Windows warning message
Résolu/Fermé
A voir également:
- Windows warning message
- Recuperer message whatsapp - Guide
- Clé windows 10 gratuit - Guide
- Windows 10 gratuit - Guide
- Windows 12 - Guide
- Windows ne démarre pas - Guide
21 réponses
Le message de windows: quand j'allume le pc et ouvre une session le message suivant apparait:
"Veuillez patienter pendant que Windows vérifie que tous les fichiers Windows protégés sont intacts et dans leur version originale."
Avec une barre de chargement en bas de la fenetre.
Et ensuite une autre fenetre s'ouvre:
"Des fichiers nécessaires au fonctionnement de Windows ont été remplacés par des fichiers d'une version non reconnue. Pour maintenir la stabilité du système, Windows doit restaurer la version originale de ces fichiers.
Insérez votre CD du Service Pack 2 pour Windows XP"
Mais je n'ai pas le cd.
_______________________________________________________
Aucune infection détectée avec RAV
__________________________________________________
Rapport Combofix:
ComboFix 08-09-26.01 - Antoine 2008-09-29 13:17:04.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.51 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Antoine\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Antoine\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\WINDOWS\system32\kdllv.exe
D:\Player\cds300.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Françoise\Cookies\françoise@metrics.adobe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@outils.yesmessenger[2].txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-29 ))))))))))))))))))))))))))))))))))))
.
2008-09-26 22:23 . 2008-09-26 22:23 <REP> d-------- C:\_OTMoveIt
2008-09-26 18:36 . 2008-09-26 18:36 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-26 18:36 . 2008-09-26 18:36 <REP> d-------- C:\Documents and Settings\Antoine\Application Data\SUPERAntiSpyware.com
2008-09-26 18:36 . 2008-09-26 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-25 23:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-25 23:31 . 2008-09-25 23:31 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-09-25 18:05 . 2008-09-25 18:05 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-25 18:05 . 2008-09-25 18:05 <REP> d-------- C:\Documents and Settings\Antoine\Application Data\Malwarebytes
2008-09-25 18:05 . 2008-09-25 18:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-25 18:05 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-25 18:05 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\WINDOWS\system32\xircom
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\WINDOWS\srchasst
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\Program Files\microsoft frontpage
2008-09-25 14:18 . 2008-09-26 00:27 <REP> d-------- C:\hijackthis
2008-09-24 11:03 . 2008-09-24 11:52 3,034 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-24 11:02 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-24 11:02 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-24 11:02 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-09-24 11:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-24 11:02 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-24 11:02 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-24 11:02 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-24 11:01 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-24 11:01 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-24 11:01 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-24 11:01 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-19 19:26 . 2008-09-27 17:54 <REP> d-------- C:\Program Files\Partouche
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 11:15 --------- d-----w C:\Documents and Settings\Matthieu\Application Data\Metacafe
2008-09-29 11:14 --------- d-----w C:\Program Files\Wanadoo
2008-09-29 10:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-09-29 10:22 --------- d-----w C:\Program Files\Everest Poker
2008-09-26 16:35 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-25 22:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-25 21:38 --------- d-----w C:\Program Files\Java
2008-09-25 15:24 --------- d-----w C:\Program Files\Full Tilt Poker
2008-09-25 14:48 --------- d-----w C:\Program Files\PokerStars
2008-09-18 08:17 --------- d-----w C:\Documents and Settings\Antoine\Application Data\Azureus
2008-09-16 05:59 --------- d-----w C:\Program Files\LIVEUPDATE
2008-09-03 07:57 --------- d-----w C:\Program Files\WinamaxPoker
2008-08-30 20:11 --------- d-----w C:\Program Files\InstantTouch
2008-08-30 12:31 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-24 14:12 --------- d-----w C:\Program Files\Apple Software Update
2008-08-24 13:59 --------- d-----w C:\Program Files\iTunes
2008-08-24 13:58 --------- d-----w C:\Program Files\iPod
2008-08-23 14:04 --------- d-----w C:\Program Files\MSN Messenger
2008-08-23 14:01 --------- d-----w C:\Program Files\Windows Live
2008-08-23 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-23 10:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-17 13:39 --------- d-----w C:\Documents and Settings\Antoine\Application Data\TransRender
2008-08-01 08:01 --------- d-----w C:\Documents and Settings\Guy\Application Data\Canon
2008-07-30 21:11 --------- d-----w C:\Program Files\Tetris Championship
2008-07-28 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2008-07-28 16:01 166,818 ----a-w C:\WINDOWS\Video Cleaner Uninstaller.exe
2008-07-28 16:01 --------- d-----w C:\Program Files\WMV9_VCM
2008-07-28 16:00 --------- d-----w C:\Program Files\River Past
2008-07-28 16:00 --------- d-----w C:\Program Files\Fichiers communs\River Past
2008-07-28 16:00 --------- d-----w C:\Documents and Settings\Antoine\Application Data\River Past G5
2008-04-02 12:05 39,360 -c--a-w C:\Documents and Settings\Antoine\Application Data\GDIPFONTCACHEV1.DAT
2007-12-21 18:07 36,224 -c--a-w C:\Documents and Settings\Guy\Application Data\GDIPFONTCACHEV1.DAT
2006-08-02 16:05 81,920 -c--a-w C:\Documents and Settings\Antoine\Application Data\ezpinst.exe
2006-08-02 16:05 47,360 -c--a-w C:\Documents and Settings\Antoine\Application Data\pcouffin.sys
2004-05-11 23:18 28,672 -c--a-w C:\Program Files\mozilla firefox\plugins\custsat.dll
2004-08-11 19:49 344,064 -c--a-w C:\Program Files\mozilla firefox\plugins\mpvis.dll
2004-08-01 16:01 47,616 -c--a-w C:\Program Files\mozilla firefox\plugins\msoobci.dll
2004-08-11 19:49 77,824 -c--a-w C:\Program Files\mozilla firefox\plugins\wmpband.dll
.
------- Sigcheck -------
2005-09-18 12:52 359936 dbc20c4332fe84b826530c49ae09721e C:\WINDOWS\system32\drivers\tcpip.sys
2005-09-17 15:37 2120704 685a3d6f43e5047f733b7150a78d0eae C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-25_15.38.34.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 13:06:42 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A90000000001}\SC_Reader.exe
+ 2008-09-26 16:36:18 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-09-26 16:36:18 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2008-08-30 12:28:17 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-29 10:30:31 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-30 12:28:17 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-09-29 10:30:31 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-08-30 12:28:17 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-29 10:30:31 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-09-18 09:39:26 1,852,928 ----a-w C:\WINDOWS\system32\DllCache\acgenral.dll
+ 2004-08-04 04:54:22 450,048 ----a-w C:\WINDOWS\system32\DllCache\aclayers.dll
+ 2005-09-18 09:39:12 244,736 ----a-w C:\WINDOWS\system32\DllCache\acspecfc.dll
+ 2004-08-04 04:54:22 116,224 ----a-w C:\WINDOWS\system32\DllCache\acxtrnal.dll
+ 2004-08-04 04:54:50 98,304 ----a-w C:\WINDOWS\system32\DllCache\ahui.exe
+ 2004-08-04 04:54:22 126,976 ----a-w C:\WINDOWS\system32\DllCache\apphelp.dll
+ 2004-08-04 04:54:22 65,024 ----a-w C:\WINDOWS\system32\DllCache\asycfilt.dll
+ 2004-08-04 04:54:22 30,208 ----a-w C:\WINDOWS\system32\DllCache\atmlib.dll
+ 2004-08-04 04:52:52 16,896 ----a-w C:\WINDOWS\system32\DllCache\cfgmgr32.dll
- 2005-08-26 14:55:46 49,248 -c--a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-08-26 14:55:58 49,250 -c--a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-08-26 17:14:46 127,078 -c--a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 117,414 2008-07-06 02:05:25 C:\Documents and Settings\Antoine\Mes documents\sokker-0.12.1\bak\attic\autobackup-1.bak
----a-w 110,494 2008-07-05 18:55:19 C:\Documents and Settings\Antoine\Mes documents\sokker-0.12.1\bak\attic\autobackup-7.bak
------w 0 1601-01-01 00:00:00 C:\Program Files\Adobe\Photoshop Album Edition DÚcouverte\3.0\Apps\bak\
-c--a-w 339,968 2005-01-19 20:40:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
-c--a-w 180,269 2005-12-15 11:49:15 C:\Program Files\Fichiers communs\Real\Update_OB\bak\realsched.exe
-c--a-w 36,975 2005-08-26 17:14:44 C:\Program Files\Java\jre1.5.0_05\bin\bak\jusched.exe
-c--a-w 188,416 2004-02-12 14:57:20 C:\Program Files\Logitech\Video\bak\ISStart.exe
-c--a-w 77,824 2004-02-12 14:59:58 C:\Program Files\Logitech\Video\bak\LogiTray.exe
-c--a-w 217,088 2005-12-13 06:49:08 C:\Program Files\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE
-c--a-w 98,304 2006-10-14 17:48:12 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-05-27 08:50:30 C:\Program Files\QuickTime\QTTask.exe
-c--a-w 40,960 2005-09-12 13:21:10 C:\Program Files\Samsung\Samsung Media Studio\bak\SamsungMediaStudioAgent.exe
-c--a-w 49,152 2003-05-08 10:00:58 C:\Program Files\ScanSoft\OmniPageSE2.0\bak\OpwareSE2.exe
-c--a-w 32,768 2004-10-14 16:55:30 C:\Program Files\Wanadoo\bak\GestMaj.exe
-c----w 32,768 2004-10-14 15:55:30 C:\Program Files\Wanadoo\GestMAJ.exe
-c--a-w 20,480 2004-08-23 14:49:56 C:\Program Files\Wanadoo\bak\Watch.exe
------w 20,480 2004-08-23 13:49:56 C:\Program Files\Wanadoo\Watch.exe
-c--a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"C:\WINDOWS\system32\kdllv.exe"="C:\WINDOWS\system32\kdllv.exe" [N/A]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"POEngine"="" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"7H28X9M91L"="C:\WINDOWS\winlogon32.exe" [N/A]
C:\Documents and Settings\Matthieu\Menu D‚marrer\Programmes\D‚marrage\
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-22 149520]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
"msacm.enc"= ITIG726.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Metacafe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\TribalWeb.lnk
backup=C:\WINDOWS\pss\TribalWeb.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^TribalWeb.net.lnk]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\TribalWeb.net.lnk
backup=C:\WINDOWS\pss\TribalWeb.net.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour XPlay Tray Notification Icon]
C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Antoine\\Mes documents\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\StubInstaller.exe"=
"F:\\Steam\\SteamApps\\atticanus\\counter-strike source\\hl2.exe"=
"F:\\Steam\\SteamApps\\atticanus\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\River Past\\Video Cleaner\\VideoCleaner.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-01-22 33856]
S3 c0687152-ce43-4a6a-80a2-1ada589ab201;c0687152-ce43-4a6a-80a2-1ada589ab201;D:\Player\cds300.dll [ ]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-11-03 28704]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c04f2bb2-f5a6-11dc-894a-000b6a5f7bea}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
.
Contenu du dossier 'Tâches planifiées'
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-29 13:20:43
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-29 13:37:55
ComboFix-quarantined-files.txt 2008-09-29 11:37:52
ComboFix2.txt 2008-09-27 10:01:27
ComboFix3.txt 2008-09-25 16:00:52
ComboFix4.txt 2008-09-25 13:42:24
Avant-CF: 4ÿ523ÿ540ÿ480 octets libres
Après-CF: 4,538,884,096 octets libres
263
____________________________________________________________________
Rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:21, on 29/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\eden.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdllv.exe] C:\WINDOWS\system32\kdllv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [7H28X9M91L] C:\WINDOWS\winlogon32.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-839522115-616249376-682003330-1004\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe (User 'Matthieu')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - S-1-5-21-839522115-616249376-682003330-1004 Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe (User 'Matthieu')
O4 - S-1-5-21-839522115-616249376-682003330-1004 User Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe (User 'Matthieu')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
"Veuillez patienter pendant que Windows vérifie que tous les fichiers Windows protégés sont intacts et dans leur version originale."
Avec une barre de chargement en bas de la fenetre.
Et ensuite une autre fenetre s'ouvre:
"Des fichiers nécessaires au fonctionnement de Windows ont été remplacés par des fichiers d'une version non reconnue. Pour maintenir la stabilité du système, Windows doit restaurer la version originale de ces fichiers.
Insérez votre CD du Service Pack 2 pour Windows XP"
Mais je n'ai pas le cd.
_______________________________________________________
Aucune infection détectée avec RAV
__________________________________________________
Rapport Combofix:
ComboFix 08-09-26.01 - Antoine 2008-09-29 13:17:04.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.51 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Antoine\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Antoine\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\WINDOWS\system32\kdllv.exe
D:\Player\cds300.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Françoise\Cookies\françoise@metrics.adobe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@outils.yesmessenger[2].txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-29 ))))))))))))))))))))))))))))))))))))
.
2008-09-26 22:23 . 2008-09-26 22:23 <REP> d-------- C:\_OTMoveIt
2008-09-26 18:36 . 2008-09-26 18:36 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-26 18:36 . 2008-09-26 18:36 <REP> d-------- C:\Documents and Settings\Antoine\Application Data\SUPERAntiSpyware.com
2008-09-26 18:36 . 2008-09-26 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-25 23:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-25 23:31 . 2008-09-25 23:31 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-09-25 18:05 . 2008-09-25 18:05 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-25 18:05 . 2008-09-25 18:05 <REP> d-------- C:\Documents and Settings\Antoine\Application Data\Malwarebytes
2008-09-25 18:05 . 2008-09-25 18:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-25 18:05 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-25 18:05 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\WINDOWS\system32\xircom
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\WINDOWS\srchasst
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\Program Files\microsoft frontpage
2008-09-25 14:18 . 2008-09-26 00:27 <REP> d-------- C:\hijackthis
2008-09-24 11:03 . 2008-09-24 11:52 3,034 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-24 11:02 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-24 11:02 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-24 11:02 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-09-24 11:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-24 11:02 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-24 11:02 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-24 11:02 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-24 11:01 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-24 11:01 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-24 11:01 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-24 11:01 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-19 19:26 . 2008-09-27 17:54 <REP> d-------- C:\Program Files\Partouche
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 11:15 --------- d-----w C:\Documents and Settings\Matthieu\Application Data\Metacafe
2008-09-29 11:14 --------- d-----w C:\Program Files\Wanadoo
2008-09-29 10:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-09-29 10:22 --------- d-----w C:\Program Files\Everest Poker
2008-09-26 16:35 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-25 22:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-25 21:38 --------- d-----w C:\Program Files\Java
2008-09-25 15:24 --------- d-----w C:\Program Files\Full Tilt Poker
2008-09-25 14:48 --------- d-----w C:\Program Files\PokerStars
2008-09-18 08:17 --------- d-----w C:\Documents and Settings\Antoine\Application Data\Azureus
2008-09-16 05:59 --------- d-----w C:\Program Files\LIVEUPDATE
2008-09-03 07:57 --------- d-----w C:\Program Files\WinamaxPoker
2008-08-30 20:11 --------- d-----w C:\Program Files\InstantTouch
2008-08-30 12:31 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-24 14:12 --------- d-----w C:\Program Files\Apple Software Update
2008-08-24 13:59 --------- d-----w C:\Program Files\iTunes
2008-08-24 13:58 --------- d-----w C:\Program Files\iPod
2008-08-23 14:04 --------- d-----w C:\Program Files\MSN Messenger
2008-08-23 14:01 --------- d-----w C:\Program Files\Windows Live
2008-08-23 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-23 10:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-17 13:39 --------- d-----w C:\Documents and Settings\Antoine\Application Data\TransRender
2008-08-01 08:01 --------- d-----w C:\Documents and Settings\Guy\Application Data\Canon
2008-07-30 21:11 --------- d-----w C:\Program Files\Tetris Championship
2008-07-28 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2008-07-28 16:01 166,818 ----a-w C:\WINDOWS\Video Cleaner Uninstaller.exe
2008-07-28 16:01 --------- d-----w C:\Program Files\WMV9_VCM
2008-07-28 16:00 --------- d-----w C:\Program Files\River Past
2008-07-28 16:00 --------- d-----w C:\Program Files\Fichiers communs\River Past
2008-07-28 16:00 --------- d-----w C:\Documents and Settings\Antoine\Application Data\River Past G5
2008-04-02 12:05 39,360 -c--a-w C:\Documents and Settings\Antoine\Application Data\GDIPFONTCACHEV1.DAT
2007-12-21 18:07 36,224 -c--a-w C:\Documents and Settings\Guy\Application Data\GDIPFONTCACHEV1.DAT
2006-08-02 16:05 81,920 -c--a-w C:\Documents and Settings\Antoine\Application Data\ezpinst.exe
2006-08-02 16:05 47,360 -c--a-w C:\Documents and Settings\Antoine\Application Data\pcouffin.sys
2004-05-11 23:18 28,672 -c--a-w C:\Program Files\mozilla firefox\plugins\custsat.dll
2004-08-11 19:49 344,064 -c--a-w C:\Program Files\mozilla firefox\plugins\mpvis.dll
2004-08-01 16:01 47,616 -c--a-w C:\Program Files\mozilla firefox\plugins\msoobci.dll
2004-08-11 19:49 77,824 -c--a-w C:\Program Files\mozilla firefox\plugins\wmpband.dll
.
------- Sigcheck -------
2005-09-18 12:52 359936 dbc20c4332fe84b826530c49ae09721e C:\WINDOWS\system32\drivers\tcpip.sys
2005-09-17 15:37 2120704 685a3d6f43e5047f733b7150a78d0eae C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-25_15.38.34.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 13:06:42 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A90000000001}\SC_Reader.exe
+ 2008-09-26 16:36:18 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-09-26 16:36:18 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2008-08-30 12:28:17 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-29 10:30:31 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-30 12:28:17 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-09-29 10:30:31 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-08-30 12:28:17 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-29 10:30:31 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-09-18 09:39:26 1,852,928 ----a-w C:\WINDOWS\system32\DllCache\acgenral.dll
+ 2004-08-04 04:54:22 450,048 ----a-w C:\WINDOWS\system32\DllCache\aclayers.dll
+ 2005-09-18 09:39:12 244,736 ----a-w C:\WINDOWS\system32\DllCache\acspecfc.dll
+ 2004-08-04 04:54:22 116,224 ----a-w C:\WINDOWS\system32\DllCache\acxtrnal.dll
+ 2004-08-04 04:54:50 98,304 ----a-w C:\WINDOWS\system32\DllCache\ahui.exe
+ 2004-08-04 04:54:22 126,976 ----a-w C:\WINDOWS\system32\DllCache\apphelp.dll
+ 2004-08-04 04:54:22 65,024 ----a-w C:\WINDOWS\system32\DllCache\asycfilt.dll
+ 2004-08-04 04:54:22 30,208 ----a-w C:\WINDOWS\system32\DllCache\atmlib.dll
+ 2004-08-04 04:52:52 16,896 ----a-w C:\WINDOWS\system32\DllCache\cfgmgr32.dll
- 2005-08-26 14:55:46 49,248 -c--a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-08-26 14:55:58 49,250 -c--a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-08-26 17:14:46 127,078 -c--a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 117,414 2008-07-06 02:05:25 C:\Documents and Settings\Antoine\Mes documents\sokker-0.12.1\bak\attic\autobackup-1.bak
----a-w 110,494 2008-07-05 18:55:19 C:\Documents and Settings\Antoine\Mes documents\sokker-0.12.1\bak\attic\autobackup-7.bak
------w 0 1601-01-01 00:00:00 C:\Program Files\Adobe\Photoshop Album Edition DÚcouverte\3.0\Apps\bak\
-c--a-w 339,968 2005-01-19 20:40:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
-c--a-w 180,269 2005-12-15 11:49:15 C:\Program Files\Fichiers communs\Real\Update_OB\bak\realsched.exe
-c--a-w 36,975 2005-08-26 17:14:44 C:\Program Files\Java\jre1.5.0_05\bin\bak\jusched.exe
-c--a-w 188,416 2004-02-12 14:57:20 C:\Program Files\Logitech\Video\bak\ISStart.exe
-c--a-w 77,824 2004-02-12 14:59:58 C:\Program Files\Logitech\Video\bak\LogiTray.exe
-c--a-w 217,088 2005-12-13 06:49:08 C:\Program Files\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE
-c--a-w 98,304 2006-10-14 17:48:12 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-05-27 08:50:30 C:\Program Files\QuickTime\QTTask.exe
-c--a-w 40,960 2005-09-12 13:21:10 C:\Program Files\Samsung\Samsung Media Studio\bak\SamsungMediaStudioAgent.exe
-c--a-w 49,152 2003-05-08 10:00:58 C:\Program Files\ScanSoft\OmniPageSE2.0\bak\OpwareSE2.exe
-c--a-w 32,768 2004-10-14 16:55:30 C:\Program Files\Wanadoo\bak\GestMaj.exe
-c----w 32,768 2004-10-14 15:55:30 C:\Program Files\Wanadoo\GestMAJ.exe
-c--a-w 20,480 2004-08-23 14:49:56 C:\Program Files\Wanadoo\bak\Watch.exe
------w 20,480 2004-08-23 13:49:56 C:\Program Files\Wanadoo\Watch.exe
-c--a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"C:\WINDOWS\system32\kdllv.exe"="C:\WINDOWS\system32\kdllv.exe" [N/A]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"POEngine"="" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"7H28X9M91L"="C:\WINDOWS\winlogon32.exe" [N/A]
C:\Documents and Settings\Matthieu\Menu D‚marrer\Programmes\D‚marrage\
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-22 149520]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
"msacm.enc"= ITIG726.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Metacafe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\TribalWeb.lnk
backup=C:\WINDOWS\pss\TribalWeb.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^TribalWeb.net.lnk]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\TribalWeb.net.lnk
backup=C:\WINDOWS\pss\TribalWeb.net.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour XPlay Tray Notification Icon]
C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Antoine\\Mes documents\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\StubInstaller.exe"=
"F:\\Steam\\SteamApps\\atticanus\\counter-strike source\\hl2.exe"=
"F:\\Steam\\SteamApps\\atticanus\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\River Past\\Video Cleaner\\VideoCleaner.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-01-22 33856]
S3 c0687152-ce43-4a6a-80a2-1ada589ab201;c0687152-ce43-4a6a-80a2-1ada589ab201;D:\Player\cds300.dll [ ]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-11-03 28704]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c04f2bb2-f5a6-11dc-894a-000b6a5f7bea}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
.
Contenu du dossier 'Tâches planifiées'
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-29 13:20:43
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-29 13:37:55
ComboFix-quarantined-files.txt 2008-09-29 11:37:52
ComboFix2.txt 2008-09-27 10:01:27
ComboFix3.txt 2008-09-25 16:00:52
ComboFix4.txt 2008-09-25 13:42:24
Avant-CF: 4ÿ523ÿ540ÿ480 octets libres
Après-CF: 4,538,884,096 octets libres
263
____________________________________________________________________
Rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:21, on 29/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\eden.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdllv.exe] C:\WINDOWS\system32\kdllv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [7H28X9M91L] C:\WINDOWS\winlogon32.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-839522115-616249376-682003330-1004\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe (User 'Matthieu')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - S-1-5-21-839522115-616249376-682003330-1004 Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe (User 'Matthieu')
O4 - S-1-5-21-839522115-616249376-682003330-1004 User Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe (User 'Matthieu')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
J'ai essayé avec Zeb Restore (j'ai coché toutes les cases présentes) mais le message est toujours la.
Comment faire pour créer un cd windows sachant que mon Windows n'est pas authentique ?
Comment faire pour créer un cd windows sachant que mon Windows n'est pas authentique ?
Slt jlpjlp,
Bon apparament le message Windows apparait parce qu'il me manque des fichiers DLL, mais le probleme c'est que je ne sais pas lesquels manquent et Windows ne me le dit pas.
Tu serai pas toi, voir dans mes différents rapports postés (ou autre part), quels dll auraient été supprimés ?
Bon apparament le message Windows apparait parce qu'il me manque des fichiers DLL, mais le probleme c'est que je ne sais pas lesquels manquent et Windows ne me le dit pas.
Tu serai pas toi, voir dans mes différents rapports postés (ou autre part), quels dll auraient été supprimés ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Rapport SDFix:
[b]SDFix: Version 1.230 [/b]
Run by Antoine on 30/09/2008 at 16:47
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\Temp\ed47fa.$ - Deleted
[color=red]Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the [url=http://www2.gmer.net/mbr/mbr.exe]MBR Rootkit Detector[/url] by Gmer[/color]
Could Not Remove C:\WINDOWS\Temp\bca4e2da.$$$
Could Not Remove C:\WINDOWS\Temp\fa56d7ec.$$$
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 16:58:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Antoine\\Mes documents\\eMule\\emule.exe"="C:\\Documents and Settings\\Antoine\\Mes documents\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"F:\\Steam\\SteamApps\\atticanus\\counter-strike source\\hl2.exe"="F:\\Steam\\SteamApps\\atticanus\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"F:\\Steam\\SteamApps\\atticanus\\day of defeat source\\hl2.exe"="F:\\Steam\\SteamApps\\atticanus\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"="C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe:*:Disabled:CmCenter Module"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\River Past\\Video Cleaner\\VideoCleaner.exe"="C:\\Program Files\\River Past\\Video Cleaner\\VideoCleaner.exe:*:Enabled:River Past Video Cleaner"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
C:\WINDOWS\Temp\bca4e2da.$$$ Found
C:\WINDOWS\Temp\fa56d7ec.$$$ Found
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Mon 21 Feb 2005 788 A..H. --- "C:\reg\acro.reg"
Sun 27 Feb 2005 1,808 A..H. --- "C:\reg\aft.reg"
Sun 22 Aug 2004 1,666 A..H. --- "C:\reg\coolbits_forceware.reg"
Sun 12 Sep 2004 596 A..H. --- "C:\reg\dream.reg"
Sat 10 Sep 2005 336 A..H. --- "C:\reg\dvdlab.reg"
Wed 3 Nov 2004 438 A..H. --- "C:\reg\flash.reg"
Wed 3 Nov 2004 6,606 A..H. --- "C:\reg\kas.reg"
Sat 19 Feb 2005 7,130 A..H. --- "C:\reg\kav.reg"
Fri 9 Sep 2005 380 A..H. --- "C:\reg\nero.reg"
Sun 27 Feb 2005 660 A..H. --- "C:\reg\scen.reg"
Wed 3 Nov 2004 350 A..H. --- "C:\reg\ultra.reg"
Fri 9 Sep 2005 364 A..H. --- "C:\reg\vision.reg"
Fri 11 Mar 2005 1,092 A..H. --- "C:\reg\VMware.reg"
Sat 12 Mar 2005 11,406 A..H. --- "C:\reg\winrar.reg"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 16 Mar 2005 616 A..H. --- "C:\WPI\Common\WPI.reg"
Sun 19 Dec 2004 34,816 A..H. --- "C:\WPI\Tools\cmdow.exe"
Sun 30 Jan 2005 158,720 A..H. --- "C:\WPI\Tools\PEiD.exe"
Tue 22 Mar 2005 201,814 A..H. --- "C:\WPI\Tools\Universal Silent Switch Finder.exe"
Sat 14 May 2005 23,040 A..H. --- "C:\WPI\Tools\VideoChanger.exe"
Fri 2 Dec 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 14 Mar 2005 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe"
Mon 25 Apr 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll"
Thu 28 Jun 2001 1,679,360 A..H. --- "C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe"
Mon 1 May 2000 44,032 A..HR --- "C:\WPI\Tools\Fonts\FontInstaller.exe"
Sun 16 Jan 2005 10,240 A..H. --- "C:\WPI\Tools\Music\UAP2.exe"
Fri 2 Dec 2005 4,348 A..H. --- "C:\Documents and Settings\Antoine\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Fri 2 Dec 2005 20 A..H. --- "C:\Documents and Settings\Antoine\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Fri 2 Dec 2005 400 A.SH. --- "C:\Documents and Settings\Antoine\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Fri 2 Dec 2005 4,348 A..H. --- "C:\Documents and Settings\Fran‡oise\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon 26 Dec 2005 20 A..H. --- "C:\Documents and Settings\Fran‡oise\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Fri 2 Dec 2005 400 A.SH. --- "C:\Documents and Settings\Fran‡oise\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Fri 2 Dec 2005 4,348 ...H. --- "C:\Documents and Settings\Guy\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Thu 31 Jul 2008 20 A..H. --- "C:\Documents and Settings\Guy\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Fri 2 Dec 2005 400 A.SH. --- "C:\Documents and Settings\Guy\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
[b]Finished![/b]
_________________________________________________
Le message Windows apparait encore.
[b]SDFix: Version 1.230 [/b]
Run by Antoine on 30/09/2008 at 16:47
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\Temp\ed47fa.$ - Deleted
[color=red]Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the [url=http://www2.gmer.net/mbr/mbr.exe]MBR Rootkit Detector[/url] by Gmer[/color]
Could Not Remove C:\WINDOWS\Temp\bca4e2da.$$$
Could Not Remove C:\WINDOWS\Temp\fa56d7ec.$$$
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 16:58:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Antoine\\Mes documents\\eMule\\emule.exe"="C:\\Documents and Settings\\Antoine\\Mes documents\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"F:\\Steam\\SteamApps\\atticanus\\counter-strike source\\hl2.exe"="F:\\Steam\\SteamApps\\atticanus\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"F:\\Steam\\SteamApps\\atticanus\\day of defeat source\\hl2.exe"="F:\\Steam\\SteamApps\\atticanus\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"="C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe:*:Disabled:CmCenter Module"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\River Past\\Video Cleaner\\VideoCleaner.exe"="C:\\Program Files\\River Past\\Video Cleaner\\VideoCleaner.exe:*:Enabled:River Past Video Cleaner"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
C:\WINDOWS\Temp\bca4e2da.$$$ Found
C:\WINDOWS\Temp\fa56d7ec.$$$ Found
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Mon 21 Feb 2005 788 A..H. --- "C:\reg\acro.reg"
Sun 27 Feb 2005 1,808 A..H. --- "C:\reg\aft.reg"
Sun 22 Aug 2004 1,666 A..H. --- "C:\reg\coolbits_forceware.reg"
Sun 12 Sep 2004 596 A..H. --- "C:\reg\dream.reg"
Sat 10 Sep 2005 336 A..H. --- "C:\reg\dvdlab.reg"
Wed 3 Nov 2004 438 A..H. --- "C:\reg\flash.reg"
Wed 3 Nov 2004 6,606 A..H. --- "C:\reg\kas.reg"
Sat 19 Feb 2005 7,130 A..H. --- "C:\reg\kav.reg"
Fri 9 Sep 2005 380 A..H. --- "C:\reg\nero.reg"
Sun 27 Feb 2005 660 A..H. --- "C:\reg\scen.reg"
Wed 3 Nov 2004 350 A..H. --- "C:\reg\ultra.reg"
Fri 9 Sep 2005 364 A..H. --- "C:\reg\vision.reg"
Fri 11 Mar 2005 1,092 A..H. --- "C:\reg\VMware.reg"
Sat 12 Mar 2005 11,406 A..H. --- "C:\reg\winrar.reg"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 16 Mar 2005 616 A..H. --- "C:\WPI\Common\WPI.reg"
Sun 19 Dec 2004 34,816 A..H. --- "C:\WPI\Tools\cmdow.exe"
Sun 30 Jan 2005 158,720 A..H. --- "C:\WPI\Tools\PEiD.exe"
Tue 22 Mar 2005 201,814 A..H. --- "C:\WPI\Tools\Universal Silent Switch Finder.exe"
Sat 14 May 2005 23,040 A..H. --- "C:\WPI\Tools\VideoChanger.exe"
Fri 2 Dec 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 14 Mar 2005 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe"
Mon 25 Apr 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll"
Thu 28 Jun 2001 1,679,360 A..H. --- "C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe"
Mon 1 May 2000 44,032 A..HR --- "C:\WPI\Tools\Fonts\FontInstaller.exe"
Sun 16 Jan 2005 10,240 A..H. --- "C:\WPI\Tools\Music\UAP2.exe"
Fri 2 Dec 2005 4,348 A..H. --- "C:\Documents and Settings\Antoine\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Fri 2 Dec 2005 20 A..H. --- "C:\Documents and Settings\Antoine\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Fri 2 Dec 2005 400 A.SH. --- "C:\Documents and Settings\Antoine\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Fri 2 Dec 2005 4,348 A..H. --- "C:\Documents and Settings\Fran‡oise\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon 26 Dec 2005 20 A..H. --- "C:\Documents and Settings\Fran‡oise\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Fri 2 Dec 2005 400 A.SH. --- "C:\Documents and Settings\Fran‡oise\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Fri 2 Dec 2005 4,348 ...H. --- "C:\Documents and Settings\Guy\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Thu 31 Jul 2008 20 A..H. --- "C:\Documents and Settings\Guy\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Fri 2 Dec 2005 400 A.SH. --- "C:\Documents and Settings\Guy\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
[b]Finished![/b]
_________________________________________________
Le message Windows apparait encore.
Rapport OTMovieIt:
File move failed. C:\WINDOWS\Temp\bca4e2da.$$$ scheduled to be moved on reboot.
File move failed. C:\WINDOWS\Temp\fa56d7ec.$$$ scheduled to be moved on reboot.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09302008_172331
Files moved on Reboot...
File move failed. C:\WINDOWS\Temp\bca4e2da.$$$ scheduled to be moved on reboot.
File move failed. C:\WINDOWS\Temp\fa56d7ec.$$$ scheduled to be moved on reboot.
________________________________________________________________________
Rapport Navifix:
Search Navipromo version 3.6.6 commencé le 30/09/2008 à 17:33:06,75
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Antoine"
Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Antoine\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\FRANOI~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Guy\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Matthieu\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Antoine\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\FRANOI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Guy\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Matthieu\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Antoine\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\FRANOI~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Guy\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Matthieu\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Antoine\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\FRANOI~1\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\Guy\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\Matthieu\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Antoine\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
* Dans "C:\DOCUME~1\FRANOI~1\locals~1\applic~1" :
* Dans "C:\DOCUME~1\Guy\locals~1\applic~1" :
* Dans "C:\DOCUME~1\Matthieu\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 30/09/2008 à 17:52:29,82 ***
File move failed. C:\WINDOWS\Temp\bca4e2da.$$$ scheduled to be moved on reboot.
File move failed. C:\WINDOWS\Temp\fa56d7ec.$$$ scheduled to be moved on reboot.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09302008_172331
Files moved on Reboot...
File move failed. C:\WINDOWS\Temp\bca4e2da.$$$ scheduled to be moved on reboot.
File move failed. C:\WINDOWS\Temp\fa56d7ec.$$$ scheduled to be moved on reboot.
________________________________________________________________________
Rapport Navifix:
Search Navipromo version 3.6.6 commencé le 30/09/2008 à 17:33:06,75
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Antoine"
Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Antoine\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\FRANOI~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Guy\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Matthieu\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Antoine\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\FRANOI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Guy\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Matthieu\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Antoine\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\FRANOI~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Guy\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Matthieu\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Antoine\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\FRANOI~1\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\Guy\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\Matthieu\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Antoine\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
* Dans "C:\DOCUME~1\FRANOI~1\locals~1\applic~1" :
* Dans "C:\DOCUME~1\Guy\locals~1\applic~1" :
* Dans "C:\DOCUME~1\Matthieu\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 30/09/2008 à 17:52:29,82 ***
Rapport ComboFix:
ComboFix 08-09-26.01 - Antoine 2008-09-30 20:31:18.8 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.54 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Antoine\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Antoine\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\WINDOWS\Temp\bca4e2da.$$$
C:\WINDOWS\Temp\fa56d7ec.$$$
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Françoise\Cookies\françoise@metrics.adobe[2].txt
C:\WINDOWS\Temp\bca4e2da.$$$ . . . . impossible à supprimer
C:\WINDOWS\Temp\fa56d7ec.$$$ . . . . impossible à supprimer
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))
.
2008-09-30 17:31 . 2008-09-30 17:54 <REP> d-------- C:\Program Files\Navilog1
2008-09-30 16:20 . 2008-09-30 16:20 578,048 --a------ C:\WINDOWS\system32\DllCache\user32.dll
2008-09-30 16:18 . 2008-09-30 16:18 <REP> d-------- C:\WINDOWS\ERUNT
2008-09-30 16:13 . 2008-09-30 17:08 <REP> d-------- C:\SDFix
2008-09-30 15:16 . 2008-09-30 15:29 <REP> d-------- C:\Package_SP2
2008-09-30 15:12 . 2008-09-30 15:29 <REP> d-------- C:\XP_SP2
2008-09-26 22:23 . 2008-09-26 22:23 <REP> d-------- C:\_OTMoveIt
2008-09-26 18:36 . 2008-09-26 18:36 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-26 18:36 . 2008-09-26 18:36 <REP> d-------- C:\Documents and Settings\Antoine\Application Data\SUPERAntiSpyware.com
2008-09-26 18:36 . 2008-09-26 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-25 23:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-25 23:31 . 2008-09-25 23:31 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-09-25 18:05 . 2008-09-25 18:05 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-25 18:05 . 2008-09-25 18:05 <REP> d-------- C:\Documents and Settings\Antoine\Application Data\Malwarebytes
2008-09-25 18:05 . 2008-09-25 18:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-25 18:05 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-25 18:05 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\WINDOWS\system32\xircom
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\WINDOWS\srchasst
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\Program Files\microsoft frontpage
2008-09-25 14:18 . 2008-09-30 16:13 <REP> d-------- C:\hijackthis
2008-09-24 11:03 . 2008-09-24 11:52 3,034 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-24 11:02 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-24 11:02 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-24 11:02 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-09-24 11:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-24 11:02 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-24 11:02 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-24 11:02 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-24 11:01 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-24 11:01 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-24 11:01 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-19 19:26 . 2008-09-27 17:54 <REP> d-------- C:\Program Files\Partouche
2008-08-24 15:58 . 2008-08-24 15:58 <REP> d-------- C:\Program Files\iPod
2008-08-24 15:55 . 2008-08-24 15:59 <REP> d-------- C:\Program Files\iTunes
2008-08-01 09:48 . 2008-08-01 10:01 <REP> d-------- C:\Documents and Settings\Guy\Application Data\Canon
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 18:40 --------- d-----w C:\Program Files\Wanadoo
2008-09-30 16:55 --------- d-----w C:\Program Files\PokerStars
2008-09-30 16:12 --------- d-----w C:\Documents and Settings\Matthieu\Application Data\Metacafe
2008-09-29 10:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-09-29 10:22 --------- d-----w C:\Program Files\Everest Poker
2008-09-26 16:35 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-25 22:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-25 21:38 --------- d-----w C:\Program Files\Java
2008-09-25 15:24 --------- d-----w C:\Program Files\Full Tilt Poker
2008-09-18 08:17 --------- d-----w C:\Documents and Settings\Antoine\Application Data\Azureus
2008-09-16 05:59 --------- d-----w C:\Program Files\LIVEUPDATE
2008-09-03 07:57 --------- d-----w C:\Program Files\WinamaxPoker
2008-08-30 20:11 --------- d-----w C:\Program Files\InstantTouch
2008-08-30 12:31 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-24 14:12 --------- d-----w C:\Program Files\Apple Software Update
2008-08-23 14:04 --------- d-----w C:\Program Files\MSN Messenger
2008-08-23 14:01 --------- d-----w C:\Program Files\Windows Live
2008-08-23 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-23 10:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-17 13:39 --------- d-----w C:\Documents and Settings\Antoine\Application Data\TransRender
2008-07-30 21:11 --------- d-----w C:\Program Files\Tetris Championship
2008-07-28 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2008-07-28 16:01 166,818 ----a-w C:\WINDOWS\Video Cleaner Uninstaller.exe
2008-07-28 16:01 --------- d-----w C:\Program Files\WMV9_VCM
2008-07-28 16:00 --------- d-----w C:\Program Files\River Past
2008-07-28 16:00 --------- d-----w C:\Program Files\Fichiers communs\River Past
2008-07-28 16:00 --------- d-----w C:\Documents and Settings\Antoine\Application Data\River Past G5
2008-04-02 12:05 39,360 -c--a-w C:\Documents and Settings\Antoine\Application Data\GDIPFONTCACHEV1.DAT
2007-12-21 18:07 36,224 -c--a-w C:\Documents and Settings\Guy\Application Data\GDIPFONTCACHEV1.DAT
2006-08-02 16:05 81,920 -c--a-w C:\Documents and Settings\Antoine\Application Data\ezpinst.exe
2006-08-02 16:05 47,360 -c--a-w C:\Documents and Settings\Antoine\Application Data\pcouffin.sys
2004-05-11 23:18 28,672 -c--a-w C:\Program Files\mozilla firefox\plugins\custsat.dll
2004-08-11 19:49 344,064 -c--a-w C:\Program Files\mozilla firefox\plugins\mpvis.dll
2004-08-01 16:01 47,616 -c--a-w C:\Program Files\mozilla firefox\plugins\msoobci.dll
2004-08-11 19:49 77,824 -c--a-w C:\Program Files\mozilla firefox\plugins\wmpband.dll
.
------- Sigcheck -------
2005-09-18 12:52 359936 dbc20c4332fe84b826530c49ae09721e C:\WINDOWS\system32\drivers\tcpip.sys
2005-09-17 15:37 2120704 685a3d6f43e5047f733b7150a78d0eae C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-25_15.38.34.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-09-30 14:44:22 10,338,304 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-09-30 14:44:22 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-09-30 14:18:23 10,346,496 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-09-30 14:18:23 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-12-12 13:06:42 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A90000000001}\SC_Reader.exe
+ 2008-09-26 16:36:18 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-09-26 16:36:18 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2008-08-30 12:28:17 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-29 10:30:31 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-30 12:28:17 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-09-29 10:30:31 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-08-30 12:28:17 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-29 10:30:31 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-09-18 09:39:26 1,852,928 ----a-w C:\WINDOWS\system32\DllCache\acgenral.dll
+ 2004-08-04 04:54:22 450,048 ----a-w C:\WINDOWS\system32\DllCache\aclayers.dll
+ 2005-09-18 09:39:12 244,736 ----a-w C:\WINDOWS\system32\DllCache\acspecfc.dll
+ 2004-08-04 04:54:22 116,224 ----a-w C:\WINDOWS\system32\DllCache\acxtrnal.dll
+ 2004-08-04 04:54:50 98,304 ----a-w C:\WINDOWS\system32\DllCache\ahui.exe
+ 2004-08-04 04:54:22 126,976 ----a-w C:\WINDOWS\system32\DllCache\apphelp.dll
+ 2004-08-04 04:54:22 65,024 ----a-w C:\WINDOWS\system32\DllCache\asycfilt.dll
+ 2004-08-04 04:54:22 30,208 ----a-w C:\WINDOWS\system32\DllCache\atmlib.dll
+ 2004-08-04 04:52:52 16,896 ----a-w C:\WINDOWS\system32\DllCache\cfgmgr32.dll
+ 2005-09-18 09:36:05 617,472 ----a-w C:\WINDOWS\system32\DllCache\comctl32.dll
+ 2004-08-04 04:54:24 281,088 ----a-w C:\WINDOWS\system32\DllCache\comdlg32.dll
+ 2004-08-04 04:54:24 253,440 ----a-w C:\WINDOWS\system32\DllCache\compatui.dll
+ 2004-08-04 04:54:24 604,672 ----a-w C:\WINDOWS\system32\DllCache\crypt32.dll
+ 2004-08-04 04:54:24 75,776 ----a-w C:\WINDOWS\system32\DllCache\cryptdlg.dll
+ 2004-08-04 04:54:24 33,280 ----a-w C:\WINDOWS\system32\DllCache\cryptdll.dll
+ 2004-08-04 04:54:24 54,784 ----a-w C:\WINDOWS\system32\DllCache\cryptext.dll
+ 2004-08-04 04:54:24 63,488 ----a-w C:\WINDOWS\system32\DllCache\cryptnet.dll
+ 2004-08-04 04:54:24 60,416 ----a-w C:\WINDOWS\system32\DllCache\cryptsvc.dll
+ 2004-08-04 04:54:24 530,432 ----a-w C:\WINDOWS\system32\DllCache\cryptui.dll
+ 2001-09-28 17:00:00 27,136 ----a-w C:\WINDOWS\system32\DllCache\ctl3d32.dll
+ 2001-09-28 17:00:00 45,083 ----a-w C:\WINDOWS\system32\DllCache\dispex.dll
+ 2004-08-04 02:31:44 137,216 ----a-w C:\WINDOWS\system32\DllCache\dssenh.dll
+ 2004-08-04 03:14:18 143,360 ----a-w C:\WINDOWS\system32\DllCache\fastfat.sys
+ 2004-08-04 04:54:30 36,921 ----a-w C:\WINDOWS\system32\DllCache\imeshare.dll
+ 2004-08-04 03:14:30 74,752 ----a-w C:\WINDOWS\system32\DllCache\ipsec.sys
- 2005-08-26 14:55:46 49,248 -c--a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-08-26 14:55:58 49,250 -c--a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-08-26 17:14:46 127,078 -c--a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 117,414 2008-07-06 02:05:25 C:\Documents and Settings\Antoine\Mes documents\sokker-0.12.1\bak\attic\autobackup-1.bak
----a-w 110,494 2008-07-05 18:55:19 C:\Documents and Settings\Antoine\Mes documents\sokker-0.12.1\bak\attic\autobackup-7.bak
------w 0 1601-01-01 00:00:00 C:\Program Files\Adobe\Photoshop Album Edition DÚcouverte\3.0\Apps\bak\
-c--a-w 339,968 2005-01-19 20:40:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
-c--a-w 180,269 2005-12-15 11:49:15 C:\Program Files\Fichiers communs\Real\Update_OB\bak\realsched.exe
-c--a-w 36,975 2005-08-26 17:14:44 C:\Program Files\Java\jre1.5.0_05\bin\bak\jusched.exe
-c--a-w 188,416 2004-02-12 14:57:20 C:\Program Files\Logitech\Video\bak\ISStart.exe
-c--a-w 77,824 2004-02-12 14:59:58 C:\Program Files\Logitech\Video\bak\LogiTray.exe
-c--a-w 217,088 2005-12-13 06:49:08 C:\Program Files\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE
-c--a-w 98,304 2006-10-14 17:48:12 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-05-27 08:50:30 C:\Program Files\QuickTime\QTTask.exe
-c--a-w 40,960 2005-09-12 13:21:10 C:\Program Files\Samsung\Samsung Media Studio\bak\SamsungMediaStudioAgent.exe
-c--a-w 49,152 2003-05-08 10:00:58 C:\Program Files\ScanSoft\OmniPageSE2.0\bak\OpwareSE2.exe
-c--a-w 32,768 2004-10-14 16:55:30 C:\Program Files\Wanadoo\bak\GestMaj.exe
-c----w 32,768 2004-10-14 15:55:30 C:\Program Files\Wanadoo\GestMAJ.exe
-c--a-w 20,480 2004-08-23 14:49:56 C:\Program Files\Wanadoo\bak\Watch.exe
------w 20,480 2004-08-23 13:49:56 C:\Program Files\Wanadoo\Watch.exe
-c--a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"POEngine"="" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 44544]
C:\Documents and Settings\Matthieu\Menu D‚marrer\Programmes\D‚marrage\
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-22 149520]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
"msacm.enc"= ITIG726.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Metacafe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\TribalWeb.lnk
backup=C:\WINDOWS\pss\TribalWeb.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^TribalWeb.net.lnk]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\TribalWeb.net.lnk
backup=C:\WINDOWS\pss\TribalWeb.net.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour XPlay Tray Notification Icon]
C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Antoine\\Mes documents\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\StubInstaller.exe"=
"F:\\Steam\\SteamApps\\atticanus\\counter-strike source\\hl2.exe"=
"F:\\Steam\\SteamApps\\atticanus\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\River Past\\Video Cleaner\\VideoCleaner.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-01-22 33856]
S3 c0687152-ce43-4a6a-80a2-1ada589ab201;c0687152-ce43-4a6a-80a2-1ada589ab201;D:\Player\cds300.dll [ ]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-11-03 28704]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c04f2bb2-f5a6-11dc-894a-000b6a5f7bea}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
.
Contenu du dossier 'Tâches planifiées'
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 20:38:03
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-09-30 21:02:01 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-30 19:01:55
ComboFix2.txt 2008-09-29 11:37:56
ComboFix3.txt 2008-09-27 10:01:27
ComboFix4.txt 2008-09-25 16:00:52
ComboFix5.txt 2008-09-30 18:30:29
Avant-CF: 3ÿ806ÿ760ÿ960 octets libres
Après-CF: 3,891,601,408 octets libres
296
_______________________________________________________________________________
Rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:54, on 30/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\eden.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
ComboFix 08-09-26.01 - Antoine 2008-09-30 20:31:18.8 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.54 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Antoine\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Antoine\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\WINDOWS\Temp\bca4e2da.$$$
C:\WINDOWS\Temp\fa56d7ec.$$$
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Françoise\Cookies\françoise@metrics.adobe[2].txt
C:\WINDOWS\Temp\bca4e2da.$$$ . . . . impossible à supprimer
C:\WINDOWS\Temp\fa56d7ec.$$$ . . . . impossible à supprimer
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))
.
2008-09-30 17:31 . 2008-09-30 17:54 <REP> d-------- C:\Program Files\Navilog1
2008-09-30 16:20 . 2008-09-30 16:20 578,048 --a------ C:\WINDOWS\system32\DllCache\user32.dll
2008-09-30 16:18 . 2008-09-30 16:18 <REP> d-------- C:\WINDOWS\ERUNT
2008-09-30 16:13 . 2008-09-30 17:08 <REP> d-------- C:\SDFix
2008-09-30 15:16 . 2008-09-30 15:29 <REP> d-------- C:\Package_SP2
2008-09-30 15:12 . 2008-09-30 15:29 <REP> d-------- C:\XP_SP2
2008-09-26 22:23 . 2008-09-26 22:23 <REP> d-------- C:\_OTMoveIt
2008-09-26 18:36 . 2008-09-26 18:36 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-26 18:36 . 2008-09-26 18:36 <REP> d-------- C:\Documents and Settings\Antoine\Application Data\SUPERAntiSpyware.com
2008-09-26 18:36 . 2008-09-26 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-25 23:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-25 23:31 . 2008-09-25 23:31 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-09-25 18:05 . 2008-09-25 18:05 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-25 18:05 . 2008-09-25 18:05 <REP> d-------- C:\Documents and Settings\Antoine\Application Data\Malwarebytes
2008-09-25 18:05 . 2008-09-25 18:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-25 18:05 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-25 18:05 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\WINDOWS\system32\xircom
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\WINDOWS\srchasst
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\Program Files\microsoft frontpage
2008-09-25 14:18 . 2008-09-30 16:13 <REP> d-------- C:\hijackthis
2008-09-24 11:03 . 2008-09-24 11:52 3,034 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-24 11:02 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-24 11:02 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-24 11:02 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-09-24 11:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-24 11:02 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-24 11:02 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-24 11:02 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-24 11:01 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-24 11:01 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-24 11:01 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-19 19:26 . 2008-09-27 17:54 <REP> d-------- C:\Program Files\Partouche
2008-08-24 15:58 . 2008-08-24 15:58 <REP> d-------- C:\Program Files\iPod
2008-08-24 15:55 . 2008-08-24 15:59 <REP> d-------- C:\Program Files\iTunes
2008-08-01 09:48 . 2008-08-01 10:01 <REP> d-------- C:\Documents and Settings\Guy\Application Data\Canon
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 18:40 --------- d-----w C:\Program Files\Wanadoo
2008-09-30 16:55 --------- d-----w C:\Program Files\PokerStars
2008-09-30 16:12 --------- d-----w C:\Documents and Settings\Matthieu\Application Data\Metacafe
2008-09-29 10:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-09-29 10:22 --------- d-----w C:\Program Files\Everest Poker
2008-09-26 16:35 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-25 22:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-25 21:38 --------- d-----w C:\Program Files\Java
2008-09-25 15:24 --------- d-----w C:\Program Files\Full Tilt Poker
2008-09-18 08:17 --------- d-----w C:\Documents and Settings\Antoine\Application Data\Azureus
2008-09-16 05:59 --------- d-----w C:\Program Files\LIVEUPDATE
2008-09-03 07:57 --------- d-----w C:\Program Files\WinamaxPoker
2008-08-30 20:11 --------- d-----w C:\Program Files\InstantTouch
2008-08-30 12:31 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-24 14:12 --------- d-----w C:\Program Files\Apple Software Update
2008-08-23 14:04 --------- d-----w C:\Program Files\MSN Messenger
2008-08-23 14:01 --------- d-----w C:\Program Files\Windows Live
2008-08-23 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-23 10:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-17 13:39 --------- d-----w C:\Documents and Settings\Antoine\Application Data\TransRender
2008-07-30 21:11 --------- d-----w C:\Program Files\Tetris Championship
2008-07-28 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2008-07-28 16:01 166,818 ----a-w C:\WINDOWS\Video Cleaner Uninstaller.exe
2008-07-28 16:01 --------- d-----w C:\Program Files\WMV9_VCM
2008-07-28 16:00 --------- d-----w C:\Program Files\River Past
2008-07-28 16:00 --------- d-----w C:\Program Files\Fichiers communs\River Past
2008-07-28 16:00 --------- d-----w C:\Documents and Settings\Antoine\Application Data\River Past G5
2008-04-02 12:05 39,360 -c--a-w C:\Documents and Settings\Antoine\Application Data\GDIPFONTCACHEV1.DAT
2007-12-21 18:07 36,224 -c--a-w C:\Documents and Settings\Guy\Application Data\GDIPFONTCACHEV1.DAT
2006-08-02 16:05 81,920 -c--a-w C:\Documents and Settings\Antoine\Application Data\ezpinst.exe
2006-08-02 16:05 47,360 -c--a-w C:\Documents and Settings\Antoine\Application Data\pcouffin.sys
2004-05-11 23:18 28,672 -c--a-w C:\Program Files\mozilla firefox\plugins\custsat.dll
2004-08-11 19:49 344,064 -c--a-w C:\Program Files\mozilla firefox\plugins\mpvis.dll
2004-08-01 16:01 47,616 -c--a-w C:\Program Files\mozilla firefox\plugins\msoobci.dll
2004-08-11 19:49 77,824 -c--a-w C:\Program Files\mozilla firefox\plugins\wmpband.dll
.
------- Sigcheck -------
2005-09-18 12:52 359936 dbc20c4332fe84b826530c49ae09721e C:\WINDOWS\system32\drivers\tcpip.sys
2005-09-17 15:37 2120704 685a3d6f43e5047f733b7150a78d0eae C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-25_15.38.34.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-09-30 14:44:22 10,338,304 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-09-30 14:44:22 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-09-30 14:18:23 10,346,496 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-09-30 14:18:23 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-12-12 13:06:42 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A90000000001}\SC_Reader.exe
+ 2008-09-26 16:36:18 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-09-26 16:36:18 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2008-08-30 12:28:17 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-29 10:30:31 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-30 12:28:17 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-09-29 10:30:31 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-08-30 12:28:17 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-29 10:30:31 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-09-18 09:39:26 1,852,928 ----a-w C:\WINDOWS\system32\DllCache\acgenral.dll
+ 2004-08-04 04:54:22 450,048 ----a-w C:\WINDOWS\system32\DllCache\aclayers.dll
+ 2005-09-18 09:39:12 244,736 ----a-w C:\WINDOWS\system32\DllCache\acspecfc.dll
+ 2004-08-04 04:54:22 116,224 ----a-w C:\WINDOWS\system32\DllCache\acxtrnal.dll
+ 2004-08-04 04:54:50 98,304 ----a-w C:\WINDOWS\system32\DllCache\ahui.exe
+ 2004-08-04 04:54:22 126,976 ----a-w C:\WINDOWS\system32\DllCache\apphelp.dll
+ 2004-08-04 04:54:22 65,024 ----a-w C:\WINDOWS\system32\DllCache\asycfilt.dll
+ 2004-08-04 04:54:22 30,208 ----a-w C:\WINDOWS\system32\DllCache\atmlib.dll
+ 2004-08-04 04:52:52 16,896 ----a-w C:\WINDOWS\system32\DllCache\cfgmgr32.dll
+ 2005-09-18 09:36:05 617,472 ----a-w C:\WINDOWS\system32\DllCache\comctl32.dll
+ 2004-08-04 04:54:24 281,088 ----a-w C:\WINDOWS\system32\DllCache\comdlg32.dll
+ 2004-08-04 04:54:24 253,440 ----a-w C:\WINDOWS\system32\DllCache\compatui.dll
+ 2004-08-04 04:54:24 604,672 ----a-w C:\WINDOWS\system32\DllCache\crypt32.dll
+ 2004-08-04 04:54:24 75,776 ----a-w C:\WINDOWS\system32\DllCache\cryptdlg.dll
+ 2004-08-04 04:54:24 33,280 ----a-w C:\WINDOWS\system32\DllCache\cryptdll.dll
+ 2004-08-04 04:54:24 54,784 ----a-w C:\WINDOWS\system32\DllCache\cryptext.dll
+ 2004-08-04 04:54:24 63,488 ----a-w C:\WINDOWS\system32\DllCache\cryptnet.dll
+ 2004-08-04 04:54:24 60,416 ----a-w C:\WINDOWS\system32\DllCache\cryptsvc.dll
+ 2004-08-04 04:54:24 530,432 ----a-w C:\WINDOWS\system32\DllCache\cryptui.dll
+ 2001-09-28 17:00:00 27,136 ----a-w C:\WINDOWS\system32\DllCache\ctl3d32.dll
+ 2001-09-28 17:00:00 45,083 ----a-w C:\WINDOWS\system32\DllCache\dispex.dll
+ 2004-08-04 02:31:44 137,216 ----a-w C:\WINDOWS\system32\DllCache\dssenh.dll
+ 2004-08-04 03:14:18 143,360 ----a-w C:\WINDOWS\system32\DllCache\fastfat.sys
+ 2004-08-04 04:54:30 36,921 ----a-w C:\WINDOWS\system32\DllCache\imeshare.dll
+ 2004-08-04 03:14:30 74,752 ----a-w C:\WINDOWS\system32\DllCache\ipsec.sys
- 2005-08-26 14:55:46 49,248 -c--a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-08-26 14:55:58 49,250 -c--a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-08-26 17:14:46 127,078 -c--a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 117,414 2008-07-06 02:05:25 C:\Documents and Settings\Antoine\Mes documents\sokker-0.12.1\bak\attic\autobackup-1.bak
----a-w 110,494 2008-07-05 18:55:19 C:\Documents and Settings\Antoine\Mes documents\sokker-0.12.1\bak\attic\autobackup-7.bak
------w 0 1601-01-01 00:00:00 C:\Program Files\Adobe\Photoshop Album Edition DÚcouverte\3.0\Apps\bak\
-c--a-w 339,968 2005-01-19 20:40:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
-c--a-w 180,269 2005-12-15 11:49:15 C:\Program Files\Fichiers communs\Real\Update_OB\bak\realsched.exe
-c--a-w 36,975 2005-08-26 17:14:44 C:\Program Files\Java\jre1.5.0_05\bin\bak\jusched.exe
-c--a-w 188,416 2004-02-12 14:57:20 C:\Program Files\Logitech\Video\bak\ISStart.exe
-c--a-w 77,824 2004-02-12 14:59:58 C:\Program Files\Logitech\Video\bak\LogiTray.exe
-c--a-w 217,088 2005-12-13 06:49:08 C:\Program Files\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE
-c--a-w 98,304 2006-10-14 17:48:12 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-05-27 08:50:30 C:\Program Files\QuickTime\QTTask.exe
-c--a-w 40,960 2005-09-12 13:21:10 C:\Program Files\Samsung\Samsung Media Studio\bak\SamsungMediaStudioAgent.exe
-c--a-w 49,152 2003-05-08 10:00:58 C:\Program Files\ScanSoft\OmniPageSE2.0\bak\OpwareSE2.exe
-c--a-w 32,768 2004-10-14 16:55:30 C:\Program Files\Wanadoo\bak\GestMaj.exe
-c----w 32,768 2004-10-14 15:55:30 C:\Program Files\Wanadoo\GestMAJ.exe
-c--a-w 20,480 2004-08-23 14:49:56 C:\Program Files\Wanadoo\bak\Watch.exe
------w 20,480 2004-08-23 13:49:56 C:\Program Files\Wanadoo\Watch.exe
-c--a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"POEngine"="" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 44544]
C:\Documents and Settings\Matthieu\Menu D‚marrer\Programmes\D‚marrage\
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-22 149520]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
"msacm.enc"= ITIG726.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Metacafe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\TribalWeb.lnk
backup=C:\WINDOWS\pss\TribalWeb.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^TribalWeb.net.lnk]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\TribalWeb.net.lnk
backup=C:\WINDOWS\pss\TribalWeb.net.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour XPlay Tray Notification Icon]
C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Antoine\\Mes documents\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\StubInstaller.exe"=
"F:\\Steam\\SteamApps\\atticanus\\counter-strike source\\hl2.exe"=
"F:\\Steam\\SteamApps\\atticanus\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\River Past\\Video Cleaner\\VideoCleaner.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-01-22 33856]
S3 c0687152-ce43-4a6a-80a2-1ada589ab201;c0687152-ce43-4a6a-80a2-1ada589ab201;D:\Player\cds300.dll [ ]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-11-03 28704]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c04f2bb2-f5a6-11dc-894a-000b6a5f7bea}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
.
Contenu du dossier 'Tâches planifiées'
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 20:38:03
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-09-30 21:02:01 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-30 19:01:55
ComboFix2.txt 2008-09-29 11:37:56
ComboFix3.txt 2008-09-27 10:01:27
ComboFix4.txt 2008-09-25 16:00:52
ComboFix5.txt 2008-09-30 18:30:29
Avant-CF: 3ÿ806ÿ760ÿ960 octets libres
Après-CF: 3,891,601,408 octets libres
296
_______________________________________________________________________________
Rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:54, on 30/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\eden.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
Bon ça fait un petit moment déjà mais je viens de retomber sur cette page et je tiens à signaler que j'ai finalement pu récupérer un cd windows et le message n'apparait plus.
Voila, donc tout ça pour dire que mon problème est résolu.
Merci à toi jlpjlp.
Voila, donc tout ça pour dire que mon problème est résolu.
Merci à toi jlpjlp.
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
25 sept. 2008 à 14:09
25 sept. 2008 à 14:09
slt,
tu as le rapport smitfraudfix ?
_______________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
_______________________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
tu as le rapport smitfraudfix ?
_______________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
_______________________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Salut jlpjlp et merci d'avoir répondu rapidement.
Voici les différenrts rapports que tu m'a demandé:
Rapport smitfraudfix:
SmitFraudFix v2.354
Rapport fait à 11:52:34,32, 24/09/2008
Executé à partir de C:\Documents and Settings\Antoine\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{35F91EB2-B910-4B1D-A510-8EBB61E1336C}: DhcpNameServer=10.0.0.138
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:40, on 25/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphcnw0j0ev47.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\eden.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdllv.exe] C:\WINDOWS\system32\kdllv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lphcnw0j0ev47] C:\WINDOWS\system32\lphcnw0j0ev47.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [SMrhcjw0j0ev47] C:\Program Files\rhcjw0j0ev47\rhcjw0j0ev47.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [7H28X9M91L] C:\WINDOWS\winlogon32.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
O15 - Trusted Zone: http://update.randhi.com (HKLM)
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {43331111-1111-1111-1111-611111195622} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{2BB1EA09-D73A-4B8A-9255-92BA95320F3E}: NameServer = 80.10.246.130 81.253.149.10
O20 - AppInit_DLLs:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
Voici les différenrts rapports que tu m'a demandé:
Rapport smitfraudfix:
SmitFraudFix v2.354
Rapport fait à 11:52:34,32, 24/09/2008
Executé à partir de C:\Documents and Settings\Antoine\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{35F91EB2-B910-4B1D-A510-8EBB61E1336C}: DhcpNameServer=10.0.0.138
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:40, on 25/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphcnw0j0ev47.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\eden.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdllv.exe] C:\WINDOWS\system32\kdllv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lphcnw0j0ev47] C:\WINDOWS\system32\lphcnw0j0ev47.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [SMrhcjw0j0ev47] C:\Program Files\rhcjw0j0ev47\rhcjw0j0ev47.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [7H28X9M91L] C:\WINDOWS\winlogon32.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
O15 - Trusted Zone: http://update.randhi.com (HKLM)
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {43331111-1111-1111-1111-611111195622} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{2BB1EA09-D73A-4B8A-9255-92BA95320F3E}: NameServer = 80.10.246.130 81.253.149.10
O20 - AppInit_DLLs:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
25 sept. 2008 à 17:17
25 sept. 2008 à 17:17
beaucoup de jeux de poker : attention ...
_____________
pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
_______________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\system32\lphcnw0j0ev47.exe
C:\Program Files\rhcjw0j0ev47\rhcjw0j0ev47.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lphcnw0j0ev47"=-
"SMrhcjw0j0ev47"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis et dis tes soucis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
___________________
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_____________
pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
_______________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\system32\lphcnw0j0ev47.exe
C:\Program Files\rhcjw0j0ev47\rhcjw0j0ev47.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lphcnw0j0ev47"=-
"SMrhcjw0j0ev47"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis et dis tes soucis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
___________________
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Re,
voila les rapports:
Rapport ComboFix:
ComboFix 08-09-24.11 - Antoine 2008-09-25 17:42:10.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.73 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Antoine\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Antoine\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\Program Files\rhcjw0j0ev47\rhcjw0j0ev47.exe
C:\WINDOWS\system32\lphcnw0j0ev47.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Françoise\Cookies\françoise@metrics.adobe[2].txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-25 au 2008-09-25 ))))))))))))))))))))))))))))))))))))
.
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\WINDOWS\system32\xircom
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\WINDOWS\srchasst
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\Program Files\microsoft frontpage
2008-09-25 14:18 . 2008-09-25 14:38 <REP> d-------- C:\hijackthis
2008-09-24 11:03 . 2008-09-24 11:52 3,034 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-24 11:02 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-24 11:02 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-24 11:02 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-09-24 11:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-24 11:02 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-24 11:02 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-24 11:02 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-24 11:01 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-24 11:01 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-24 11:01 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-24 11:01 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-19 19:26 . 2008-09-19 22:46 <REP> d-------- C:\Program Files\Partouche
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 15:37 --------- d-----w C:\Program Files\Wanadoo
2008-09-25 15:24 --------- d-----w C:\Program Files\Full Tilt Poker
2008-09-25 14:48 --------- d-----w C:\Program Files\PokerStars
2008-09-24 08:42 --------- d-----w C:\Documents and Settings\Matthieu\Application Data\Metacafe
2008-09-23 05:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-09-18 08:17 --------- d-----w C:\Documents and Settings\Antoine\Application Data\Azureus
2008-09-16 05:59 --------- d-----w C:\Program Files\LIVEUPDATE
2008-09-04 08:45 --------- d-----w C:\Program Files\Everest Poker
2008-09-03 07:57 --------- d-----w C:\Program Files\WinamaxPoker
2008-08-30 20:11 --------- d-----w C:\Program Files\InstantTouch
2008-08-30 12:31 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-24 14:12 --------- d-----w C:\Program Files\Apple Software Update
2008-08-24 13:59 --------- d-----w C:\Program Files\iTunes
2008-08-24 13:58 --------- d-----w C:\Program Files\iPod
2008-08-23 14:04 --------- d-----w C:\Program Files\MSN Messenger
2008-08-23 14:01 --------- d-----w C:\Program Files\Windows Live
2008-08-23 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-23 10:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-17 13:39 --------- d-----w C:\Documents and Settings\Antoine\Application Data\TransRender
2008-08-01 08:01 --------- d-----w C:\Documents and Settings\Guy\Application Data\Canon
2008-07-30 21:11 --------- d-----w C:\Program Files\Tetris Championship
2008-07-28 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2008-07-28 16:01 166,818 ----a-w C:\WINDOWS\Video Cleaner Uninstaller.exe
2008-07-28 16:01 --------- d-----w C:\Program Files\WMV9_VCM
2008-07-28 16:00 --------- d-----w C:\Program Files\River Past
2008-07-28 16:00 --------- d-----w C:\Program Files\Fichiers communs\River Past
2008-07-28 16:00 --------- d-----w C:\Documents and Settings\Antoine\Application Data\River Past G5
2008-04-02 12:05 39,360 -c--a-w C:\Documents and Settings\Antoine\Application Data\GDIPFONTCACHEV1.DAT
2007-12-21 18:07 36,224 -c--a-w C:\Documents and Settings\Guy\Application Data\GDIPFONTCACHEV1.DAT
2006-08-02 16:05 81,920 -c--a-w C:\Documents and Settings\Antoine\Application Data\ezpinst.exe
2006-08-02 16:05 47,360 -c--a-w C:\Documents and Settings\Antoine\Application Data\pcouffin.sys
2004-05-11 23:18 28,672 -c--a-w C:\Program Files\mozilla firefox\plugins\custsat.dll
2004-08-11 19:49 344,064 -c--a-w C:\Program Files\mozilla firefox\plugins\mpvis.dll
2004-08-01 16:01 47,616 -c--a-w C:\Program Files\mozilla firefox\plugins\msoobci.dll
2004-08-11 19:49 77,824 -c--a-w C:\Program Files\mozilla firefox\plugins\wmpband.dll
.
------- Sigcheck -------
2005-09-18 12:52 359936 dbc20c4332fe84b826530c49ae09721e C:\WINDOWS\system32\drivers\tcpip.sys
2005-09-17 15:37 2120704 685a3d6f43e5047f733b7150a78d0eae C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 117,414 2008-07-06 02:05:25 C:\Documents and Settings\Antoine\Mes documents\sokker-0.12.1\bak\attic\autobackup-1.bak
----a-w 110,494 2008-07-05 18:55:19 C:\Documents and Settings\Antoine\Mes documents\sokker-0.12.1\bak\attic\autobackup-7.bak
------w 0 1601-01-01 00:00:00 C:\Program Files\Adobe\Photoshop Album Edition DÚcouverte\3.0\Apps\bak\
-c--a-w 339,968 2005-01-19 20:40:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
-c--a-w 180,269 2005-12-15 11:49:15 C:\Program Files\Fichiers communs\Real\Update_OB\bak\realsched.exe
-c--a-w 36,975 2005-08-26 17:14:44 C:\Program Files\Java\jre1.5.0_05\bin\bak\jusched.exe
-c--a-w 188,416 2004-02-12 14:57:20 C:\Program Files\Logitech\Video\bak\ISStart.exe
-c--a-w 77,824 2004-02-12 14:59:58 C:\Program Files\Logitech\Video\bak\LogiTray.exe
-c--a-w 217,088 2005-12-13 06:49:08 C:\Program Files\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE
-c--a-w 98,304 2006-10-14 17:48:12 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-05-27 08:50:30 C:\Program Files\QuickTime\QTTask.exe
-c--a-w 40,960 2005-09-12 13:21:10 C:\Program Files\Samsung\Samsung Media Studio\bak\SamsungMediaStudioAgent.exe
-c--a-w 49,152 2003-05-08 10:00:58 C:\Program Files\ScanSoft\OmniPageSE2.0\bak\OpwareSE2.exe
-c--a-w 32,768 2004-10-14 16:55:30 C:\Program Files\Wanadoo\bak\GestMaj.exe
-c----w 32,768 2004-10-14 15:55:30 C:\Program Files\Wanadoo\GestMAJ.exe
-c--a-w 20,480 2004-08-23 14:49:56 C:\Program Files\Wanadoo\bak\Watch.exe
------w 20,480 2004-08-23 13:49:56 C:\Program Files\Wanadoo\Watch.exe
-c--a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [N/A]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"C:\WINDOWS\system32\kdllv.exe"="C:\WINDOWS\system32\kdllv.exe" [N/A]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" [N/A]
"POEngine"="" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"7H28X9M91L"="C:\WINDOWS\winlogon32.exe" [N/A]
C:\Documents and Settings\Matthieu\Menu D‚marrer\Programmes\D‚marrage\
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-22 149520]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
"msacm.enc"= ITIG726.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Metacafe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\TribalWeb.lnk
backup=C:\WINDOWS\pss\TribalWeb.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^TribalWeb.net.lnk]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\TribalWeb.net.lnk
backup=C:\WINDOWS\pss\TribalWeb.net.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour XPlay Tray Notification Icon]
C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Antoine\\Mes documents\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\StubInstaller.exe"=
"F:\\Steam\\SteamApps\\atticanus\\counter-strike source\\hl2.exe"=
"F:\\Steam\\SteamApps\\atticanus\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\River Past\\Video Cleaner\\VideoCleaner.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-01-22 33856]
S3 c0687152-ce43-4a6a-80a2-1ada589ab201;c0687152-ce43-4a6a-80a2-1ada589ab201;D:\Player\cds300.dll [ ]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-11-03 28704]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c04f2bb2-f5a6-11dc-894a-000b6a5f7bea}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
*Newly Created Service* - HELPSVC
.
Contenu du dossier 'Tâches planifiées'
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 17:45:24
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-25 18:00:50
ComboFix-quarantined-files.txt 2008-09-25 16:00:47
ComboFix2.txt 2008-09-25 13:42:24
Avant-CF: 5,626,167,296 octets libres
Après-CF: 5,620,666,368 octets libres
220
Rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:58, on 25/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\eden.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdllv.exe] C:\WINDOWS\system32\kdllv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [7H28X9M91L] C:\WINDOWS\winlogon32.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
O15 - Trusted Zone: http://update.randhi.com (HKLM)
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - AppInit_DLLs:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
voila les rapports:
Rapport ComboFix:
ComboFix 08-09-24.11 - Antoine 2008-09-25 17:42:10.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.73 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Antoine\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Antoine\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\Program Files\rhcjw0j0ev47\rhcjw0j0ev47.exe
C:\WINDOWS\system32\lphcnw0j0ev47.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Françoise\Cookies\françoise@metrics.adobe[2].txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-25 au 2008-09-25 ))))))))))))))))))))))))))))))))))))
.
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\WINDOWS\system32\xircom
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\WINDOWS\srchasst
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\Program Files\microsoft frontpage
2008-09-25 14:18 . 2008-09-25 14:38 <REP> d-------- C:\hijackthis
2008-09-24 11:03 . 2008-09-24 11:52 3,034 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-24 11:02 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-24 11:02 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-24 11:02 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-09-24 11:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-24 11:02 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-24 11:02 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-24 11:02 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-24 11:01 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-24 11:01 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-24 11:01 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-24 11:01 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-19 19:26 . 2008-09-19 22:46 <REP> d-------- C:\Program Files\Partouche
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 15:37 --------- d-----w C:\Program Files\Wanadoo
2008-09-25 15:24 --------- d-----w C:\Program Files\Full Tilt Poker
2008-09-25 14:48 --------- d-----w C:\Program Files\PokerStars
2008-09-24 08:42 --------- d-----w C:\Documents and Settings\Matthieu\Application Data\Metacafe
2008-09-23 05:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-09-18 08:17 --------- d-----w C:\Documents and Settings\Antoine\Application Data\Azureus
2008-09-16 05:59 --------- d-----w C:\Program Files\LIVEUPDATE
2008-09-04 08:45 --------- d-----w C:\Program Files\Everest Poker
2008-09-03 07:57 --------- d-----w C:\Program Files\WinamaxPoker
2008-08-30 20:11 --------- d-----w C:\Program Files\InstantTouch
2008-08-30 12:31 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-24 14:12 --------- d-----w C:\Program Files\Apple Software Update
2008-08-24 13:59 --------- d-----w C:\Program Files\iTunes
2008-08-24 13:58 --------- d-----w C:\Program Files\iPod
2008-08-23 14:04 --------- d-----w C:\Program Files\MSN Messenger
2008-08-23 14:01 --------- d-----w C:\Program Files\Windows Live
2008-08-23 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-23 10:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-17 13:39 --------- d-----w C:\Documents and Settings\Antoine\Application Data\TransRender
2008-08-01 08:01 --------- d-----w C:\Documents and Settings\Guy\Application Data\Canon
2008-07-30 21:11 --------- d-----w C:\Program Files\Tetris Championship
2008-07-28 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2008-07-28 16:01 166,818 ----a-w C:\WINDOWS\Video Cleaner Uninstaller.exe
2008-07-28 16:01 --------- d-----w C:\Program Files\WMV9_VCM
2008-07-28 16:00 --------- d-----w C:\Program Files\River Past
2008-07-28 16:00 --------- d-----w C:\Program Files\Fichiers communs\River Past
2008-07-28 16:00 --------- d-----w C:\Documents and Settings\Antoine\Application Data\River Past G5
2008-04-02 12:05 39,360 -c--a-w C:\Documents and Settings\Antoine\Application Data\GDIPFONTCACHEV1.DAT
2007-12-21 18:07 36,224 -c--a-w C:\Documents and Settings\Guy\Application Data\GDIPFONTCACHEV1.DAT
2006-08-02 16:05 81,920 -c--a-w C:\Documents and Settings\Antoine\Application Data\ezpinst.exe
2006-08-02 16:05 47,360 -c--a-w C:\Documents and Settings\Antoine\Application Data\pcouffin.sys
2004-05-11 23:18 28,672 -c--a-w C:\Program Files\mozilla firefox\plugins\custsat.dll
2004-08-11 19:49 344,064 -c--a-w C:\Program Files\mozilla firefox\plugins\mpvis.dll
2004-08-01 16:01 47,616 -c--a-w C:\Program Files\mozilla firefox\plugins\msoobci.dll
2004-08-11 19:49 77,824 -c--a-w C:\Program Files\mozilla firefox\plugins\wmpband.dll
.
------- Sigcheck -------
2005-09-18 12:52 359936 dbc20c4332fe84b826530c49ae09721e C:\WINDOWS\system32\drivers\tcpip.sys
2005-09-17 15:37 2120704 685a3d6f43e5047f733b7150a78d0eae C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 117,414 2008-07-06 02:05:25 C:\Documents and Settings\Antoine\Mes documents\sokker-0.12.1\bak\attic\autobackup-1.bak
----a-w 110,494 2008-07-05 18:55:19 C:\Documents and Settings\Antoine\Mes documents\sokker-0.12.1\bak\attic\autobackup-7.bak
------w 0 1601-01-01 00:00:00 C:\Program Files\Adobe\Photoshop Album Edition DÚcouverte\3.0\Apps\bak\
-c--a-w 339,968 2005-01-19 20:40:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
-c--a-w 180,269 2005-12-15 11:49:15 C:\Program Files\Fichiers communs\Real\Update_OB\bak\realsched.exe
-c--a-w 36,975 2005-08-26 17:14:44 C:\Program Files\Java\jre1.5.0_05\bin\bak\jusched.exe
-c--a-w 188,416 2004-02-12 14:57:20 C:\Program Files\Logitech\Video\bak\ISStart.exe
-c--a-w 77,824 2004-02-12 14:59:58 C:\Program Files\Logitech\Video\bak\LogiTray.exe
-c--a-w 217,088 2005-12-13 06:49:08 C:\Program Files\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE
-c--a-w 98,304 2006-10-14 17:48:12 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-05-27 08:50:30 C:\Program Files\QuickTime\QTTask.exe
-c--a-w 40,960 2005-09-12 13:21:10 C:\Program Files\Samsung\Samsung Media Studio\bak\SamsungMediaStudioAgent.exe
-c--a-w 49,152 2003-05-08 10:00:58 C:\Program Files\ScanSoft\OmniPageSE2.0\bak\OpwareSE2.exe
-c--a-w 32,768 2004-10-14 16:55:30 C:\Program Files\Wanadoo\bak\GestMaj.exe
-c----w 32,768 2004-10-14 15:55:30 C:\Program Files\Wanadoo\GestMAJ.exe
-c--a-w 20,480 2004-08-23 14:49:56 C:\Program Files\Wanadoo\bak\Watch.exe
------w 20,480 2004-08-23 13:49:56 C:\Program Files\Wanadoo\Watch.exe
-c--a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [N/A]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"C:\WINDOWS\system32\kdllv.exe"="C:\WINDOWS\system32\kdllv.exe" [N/A]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" [N/A]
"POEngine"="" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"7H28X9M91L"="C:\WINDOWS\winlogon32.exe" [N/A]
C:\Documents and Settings\Matthieu\Menu D‚marrer\Programmes\D‚marrage\
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-22 149520]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
"msacm.enc"= ITIG726.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Metacafe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\TribalWeb.lnk
backup=C:\WINDOWS\pss\TribalWeb.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^TribalWeb.net.lnk]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\TribalWeb.net.lnk
backup=C:\WINDOWS\pss\TribalWeb.net.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour XPlay Tray Notification Icon]
C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Antoine\\Mes documents\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\StubInstaller.exe"=
"F:\\Steam\\SteamApps\\atticanus\\counter-strike source\\hl2.exe"=
"F:\\Steam\\SteamApps\\atticanus\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\River Past\\Video Cleaner\\VideoCleaner.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-01-22 33856]
S3 c0687152-ce43-4a6a-80a2-1ada589ab201;c0687152-ce43-4a6a-80a2-1ada589ab201;D:\Player\cds300.dll [ ]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-11-03 28704]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c04f2bb2-f5a6-11dc-894a-000b6a5f7bea}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
*Newly Created Service* - HELPSVC
.
Contenu du dossier 'Tâches planifiées'
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 17:45:24
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-25 18:00:50
ComboFix-quarantined-files.txt 2008-09-25 16:00:47
ComboFix2.txt 2008-09-25 13:42:24
Avant-CF: 5,626,167,296 octets libres
Après-CF: 5,620,666,368 octets libres
220
Rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:58, on 25/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\eden.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdllv.exe] C:\WINDOWS\system32\kdllv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [7H28X9M91L] C:\WINDOWS\winlogon32.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
O15 - Trusted Zone: http://update.randhi.com (HKLM)
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - AppInit_DLLs:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
25 sept. 2008 à 22:55
25 sept. 2008 à 22:55
analyse ces deux fichiers sur virus total et colle les rapoorts:https://www.virustotal.com/gui/
C:\WINDOWS\system32\kdllv.exe
C:\WINDOWS\system32\sysrest32.exe
______________
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous si presentes et clic en bas sur "fix checked"
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
O15 - Trusted Zone: http://update.randhi.com (HKLM)
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - AppInit_DLLs:
______________________
Mettre a jour java:
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
mettre à jour adobe reader
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html
_______________________
recolle un nouveau hijackhtis et un rapport avec nativir que tu as et dis tes soucis
C:\WINDOWS\system32\kdllv.exe
C:\WINDOWS\system32\sysrest32.exe
______________
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous si presentes et clic en bas sur "fix checked"
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
O15 - Trusted Zone: http://update.randhi.com (HKLM)
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - AppInit_DLLs:
______________________
Mettre a jour java:
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
mettre à jour adobe reader
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html
_______________________
recolle un nouveau hijackhtis et un rapport avec nativir que tu as et dis tes soucis
Re,
tout d'abord
les 2 fichiers que tu m'as demandé d'analyser ne sont pas présents sur mon pc
(C:\WINDOWS\system32\kdllv.exe et C:\WINDOWS\system32\sysrest32.exe)
ensuite
dans la manip avec Hijackthis où il fallait cliquer sur "fix checked", ces 2 lignes n'étaient pas présentes:
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
et enfin
j'ai mis à jour Java (qui fonctionne sur IE et Firefox, mais pas sur Opera; mais ça c'est un autre probleme...) et Adobe Reader. Par contre je ne peux pas installer IE7 car mon Windows n'est pas validé...
Sinon Antivirus XP 2008 est toujours présent dans la liste des programme et Windows me demande toujours le cd d'installation.
Voila le dernier rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:27:24, on 26/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Opera\opera.exe
C:\hijackthis\eden.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdllv.exe] C:\WINDOWS\system32\kdllv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [7H28X9M91L] C:\WINDOWS\winlogon32.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BB1EA09-D73A-4B8A-9255-92BA95320F3E}: NameServer = 81.253.149.9 80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{2BB1EA09-D73A-4B8A-9255-92BA95320F3E}: NameServer = 81.253.149.9 80.10.246.132
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
tout d'abord
les 2 fichiers que tu m'as demandé d'analyser ne sont pas présents sur mon pc
(C:\WINDOWS\system32\kdllv.exe et C:\WINDOWS\system32\sysrest32.exe)
ensuite
dans la manip avec Hijackthis où il fallait cliquer sur "fix checked", ces 2 lignes n'étaient pas présentes:
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
et enfin
j'ai mis à jour Java (qui fonctionne sur IE et Firefox, mais pas sur Opera; mais ça c'est un autre probleme...) et Adobe Reader. Par contre je ne peux pas installer IE7 car mon Windows n'est pas validé...
Sinon Antivirus XP 2008 est toujours présent dans la liste des programme et Windows me demande toujours le cd d'installation.
Voila le dernier rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:27:24, on 26/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Opera\opera.exe
C:\hijackthis\eden.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdllv.exe] C:\WINDOWS\system32\kdllv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [7H28X9M91L] C:\WINDOWS\winlogon32.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BB1EA09-D73A-4B8A-9255-92BA95320F3E}: NameServer = 81.253.149.9 80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{2BB1EA09-D73A-4B8A-9255-92BA95320F3E}: NameServer = 81.253.149.9 80.10.246.132
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
Et voila le résultat de l'analyse Antivir:
Avira AntiVir Personal
Report file date: vendredi 26 septembre 2008 00:52
Scanning for 1643726 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: WINXTREME
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 18/07/2008 05:50:11
AVSCAN.DLL : 8.1.4.0 40705 Bytes 18/07/2008 05:50:11
LUKE.DLL : 8.1.4.5 164097 Bytes 18/07/2008 05:50:16
LUKERES.DLL : 8.1.4.0 12033 Bytes 18/07/2008 05:50:16
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 15:17:01
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 06:53:40
ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 02:29:32
ANTIVIR3.VDF : 7.0.6.213 446464 Bytes 25/09/2008 22:13:01
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 20/04/2008 11:50:35
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 19/09/2008 07:00:54
AESCN.DLL : 8.1.0.23 119156 Bytes 18/07/2008 05:50:26
AERDL.DLL : 8.1.1.2 438644 Bytes 19/09/2008 07:00:51
AEPACK.DLL : 8.1.2.3 364918 Bytes 25/09/2008 22:13:05
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 19/09/2008 07:00:47
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 19/09/2008 07:00:45
AEHELP.DLL : 8.1.0.15 115063 Bytes 03/06/2008 11:29:01
AEGEN.DLL : 8.1.0.36 315764 Bytes 21/08/2008 16:17:56
AEEMU.DLL : 8.1.0.7 430452 Bytes 17/08/2008 12:30:42
AECORE.DLL : 8.1.1.11 172406 Bytes 05/09/2008 05:12:18
AEBB.DLL : 8.1.0.1 53617 Bytes 18/07/2008 05:50:24
AVWINLL.DLL : 1.0.0.12 15105 Bytes 18/07/2008 05:50:12
AVPREF.DLL : 8.0.2.0 38657 Bytes 18/07/2008 05:50:11
AVREP.DLL : 8.0.0.2 98344 Bytes 17/08/2008 12:30:37
AVREG.DLL : 8.0.0.1 33537 Bytes 18/07/2008 05:50:11
AVARKT.DLL : 1.0.0.23 307457 Bytes 20/04/2008 11:50:28
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 18/07/2008 05:50:10
SQLITE3.DLL : 3.3.17.1 339968 Bytes 20/04/2008 11:50:32
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 18/07/2008 05:50:19
NETNT.DLL : 8.0.0.1 7937 Bytes 20/04/2008 11:50:32
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 18/07/2008 05:49:27
RCTEXT.DLL : 8.0.52.0 86273 Bytes 18/07/2008 05:49:27
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: quarantine
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, F:, G:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 26 septembre 2008 00:52
The scan of running processes will be started
Scan process 'avwsc.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
Scan process 'Toaster.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '95' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\WINDOWS\system32\lphcnw0j0ev47.exe.vir
[DETECTION] Is the TR/Dldr.Small.adql Trojan
[NOTE] The file was moved to '4944215b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\phcnw0j0ev47.bmp.vir
[DETECTION] Is the TR/Fakealert.AAF Trojan
[NOTE] The file was moved to '493f2154.qua'!
C:\System Volume Information\_restore{955D0A0E-345B-4642-84EB-82140CF6C439}\RP8\A0003052.exe
[DETECTION] Is the TR/Dldr.Small.adql Trojan
[NOTE] The file was moved to '490c2138.qua'!
Begin scan in 'F:\'
Begin scan in 'G:\'
End of the scan: vendredi 26 septembre 2008 02:02
Used time: 1:10:34 Hour(s)
The scan has been done completely.
18316 Scanning directories
420488 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
420484 Files not concerned
3714 Archives were scanned
1 Warnings
3 Notes
Avira AntiVir Personal
Report file date: vendredi 26 septembre 2008 00:52
Scanning for 1643726 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: WINXTREME
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 18/07/2008 05:50:11
AVSCAN.DLL : 8.1.4.0 40705 Bytes 18/07/2008 05:50:11
LUKE.DLL : 8.1.4.5 164097 Bytes 18/07/2008 05:50:16
LUKERES.DLL : 8.1.4.0 12033 Bytes 18/07/2008 05:50:16
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 15:17:01
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 06:53:40
ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 02:29:32
ANTIVIR3.VDF : 7.0.6.213 446464 Bytes 25/09/2008 22:13:01
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 20/04/2008 11:50:35
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 19/09/2008 07:00:54
AESCN.DLL : 8.1.0.23 119156 Bytes 18/07/2008 05:50:26
AERDL.DLL : 8.1.1.2 438644 Bytes 19/09/2008 07:00:51
AEPACK.DLL : 8.1.2.3 364918 Bytes 25/09/2008 22:13:05
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 19/09/2008 07:00:47
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 19/09/2008 07:00:45
AEHELP.DLL : 8.1.0.15 115063 Bytes 03/06/2008 11:29:01
AEGEN.DLL : 8.1.0.36 315764 Bytes 21/08/2008 16:17:56
AEEMU.DLL : 8.1.0.7 430452 Bytes 17/08/2008 12:30:42
AECORE.DLL : 8.1.1.11 172406 Bytes 05/09/2008 05:12:18
AEBB.DLL : 8.1.0.1 53617 Bytes 18/07/2008 05:50:24
AVWINLL.DLL : 1.0.0.12 15105 Bytes 18/07/2008 05:50:12
AVPREF.DLL : 8.0.2.0 38657 Bytes 18/07/2008 05:50:11
AVREP.DLL : 8.0.0.2 98344 Bytes 17/08/2008 12:30:37
AVREG.DLL : 8.0.0.1 33537 Bytes 18/07/2008 05:50:11
AVARKT.DLL : 1.0.0.23 307457 Bytes 20/04/2008 11:50:28
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 18/07/2008 05:50:10
SQLITE3.DLL : 3.3.17.1 339968 Bytes 20/04/2008 11:50:32
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 18/07/2008 05:50:19
NETNT.DLL : 8.0.0.1 7937 Bytes 20/04/2008 11:50:32
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 18/07/2008 05:49:27
RCTEXT.DLL : 8.0.52.0 86273 Bytes 18/07/2008 05:49:27
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: quarantine
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, F:, G:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 26 septembre 2008 00:52
The scan of running processes will be started
Scan process 'avwsc.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
Scan process 'Toaster.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '95' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\WINDOWS\system32\lphcnw0j0ev47.exe.vir
[DETECTION] Is the TR/Dldr.Small.adql Trojan
[NOTE] The file was moved to '4944215b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\phcnw0j0ev47.bmp.vir
[DETECTION] Is the TR/Fakealert.AAF Trojan
[NOTE] The file was moved to '493f2154.qua'!
C:\System Volume Information\_restore{955D0A0E-345B-4642-84EB-82140CF6C439}\RP8\A0003052.exe
[DETECTION] Is the TR/Dldr.Small.adql Trojan
[NOTE] The file was moved to '490c2138.qua'!
Begin scan in 'F:\'
Begin scan in 'G:\'
End of the scan: vendredi 26 septembre 2008 02:02
Used time: 1:10:34 Hour(s)
The scan has been done completely.
18316 Scanning directories
420488 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
420484 Files not concerned
3714 Archives were scanned
1 Warnings
3 Notes
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
26 sept. 2008 à 13:31
26 sept. 2008 à 13:31
ok vire ce qui est dans le dossier quarantine en allant dans poste detravail puis
C:\QooBox\Quarantine
___________
scan ton ordi avec super antispyware et colle le rapport
http://www.commentcamarche.net/forum/affich 7476618 je veux enlever antivirusxp2008 svp?page=3#52
___________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\system32\kdllv.exe
C:\WINDOWS\system32\sysrest32.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
__________________
repare windows avec zeb restore
http://telechargement.zebulon.fr/zeb-restore.html
______________________
recolle un rapport combofix et dis tes soucis
C:\QooBox\Quarantine
___________
scan ton ordi avec super antispyware et colle le rapport
http://www.commentcamarche.net/forum/affich 7476618 je veux enlever antivirusxp2008 svp?page=3#52
___________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\system32\kdllv.exe
C:\WINDOWS\system32\sysrest32.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
__________________
repare windows avec zeb restore
http://telechargement.zebulon.fr/zeb-restore.html
______________________
recolle un rapport combofix et dis tes soucis
Bonjour jlpjlp,
Rapport super antispyware:
SUPERAntiSpyware Scan Log
https://www.superantispyware.com/
Generated 09/26/2008 at 09:14 PM
Application Version : 4.21.1004
Core Rules Database Version : 3580
Trace Rules Database Version: 1568
Scan type : Complete Scan
Total Scan Time : 02:34:30
Memory items scanned : 389
Memory threats detected : 0
Registry items scanned : 5545
Registry threats detected : 30
File items scanned : 120595
File threats detected : 831
Unclassified.Oreans32
HKLM\System\ControlSet001\Services\oreans32
C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_oreans32
HKLM\System\ControlSet002\Services\oreans32
HKLM\System\ControlSet002\Enum\Root\LEGACY_oreans32
HKLM\System\CurrentControlSet\Services\oreans32
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance
Adware.Tracking Cookie
C:\Documents and Settings\Antoine\Cookies\antoine@bs.serving-sys[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@atdmt[4].txt
C:\Documents and Settings\Antoine\Cookies\antoine@doubleclick[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@smartadserver[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@serving-sys[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@xiti[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adultfriendfinder[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@bluestreak[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@boursoramabanque.solution.weborama[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@youporn[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@apmebf[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@advertising[4].txt
C:\Documents and Settings\Antoine\Cookies\antoine@mediaplex[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@msnportal.112.2o7[4].txt
C:\Documents and Settings\Antoine\Cookies\antoine@weborama[5].txt
C:\Documents and Settings\Antoine\Cookies\antoine@fastclick[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@atdmt[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@atdmt[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@hitbox[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@tribalfusion[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@hitbox[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@hitbox[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ad.media-servers[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@realmedia[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@bnpparibasnet.solution.weborama[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@2o7[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@advertstream[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@weborama[4].txt
C:\Documents and Settings\Antoine\Cookies\antoine@weborama[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@weborama[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@tracker.affistats[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@weborama[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@media.brandreachsys[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@mediaplex[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@cdiscount[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@toplist[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adviva[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adviva[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@exoclick[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adserver.adreactor[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ads.addynamix[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@banner.prestigecasino[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@media.adrevolver[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ice.112.2o7[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adtech[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adtech[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@xiti[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@doubleclick[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@bs.serving-sys[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@media.adrevolver[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@doubleclick[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@bluestreak[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@mediaservices.myspace[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@www.redporntube[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@clickaider[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@al3xxx712.skyblog[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@laredoute.solution.weborama[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@banner.poker770[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ehg-foxmovies.hitbox[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adbrite[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adserver.aol[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@tacoda[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adbrite[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@statcounter[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ehg-nokiafin.hitbox[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@aerolis.solution.weborama[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@statcounter[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ad.yieldmanager[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@www.smartadserver[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@smartadserver[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adultfriendfinder[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adrevolver[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@fr.clickintext[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ads.adbrite[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@3.adbrite[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@www.burstnet[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adrevolver[5].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adrevolver[4].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adrevolver[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ehg-telecomitalia.hitbox[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adopt.hbmediapro[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@advertising[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@www2.visiostats[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@vhost.oddcast[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@advertising[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@247realmedia[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@247realmedia[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@atlas.fixionmedia[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@weba.cdiscount[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@tradedoubler[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@tradedoubler[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ehg-vcbs.hitbox[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ads.planetactive[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@oddcast[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@yourmedia[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@iv2.bluestreak[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@yourmedia[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@cpvfeed[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@yourmedia[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@casalemedia[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@kontera[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@msnportal.112.2o7[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ehg-wpt.hitbox[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@overture[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@cetelem.solution.weborama[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@statse.webtrendslive[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@msnportal.112.2o7[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@msnportal.112.2o7[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@casalemedia[1].txt
.voyagescarrefour.112.2o7.net [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
.weborama.fr [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
.estat.com [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
C:\Documents and Settings\Françoise\Cookies\françoise@ehg-triseptsoultions.hitbox[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@tracker.roitesting[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@xiti[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@zedo[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@ads.118000[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@www.web-mediaplayer[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@casalemedia[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@yourmedia[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@apmebf[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@apmebf[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@revenue[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@fr.12finder[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@serving-sys[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@ehg-adversitement.hitbox[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@overture[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@overture[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@adopt.euroclick[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@advertstream[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@mediastay.directtrack[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@www.cdiscount[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@directtrack[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@mediaplex[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@vitteladidasavril08.solution.weborama[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@bluestreak[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@bluestreak[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@ehg-francetelecom.hitbox[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@weborama[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@weborama[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@weborama[3].txt
C:\Documents and Settings\Françoise\Cookies\françoise@museumofmodernart.112.2o7[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@ads.wanadooregie[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@webstats[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@bluestreak[4].txt
C:\Documents and Settings\Françoise\Cookies\françoise@eqtracking[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@doubleclick[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@hitbox[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@hitbox[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@paypal.112.2o7[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@clicks.smartbizsearch[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@adserver.aol[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@media.webstore-internet[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@ad.cibleclick[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@www.cibleclick[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@accounts[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@sfr.122.2o7[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@questionmarket[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@adviva[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@drivecleaner[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@smartadserver[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@questionmarket[3].txt
C:\Documents and Settings\Françoise\Cookies\françoise@smartadserver[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@adtech[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@adtech[3].txt
C:\Documents and Settings\Françoise\Cookies\françoise@stat.dealtime[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@247realmedia[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@adrevolver[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@adrevolver[3].txt
C:\Documents and Settings\Françoise\Cookies\françoise@advertising[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@atdmt[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@atdmt[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@bnpparibasnet.solution.weborama[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@canalplus.112.2o7[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@cookiestats[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@media.adrevolver[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@mediaservices.myspace[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@stats.federal-hotel[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@stats.manticoretechnology[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@statsweb.bnpparibas[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@stats[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@track.espaceclient[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@tracker.affistats[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@tracker.affistats[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@trackers.1st-affiliation[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@tracking.lsfinteractive[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@voyagescarrefour.112.2o7[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@web-mediaplayer[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@www2.visiostats[1].txt
.boursoramabanque.solution.weborama.fr [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.weborama.fr [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.boursoramabanque.solution.weborama.fr [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.boursoramabanque.solution.weborama.fr [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.boursoramabanque.solution.weborama.fr [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.weborama.fr [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
www.sa-sex.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.sexyavenue.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
www.sexyavenue.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
www.sexyavenue.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.lesexemature.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.lesexemature.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.bluestreak.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
www.smartadserver.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
www.smartadserver.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.smartadserver.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
www.smartadserver.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.smartadserver.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.estat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.msnaccountservices.112.2o7.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
fl01.ct2.comclick.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
fl01.ct2.comclick.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
fl01.ct2.comclick.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.adviva.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
media.webstore-internet.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.click-fr.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.click-fr.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
fr.sitestat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
tracker.affistats.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
tracker.affistats.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
tracker.affistats.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
tracker.affistats.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
tracker.affistats.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
tracker.affistats.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
ad.zanox.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
uk.sitestat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.tradedoubler.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.tradedoubler.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.tradedoubler.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.tradedoubler.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.indextools.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
int.sitestat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
int.sitestat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
be.sitestat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
be.sitestat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.advertstream.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.advertstream.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
www.cibleclick.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.opodo.122.2o7.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
tracking.lsfinteractive.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.digimedia.be [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.yourmedia.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
fr.sitestat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
www.belstat.be [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
fr.sitestat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
fr.sitestat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
statse.webtrendslive.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
www.divx2sexe.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
C:\Documents and Settings\Guy\Cookies\guy@ads.pointroll[2].txt
C:\Documents and Settings\Guy\Cookies\guy@adopt.euroclick[2].txt
C:\Documents and Settings\Guy\Cookies\guy@advertising[1].txt
C:\Documents and Settings\Guy\Cookies\guy@adserver.aol[1].txt
C:\Documents and Settings\Guy\Cookies\guy@films-sexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@ads-dev.youporn[2].txt
C:\Documents and Settings\Guy\Cookies\guy@ads.webmastore[2].txt
C:\Documents and Settings\Guy\Cookies\guy@www.gigatopsexe[1].txt
C:\Documents and Settings\Guy\Cookies\guy@www.thesexcode[2].txt
C:\Documents and Settings\Guy\Cookies\guy@ad.proxad[2].txt
C:\Documents and Settings\Guy\Cookies\guy@www.best-porno-sexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@www.blogasexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[13].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[12].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[11].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[10].txt
C:\Documents and Settings\Guy\Cookies\guy@ad.yieldmanager[1].txt
C:\Documents and Settings\Guy\Cookies\guy@media[1].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[19].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[18].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[17].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[16].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[15].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[14].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[2].txt
C:\Documents and Settings\Guy\Cookies\guy@adultfriendfinder[2].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[7].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[8].txt
C:\Documents and Settings\Guy\Cookies\guy@www.lesexemature[2].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[5].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[9].txt
C:\Documents and Settings\Guy\Cookies\guy@www.sexmummy[1].txt
C:\Documents and Settings\Guy\Cookies\guy@intermarche.solution.weborama[2].txt
C:\Documents and Settings\Guy\Cookies\guy@media.free-homemade-porn[1].txt
C:\Documents and Settings\Guy\Cookies\guy@www.sexedenfer[1].txt
C:\Documents and Settings\Guy\Cookies\guy@www.mypornmotion[1].txt
C:\Documents and Settings\Guy\Cookies\guy@bluestreak[2].txt
C:\Documents and Settings\Guy\Cookies\guy@www.pornhub[2].txt
C:\Documents and Settings\Guy\Cookies\guy@www.jackpotmadness[1].txt
C:\Documents and Settings\Guy\Cookies\guy@sexegaulois[2].txt
C:\Documents and Settings\Guy\Cookies\guy@adbrite[2].txt
C:\Documents and Settings\Guy\Cookies\guy@ad.zanox[2].txt
C:\Documents and Settings\Guy\Cookies\guy@adv.surinter[1].txt
C:\Documents and Settings\Guy\Cookies\guy@mediaplex[2].txt
C:\Documents and Settings\Guy\Cookies\guy@adultadworld[2].txt
C:\Documents and Settings\Guy\Cookies\guy@statcounter[2].txt
C:\Documents and Settings\Guy\Cookies\guy@sexe-30-40-50-ans[2].txt
C:\Documents and Settings\Guy\Cookies\guy@blogsexyvideos[2].txt
C:\Documents and Settings\Guy\Cookies\guy@weborama[2].txt
C:\Documents and Settings\Guy\Cookies\guy@mediasexy[1].txt
C:\Documents and Settings\Guy\Cookies\guy@vidzxxx.ifrance[2].txt
C:\Documents and Settings\Guy\Cookies\guy@mediaservices.myspace[1].txt
C:\Documents and Settings\Guy\Cookies\guy@www.sexerank[2].txt
C:\Documents and Settings\Guy\Cookies\guy@blogsexe[1].txt
C:\Documents and Settings\Guy\Cookies\guy@www.videosdesexe[1].txt
C:\Documents and Settings\Guy\Cookies\guy@ads.addynamix[1].txt
C:\Documents and Settings\Guy\Cookies\guy@ads.adbrite[1].txt
C:\Documents and Settings\Guy\Cookies\guy@247realmedia[2].txt
C:\Documents and Settings\Guy\Cookies\guy@ad2.doublepimp[1].txt
C:\Documents and Settings\Guy\Cookies\guy@ad.ieurop[1].txt
C:\Documents and Settings\Guy\Cookies\guy@ad.wedoo[2].txt
C:\Documents and Settings\Guy\Cookies\guy@adtech[1].txt
C:\Documents and Settings\Guy\Cookies\guy@apmebf[2].txt
C:\Documents and Settings\Guy\Cookies\guy@aimfar.solution.weborama[1].txt
C:\Documents and Settings\Guy\Cookies\guy@amateur2sexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@blogasexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@asexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@atdmt[2].txt
C:\Documents and Settings\Guy\Cookies\guy@best-porno-sexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@blogsdesexe[1].txt
C:\Documents and Settings\Guy\Cookies\guy@bs.serving-sys[1].txt
C:\Documents and Settings\Guy\Cookies\guy@carasexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@cetelem.solution.weborama[2].txt
C:\Documents and Settings\Guy\Cookies\guy@clickintext[2].txt
C:\Documents and Settings\Guy\Cookies\guy@clicktorrent[1].txt
C:\Documents and Settings\Guy\Cookies\guy@counter8.sextracker[1].txt
C:\Documents and Settings\Guy\Cookies\guy@cz7.clickzs[2].txt
C:\Documents and Settings\Guy\Cookies\guy@directtrack[1].txt
C:\Documents and Settings\Guy\Cookies\guy@doubleclick[1].txt
C:\Documents and Settings\Guy\Cookies\guy@eas.apm.emediate[1].txt
C:\Documents and Settings\Guy\Cookies\guy@findeo[2].txt
C:\Documents and Settings\Guy\Cookies\guy@femme-mature-porno[2].txt
C:\Documents and Settings\Guy\Cookies\guy@finder-x[1].txt
C:\Documents and Settings\Guy\Cookies\guy@fl01.ct2.comclick[1].txt
C:\Documents and Settings\Guy\Cookies\guy@flvtools.spacash[1].txt
C:\Documents and Settings\Guy\Cookies\guy@indextools[2].txt
C:\Documents and Settings\Guy\Cookies\guy@lesexemature[1].txt
C:\Documents and Settings\Guy\Cookies\guy@jacquieetmichel.sexy.carasexe[1].txt
C:\Documents and Settings\Guy\Cookies\guy@ksexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@media.adrevolver[1].txt
C:\Documents and Settings\Guy\Cookies\guy@llsexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@m1.webstats.motigo[1].txt
C:\Documents and Settings\Guy\Cookies\guy@mediastay.directtrack[2].txt
C:\Documents and Settings\Guy\Cookies\guy@metacafe.122.2o7[1].txt
C:\Documents and Settings\Guy\Cookies\guy@mypornmotion[2].txt
C:\Documents and Settings\Guy\Cookies\guy@overture[2].txt
C:\Documents and Settings\Guy\Cookies\guy@pierrefabreseriane.solution.weborama[2].txt
C:\Documents and Settings\Guy\Cookies\guy@pornattitude[2].txt
C:\Documents and Settings\Guy\Cookies\guy@pornhost[1].txt
C:\Documents and Settings\Guy\Cookies\guy@pornhub[1].txt
C:\Documents and Settings\Guy\Cookies\guy@redporntube[1].txt
C:\Documents and Settings\Guy\Cookies\guy@serving-sys[2].txt
C:\Documents and Settings\Guy\Cookies\guy@sexe40ans[1].txt
C:\Documents and Settings\Guy\Cookies\guy@sextracker[1].txt
C:\Documents and Settings\Guy\Cookies\guy@sexy.lesdebiles[1].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[1].txt
C:\Documents and Settings\Guy\Cookies\guy@smartadserver[2].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[3].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[4].txt
C:\Documents and Settings\Guy\Cookies\guy@telecharger-porno-video[1].txt
C:\Documents and Settings\Guy\Cookies\guy@thesexcode[2].txt
C:\Documents and Settings\Guy\Cookies\guy@top-porno[2].txt
C:\Documents and Settings\Guy\Cookies\guy@video-2-sex[1].txt
C:\Documents and Settings\Guy\Cookies\guy@track.effiliation[1].txt
C:\Documents and Settings\Guy\Cookies\guy@tracking.publicidees[1].txt
C:\Documents and Settings\Guy\Cookies\guy@tradedoubler[1].txt
C:\Documents and Settings\Guy\Cookies\guy@xiti[1].txt
C:\Documents and Settings\Guy\Cookies\guy@youporn[1].txt
C:\Documents and Settings\Guy\Cookies\guy@yourmedia[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@al3xxx712.skyblog[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ice.112.2o7[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ice.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@porno-ultra-hard[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@account.live[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[13].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[17].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.sports[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad2.doublepimp[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adsrevenue[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad.zanox[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@bestsexworld[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@teenagebottlerocket[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@linksynergy[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[20].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.multimania.lycos[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[14].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[18].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad2.doublepimp[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@creative.adsrevenue[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad.zanox[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats.canalblog[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[21].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[11].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[15].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[19].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@lesblogsexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@findcdcovers[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.adgoto[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[12].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[16].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@amateur2sexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@click.misesajour[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@nrjmobile.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@questionmarket[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@12.go.globaladsales[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sexe.annuaire-du-web[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sextracker[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mediaservices.myspace[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@unplancul.com.sexy.easysexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@partypoker[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@statse.webtrendslive[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ipoint.targetpoint[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.sexedenfer[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ladynett.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@files.youporn[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@zone-porno[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@finder-x[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@questionmarket[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@vip.clickzs[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@celebritysextapes[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.divx2sexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.bestofmedia[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@garnierambresolaire.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@zbox.zanox[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@specificclick[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xxx-famous-barbie-xxx.skyrock[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@leblogsexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adult[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@zbox.zanox[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@le-sexe-gratuit[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@porn.naughtyfiles[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mediaservices.myspace[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads-dev.youporn[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@cz6.clickzs[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adultbouncer[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@cz5.clickzs[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.blog-adultes[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@insightexpressai[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@o0oups-pixxx.skyrock[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@casalemedia[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@casalemedia[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adcentriconline[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@leblogsexy[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adecn[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adv.surinter[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@pornotube[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sextapecelebs[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@atdmt[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@atdmt[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@atdmt[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@atdmt[5].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@azjmp[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xxxcounter[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adv.surinter[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@optimize.indieclick[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@optimize.indieclick[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@loftvsexy[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adrevolver[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[9].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[8].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[7].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[6].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[5].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad.fr.doubleclick[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.adbrite[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xxxcounter[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adrevolver[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.pixicast[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@unplancul.fr.sexy.easy-rencontres[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@banner.eurogrand[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adrevolver[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@pornotube[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@atdmt[6].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@pornstars.xondemand[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@clicks.smartbizsearch[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sexlist[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sexlist[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sexlist[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@as-eu.falkag[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adtech[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@crazyhomesex[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad.yieldmanager[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.floatingboymedia[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@intermarcheprixstickes22mars6av.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ehg-adidas.hitbox[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@himedia.112.2o7[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@himedia.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@2o7[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.mypornmotion[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.videosdesexe[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@webo.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@web-mediaplayer[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.blogasexe[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.xxxblackbook[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adult.hotmovies[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@nudecelebrityporn[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@elitetabs[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.addynamix[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.burstbeacon[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tremor.adbureau[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adtech[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@bnpparibasnet.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@samsung.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@samsung.solution.weborama[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www8.sexy.easyrencontre[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@apmebf[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@portaildusexe[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.burstnet[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.sexceleb[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@atwola[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@aimfar.solution.weborama[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@serving-sys[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@serving-sys[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tribalfusion[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.pointroll[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@banners.victor[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@banner.cotedazurpalace[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.cibleclick[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tribalfusion[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.canalblog[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tripod[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@banner.cotedazurpalace[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@paycounter[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.hypem[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.wanadooregie[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats.musikstreet[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@pornstarxs[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats.drivecleaner[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adviva[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fl01.ct2.comclick[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@flvtools.spacash[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.freshxxxclips[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@counter15.sextracker[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.sexstarsvideo[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tracker.interclimax[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@smartadserver[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fruitform.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@llsexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@larrymovies.sexy.easyrencontre[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@Nikki_Benz_Fucking_video[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adserver.easyad[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@counter10.sextracker[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@counter12.sextracker[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@conforamalancementsite.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.deenero[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@iacas.adbureau[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fuck-game59.skyblog[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.samsung.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@media.adrevolver[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@numberofthesex.skyrock[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fl01.ct2.comclick[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tracker.affistats[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@annonce-sexe[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adultfriendfinder[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adultfriendfinder[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adultfriendfinder[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@wt.sexsearch[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@media.adrevolver[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@eas.apm.emediate[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@interclick[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adserver.advertstream[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@cs.sexcounter[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad.wedoo[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tradedoubler[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@drivecleaner[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad1.soundpedia[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.shopthescene[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@atlas.fixionmedia[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.pornstaremart[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tracker.affistats[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.aina-media[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tradedoubler[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stat.blogorama[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@bravenet[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@counter.hitslink[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@blogsexe.francolive[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@lookingsexe[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tradedoubler[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mediaonenetwork[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@vfind.giga-find[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@expired.revenuedirect[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.sexshop-x[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ultratopsexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@kontera[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@acces-adulte[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@d2.advertserve[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.planetactive[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tradedoubler[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@cassava[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tracking.publicidees[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adserver[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@pornattitude[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@annuaire-sexe-gratuit[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tracking.publicidees[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fr.classic.clickintext[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@advertising[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@advertising[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@msnaccountservices.112.2o7[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@videos-sexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@clicksor[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@dieselbarapoches13avr15mai.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@teenidols4you[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.finder-x[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@orpicom.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@nestle.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@clickintext[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@clickintext[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@overture[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@kontera[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.us.e-planning[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.zetrack[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@nike.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@overture[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sexe-gratuit.porno-ultra-hard[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@blogcounter[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@yadro[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@yadro[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@247realmedia[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@yourmedia[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@leeenterprises.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@overture[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@advertising[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@revenue[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@revenue[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@revenue[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@yourmedia[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@yourmedia[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@yourmedia[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@counter8.sextracker[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.formalmedia[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@track.effiliation[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@track.effiliation[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@track.effiliation[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adopt.euroclick[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adopt.euroclick[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@gallys.legsex[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@overture[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.web-mediaplayer[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@blogsexe[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@goclick[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@cetelem.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@cetelem.solution.weborama[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.sexyavenue[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@doubleclick[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@doubleclick[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@paypal.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@whichpornstar.co[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@windowsmedia[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@altimasa.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fnac.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@leplancul.sexy.easyrencontre[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@unplancul.com.easysexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad.trackbar[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@windowsmedia[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adserver.aol[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sexyflirt[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sexyflirt[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@1-plan-cul.carasexe[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xxx-chic-vip-xxx.skyrock[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mediaplex[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mediaplex[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mediaplex[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mediaplex[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@clickaider[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adserver.aol[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@blog-adultes[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats.searchtrack[2].txt
C:
Rapport super antispyware:
SUPERAntiSpyware Scan Log
https://www.superantispyware.com/
Generated 09/26/2008 at 09:14 PM
Application Version : 4.21.1004
Core Rules Database Version : 3580
Trace Rules Database Version: 1568
Scan type : Complete Scan
Total Scan Time : 02:34:30
Memory items scanned : 389
Memory threats detected : 0
Registry items scanned : 5545
Registry threats detected : 30
File items scanned : 120595
File threats detected : 831
Unclassified.Oreans32
HKLM\System\ControlSet001\Services\oreans32
C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_oreans32
HKLM\System\ControlSet002\Services\oreans32
HKLM\System\ControlSet002\Enum\Root\LEGACY_oreans32
HKLM\System\CurrentControlSet\Services\oreans32
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance
Adware.Tracking Cookie
C:\Documents and Settings\Antoine\Cookies\antoine@bs.serving-sys[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@atdmt[4].txt
C:\Documents and Settings\Antoine\Cookies\antoine@doubleclick[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@smartadserver[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@serving-sys[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@xiti[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adultfriendfinder[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@bluestreak[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@boursoramabanque.solution.weborama[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@youporn[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@apmebf[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@advertising[4].txt
C:\Documents and Settings\Antoine\Cookies\antoine@mediaplex[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@msnportal.112.2o7[4].txt
C:\Documents and Settings\Antoine\Cookies\antoine@weborama[5].txt
C:\Documents and Settings\Antoine\Cookies\antoine@fastclick[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@atdmt[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@atdmt[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@hitbox[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@tribalfusion[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@hitbox[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@hitbox[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ad.media-servers[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@realmedia[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@bnpparibasnet.solution.weborama[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@2o7[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@advertstream[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@weborama[4].txt
C:\Documents and Settings\Antoine\Cookies\antoine@weborama[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@weborama[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@tracker.affistats[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@weborama[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@media.brandreachsys[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@mediaplex[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@cdiscount[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@toplist[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adviva[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adviva[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@exoclick[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adserver.adreactor[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ads.addynamix[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@banner.prestigecasino[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@media.adrevolver[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ice.112.2o7[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adtech[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adtech[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@xiti[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@doubleclick[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@bs.serving-sys[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@media.adrevolver[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@doubleclick[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@bluestreak[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@mediaservices.myspace[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@www.redporntube[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@clickaider[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@al3xxx712.skyblog[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@laredoute.solution.weborama[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@banner.poker770[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ehg-foxmovies.hitbox[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adbrite[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adserver.aol[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@tacoda[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adbrite[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@statcounter[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ehg-nokiafin.hitbox[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@aerolis.solution.weborama[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@statcounter[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ad.yieldmanager[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@www.smartadserver[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@smartadserver[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adultfriendfinder[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adrevolver[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@fr.clickintext[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ads.adbrite[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@3.adbrite[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@www.burstnet[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adrevolver[5].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adrevolver[4].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adrevolver[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ehg-telecomitalia.hitbox[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@adopt.hbmediapro[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@advertising[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@www2.visiostats[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@vhost.oddcast[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@advertising[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@247realmedia[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@247realmedia[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@atlas.fixionmedia[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@weba.cdiscount[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@tradedoubler[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@tradedoubler[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ehg-vcbs.hitbox[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ads.planetactive[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@oddcast[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@yourmedia[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@iv2.bluestreak[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@yourmedia[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@cpvfeed[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@yourmedia[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@casalemedia[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@kontera[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@msnportal.112.2o7[3].txt
C:\Documents and Settings\Antoine\Cookies\antoine@ehg-wpt.hitbox[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@overture[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@cetelem.solution.weborama[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@statse.webtrendslive[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@msnportal.112.2o7[1].txt
C:\Documents and Settings\Antoine\Cookies\antoine@msnportal.112.2o7[2].txt
C:\Documents and Settings\Antoine\Cookies\antoine@casalemedia[1].txt
.voyagescarrefour.112.2o7.net [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
.weborama.fr [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
.estat.com [ C:\Documents and Settings\Françoise\Application Data\Mozilla\Firefox\Profiles\dlmab0rj.default\cookies.txt ]
C:\Documents and Settings\Françoise\Cookies\françoise@ehg-triseptsoultions.hitbox[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@tracker.roitesting[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@xiti[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@zedo[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@ads.118000[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@www.web-mediaplayer[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@casalemedia[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@yourmedia[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@apmebf[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@apmebf[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@revenue[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@fr.12finder[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@serving-sys[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@ehg-adversitement.hitbox[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@overture[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@overture[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@adopt.euroclick[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@advertstream[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@mediastay.directtrack[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@www.cdiscount[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@directtrack[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@mediaplex[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@vitteladidasavril08.solution.weborama[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@bluestreak[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@bluestreak[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@ehg-francetelecom.hitbox[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@weborama[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@weborama[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@weborama[3].txt
C:\Documents and Settings\Françoise\Cookies\françoise@museumofmodernart.112.2o7[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@ads.wanadooregie[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@webstats[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@bluestreak[4].txt
C:\Documents and Settings\Françoise\Cookies\françoise@eqtracking[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@doubleclick[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@hitbox[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@hitbox[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@paypal.112.2o7[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@clicks.smartbizsearch[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@adserver.aol[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@media.webstore-internet[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@ad.cibleclick[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@www.cibleclick[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@accounts[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@sfr.122.2o7[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@questionmarket[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@adviva[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@drivecleaner[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@smartadserver[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@questionmarket[3].txt
C:\Documents and Settings\Françoise\Cookies\françoise@smartadserver[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@adtech[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@adtech[3].txt
C:\Documents and Settings\Françoise\Cookies\françoise@stat.dealtime[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@247realmedia[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@adrevolver[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@adrevolver[3].txt
C:\Documents and Settings\Françoise\Cookies\françoise@advertising[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@atdmt[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@atdmt[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@bnpparibasnet.solution.weborama[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@canalplus.112.2o7[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@cookiestats[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@media.adrevolver[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@mediaservices.myspace[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@stats.federal-hotel[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@stats.manticoretechnology[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@statsweb.bnpparibas[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@stats[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@track.espaceclient[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@tracker.affistats[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@tracker.affistats[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@trackers.1st-affiliation[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@tracking.lsfinteractive[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@voyagescarrefour.112.2o7[1].txt
C:\Documents and Settings\Françoise\Cookies\françoise@web-mediaplayer[2].txt
C:\Documents and Settings\Françoise\Cookies\françoise@www2.visiostats[1].txt
.boursoramabanque.solution.weborama.fr [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.weborama.fr [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.boursoramabanque.solution.weborama.fr [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.boursoramabanque.solution.weborama.fr [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.boursoramabanque.solution.weborama.fr [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.weborama.fr [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
www.sa-sex.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.sexyavenue.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
www.sexyavenue.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
www.sexyavenue.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.lesexemature.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.lesexemature.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.bluestreak.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
www.smartadserver.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
www.smartadserver.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.smartadserver.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
www.smartadserver.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.smartadserver.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.estat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.msnaccountservices.112.2o7.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
fl01.ct2.comclick.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
fl01.ct2.comclick.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
fl01.ct2.comclick.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.adviva.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
media.webstore-internet.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.click-fr.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.click-fr.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
fr.sitestat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
tracker.affistats.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
tracker.affistats.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
tracker.affistats.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
tracker.affistats.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
tracker.affistats.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
tracker.affistats.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
ad.zanox.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
uk.sitestat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.tradedoubler.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.tradedoubler.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.tradedoubler.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.tradedoubler.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.indextools.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
int.sitestat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
int.sitestat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
be.sitestat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
be.sitestat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.advertstream.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.advertstream.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
www.cibleclick.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.opodo.122.2o7.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
tracking.lsfinteractive.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.digimedia.be [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.yourmedia.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
fr.sitestat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
www.belstat.be [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
fr.sitestat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
fr.sitestat.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
statse.webtrendslive.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
www.divx2sexe.com [ C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\zywty561.default\cookies.txt ]
C:\Documents and Settings\Guy\Cookies\guy@ads.pointroll[2].txt
C:\Documents and Settings\Guy\Cookies\guy@adopt.euroclick[2].txt
C:\Documents and Settings\Guy\Cookies\guy@advertising[1].txt
C:\Documents and Settings\Guy\Cookies\guy@adserver.aol[1].txt
C:\Documents and Settings\Guy\Cookies\guy@films-sexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@ads-dev.youporn[2].txt
C:\Documents and Settings\Guy\Cookies\guy@ads.webmastore[2].txt
C:\Documents and Settings\Guy\Cookies\guy@www.gigatopsexe[1].txt
C:\Documents and Settings\Guy\Cookies\guy@www.thesexcode[2].txt
C:\Documents and Settings\Guy\Cookies\guy@ad.proxad[2].txt
C:\Documents and Settings\Guy\Cookies\guy@www.best-porno-sexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@www.blogasexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[13].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[12].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[11].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[10].txt
C:\Documents and Settings\Guy\Cookies\guy@ad.yieldmanager[1].txt
C:\Documents and Settings\Guy\Cookies\guy@media[1].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[19].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[18].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[17].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[16].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[15].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[14].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[2].txt
C:\Documents and Settings\Guy\Cookies\guy@adultfriendfinder[2].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[7].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[8].txt
C:\Documents and Settings\Guy\Cookies\guy@www.lesexemature[2].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[5].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[9].txt
C:\Documents and Settings\Guy\Cookies\guy@www.sexmummy[1].txt
C:\Documents and Settings\Guy\Cookies\guy@intermarche.solution.weborama[2].txt
C:\Documents and Settings\Guy\Cookies\guy@media.free-homemade-porn[1].txt
C:\Documents and Settings\Guy\Cookies\guy@www.sexedenfer[1].txt
C:\Documents and Settings\Guy\Cookies\guy@www.mypornmotion[1].txt
C:\Documents and Settings\Guy\Cookies\guy@bluestreak[2].txt
C:\Documents and Settings\Guy\Cookies\guy@www.pornhub[2].txt
C:\Documents and Settings\Guy\Cookies\guy@www.jackpotmadness[1].txt
C:\Documents and Settings\Guy\Cookies\guy@sexegaulois[2].txt
C:\Documents and Settings\Guy\Cookies\guy@adbrite[2].txt
C:\Documents and Settings\Guy\Cookies\guy@ad.zanox[2].txt
C:\Documents and Settings\Guy\Cookies\guy@adv.surinter[1].txt
C:\Documents and Settings\Guy\Cookies\guy@mediaplex[2].txt
C:\Documents and Settings\Guy\Cookies\guy@adultadworld[2].txt
C:\Documents and Settings\Guy\Cookies\guy@statcounter[2].txt
C:\Documents and Settings\Guy\Cookies\guy@sexe-30-40-50-ans[2].txt
C:\Documents and Settings\Guy\Cookies\guy@blogsexyvideos[2].txt
C:\Documents and Settings\Guy\Cookies\guy@weborama[2].txt
C:\Documents and Settings\Guy\Cookies\guy@mediasexy[1].txt
C:\Documents and Settings\Guy\Cookies\guy@vidzxxx.ifrance[2].txt
C:\Documents and Settings\Guy\Cookies\guy@mediaservices.myspace[1].txt
C:\Documents and Settings\Guy\Cookies\guy@www.sexerank[2].txt
C:\Documents and Settings\Guy\Cookies\guy@blogsexe[1].txt
C:\Documents and Settings\Guy\Cookies\guy@www.videosdesexe[1].txt
C:\Documents and Settings\Guy\Cookies\guy@ads.addynamix[1].txt
C:\Documents and Settings\Guy\Cookies\guy@ads.adbrite[1].txt
C:\Documents and Settings\Guy\Cookies\guy@247realmedia[2].txt
C:\Documents and Settings\Guy\Cookies\guy@ad2.doublepimp[1].txt
C:\Documents and Settings\Guy\Cookies\guy@ad.ieurop[1].txt
C:\Documents and Settings\Guy\Cookies\guy@ad.wedoo[2].txt
C:\Documents and Settings\Guy\Cookies\guy@adtech[1].txt
C:\Documents and Settings\Guy\Cookies\guy@apmebf[2].txt
C:\Documents and Settings\Guy\Cookies\guy@aimfar.solution.weborama[1].txt
C:\Documents and Settings\Guy\Cookies\guy@amateur2sexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@blogasexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@asexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@atdmt[2].txt
C:\Documents and Settings\Guy\Cookies\guy@best-porno-sexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@blogsdesexe[1].txt
C:\Documents and Settings\Guy\Cookies\guy@bs.serving-sys[1].txt
C:\Documents and Settings\Guy\Cookies\guy@carasexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@cetelem.solution.weborama[2].txt
C:\Documents and Settings\Guy\Cookies\guy@clickintext[2].txt
C:\Documents and Settings\Guy\Cookies\guy@clicktorrent[1].txt
C:\Documents and Settings\Guy\Cookies\guy@counter8.sextracker[1].txt
C:\Documents and Settings\Guy\Cookies\guy@cz7.clickzs[2].txt
C:\Documents and Settings\Guy\Cookies\guy@directtrack[1].txt
C:\Documents and Settings\Guy\Cookies\guy@doubleclick[1].txt
C:\Documents and Settings\Guy\Cookies\guy@eas.apm.emediate[1].txt
C:\Documents and Settings\Guy\Cookies\guy@findeo[2].txt
C:\Documents and Settings\Guy\Cookies\guy@femme-mature-porno[2].txt
C:\Documents and Settings\Guy\Cookies\guy@finder-x[1].txt
C:\Documents and Settings\Guy\Cookies\guy@fl01.ct2.comclick[1].txt
C:\Documents and Settings\Guy\Cookies\guy@flvtools.spacash[1].txt
C:\Documents and Settings\Guy\Cookies\guy@indextools[2].txt
C:\Documents and Settings\Guy\Cookies\guy@lesexemature[1].txt
C:\Documents and Settings\Guy\Cookies\guy@jacquieetmichel.sexy.carasexe[1].txt
C:\Documents and Settings\Guy\Cookies\guy@ksexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@media.adrevolver[1].txt
C:\Documents and Settings\Guy\Cookies\guy@llsexe[2].txt
C:\Documents and Settings\Guy\Cookies\guy@m1.webstats.motigo[1].txt
C:\Documents and Settings\Guy\Cookies\guy@mediastay.directtrack[2].txt
C:\Documents and Settings\Guy\Cookies\guy@metacafe.122.2o7[1].txt
C:\Documents and Settings\Guy\Cookies\guy@mypornmotion[2].txt
C:\Documents and Settings\Guy\Cookies\guy@overture[2].txt
C:\Documents and Settings\Guy\Cookies\guy@pierrefabreseriane.solution.weborama[2].txt
C:\Documents and Settings\Guy\Cookies\guy@pornattitude[2].txt
C:\Documents and Settings\Guy\Cookies\guy@pornhost[1].txt
C:\Documents and Settings\Guy\Cookies\guy@pornhub[1].txt
C:\Documents and Settings\Guy\Cookies\guy@redporntube[1].txt
C:\Documents and Settings\Guy\Cookies\guy@serving-sys[2].txt
C:\Documents and Settings\Guy\Cookies\guy@sexe40ans[1].txt
C:\Documents and Settings\Guy\Cookies\guy@sextracker[1].txt
C:\Documents and Settings\Guy\Cookies\guy@sexy.lesdebiles[1].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[1].txt
C:\Documents and Settings\Guy\Cookies\guy@smartadserver[2].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[3].txt
C:\Documents and Settings\Guy\Cookies\guy@stats[4].txt
C:\Documents and Settings\Guy\Cookies\guy@telecharger-porno-video[1].txt
C:\Documents and Settings\Guy\Cookies\guy@thesexcode[2].txt
C:\Documents and Settings\Guy\Cookies\guy@top-porno[2].txt
C:\Documents and Settings\Guy\Cookies\guy@video-2-sex[1].txt
C:\Documents and Settings\Guy\Cookies\guy@track.effiliation[1].txt
C:\Documents and Settings\Guy\Cookies\guy@tracking.publicidees[1].txt
C:\Documents and Settings\Guy\Cookies\guy@tradedoubler[1].txt
C:\Documents and Settings\Guy\Cookies\guy@xiti[1].txt
C:\Documents and Settings\Guy\Cookies\guy@youporn[1].txt
C:\Documents and Settings\Guy\Cookies\guy@yourmedia[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@al3xxx712.skyblog[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ice.112.2o7[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ice.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@porno-ultra-hard[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@account.live[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[13].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[17].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.sports[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad2.doublepimp[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adsrevenue[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad.zanox[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@bestsexworld[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@teenagebottlerocket[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@linksynergy[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[20].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.multimania.lycos[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[14].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[18].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad2.doublepimp[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@creative.adsrevenue[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad.zanox[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats.canalblog[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[21].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[11].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[15].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[19].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@lesblogsexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@findcdcovers[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.adgoto[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[12].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[16].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@amateur2sexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@click.misesajour[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@nrjmobile.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@questionmarket[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@12.go.globaladsales[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sexe.annuaire-du-web[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sextracker[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mediaservices.myspace[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@unplancul.com.sexy.easysexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@partypoker[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@statse.webtrendslive[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ipoint.targetpoint[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.sexedenfer[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ladynett.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@files.youporn[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@zone-porno[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@finder-x[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@questionmarket[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@vip.clickzs[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@celebritysextapes[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.divx2sexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.bestofmedia[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@garnierambresolaire.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@zbox.zanox[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@specificclick[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xxx-famous-barbie-xxx.skyrock[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@leblogsexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adult[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@zbox.zanox[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@le-sexe-gratuit[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@porn.naughtyfiles[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mediaservices.myspace[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads-dev.youporn[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@cz6.clickzs[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adultbouncer[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@cz5.clickzs[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.blog-adultes[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@insightexpressai[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@o0oups-pixxx.skyrock[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@casalemedia[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@casalemedia[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adcentriconline[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@leblogsexy[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adecn[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adv.surinter[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@pornotube[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sextapecelebs[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@atdmt[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@atdmt[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@atdmt[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@atdmt[5].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@azjmp[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xxxcounter[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adv.surinter[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@optimize.indieclick[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@optimize.indieclick[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@loftvsexy[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adrevolver[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[9].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[8].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[7].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[6].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats[5].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad.fr.doubleclick[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.adbrite[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xxxcounter[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adrevolver[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.pixicast[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@unplancul.fr.sexy.easy-rencontres[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@banner.eurogrand[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adrevolver[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@pornotube[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@atdmt[6].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@pornstars.xondemand[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@clicks.smartbizsearch[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sexlist[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sexlist[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sexlist[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@as-eu.falkag[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adtech[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@crazyhomesex[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad.yieldmanager[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.floatingboymedia[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@intermarcheprixstickes22mars6av.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ehg-adidas.hitbox[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@himedia.112.2o7[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@himedia.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@2o7[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.mypornmotion[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.videosdesexe[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@webo.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@web-mediaplayer[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.blogasexe[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.xxxblackbook[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adult.hotmovies[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@nudecelebrityporn[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@elitetabs[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.addynamix[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.burstbeacon[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tremor.adbureau[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adtech[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@bnpparibasnet.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@samsung.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@samsung.solution.weborama[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www8.sexy.easyrencontre[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@apmebf[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@portaildusexe[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.burstnet[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.sexceleb[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@atwola[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@aimfar.solution.weborama[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@serving-sys[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@serving-sys[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tribalfusion[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.pointroll[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@banners.victor[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@banner.cotedazurpalace[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.cibleclick[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tribalfusion[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.canalblog[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tripod[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@banner.cotedazurpalace[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@paycounter[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.hypem[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.wanadooregie[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats.musikstreet[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@pornstarxs[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats.drivecleaner[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adviva[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fl01.ct2.comclick[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@flvtools.spacash[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.freshxxxclips[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@counter15.sextracker[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.sexstarsvideo[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tracker.interclimax[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@smartadserver[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fruitform.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@llsexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@larrymovies.sexy.easyrencontre[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@Nikki_Benz_Fucking_video[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adserver.easyad[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@counter10.sextracker[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@counter12.sextracker[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@conforamalancementsite.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.deenero[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@iacas.adbureau[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fuck-game59.skyblog[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.samsung.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@media.adrevolver[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@numberofthesex.skyrock[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fl01.ct2.comclick[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tracker.affistats[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@annonce-sexe[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adultfriendfinder[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adultfriendfinder[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adultfriendfinder[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@wt.sexsearch[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@media.adrevolver[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@eas.apm.emediate[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@interclick[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adserver.advertstream[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@cs.sexcounter[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad.wedoo[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tradedoubler[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@drivecleaner[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad1.soundpedia[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.shopthescene[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@atlas.fixionmedia[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.pornstaremart[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tracker.affistats[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.aina-media[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tradedoubler[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stat.blogorama[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@bravenet[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@counter.hitslink[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@blogsexe.francolive[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@lookingsexe[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tradedoubler[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mediaonenetwork[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@vfind.giga-find[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@expired.revenuedirect[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.sexshop-x[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ultratopsexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@kontera[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@acces-adulte[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@d2.advertserve[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.planetactive[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tradedoubler[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@cassava[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tracking.publicidees[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adserver[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@pornattitude[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@annuaire-sexe-gratuit[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tracking.publicidees[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fr.classic.clickintext[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@advertising[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@advertising[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@msnaccountservices.112.2o7[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@videos-sexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@clicksor[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@dieselbarapoches13avr15mai.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@teenidols4you[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.finder-x[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@orpicom.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@nestle.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@clickintext[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@clickintext[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@overture[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@kontera[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.us.e-planning[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.zetrack[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@nike.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@overture[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sexe-gratuit.porno-ultra-hard[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@blogcounter[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@yadro[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@yadro[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@247realmedia[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@yourmedia[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@leeenterprises.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@overture[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@advertising[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@revenue[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@revenue[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@revenue[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@yourmedia[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@yourmedia[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@yourmedia[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@counter8.sextracker[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.formalmedia[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@track.effiliation[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@track.effiliation[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@track.effiliation[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adopt.euroclick[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adopt.euroclick[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@gallys.legsex[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@overture[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.web-mediaplayer[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@blogsexe[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@goclick[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@cetelem.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@cetelem.solution.weborama[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.sexyavenue[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@doubleclick[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@doubleclick[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@paypal.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@whichpornstar.co[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@windowsmedia[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@altimasa.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fnac.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@leplancul.sexy.easyrencontre[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@unplancul.com.easysexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad.trackbar[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@windowsmedia[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adserver.aol[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sexyflirt[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sexyflirt[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@1-plan-cul.carasexe[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xxx-chic-vip-xxx.skyrock[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mediaplex[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mediaplex[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mediaplex[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mediaplex[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@clickaider[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adserver.aol[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@blog-adultes[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@stats.searchtrack[2].txt
C:
Bon apparament le post a été coupé je reprend donc:
C:\Documents and Settings\Matthieu\Cookies\matthieu@sexstarsvideo[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@toplist[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@l-sex[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.ditracker[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@youporn[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@vitteladidasavril08.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@zedo[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@chaudesaucul.sexy.easyrencontre[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xxxx-friendsforever-xxxx.skyrock[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@zedo[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.elite-auto[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad.proxad[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@media.brandreachsys[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tacoda[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@nestlecereals.solution.weborama[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@nestlecereals.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@viamtvcom.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@viamtvcom.112.2o7[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@projetsexe[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adserver.adtechus[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fr.clickintext[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@statcounter[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@statcounter[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tracker.esecure-transaction[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@pacificpoker[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@revsci[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xiti[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@bs.serving-sys[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.planculsexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xiti[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.sextapecelebs[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xiti[5].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@porn[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@bs.serving-sys[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tour.sexsearchcom[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@weborama[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@realmedia[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@dolcegusto16avril11juin.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@argenius.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xiti[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@bs.serving-sys[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@weborama[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@metacafe.122.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.audiotube[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@hitbox[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@media.free-homemade-porn[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@burstnet[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fr.slidein.clickintext[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@revsci[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xiti[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@bs.serving-sys[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adbrite[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@weborama[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@statcounter[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@laredoute.solution.weborama[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.planete-adulte[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ehg-myspaceinc.hitbox[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mypornmotion[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ehg-vcbs.hitbox[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@galleries.amateursexhunters[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sexsearchcom[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@lascad.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@msnportal.112.2o7[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@msnportal.112.2o7[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@msnportal.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xxxblackbook[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fastclick[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fastclick[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@porno-tv[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@banner.32vegas[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@realmedia[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@realmedia[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@enhance[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.drivecleaner[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fr.17.slidein.clickintext[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fusetv.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.sextasya[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@image.masterstats[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@easysexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@electionsexy[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adbrite[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@romeofuckjuliet.skyrock[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@image.masterstats[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mediamgr.ugo[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@rencontre-salopes.carasexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@lemoteurdusexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adultadworld[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fr.drivecleaner[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adultadworld[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.pornojunkies[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@videosmaxisexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adultdate365[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fr.12finder[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@celebsinsex[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mediamgr.ugo[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@elite-auto[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adviva[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.teenidols4you[1].txt
Rogue.AntiVirus XP 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008.lnk
Adware.Casino Games (Golden Palace Casino)
C:\POKER\POKER 770\CASINO.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\MENU DéMARRER\PROGRAMMES\POKER 770\POKER 770.LNK
C:\DOCUMENTS AND SETTINGS\ANTOINE\BUREAU\POKER 770.LNK
NotHarmful.Sysinternals Bluescreen Screen Saver
C:\SYSTEM VOLUME INFORMATION\_RESTORE{955D0A0E-345B-4642-84EB-82140CF6C439}\RP8\A0003049.SCR
Rapport OTMoveIt:
File/Folder C:\WINDOWS\system32\kdllv.exe not found.
File/Folder C:\WINDOWS\system32\sysrest32.exe not found.
Rapport Combofix:
ComboFix 08-09-26.01 - Antoine 2008-09-27 11:36:02.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.19 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Antoine\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Françoise\Cookies\françoise@metrics.adobe[2].txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-27 au 2008-09-27 ))))))))))))))))))))))))))))))))))))
.
2008-09-26 22:23 . 2008-09-26 22:23 <REP> d-------- C:\_OTMoveIt
2008-09-26 18:36 . 2008-09-26 18:36 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-26 18:36 . 2008-09-26 18:36 <REP> d-------- C:\Documents and Settings\Antoine\Application Data\SUPERAntiSpyware.com
2008-09-26 18:36 . 2008-09-26 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-25 23:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-25 23:31 . 2008-09-25 23:31 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-09-25 18:05 . 2008-09-25 18:05 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-25 18:05 . 2008-09-25 18:05 <REP> d-------- C:\Documents and Settings\Antoine\Application Data\Malwarebytes
2008-09-25 18:05 . 2008-09-25 18:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-25 18:05 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-25 18:05 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\WINDOWS\system32\xircom
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\WINDOWS\srchasst
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\Program Files\microsoft frontpage
2008-09-25 14:18 . 2008-09-26 00:27 <REP> d-------- C:\hijackthis
2008-09-24 11:03 . 2008-09-24 11:52 3,034 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-24 11:02 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-24 11:02 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-24 11:02 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-09-24 11:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-24 11:02 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-24 11:02 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-24 11:02 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-24 11:01 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-24 11:01 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-24 11:01 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-24 11:01 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-19 19:26 . 2008-09-19 22:46 <REP> d-------- C:\Program Files\Partouche
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 09:23 --------- d-----w C:\Program Files\Wanadoo
2008-09-26 20:32 --------- d-----w C:\Documents and Settings\Matthieu\Application Data\Metacafe
2008-09-26 17:23 --------- d-----w C:\Program Files\Everest Poker
2008-09-26 16:35 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-25 22:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-09-25 22:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-25 21:38 --------- d-----w C:\Program Files\Java
2008-09-25 15:24 --------- d-----w C:\Program Files\Full Tilt Poker
2008-09-25 14:48 --------- d-----w C:\Program Files\PokerStars
2008-09-18 08:17 --------- d-----w C:\Documents and Settings\Antoine\Application Data\Azureus
2008-09-16 05:59 --------- d-----w C:\Program Files\LIVEUPDATE
2008-09-03 07:57 --------- d-----w C:\Program Files\WinamaxPoker
2008-08-30 20:11 --------- d-----w C:\Program Files\InstantTouch
2008-08-30 12:31 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-24 14:12 --------- d-----w C:\Program Files\Apple Software Update
2008-08-24 13:59 --------- d-----w C:\Program Files\iTunes
2008-08-24 13:58 --------- d-----w C:\Program Files\iPod
2008-08-23 14:04 --------- d-----w C:\Program Files\MSN Messenger
2008-08-23 14:01 --------- d-----w C:\Program Files\Windows Live
2008-08-23 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-23 10:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-17 13:39 --------- d-----w C:\Documents and Settings\Antoine\Application Data\TransRender
2008-08-01 08:01 --------- d-----w C:\Documents and Settings\Guy\Application Data\Canon
2008-07-30 21:11 --------- d-----w C:\Program Files\Tetris Championship
2008-07-28 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2008-07-28 16:01 166,818 ----a-w C:\WINDOWS\Video Cleaner Uninstaller.exe
2008-07-28 16:01 --------- d-----w C:\Program Files\WMV9_VCM
2008-07-28 16:00 --------- d-----w C:\Program Files\River Past
2008-07-28 16:00 --------- d-----w C:\Program Files\Fichiers communs\River Past
2008-07-28 16:00 --------- d-----w C:\Documents and Settings\Antoine\Application Data\River Past G5
2008-04-02 12:05 39,360 -c--a-w C:\Documents and Settings\Antoine\Application Data\GDIPFONTCACHEV1.DAT
2007-12-21 18:07 36,224 -c--a-w C:\Documents and Settings\Guy\Application Data\GDIPFONTCACHEV1.DAT
2006-08-02 16:05 81,920 -c--a-w C:\Documents and Settings\Antoine\Application Data\ezpinst.exe
2006-08-02 16:05 47,360 -c--a-w C:\Documents and Settings\Antoine\Application Data\pcouffin.sys
2004-05-11 23:18 28,672 -c--a-w C:\Program Files\mozilla firefox\plugins\custsat.dll
2004-08-11 19:49 344,064 -c--a-w C:\Program Files\mozilla firefox\plugins\mpvis.dll
2004-08-01 16:01 47,616 -c--a-w C:\Program Files\mozilla firefox\plugins\msoobci.dll
2004-08-11 19:49 77,824 -c--a-w C:\Program Files\mozilla firefox\plugins\wmpband.dll
.
------- Sigcheck -------
2005-09-18 12:52 359936 dbc20c4332fe84b826530c49ae09721e C:\WINDOWS\system32\drivers\tcpip.sys
2005-09-17 15:37 2120704 685a3d6f43e5047f733b7150a78d0eae C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-25_15.38.34.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 13:06:42 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A90000000001}\SC_Reader.exe
+ 2008-09-26 16:36:18 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-09-26 16:36:18 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2005-09-18 09:39:26 1,852,928 ----a-w C:\WINDOWS\system32\DllCache\acgenral.dll
+ 2004-08-04 04:54:22 450,048 ----a-w C:\WINDOWS\system32\DllCache\aclayers.dll
+ 2005-09-18 09:39:12 244,736 ----a-w C:\WINDOWS\system32\DllCache\acspecfc.dll
+ 2004-08-04 04:54:22 116,224 ----a-w C:\WINDOWS\system32\DllCache\acxtrnal.dll
+ 2004-08-04 04:54:50 98,304 ----a-w C:\WINDOWS\system32\DllCache\ahui.exe
+ 2004-08-04 04:54:22 126,976 ----a-w C:\WINDOWS\system32\DllCache\apphelp.dll
+ 2004-08-04 04:54:22 65,024 ----a-w C:\WINDOWS\system32\DllCache\asycfilt.dll
+ 2004-08-04 04:54:22 30,208 ----a-w C:\WINDOWS\system32\DllCache\atmlib.dll
+ 2004-08-04 04:52:52 16,896 ----a-w C:\WINDOWS\system32\DllCache\cfgmgr32.dll
- 2005-08-26 14:55:46 49,248 -c--a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-08-26 14:55:58 49,250 -c--a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-08-26 17:14:46 127,078 -c--a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 117,414 2008-07-06 02:05:25 C:\Documents and Settings\Antoine\Mes documents\sokker-0.12.1\bak\attic\autobackup-1.bak
----a-w 110,494 2008-07-05 18:55:19 C:\Documents and Settings\Antoine\Mes documents\sokker-0.12.1\bak\attic\autobackup-7.bak
------w 0 1601-01-01 00:00:00 C:\Program Files\Adobe\Photoshop Album Edition DÚcouverte\3.0\Apps\bak\
-c--a-w 339,968 2005-01-19 20:40:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
-c--a-w 180,269 2005-12-15 11:49:15 C:\Program Files\Fichiers communs\Real\Update_OB\bak\realsched.exe
-c--a-w 36,975 2005-08-26 17:14:44 C:\Program Files\Java\jre1.5.0_05\bin\bak\jusched.exe
-c--a-w 188,416 2004-02-12 14:57:20 C:\Program Files\Logitech\Video\bak\ISStart.exe
-c--a-w 77,824 2004-02-12 14:59:58 C:\Program Files\Logitech\Video\bak\LogiTray.exe
-c--a-w 217,088 2005-12-13 06:49:08 C:\Program Files\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE
-c--a-w 98,304 2006-10-14 17:48:12 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-05-27 08:50:30 C:\Program Files\QuickTime\QTTask.exe
-c--a-w 40,960 2005-09-12 13:21:10 C:\Program Files\Samsung\Samsung Media Studio\bak\SamsungMediaStudioAgent.exe
-c--a-w 49,152 2003-05-08 10:00:58 C:\Program Files\ScanSoft\OmniPageSE2.0\bak\OpwareSE2.exe
-c--a-w 32,768 2004-10-14 16:55:30 C:\Program Files\Wanadoo\bak\GestMaj.exe
-c----w 32,768 2004-10-14 15:55:30 C:\Program Files\Wanadoo\GestMAJ.exe
-c--a-w 20,480 2004-08-23 14:49:56 C:\Program Files\Wanadoo\bak\Watch.exe
------w 20,480 2004-08-23 13:49:56 C:\Program Files\Wanadoo\Watch.exe
-c--a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"C:\WINDOWS\system32\kdllv.exe"="C:\WINDOWS\system32\kdllv.exe" [N/A]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"POEngine"="" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"7H28X9M91L"="C:\WINDOWS\winlogon32.exe" [N/A]
C:\Documents and Settings\Matthieu\Menu D‚marrer\Programmes\D‚marrage\
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-22 149520]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
"msacm.enc"= ITIG726.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Metacafe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\TribalWeb.lnk
backup=C:\WINDOWS\pss\TribalWeb.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^TribalWeb.net.lnk]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\TribalWeb.net.lnk
backup=C:\WINDOWS\pss\TribalWeb.net.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour XPlay Tray Notification Icon]
C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Antoine\\Mes documents\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\StubInstaller.exe"=
"F:\\Steam\\SteamApps\\atticanus\\counter-strike source\\hl2.exe"=
"F:\\Steam\\SteamApps\\atticanus\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\River Past\\Video Cleaner\\VideoCleaner.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-01-22 33856]
S3 c0687152-ce43-4a6a-80a2-1ada589ab201;c0687152-ce43-4a6a-80a2-1ada589ab201;D:\Player\cds300.dll [ ]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-11-03 28704]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c04f2bb2-f5a6-11dc-894a-000b6a5f7bea}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\3hhw74jb.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fr
FF -: plugin - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdsplay.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPnsv_vp3_mp3.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nprfxins.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPWMin32.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin8.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 11:40:17
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\DOCUME~1\Antoine\LOCALS~1\Temp\RGI15.tmp
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
Heure de fin: 2008-09-27 12:01:26
ComboFix-quarantined-files.txt 2008-09-27 10:01:23
ComboFix2.txt 2008-09-25 16:00:52
ComboFix3.txt 2008-09-25 13:42:24
Avant-CF: 4,890,877,952 octets libres
Après-CF: 4,949,958,656 octets libres
268
Concernant Zebrestore, je ne vois pas trop quelle case cocher donc je n'ai pas fais la manip.
Sinon, les fichiers Antivirus XP 2008 ont disparus de me liste de programme du menu Démarrer (apparament ils sont dans le fichier Quarantaine de Super Antipsyware) mais j'ai toujours le message de windows au démarrage de l'ordinateur (surement du au fait que je n'ai pas fais la manip avec Zeb restore...)
C:\Documents and Settings\Matthieu\Cookies\matthieu@sexstarsvideo[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@toplist[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@l-sex[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.ditracker[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@youporn[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@vitteladidasavril08.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@zedo[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@chaudesaucul.sexy.easyrencontre[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xxxx-friendsforever-xxxx.skyrock[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@zedo[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.elite-auto[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ad.proxad[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@media.brandreachsys[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tacoda[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@nestlecereals.solution.weborama[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@nestlecereals.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@viamtvcom.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@viamtvcom.112.2o7[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@projetsexe[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adserver.adtechus[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fr.clickintext[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@statcounter[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@statcounter[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tracker.esecure-transaction[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@pacificpoker[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@revsci[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xiti[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@bs.serving-sys[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.planculsexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xiti[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.sextapecelebs[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xiti[5].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@porn[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@bs.serving-sys[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@tour.sexsearchcom[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@weborama[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@realmedia[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@dolcegusto16avril11juin.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@argenius.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xiti[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@bs.serving-sys[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@weborama[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@metacafe.122.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ads.audiotube[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@hitbox[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@media.free-homemade-porn[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@burstnet[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fr.slidein.clickintext[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@revsci[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xiti[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@bs.serving-sys[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adbrite[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@weborama[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@statcounter[4].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@laredoute.solution.weborama[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.planete-adulte[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ehg-myspaceinc.hitbox[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mypornmotion[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@ehg-vcbs.hitbox[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@galleries.amateursexhunters[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@sexsearchcom[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@lascad.solution.weborama[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@msnportal.112.2o7[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@msnportal.112.2o7[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@msnportal.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@xxxblackbook[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fastclick[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fastclick[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@porno-tv[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@banner.32vegas[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@realmedia[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@realmedia[3].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@enhance[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.drivecleaner[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fr.17.slidein.clickintext[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fusetv.112.2o7[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.sextasya[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@image.masterstats[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@easysexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@electionsexy[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adbrite[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@romeofuckjuliet.skyrock[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@image.masterstats[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mediamgr.ugo[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@rencontre-salopes.carasexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@lemoteurdusexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adultadworld[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fr.drivecleaner[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adultadworld[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.pornojunkies[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@videosmaxisexe[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adultdate365[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@fr.12finder[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@celebsinsex[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@mediamgr.ugo[1].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@elite-auto[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@adviva[2].txt
C:\Documents and Settings\Matthieu\Cookies\matthieu@www.teenidols4you[1].txt
Rogue.AntiVirus XP 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008.lnk
Adware.Casino Games (Golden Palace Casino)
C:\POKER\POKER 770\CASINO.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\MENU DéMARRER\PROGRAMMES\POKER 770\POKER 770.LNK
C:\DOCUMENTS AND SETTINGS\ANTOINE\BUREAU\POKER 770.LNK
NotHarmful.Sysinternals Bluescreen Screen Saver
C:\SYSTEM VOLUME INFORMATION\_RESTORE{955D0A0E-345B-4642-84EB-82140CF6C439}\RP8\A0003049.SCR
Rapport OTMoveIt:
File/Folder C:\WINDOWS\system32\kdllv.exe not found.
File/Folder C:\WINDOWS\system32\sysrest32.exe not found.
Rapport Combofix:
ComboFix 08-09-26.01 - Antoine 2008-09-27 11:36:02.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.19 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Antoine\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Françoise\Cookies\françoise@metrics.adobe[2].txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-27 au 2008-09-27 ))))))))))))))))))))))))))))))))))))
.
2008-09-26 22:23 . 2008-09-26 22:23 <REP> d-------- C:\_OTMoveIt
2008-09-26 18:36 . 2008-09-26 18:36 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-26 18:36 . 2008-09-26 18:36 <REP> d-------- C:\Documents and Settings\Antoine\Application Data\SUPERAntiSpyware.com
2008-09-26 18:36 . 2008-09-26 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-25 23:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-25 23:31 . 2008-09-25 23:31 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-09-25 18:05 . 2008-09-25 18:05 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-25 18:05 . 2008-09-25 18:05 <REP> d-------- C:\Documents and Settings\Antoine\Application Data\Malwarebytes
2008-09-25 18:05 . 2008-09-25 18:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-25 18:05 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-25 18:05 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\WINDOWS\system32\xircom
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\WINDOWS\srchasst
2008-09-25 15:19 . 2008-09-25 15:19 <REP> d-------- C:\Program Files\microsoft frontpage
2008-09-25 14:18 . 2008-09-26 00:27 <REP> d-------- C:\hijackthis
2008-09-24 11:03 . 2008-09-24 11:52 3,034 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-24 11:02 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-24 11:02 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-24 11:02 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-09-24 11:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-24 11:02 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-24 11:02 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-24 11:02 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-24 11:01 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-24 11:01 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-24 11:01 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-24 11:01 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-19 19:26 . 2008-09-19 22:46 <REP> d-------- C:\Program Files\Partouche
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 09:23 --------- d-----w C:\Program Files\Wanadoo
2008-09-26 20:32 --------- d-----w C:\Documents and Settings\Matthieu\Application Data\Metacafe
2008-09-26 17:23 --------- d-----w C:\Program Files\Everest Poker
2008-09-26 16:35 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-25 22:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-09-25 22:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-25 21:38 --------- d-----w C:\Program Files\Java
2008-09-25 15:24 --------- d-----w C:\Program Files\Full Tilt Poker
2008-09-25 14:48 --------- d-----w C:\Program Files\PokerStars
2008-09-18 08:17 --------- d-----w C:\Documents and Settings\Antoine\Application Data\Azureus
2008-09-16 05:59 --------- d-----w C:\Program Files\LIVEUPDATE
2008-09-03 07:57 --------- d-----w C:\Program Files\WinamaxPoker
2008-08-30 20:11 --------- d-----w C:\Program Files\InstantTouch
2008-08-30 12:31 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-24 14:12 --------- d-----w C:\Program Files\Apple Software Update
2008-08-24 13:59 --------- d-----w C:\Program Files\iTunes
2008-08-24 13:58 --------- d-----w C:\Program Files\iPod
2008-08-23 14:04 --------- d-----w C:\Program Files\MSN Messenger
2008-08-23 14:01 --------- d-----w C:\Program Files\Windows Live
2008-08-23 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-23 10:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-17 13:39 --------- d-----w C:\Documents and Settings\Antoine\Application Data\TransRender
2008-08-01 08:01 --------- d-----w C:\Documents and Settings\Guy\Application Data\Canon
2008-07-30 21:11 --------- d-----w C:\Program Files\Tetris Championship
2008-07-28 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2008-07-28 16:01 166,818 ----a-w C:\WINDOWS\Video Cleaner Uninstaller.exe
2008-07-28 16:01 --------- d-----w C:\Program Files\WMV9_VCM
2008-07-28 16:00 --------- d-----w C:\Program Files\River Past
2008-07-28 16:00 --------- d-----w C:\Program Files\Fichiers communs\River Past
2008-07-28 16:00 --------- d-----w C:\Documents and Settings\Antoine\Application Data\River Past G5
2008-04-02 12:05 39,360 -c--a-w C:\Documents and Settings\Antoine\Application Data\GDIPFONTCACHEV1.DAT
2007-12-21 18:07 36,224 -c--a-w C:\Documents and Settings\Guy\Application Data\GDIPFONTCACHEV1.DAT
2006-08-02 16:05 81,920 -c--a-w C:\Documents and Settings\Antoine\Application Data\ezpinst.exe
2006-08-02 16:05 47,360 -c--a-w C:\Documents and Settings\Antoine\Application Data\pcouffin.sys
2004-05-11 23:18 28,672 -c--a-w C:\Program Files\mozilla firefox\plugins\custsat.dll
2004-08-11 19:49 344,064 -c--a-w C:\Program Files\mozilla firefox\plugins\mpvis.dll
2004-08-01 16:01 47,616 -c--a-w C:\Program Files\mozilla firefox\plugins\msoobci.dll
2004-08-11 19:49 77,824 -c--a-w C:\Program Files\mozilla firefox\plugins\wmpband.dll
.
------- Sigcheck -------
2005-09-18 12:52 359936 dbc20c4332fe84b826530c49ae09721e C:\WINDOWS\system32\drivers\tcpip.sys
2005-09-17 15:37 2120704 685a3d6f43e5047f733b7150a78d0eae C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-25_15.38.34.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 13:06:42 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A90000000001}\SC_Reader.exe
+ 2008-09-26 16:36:18 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-09-26 16:36:18 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2005-09-18 09:39:26 1,852,928 ----a-w C:\WINDOWS\system32\DllCache\acgenral.dll
+ 2004-08-04 04:54:22 450,048 ----a-w C:\WINDOWS\system32\DllCache\aclayers.dll
+ 2005-09-18 09:39:12 244,736 ----a-w C:\WINDOWS\system32\DllCache\acspecfc.dll
+ 2004-08-04 04:54:22 116,224 ----a-w C:\WINDOWS\system32\DllCache\acxtrnal.dll
+ 2004-08-04 04:54:50 98,304 ----a-w C:\WINDOWS\system32\DllCache\ahui.exe
+ 2004-08-04 04:54:22 126,976 ----a-w C:\WINDOWS\system32\DllCache\apphelp.dll
+ 2004-08-04 04:54:22 65,024 ----a-w C:\WINDOWS\system32\DllCache\asycfilt.dll
+ 2004-08-04 04:54:22 30,208 ----a-w C:\WINDOWS\system32\DllCache\atmlib.dll
+ 2004-08-04 04:52:52 16,896 ----a-w C:\WINDOWS\system32\DllCache\cfgmgr32.dll
- 2005-08-26 14:55:46 49,248 -c--a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-08-26 14:55:58 49,250 -c--a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-08-26 17:14:46 127,078 -c--a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 117,414 2008-07-06 02:05:25 C:\Documents and Settings\Antoine\Mes documents\sokker-0.12.1\bak\attic\autobackup-1.bak
----a-w 110,494 2008-07-05 18:55:19 C:\Documents and Settings\Antoine\Mes documents\sokker-0.12.1\bak\attic\autobackup-7.bak
------w 0 1601-01-01 00:00:00 C:\Program Files\Adobe\Photoshop Album Edition DÚcouverte\3.0\Apps\bak\
-c--a-w 339,968 2005-01-19 20:40:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
-c--a-w 180,269 2005-12-15 11:49:15 C:\Program Files\Fichiers communs\Real\Update_OB\bak\realsched.exe
-c--a-w 36,975 2005-08-26 17:14:44 C:\Program Files\Java\jre1.5.0_05\bin\bak\jusched.exe
-c--a-w 188,416 2004-02-12 14:57:20 C:\Program Files\Logitech\Video\bak\ISStart.exe
-c--a-w 77,824 2004-02-12 14:59:58 C:\Program Files\Logitech\Video\bak\LogiTray.exe
-c--a-w 217,088 2005-12-13 06:49:08 C:\Program Files\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE
-c--a-w 98,304 2006-10-14 17:48:12 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-05-27 08:50:30 C:\Program Files\QuickTime\QTTask.exe
-c--a-w 40,960 2005-09-12 13:21:10 C:\Program Files\Samsung\Samsung Media Studio\bak\SamsungMediaStudioAgent.exe
-c--a-w 49,152 2003-05-08 10:00:58 C:\Program Files\ScanSoft\OmniPageSE2.0\bak\OpwareSE2.exe
-c--a-w 32,768 2004-10-14 16:55:30 C:\Program Files\Wanadoo\bak\GestMaj.exe
-c----w 32,768 2004-10-14 15:55:30 C:\Program Files\Wanadoo\GestMAJ.exe
-c--a-w 20,480 2004-08-23 14:49:56 C:\Program Files\Wanadoo\bak\Watch.exe
------w 20,480 2004-08-23 13:49:56 C:\Program Files\Wanadoo\Watch.exe
-c--a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"C:\WINDOWS\system32\kdllv.exe"="C:\WINDOWS\system32\kdllv.exe" [N/A]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"POEngine"="" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"7H28X9M91L"="C:\WINDOWS\winlogon32.exe" [N/A]
C:\Documents and Settings\Matthieu\Menu D‚marrer\Programmes\D‚marrage\
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-02-22 149520]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,32,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
"msacm.enc"= ITIG726.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Metacafe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\TribalWeb.lnk
backup=C:\WINDOWS\pss\TribalWeb.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Antoine^Menu Démarrer^Programmes^Démarrage^TribalWeb.net.lnk]
path=C:\Documents and Settings\Antoine\Menu Démarrer\Programmes\Démarrage\TribalWeb.net.lnk
backup=C:\WINDOWS\pss\TribalWeb.net.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour XPlay Tray Notification Icon]
C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Antoine\\Mes documents\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\StubInstaller.exe"=
"F:\\Steam\\SteamApps\\atticanus\\counter-strike source\\hl2.exe"=
"F:\\Steam\\SteamApps\\atticanus\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\River Past\\Video Cleaner\\VideoCleaner.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-01-22 33856]
S3 c0687152-ce43-4a6a-80a2-1ada589ab201;c0687152-ce43-4a6a-80a2-1ada589ab201;D:\Player\cds300.dll [ ]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-11-03 28704]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c04f2bb2-f5a6-11dc-894a-000b6a5f7bea}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\3hhw74jb.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fr
FF -: plugin - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdsplay.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPnsv_vp3_mp3.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nprfxins.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPWMin32.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin8.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 11:40:17
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\DOCUME~1\Antoine\LOCALS~1\Temp\RGI15.tmp
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
Heure de fin: 2008-09-27 12:01:26
ComboFix-quarantined-files.txt 2008-09-27 10:01:23
ComboFix2.txt 2008-09-25 16:00:52
ComboFix3.txt 2008-09-25 13:42:24
Avant-CF: 4,890,877,952 octets libres
Après-CF: 4,949,958,656 octets libres
268
Concernant Zebrestore, je ne vois pas trop quelle case cocher donc je n'ai pas fais la manip.
Sinon, les fichiers Antivirus XP 2008 ont disparus de me liste de programme du menu Démarrer (apparament ils sont dans le fichier Quarantaine de Super Antipsyware) mais j'ai toujours le message de windows au démarrage de l'ordinateur (surement du au fait que je n'ai pas fais la manip avec Zeb restore...)
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
29 sept. 2008 à 12:58
29 sept. 2008 à 12:58
quel message de windows???
_____________
Télécharge RavAntivirus d'Evosla :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus
# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!
______________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
Driver ::
c0687152-ce43-4a6a-80a2-1ada589ab201;c0687152-ce43-4a6a-80a2-1ada589ab201
File::
C:\WINDOWS\system32\kdllv.exe
D:\Player\cds300.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\WINDOWS\system32\kdllv.exe"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
_____________
Télécharge RavAntivirus d'Evosla :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus
# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!
______________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
Driver ::
c0687152-ce43-4a6a-80a2-1ada589ab201;c0687152-ce43-4a6a-80a2-1ada589ab201
File::
C:\WINDOWS\system32\kdllv.exe
D:\Player\cds300.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\WINDOWS\system32\kdllv.exe"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
29 sept. 2008 à 14:43
29 sept. 2008 à 14:43
tu ne peux pas créer un cd windows?
puis réparer windows:
https://www.pcastuces.com/pratique/windows/xp/default.htm
________________
sinon utilise ZEB RESTORE: pour voir apparaitre les cases il faut absolument que tu cré un dossier sur ton bureau que tu as qu'as nommé ZEB par exemple et extrait tout zeb restore dedans puis lance zeb restore
puis réparer windows:
https://www.pcastuces.com/pratique/windows/xp/default.htm
________________
sinon utilise ZEB RESTORE: pour voir apparaitre les cases il faut absolument que tu cré un dossier sur ton bureau que tu as qu'as nommé ZEB par exemple et extrait tout zeb restore dedans puis lance zeb restore
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
30 sept. 2008 à 09:27
30 sept. 2008 à 09:27
il faut que tu te procure un cd windows
je ne peux rien de plus pour toi!
une fois que tu as un cd windows
essaye ceci:
https://www.pcastuces.com/pratique/windows/xp/default.htm
ou
http://www.informatruc.com/reparer-windows-xp/
___________
ou reinstalle tout
http://www.depannetonpc.net/...
ou alors passe a linux
je ne peux rien de plus pour toi!
une fois que tu as un cd windows
essaye ceci:
https://www.pcastuces.com/pratique/windows/xp/default.htm
ou
http://www.informatruc.com/reparer-windows-xp/
___________
ou reinstalle tout
http://www.depannetonpc.net/...
ou alors passe a linux
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
30 sept. 2008 à 16:02
30 sept. 2008 à 16:02
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdllv.exe] C:\WINDOWS\system32\kdllv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Policies\Explorer\Run: [7H28X9M91L] C:\WINDOWS\winlogon32.exe
si cela persiste:
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
encore des soucis??
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdllv.exe] C:\WINDOWS\system32\kdllv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Policies\Explorer\Run: [7H28X9M91L] C:\WINDOWS\winlogon32.exe
si cela persiste:
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
encore des soucis??
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
30 sept. 2008 à 17:20
30 sept. 2008 à 17:20
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\Temp\bca4e2da.$$$
C:\WINDOWS\Temp\fa56d7ec.$$$
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_______________________
Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\Temp\bca4e2da.$$$
C:\WINDOWS\Temp\fa56d7ec.$$$
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_______________________
Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
30 sept. 2008 à 18:06
30 sept. 2008 à 18:06
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\Temp\bca4e2da.$$$
C:\WINDOWS\Temp\fa56d7ec.$$$
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\Temp\bca4e2da.$$$
C:\WINDOWS\Temp\fa56d7ec.$$$
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
