 1
AdUrl =
VirusAction = 0
ScanFileExtensOnly =
RenameToFileExtens = .VIR
MoveToPath = C:\HouseCallQuarantine
ShowErrorInAction = 0
TrendUserId =
TrendScanCompletedURL =
ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
ScanMemoryVirus = 1
ScanBootVirus = 1
ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/
2008/01/25 20:36:04:421 1D39918::OnCreate()
2008/01/25 20:36:04:421 1D39918::COleControl::OnCreate() Pass!
2008/01/25 20:36:04:421 1D39918::XP platform.
2008/01/25 20:36:04:421 1D39918::Mutex = 87C
2008/01/25 20:36:04:437 1D39918::OnCreate() Web server List checking ...
2008/01/25 20:36:16:640 1D39918::OnCreate() Pass!
2008/01/25 20:36:16:718 Get log from queue ok! data : 03,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8407629C8DD628E7773194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0B267A!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/25 20:36:17:015 Send log fail (405)! retry later ...
2008/01/25 20:36:17:015 1D39918::OnSafeStateToFireEvent()
2008/01/25 20:36:17:937 After call NewEncryptStr => !CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
2008/01/25 20:36:17:937 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
2008/01/25 20:36:18:640 Send log fail (405)! retry later ...
2008/01/25 20:36:18:703 Get log from queue ok! data : 01,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
2008/01/25 20:36:19:406 Send log fail (405)! retry later ...
2008/01/25 20:36:19:468 Get log from queue ok! data : 02,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
2008/01/25 20:36:20:171 Send log fail (405)! retry later ...
2008/01/25 20:36:20:171 1D39918::~CXscanCtrl()
2008/01/25 20:38:02:562 HTML parameter
ScanAllDrives = 0
Cleanable = 1
AutoClean = 0
ZipClean = 1
SpecialTSC = 0
EnableTSC = 1
AdUrl =
VirusAction = 0
ScanFileExtensOnly =
RenameToFileExtens = .VIR
MoveToPath = C:\HouseCallQuarantine
ShowErrorInAction = 0
TrendUserId =
TrendScanCompletedURL =
ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
ScanMemoryVirus = 1
ScanBootVirus = 1
ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/
2008/01/25 20:38:02:578 1D2A010::OnCreate()
2008/01/25 20:38:02:578 1D2A010::COleControl::OnCreate() Pass!
2008/01/25 20:38:02:578 1D2A010::XP platform.
2008/01/25 20:38:02:578 1D2A010::Mutex = 620
2008/01/25 20:38:02:578 1D2A010::OnCreate() Web server List checking ...
2008/01/25 20:38:04:531 1D2A010::OnCreate() Pass!
2008/01/25 20:38:04:609 Get log from queue ok! data : 03,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
2008/01/25 20:38:04:906 Send log fail (405)! retry later ...
2008/01/25 20:38:04:906 1D2A010::OnSafeStateToFireEvent()
2008/01/25 20:38:05:234 After call NewEncryptStr => !CRYPT!840E874D8E13CA6F4A0194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4B0B59!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
2008/01/25 20:38:05:234 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!840E874D8E13CA6F4A0194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4B0B59!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
2008/01/25 20:38:05:937 Send log fail (405)! retry later ...
2008/01/25 20:38:06:000 Get log from queue ok! data : 04,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
2008/01/25 20:38:06:703 Send log fail (405)! retry later ...
2008/01/25 20:38:06:765 Get log from queue ok! data : 05,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8406566E119B8C0ADAF194E14E4EE25E4A3B868BFB106510B8ED27ED158F39C605F8CC09665A2E0D3B44E8DAD943670524E495B73F7BE76A6FA58ED11A8E41533334F4E0C5C!7389956AE9515B83BCA22B472247F0DD721CB58B76CFC8E53E07543CED835D6986CBF2DC639618FFB87915EFB8D1F640A7ECAF313CDFCB60EF646412C0C
2008/01/25 20:38:07:468 Send log fail (405)! retry later ...
2008/01/25 20:38:07:468 1D2A010::~CXscanCtrl()
2008/01/26 15:22:02:421 HTML parameter
ScanAllDrives = 0
Cleanable = 1
AutoClean = 0
ZipClean = 1
SpecialTSC = 0
EnableTSC = 1
AdUrl =
VirusAction = 0
ScanFileExtensOnly =
RenameToFileExtens = .VIR
MoveToPath = C:\HouseCallQuarantine
ShowErrorInAction = 0
TrendUserId =
TrendScanCompletedURL =
ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
ScanMemoryVirus = 1
ScanBootVirus = 1
ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/
2008/01/26 15:22:02:437 24F8DD0::OnCreate()
2008/01/26 15:22:02:437 24F8DD0::COleControl::OnCreate() Pass!
2008/01/26 15:22:02:437 24F8DD0::XP platform.
2008/01/26 15:22:02:437 24F8DD0::Mutex = AB4
2008/01/26 15:22:02:437 24F8DD0::OnCreate() Web server List checking ...
2008/01/26 15:22:02:437 24F8DD0::OnCreate() Get AddressBarText => 'http://www.secuser.com'
2008/01/26 15:22:02:437 24F8DD0::OnCreate() Parsing hostname form AddressBarText => 'http://www.secuser.com'
2008/01/26 15:22:02:437 24F8DD0::OnCreate() Found 'www.secuser.com' in server list
2008/01/26 15:22:02:437 m_strClientIP=192.168.1.20
2008/01/26 15:22:03:093 24F8DD0::OnCreate() Pass!
2008/01/26 15:22:03:093 24F8DD0::ActveUpdateGetNewestPatternEngine() begin
2008/01/26 15:22:04:031 (Xscan):nCurPatVer=0
2008/01/26 15:22:04:031 (Xscan):HouseCallWorkDir = C:\WINDOWS
2008/01/26 15:22:04:031 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
2008/01/26 15:22:04:078 (Xscan):vscinfo.vi_Version=
2008/01/26 15:22:04:078 (Xscan):version.build=0
2008/01/26 15:22:04:078 server.ini path = C:\WINDOWS\AU_Temp\server.ini
2008/01/26 15:22:04:109 HC client's product version 5.70.930 in uint32_t is 0x57000, Build no is 930
2008/01/26 15:22:04:109 (Xscan):nNewPatVer=0
2008/01/26 15:22:04:109 (Xscan):HouseCallWorkDir=C:\WINDOWS
2008/01/26 15:23:08:265 (Xscan):MoveFile(C:\WINDOWS\LPT$VPN.961,C:\WINDOWS\VPTNFILE.961)
2008/01/26 15:23:08:265 (Xscan):MoveFile(C:\WINDOWS\LPT$VPN.963,C:\WINDOWS\VPTNFILE.963)
2008/01/26 15:23:08:265 24F8DD0::ActveUpdateGetNewestPatternEngine() end
2008/01/26 15:23:08:375 24F8DD0::OnSafeStateToFireEvent()
2008/01/26 15:23:26:609 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.961 to C:\WINDOWS\LPT$VPN.961
2008/01/26 15:23:26:625 (Xscan):AddTail path(C:\)
2008/01/26 15:23:26:625 24F8DD0::VScanDlg.Create(619C8CA0)
2008/01/26 15:23:26:656 try to FormatSysInfoString()....
2008/01/26 15:23:26:656 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2
2008/01/26 15:23:28:796 Internal Pattern Version = 4.963.00
2008/01/26 15:27:22:937 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.961 to C:\WINDOWS\LPT$VPN.961
2008/01/26 15:27:22:937 (Xscan):AddTail path(C:\)
2008/01/26 15:27:22:937 24F8DD0::VScanDlg.Create(619C8CA0)
2008/01/26 15:27:22:953 try to FormatSysInfoString()....
2008/01/26 15:27:22:953 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2
2008/01/26 15:27:24:843 Internal Pattern Version = 4.963.00
2008/01/26 15:27:58:296 After call NewEncryptStr => !CRYPT!8409509DCAFC323587E194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F4858E6C6B82D7FC31BD88352B87E04F280F733E321AF52D3A01CFCC52158617ACDA632F5279!840965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0966B5876E5CA76982A2E7867!8402A2F575CBF2DFB8CA827117D208614D680810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3076FCE03547A97E35962042D3D!20B7EF2114C8ADE6EB8FA3F3BD0DF6DED6C4960436D
2008/01/26 15:27:58:296 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8409509DCAFC323587E194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F4858E6C6B82D7FC31BD88352B87E04F280F733E321AF52D3A01CFCC52158617ACDA632F5279!840965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0966B5876E5CA76982A2E7867!8402A2F575CBF2DFB8CA827117D208614D680810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3076FCE03547A97E35962042D3D!20B7EF2114C8ADE6EB8FA3F3BD0DF6DED6C4960436D
2008/01/26 15:27:59:015 Send log fail (405)! retry later ...
2008/01/26 15:27:59:078 Get log from queue ok! data : 01,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8409509DCAFC323587E194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F4858E6C6B82D7FC31BD88352B87E04F280F733E321AF52D3A01CFCC52158617ACDA632F5279!840965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0966B5876E5CA76982A2E7867!8402A2F575CBF2DFB8CA827117D208614D680810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3076FCE03547A97E35962042D3D!20B7EF2114C8ADE6EB8FA3F3BD0DF6DED6C4960436D
2008/01/26 15:27:59:781 Send log fail (405)! retry later ...
2008/01/26 15:27:59:843 Get log from queue ok! data : 02,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8409509DCAFC323587E194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F4858E6C6B82D7FC31BD88352B87E04F280F733E321AF52D3A01CFCC52158617ACDA632F5279!840965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0966B5876E5CA76982A2E7867!8402A2F575CBF2DFB8CA827117D208614D680810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3076FCE03547A97E35962042D3D!20B7EF2114C8ADE6EB8FA3F3BD0DF6DED6C4960436D
2008/01/26 15:28:00:546 Send log fail (405)! retry later ...
2008/01/26 15:28:00:546 24F8DD0::~CXscanCtrl()
2008/01/26 18:12:59:984 HTML parameter
ScanAllDrives = 0
Cleanable = 1
AutoClean = 0
ZipClean = 1
SpecialTSC = 0
EnableTSC = 1
AdUrl =
VirusAction = 0
ScanFileExtensOnly =
RenameToFileExtens = .VIR
MoveToPath = C:\HouseCallQuarantine
ShowErrorInAction = 0
TrendUserId =
TrendScanCompletedURL =
ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
ScanMemoryVirus = 1
ScanBootVirus = 1
ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/
2008/01/26 18:13:00:078 260F520::OnCreate()
2008/01/26 18:13:00:078 260F520::COleControl::OnCreate() Pass!
2008/01/26 18:13:00:078 260F520::XP platform.
2008/01/26 18:13:00:078 260F520::Mutex = AA4
2008/01/26 18:13:00:109 260F520::OnCreate() Web server List checking ...
2008/01/26 18:13:00:109 260F520::OnCreate() Get AddressBarText => 'http://www.secuser.com'
2008/01/26 18:13:00:109 260F520::OnCreate() Parsing hostname form AddressBarText => 'http://www.secuser.com'
2008/01/26 18:13:00:109 260F520::OnCreate() Found 'www.secuser.com' in server list
2008/01/26 18:13:00:125 m_strClientIP=192.168.1.20
2008/01/26 18:13:01:312 260F520::OnCreate() Pass!
2008/01/26 18:13:01:390 260F520::ActveUpdateGetNewestPatternEngine() begin
2008/01/26 18:13:20:937 (Xscan):nCurPatVer=963
2008/01/26 18:13:20:953 (Xscan):CopyFile(C:\WINDOWS\VPTNFILE.963,C:\WINDOWS\LPT$VPN.963)
2008/01/26 18:13:22:203 (Xscan):HouseCallWorkDir = C:\WINDOWS
2008/01/26 18:13:22:203 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
2008/01/26 18:13:22:234 (Xscan):vscinfo.vi_Version=8.500-1002
2008/01/26 18:13:22:234 (Xscan):version.build=1002
2008/01/26 18:13:22:234 server.ini path = C:\WINDOWS\AU_Temp\server.ini
2008/01/26 18:13:22:234 HC client's product version 5.70.930 in uint32_t is 0x57000, Build no is 930
2008/01/26 18:13:22:953 (Xscan):nNewPatVer=496300
2008/01/26 18:13:22:953 (Xscan):HouseCallWorkDir=C:\WINDOWS
2008/01/26 18:13:28:187 (Xscan):DeleteFile(C:\WINDOWS\LPT$VPN.963)
2008/01/26 18:13:28:187 (Xscan):MoveFile(C:\WINDOWS\LPT$VPN.961,C:\WINDOWS\VPTNFILE.961)
2008/01/26 18:13:28:187 260F520::ActveUpdateGetNewestPatternEngine() end
2008/01/26 18:13:28:343 Get log from queue ok! data : 03,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8409509DCAFC323587E194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F4858E6C6B82D7FC31BD88352B87E04F280F733E321AF52D3A01CFCC52158617ACDA632F5279!840965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0966B5876E5CA76982A2E7867!8402A2F575CBF2DFB8CA827117D208614D680810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3076FCE03547A97E35962042D3D!20B7EF2114C8ADE6EB8FA3F3BD0DF6DED6C4960436D
2008/01/26 18:13:28:687 Send log fail (405)! retry later ...
2008/01/26 18:13:28:687 260F520::OnSafeStateToFireEvent()
2008/01/26 18:13:41:984 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.961 to C:\WINDOWS\LPT$VPN.961
2008/01/26 18:13:41:984 (Xscan):AddTail path(C:\)
2008/01/26 18:13:41:984 260F520::VScanDlg.Create(619C8CA0)
2008/01/26 18:13:42:125 try to FormatSysInfoString()....
2008/01/26 18:13:42:125 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2
2008/01/26 18:13:52:453 Internal Pattern Version = 0.000.00
2008/01/26 18:13:52:781 After call NewEncryptStr => !CRYPT!8405431711D8BBF4D16194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0A2679!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/26 18:13:52:781 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8405431711D8BBF4D16194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0A2679!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/26 18:13:53:484 Send log fail (405)! retry later ...
2008/01/26 18:13:53:546 Get log from queue ok! data : 01,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8405431711D8BBF4D16194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0A2679!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/26 18:13:54:250 Send log fail (405)! retry later ...
2008/01/26 18:13:54:265 Get log from queue ok! data : 04,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8409509DCAFC323587E194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F4858E6C6B82D7FC31BD88352B87E04F280F733E321AF52D3A01CFCC52158617ACDA632F5279!840965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0966B5876E5CA76982A2E7867!8402A2F575CBF2DFB8CA827117D208614D680810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3076FCE03547A97E35962042D3D!20B7EF2114C8ADE6EB8FA3F3BD0DF6DED6C4960436D
2008/01/26 18:13:54:968 Send log fail (405)! retry later ...
2008/01/26 18:13:54:968 260F520::~CXscanCtrl()
2008/01/26 18:17:18:453 HTML parameter
ScanAllDrives = 0
Cleanable = 1
AutoClean = 0
ZipClean = 1
SpecialTSC = 0
EnableTSC = 1
AdUrl =
VirusAction = 0
ScanFileExtensOnly =
RenameToFileExtens = .VIR
MoveToPath = C:\HouseCallQuarantine
ShowErrorInAction = 0
TrendUserId =
TrendScanCompletedURL =
ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
ScanMemoryVirus = 1
ScanBootVirus = 1
ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/
2008/01/26 18:17:18:468 260F520::OnCreate()
2008/01/26 18:17:18:468 260F520::COleControl::OnCreate() Pass!
2008/01/26 18:17:18:468 260F520::XP platform.
2008/01/26 18:17:18:468 260F520::Mutex = AC0
2008/01/26 18:17:18:468 260F520::OnCreate() Web server List checking ...
2008/01/26 18:17:18:468 260F520::OnCreate() Get AddressBarText => 'http://www.secuser.com'
2008/01/26 18:17:18:468 260F520::OnCreate() Parsing hostname form AddressBarText => 'http://www.secuser.com'
2008/01/26 18:17:18:468 260F520::OnCreate() Found 'www.secuser.com' in server list
2008/01/26 18:17:18:468 m_strClientIP=192.168.1.20
2008/01/26 18:17:18:546 260F520::OnCreate() Pass!
2008/01/26 18:17:18:546 260F520::ActveUpdateGetNewestPatternEngine() begin
2008/01/26 18:17:21:968 (Xscan):nCurPatVer=0
2008/01/26 18:17:23:062 (Xscan):HouseCallWorkDir = C:\WINDOWS
2008/01/26 18:17:23:062 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
2008/01/26 18:17:23:062 (Xscan):vscinfo.vi_Version=
2008/01/26 18:17:23:062 (Xscan):version.build=0
2008/01/26 18:17:23:062 server.ini path = C:\WINDOWS\AU_Temp\server.ini
2008/01/26 18:17:23:078 HC client's product version 5.70.930 in uint32_t is 0x57000, Build no is 930
2008/01/26 18:17:23:656 (Xscan):nNewPatVer=0
2008/01/26 18:17:23:656 (Xscan):HouseCallWorkDir=C:\WINDOWS
2008/01/26 18:18:22:703 260F520::HcTmuUpdate() fail! url=http://housecall-p.activeupdate.trendmicro.com/activeupdate/ proxy=:0 ret=7,Update failed
2008/01/26 18:18:31:484 (Xscan):HouseCallWorkDir = C:\WINDOWS
2008/01/26 18:18:31:484 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
2008/01/26 18:18:31:484 (Xscan):vscinfo.vi_Version=
2008/01/26 18:18:31:484 (Xscan):version.build=0
2008/01/26 18:18:31:484 server.ini path = C:\WINDOWS\AU_Temp\server.ini
2008/01/26 18:18:31:484 HC client's product version 5.70.930 in uint32_t is 0x57000, Build no is 930
2008/01/26 18:18:31:765 (Xscan):nNewPatVer=0
2008/01/26 18:18:31:765 (Xscan):HouseCallWorkDir=C:\WINDOWS
2008/01/26 18:18:32:281 (Xscan):MoveFile(C:\WINDOWS\LPT$VPN.961,C:\WINDOWS\VPTNFILE.961)
2008/01/26 18:18:32:281 (Xscan):MoveFile(C:\WINDOWS\LPT$VPN.963,C:\WINDOWS\VPTNFILE.963)
2008/01/26 18:18:32:281 260F520::ActveUpdateGetNewestPatternEngine() end
2008/01/26 18:18:32:343 Get log from queue ok! data : 02,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8405431711D8BBF4D16194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0A2679!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/26 18:18:33:062 Send log fail (405)! retry later ...
2008/01/26 18:18:33:062 260F520::OnSafeStateToFireEvent()
2008/01/26 18:18:44:093 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.961 to C:\WINDOWS\LPT$VPN.961
2008/01/26 18:18:44:156 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.963 to C:\WINDOWS\LPT$VPN.963
2008/01/26 18:18:44:156 (Xscan):AddTail path(C:\)
2008/01/26 18:18:44:156 260F520::VScanDlg.Create(619C8CA0)
2008/01/26 18:18:44:171 try to FormatSysInfoString()....
2008/01/26 18:18:44:171 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2
2008/01/26 18:18:45:250 Internal Pattern Version = 0.000.00
2008/01/26 18:19:09:531 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.961 to C:\WINDOWS\LPT$VPN.961
2008/01/26 18:19:09:531 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.963 to C:\WINDOWS\LPT$VPN.963
2008/01/26 18:19:09:531 (Xscan):AddTail path(C:\)
2008/01/26 18:19:09:531 260F520::VScanDlg.Create(619C8CA0)
2008/01/26 18:19:09:546 try to FormatSysInfoString()....
2008/01/26 18:19:09:546 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2
2008/01/26 18:19:10:406 Internal Pattern Version = 0.000.00
2008/01/26 18:19:19:656 After call NewEncryptStr => !CRYPT!84005B4D64EEEB00E1C194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F072F79!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/26 18:19:19:656 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!84005B4D64EEEB00E1C194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F072F79!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/26 18:19:20:375 Send log fail (405)! retry later ...
2008/01/26 18:19:20:437 Get log from queue ok! data : 03,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8405431711D8BBF4D16194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F0A2679!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/26 18:19:21:140 Send log fail (405)! retry later ...
2008/01/26 18:19:21:140 Get log from queue ok! data : 01,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!84005B4D64EEEB00E1C194E14E4EE25E4A3C5BCA8FD062F1EF592D54F5E1D44F48581A53B908840D162B80B9C2B95EF448F273457D756852A79CAAB8871F676994C1F072F79!84056E0C2F2646881D1A3FDBFFAF90247E7CD857049344F7181546FB6F2DDE544468906C0069F47AC094A606BF3E72ACE8C041B8074ADCC39BF6BA4A41DF518E2F4565A5B67!8403C23CC4E84A093AEE1F19114E211FA225D36EAE7653DBB8D184D7C02E6F1EE8F17843F1404DA777F61B88F58F7649AAAD1D49DF922689E1679BB534D672DA7CD12490D17!102EFDA63F7ED6F819B4F627A3B
2008/01/26 18:19:21:843 Send log fail (405)! retry later ...
2008/01/26 18:19:21:843 260F520::~CXscanCtrl()
