EvilElf Il y a tellement de micro log pour supprimer tel ou tel infection que tu t´y perd.
Non ça va ! Ces outils sont spécifiques à une ou plusieurs infections ! Suffit de savoir à quoi servent-ils et comment les utiliser. Après faut apprendre à analyser les rapports pour savoir lequel prendre, ainsi que pour l´utilisation de divers scripts.
on a éffacé wintemps qui été infecté, on a pu installer avast, qui a fait un scan au démarrage, et éffacé plusieurs fichiers jpg infectés dans les fichiers internet temporaires, et aussi des fichiers exe ayant des chiffres comme nom dans le dossier down, mais résultat impossible d´accéder au net, la connexion ne se fait plus, du coup là on est repassé par XP, puisque j´ai XP et Vista en boot.
Je ne t´avais pas demandé d´installer Avast ... Cette daube d´avast ... Tu es toujours infecté et j´attends toujours les rapports.
Ah pardon...
Bon donc pas d´internet sous Vista, et de plus j´ai une session qui ne veut pas s´ouvrir, ça fait un écran bleu qui indique le fichier srosa.sys, fichier qui n´apparaît nulle part puisqu´il a été supprimé par EliBaglA avant...
Quoiqu´il en soit, voilà le rapport HiJaxkThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:59:01, on 30/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d´aide de l´Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [edb5] rundll32.exe edb5.dll,yqyb
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ´SERVICE LOCAL´)
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ´SERVICE LOCAL´)
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User ´SERVICE LOCAL´)
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ´SERVICE RÉSEAU´)
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User ´SYSTEM´)
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User ´Default user´)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ´Tools´ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgrssvc.exe
O23 - Service:
O23 - Service: Microsoft Exchange Database Storage Engine (edb5) - Unknown owner - rundll32.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l´iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
--
End of file - 5220 bytes
Re,
Le log HJC est à faire en mode normal ![]()
hop :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:43, on 30/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Int
ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d´aide de l´Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [edb5] rundll32.exe edb5.dll,yqyb
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Screenshot Captor] "D:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ´SERVICE LOCAL´)
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ´SERVICE LOCAL´)
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User ´SERVICE LOCAL´)
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ´SERVICE RÉSEAU´)
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User ´SYSTEM´)
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User ´Default user´)
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ´Tools´ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgrssvc.exe
O23 - Service:
O23 - Service: Microsoft Exchange Database Storage Engine (edb5) - Unknown owner - rundll32.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l´iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
--
End of file - 6637 bytes
Re,
Télécharge combofix (par sUBs) puis redémarre en mode sans échec.
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
- Double clique sur combofix.exe.
- Appuie sur Y (Yes) pour lancer le scan.
- Quand le scan sera terminé, Copie/Colle le rapport ici.
- Ps: Si le rapport ne s´ouvre pas, tu peux le trouver ici : C:\Combofix.txt
partie 1 :
ComboFix 07-12-30.1 - SYSTEM 2007-12-30 15:30:01.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.1.1036.18.754 [GMT 1:00]
Running from: C:\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\drivers\srosa.sys
E:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services
)))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SROSA
-------\srosa
((((((((((((((((((((((((((((( Fichiers créés 2007-11-28 to 2007-12-30 ))))))))))))))))))))))))))))))))))))
.
2007-12-30 15:24 . 2007-12-30 15:24 1,484,273 --a------ C:\ComboFix.exe
2007-12-30 10:43 . 2007-12-04
14:04 837,496 --a------ C:\Windows\System32\aswBoo
t.exe
2007-12-30 10:43 . 2004-01-09
10:13 380,928 --a------ C:\Windows\System32\actski
n4.ocx
2007-12-30 10:43 . 2007-12-04
13:54 95,608 --a------ C:\Windows\System32\AvastSS
.scr
2007-12-30 10:43 . 2007-12-04
15:52 45,648 --a------ C:\Windows\System32\drivers
\aswMonFlt.sys
2007-12-30 10:43 . 2007-12-04
15:51 42,912 --a------ C:\Windows\System32\drivers
\aswTdi.sys
2007-12-30 10:43 . 2007-12-04
15:53 23,152 --a------ C:\Windows\System32\drivers
\aswRdr.sys
2007-12-30 10:43 . 2007-12-30 10:43 268 --ah----- C:\sqmdata01.sqm
2007-12-30 10:43 . 2007-12-30 10:43 244 --ah----- C:\sqmnoopt01.sqm
2007-12-30 10:36 . 2007-12-30 10:36 <REP> d-------- C:\Users\Ryan Croft\AppData\Roaming\AVG7
2007-12-30 10:24 . 2007-12-30 10:39 <REP> d-------- C:\Users\James Croft\AppData\Roaming\AVG7
2007-12-30 10:23 . 2007-12-30
10:23 <REP> d-------- C:\Windows\System32\config\S
YSTEM~1\AppData\Roaming\AVG7
2007-12-30 10:23 . 2007-12-30 10:23 <REP> d-------- C:\Users\All Users\Grisoft
2007-12-30 10:23 . 2007-12-30 10:23 <REP> d-------- C:\Users\All Users\avg7
2007-12-30 10:23 . 2007-12-30 10:23 <REP> d-------- C:\ProgramData\Grisoft
2007-12-30 10:23 . 2007-12-30 10:23 <REP> d-------- C:\ProgramData\avg7
2007-12-29 19:32 . 2007-12-29 19:32 <REP> d-------- C:\Program Files\Trend Micro
2007-12-29 18:54 . 2007-12-29
18:04 0 --a------ C:\Windows\System32\drivers\afd.
sys
2007-12-29 11:01 . 2007-12-29 16:39 22,334 --a------ C:\sdlflzoip
2007-12-29 11:00 . 2007-12-29 11:00 130 --a------ C:\Windows\EurekaLog.ini
2007-12-29 10:27 . 2007-12-29 10:27 <REP> d-------- C:\Users\Ryan Croft\AppData\Roaming\SynthFont
2007-12-29 09:48 . 2007-12-29 09:48 <REP> d-------- C:\Program Files\YAMAHA
2007-12-29 09:48 . 2000-07-28 14:08 40,960 --a------ C:\Windows\Reyalp99.dll
2007-12-29 09:44 . 2007-12-29 09:45 <REP> d-------- C:\Program Files\NoteWorthy Composer
2007-12-29 09:08 . 2007-12-30
13:45 158,505,889 --a------ C:\Windows\MEMORY.DMP
2007-12-29 08:55 . 2007-12-30
11:40 <REP> d-------- C:\Windows\System32\drivers\
down
2007-12-29 08:55 . 2006-02-07
07:07 749,151 --------- C:\Windows\System32\driver
s\hldrrr.exe
2007-12-28 09:49 . 2007-12-28 09:49 <REP> d-------- C:\Users\Ryan Croft\AppData\Roaming\DonationCoder
2007-12-28 09:48 . 2007-12-28 09:48 <REP> d-------- C:\Users\All Users\DonationCoder
2007-12-28 09:48 . 2007-12-28
09:48 <REP> d-------- C:\ProgramData\DonationCoder
2007-12-28 09:48 . 2007-12-28 09:51 <REP> d-------- C:\Program Files\ScreenshotCaptor
2007-12-28 06:33 . 2007-12-28
09:49 58 --a------ C:\Windows\System32\DonationCod
er_ScreenshotCaptor_InstallInfo.dat
2007-12-26 10:43 . 2007-12-26 10:43 <REP> d-------- C:\Program Files\DivX
2007-12-23 19:48 . 2007-12-27 08:57 <REP> d-------- C:\Users\James Croft\Documents
2007-12-20 21:31 . 2007-12-20 21:31 <REP> d-------- C:\Users\James Croft\AppData\Roaming\vlc
2007-12-20 11:42 . 2007-12-20 11:42 <REP> d-------- C:\Users\James Croft\AppData\Roaming\GRETECH
2007-12-19 22:19 . 2007-12-19 22:19 <REP> d-------- C:\Users\James Croft\AppData\Roaming\Nero
2007-12-19 21:08 . 2007-12-25 21:50 <REP> d-------- C:\Users\James Croft\AppData\Roaming\uTorrent
2007-12-19 14:36 . 2007-12-19 14:36 <REP> d-------- C:\Users\James Croft\AppData\Roaming\DivX
2007-12-19 12:50 . 2007-12-24 08:09 <REP> d-------- C:\Users\James Croft\AppData\Roaming\skypePM
2007-12-19 12:50 . 2007-12-19 12:50 32 --a------ C:\Users\All Users\ezsid.dat
2007-12-19 12:50 . 2007-12-19 12:50 32 --a------ C:\ProgramData\ezsid.dat
2007-12-19 12:49 . 2007-12-20 15:54 <REP> d-------- C:\Users\James Croft\AppData\Roaming\Skype
2007-12-19 12:48 . 2007-12-19 12:48 <REP> d-------- C:\Program Files\Skype
2007-12-19 12:47 . 2007-12-19 12:48 <REP> d-------- C:\Users\All Users\Skype
2007-12-19 12:47 . 2007-12-19 12:48 <REP> d-------- C:\ProgramData\Skype
2007-12-19 12:47 . 2007-12-19 12:48 <REP> d-------- C:\Program Files\Common Files\Skype
2007-12-18 17:00 . 2007-12-19 15:05 <REP> d-------- C:\Users\James Croft\AppData\Roaming\Winamp
2007-12-16 23:12 . 2007-12-16 23:12 268 --ah----- C:\sqmdata00.sqm
2007-12-16 23:12 . 2007-12-16 23:12 244 --ah----- C:\sqmnoopt00.sqm
2007-12-15 15:07 . 2007-12-15 15:07 <REP> d-------- C:\Users\James Croft\AppData\Roaming\Wallpaper
2007-12-14 20:25 . 2007-12-14 20:25 <REP> dr------- C:\Users\James Croft\Videos
2007-12-14 20:25 . 2007-12-14 20:25 <REP> dr------- C:\Users\James Croft\Searches
2007-12-14 20:25 . 2007-12-14 20:25 <REP> dr------- C:\Users\James Croft\Saved Games
2007-12-14 20:25 . 2007-12-14 20:25 <REP> dr------- C:\Users\James Croft\Links
2007-12-14 20:25 . 2007-12-14 20:25 <REP> dr------- C:\Users\James Croft\Downloads
2007-12-14 20:25 . 2007-12-15 11:18 <REP> dr------- C:\Users\James Croft\Contacts
2007-12-14 20:25 . 2006-11-02 13:35 <REP> d-------- C:\Users\James Croft\AppData\Roaming\Media Center Programs
2007-12-14 20:25 . 2007-12-14 20:25 <REP> d--h----- C:\Users\James Croft\AppData
2007-12-13 11:28 . 2007-12-13 11:28 <REP> d-------- C:\Program Files\URUSoft
2007-12-11 23:34 . 2007-12-11
23:34 1,044,480 --a------ C:\Windows\System32\libd
ivx.dll
2007-12-11 23:34 . 2007-12-11
23:34 200,704 --a------ C:\Windows\System32\ssldiv
x.dll
2007-12-07 02:27 . 2007-12-07 02:27 <REP> d-------- C:\Users\Ryan Croft\AppData\Roaming\vlc
2007-11-27 22:57 . 1999-09-10
12:06 25,244 --a------ C:\Windows\System32\drivers
\ASPI32.SYS
2007-11-27 22:57 . 1999-09-10
12:06 5,600 --a------ C:\Windows\system\WINASPI.DL
L
2007-11-27 22:57 . 1999-09-10
12:06 4,672 --a------ C:\Windows\system\WOWPOST.EX
E
2007-11-27 09:24 . 2007-11-27 09:24 <REP> d-------- C:\Program Files\MSXML 4.0
2007-11-23 14:31 . 2007-11-23 14:31 <REP> d-------- C:\Users\All Users\FLEXnet
2007-11-23 14:31 . 2007-11-23 14:31 <REP> d-------- C:\ProgramData\FLEXnet
2007-11-23 00:33 . 2007-11-23 00:33 <REP> d-------- C:\Users\All Users\Ubisoft
2007-11-23 00:33 . 2007-11-23 00:33 <REP> d-------- C:\ProgramData\Ubisoft
2007-11-23 00:27 . 2007-11-23 00:27 <REP> d-------- C:\Program Files\DAEMON Tools
2007-11-22 21:51 . 2007-11-22
21:51 685,816 --a------ C:\Windows\System32\driver
s\sptd.sys
2007-11-21 19:11 . 2007-12-13 20:42 38 --a------ C:\Windows\avisplitter.INI
2007-11-20 20:31 . 2007-11-20 20:31 <REP> d-------- C:\Windows\Sun
2007-11-20 20:31 . 2007-09-24
23:31 69,632 --a------ C:\Windows\System32\javacpl
.cpl
2007-11-20 20:30 . 2007-11-20 20:31 <REP> d-------- C:\Program Files\Java
2007-11-20 20:29 . 2007-11-20 20:29 <REP> d-------- C:\Program Files\Common Files\Java
2007-11-19 13:00 . 2007-11-19 13:00 <REP> d-------- C:\Users\Ryan Croft\AppData\Roaming\Apple Computer
2007-11-19 13:00 . 2007-11-19 13:00 <REP> d-------- C:\Program Files\iPod
2007-11-19 13:00 . 2007-12-29 18:45 54,156 --ah----- C:\Windows\QTFont.qfn
2007-11-19 13:00 . 2007-11-19 13:00 1,409 --a------ C:\Windows\QTFont.for
2007-11-19 12:59 . 2007-11-19 13:00 <REP> d-------- C:\Program Files\iTunes
2007-11-19 12:58 . 2007-11-19 12:59 <REP> d-------- C:\Users\All Users\Apple Computer
2007-11-19 12:58 . 2007-11-19 12:59 <REP> d-------- C:\ProgramData\Apple Computer
2007-11-19 12:58 . 2007-11-19 12:59 <REP> d-------- C:\Program Files\QuickTime
2007-11-19 12:55 . 2007-11-19 12:55 <REP> d-------- C:\Program Files\Common Files\Apple
2007-11-17 01:05 . 2007-11-17 01:07 <REP> d-------- C:\Users\All Users\DVD Shrink
2007-11-17 01:05 . 2007-11-17 01:07 <REP> d-------- C:\ProgramData\DVD Shrink
2007-11-17 01:05 . 2007-12-25 19:13 69 --a------ C:\Windows\NeroDigital.ini
2007-11-17 00:49 . 2007-12-20 12:52 156 --a------ C:\Windows\Twunk001.MTX
2007-11-17 00:49 . 2007-12-20 12:52 3 --a------ C:\Windows\Twain001.Mtx
2007-11-17 00:49 . 2007-11-17 00:49 0 --a------ C:\Windows\Twunk002.MTX
2007-11-17 00:22 . 2007-11-17 00:27 <REP> d-------- C:\Program Files\uTorrent
2007-11-17 00:21 . 2007-12-24 16:04 <REP> d-------- C:\Users\Ryan Croft\AppData\Roaming\uTorrent
2007-11-15 14:51 . 2007-11-15 14:51 <REP> d-------- C:\Users\All Users\ALM
2007-11-15 14:51 . 2007-11-15 14:51 <REP> d-------- C:\ProgramData\ALM
2007-11-15 14:42 . 2007-02-20
16:04 2,463,976 --a------ C:\Windows\System32\NPSW
F32.dll
2007-11-15 14:42 . 2007-02-20
16:04 190,696 --a------ C:\Windows\System32\NPSWF3
2_FlashUtil.exe
2007-11-15 14:38 . 2007-11-27 19:40 <REP> d-------- C:\Users\All Users\Adobe
partie 2 :
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 23:27 --------- d-----w C:\Program Files\MSBuild
2007-11-14 15:44 319,456 ----a-w C:\Windows\DIFxAPI.dll
2007-11-14 13:32 --------- d-sh--w C:\ProgramData\Modèles
2007-11-14 13:32 --------- d-sh--w C:\ProgramData\Menu Démarrer
2007-11-14 13:32 --------- d-sh--w C:\ProgramData\Favoris
2007-11-14 13:32 --------- d-sh--w C:\ProgramData\Bureau
2007-11-14 13:32 --------- d-sh--w C:\Program Files\Fichiers communs
2007-11-01
13:29 2,011,224 ----a-w C:\Windows\system32\driver
s\RTKVHDA.sys
2007-10-31 11:35 4,702,208 ----a-w C:\Windows\RtHDVCpl.exe
2007-10-29
14:29 27,136 ----a-w C:\Windows\System32\RtkCoInst
.dll
2007-10-24
18:50 2,101,248 ----a-w C:\Windows\System32\RtkAPO
.dll
2007-10-18
10:31 51,224 ----a-w C:\Windows\System32\sirenacm.
dll
2007-10-17
14:27 582,656 ----a-w C:\Windows\System32\RtkPgExt
.dll
2007-10-04
16:14 86,016 ----a-w C:\Windows\System32\nvsvc.dll
2007-10-04
16:14 81,920 ----a-w C:\Windows\System32\nvmctray.
dll
2007-10-04
16:14 8,497,696 ----a-w C:\Windows\System32\nvcpl.
dll
2007-10-04
16:14 6,942,720 ----a-w C:\Windows\System32\nvoglv
32.dll
2007-10-04
16:14 6,344,704 ----a-w C:\Windows\System32\nvdisp
s.dll
2007-10-04
16:14 521,128 ----a-w C:\Windows\System32\dpinst.e
xe
2007-10-04
16:14 5,509,120 ----a-w C:\Windows\System32\nvdisp
sr.dll
2007-10-04
16:14 458,752 ----a-w C:\Windows\System32\nvmccssr
.dll
2007-10-04
16:14 45,056 ----a-w C:\Windows\System32\nvmccsrs.
dll
2007-10-04
16:14 4,993,024 ----a-w C:\Windows\System32\nvd3du
m.dll
2007-10-04
16:14 364,544 ----a-w C:\Windows\System32\nvapi.dl
l
2007-10-04
16:14 36,864 ----a-w C:\Windows\System32\nvcod100.
dll
2007-10-04
16:14 36,864 ----a-w C:\Windows\System32\nvcod.dll
2007-10-04
16:14 356,352 ----a-w C:\Windows\System32\nvudisp.
exe
2007-10-04
16:14 3,629,056 ----a-w C:\Windows\System32\nvvitv
sr.dll
2007-10-04
16:14 3,551,232 ----a-w C:\Windows\System32\nvvitv
s.dll
2007-10-04
16:14 3,334,144 ----a-w C:\Windows\System32\nvgame
s.dll
2007-10-04
16:14 3,166,208 ----a-w C:\Windows\System32\nvgame
sr.dll
2007-10-04
16:14 229,376 ----a-w C:\Windows\System32\nvmccs.d
ll
2007-10-04
16:14 2,854,912 ----a-w C:\Windows\System32\nvmobl
sr.dll
2007-10-04
16:14 2,441,216 ----a-w C:\Windows\System32\nvwssr
.dll
2007-10-04
16:14 2,371,584 ----a-w C:\Windows\System32\nvwss.
dll
2007-10-04
16:14 188,416 ----a-w C:\Windows\System32\nvmccss.
dll
2007-10-04
16:14 147,456 ----a-w C:\Windows\System32\nvcolor.
exe
2007-10-04
16:14 1,522,688 ----a-w C:\Windows\System32\nvwgf2
um.dll
2007-10-04
16:14 1,150,976 ----a-w C:\Windows\System32\nvmobl
s.dll
2006-11-02 12:49 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg
)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curr
entVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:33]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:33]
"Screenshot Captor"="D:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe" [2006-10-05 21:27]
"Wallpaper"="C:\Program Files\Wallpaper\Wallpaper.exe" [2007-08-21 00:27]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:34]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Run]
"NvSvc"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 12:35 C:\Windows\RtHDVCpl.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"edb5"="edb5.dll" [2004-01-08 02:24 C:\Windows\System32\edb5.dll]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe"
[2007-12-30 10:23]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
[2007-12-04 14:00]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cu
rrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe"
[2007-12-30 10:23]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\cur
rentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C
-4d9f-84C7-88D8A56B10AA}]
2007-08-03 12:51 202024 --a------ C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 09:25 1828136 --a------ C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57 153136 --a------ C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SxgTkBar]
SxgTkBar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe -hide
R2
aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\as
wMonFlt.sys [2007-12-04 15:52]
R2 edb5;Microsoft Exchange Database Storage Engine;rundll32.exe C:\Windows\system32\edb5.dll,yqyb []
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 09:25]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 09:27]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-11-14 16:52]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed
components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed
components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
.
Contenu du dossier ´Scheduled Tasks/Tâches planifiées´
"2007-12-30 14:35:00
C:\Windows\Tasks\User_Feed_Synchronization-{381E57
52-E7A1-439D-AECB-26992BD78D4B}.job"
- C:\Windows\system32\msfeedssync.exe
.
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-12-30 15:34:26
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
.
Completion time: 2007-12-30 15:36:09 - machine was rebooted [James Croft]
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-30 14:36:01
Re,
http://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/31851.html
http://www.malekal.com/tum/tutorial_AVG_AntiSpyware.php
- Redémarre en mode sans échec.
- Fais un scan et supprime tout ce qu’il trouve.
Enfin, clique sur Enregistrer le rapport d´analyse, enregistre le sur le bureau et poste le ici.
Alors là ya un problème...
Si je l´installe sous Vista je pourrai pas le mettre à jour puisque je n´arrive pas à accéder à Internet !
Depuis le plantage Windows s´est mis à me demander un nom d´utilisateur et un mot de passe alors que j´en ai pas défini, du coup si je fais annuler ou que je mets un truc faux, il cherche à identifier le réseau et du coup refuse de me connecter au net, à partir de là, dur de mettre à jour quoi que ce soit.
A moins que je puisse faire tout ça depuis ma partition Xp (autrement dit installer AVG et le mettre à jour depuis XP, l´exécuter depuis XP en analysant le disque en entier, à moins qu´il soit exécutable depuis Vista...)
Bon en l´absence de réponse :
- J´ai installé le logiciel sous XP puis j´ai mis à jour les signatures, ensuite j´ai fait un scan sous XP en mode sans échec (scan complet du système).
J´ai supprimé tout ce qu´il avait trouvé.
- Je suis allé sous Vista en mode sans échec, j´ai installé le logiciel puis j´ai copié les fichiers de signatures de la partition XP sur la partition Vista, j´ai ensuite fait une analyse rapide pour chaque session, rien à signaler.
Là maintenant je cherche le fichier txt du rapport d´analyse...
Partie 1 du rapport fait sous XP (Vista y avait rien à signaler) :
--------------------------------------------------
-------
AVG Anti-Spyware - Rapport d´analyse
--------------------------------------------------
-------
+ Créé à: 17:55:50 30/12/2007
+ Résultat de l´analyse:
C:\Documents and Settings\HP_Administrateur\jmtuld.exe/ghost.exe -> Downloader.IstBar : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\HP_Administrateur\qcccff.exe/ghost.exe -> Downloader.IstBar : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\HP_Administrateur\umnbxe.exe/ghost.exe -> Downloader.IstBar : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\HP_Administrateur\yieabq.exe/ghost.exe -> Downloader.IstBar : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\HP_Administrateur\Mes documents\Vegas Pro 8\Release Notes.htm -> Downloader.Psyme.fc : Nettoyé et sauvegardé (mise en quarantaine).
C:\EliBaglA.exe -> Heuristic.Win32.AVKiller : Ignoré.
:mozilla.126:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.127:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.12:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.13:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.15:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.174:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.231:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.309:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.505:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.598:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.745:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.746:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.747:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.748:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.749:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.750:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.751:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@fnac.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
E:\Users\James
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ja
mes_croft@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
E:\Users\Ryan
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ry
an_croft@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
E:\Users\Ryan
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ry
an_croft@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
E:\Users\Ryan
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ry
an_croft@philips.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
E:\Users\Ryan
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ry
an_croft@sonymediasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.222:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.223:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.229:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.230:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.530:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.10:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.25:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.26:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.27:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.28:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.29:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.673:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.676:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.677:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
E:\Users\Ryan
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ry
an_croft@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.119:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.17:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.70:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
E:\Users\James
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ja
mes_croft@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
E:\Users\Ryan
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ry
an_croft@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
partie 2 :
:mozilla.162:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.208:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.90:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
E:\Users\James
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ja
mes_croft@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
E:\Users\Ryan
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ry
an_croft@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.7:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.8:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.9:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.163:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.19:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.95:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
E:\Users\James
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ja
mes_croft@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
E:\Users\Ryan
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ry
an_croft@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.356:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.128:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.215:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.270:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.539:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.540:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.370:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.371:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.372:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.373:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@fortunecity[2].txt -> TrackingCookie.Fortunecity : Nettoyé.
:mozilla.647:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.779:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.828:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.313:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.314:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.315:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.398:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.399:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.400:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.401:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.402:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.403:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.404:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.405:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.493:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.494:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.608:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.220:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Hotlog : Nettoyé.
Partie 3 :
:mozilla.228:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.229:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.527:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.529:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.763:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Information : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@ivwbox[2].txt -> TrackingCookie.Ivwbox : Nettoyé.
:mozilla.208:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.332:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.732:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.595:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.596:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.12:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.18:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.231:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.232:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
E:\Users\Ryan
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ry
an_croft@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.558:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Planetactive : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.584:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.585:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@real[1].txt -> TrackingCookie.Real : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@realguide.real[1].txt -> TrackingCookie.Real : Nettoyé.
:mozilla.236:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.237:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.238:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.239:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.240:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.241:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.242:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.324:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.325:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.326:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.327:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.328:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.329:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.330:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.645:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.646:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.647:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.648:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.649:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.650:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
E:\Users\James
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ja
mes_croft@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
E:\Users\James
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ja
mes_croft@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
E:\Users\Ryan
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ry
an_croft@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
E:\Users\Ryan
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ry
an_croft@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.116:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyé.
:mozilla.117:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyé.
:mozilla.520:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.521:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.213:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.214:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.622:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@skype[1].txt -> TrackingCookie.Skype : Nettoyé.
E:\Users\James
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ja
mes_croft@site.skype[1].txt -> TrackingCookie.Skype : Nettoyé.
E:\Users\James
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ja
mes_croft@skype[2].txt -> TrackingCookie.Skype : Nettoyé.
E:\Users\Ryan
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ry
an_croft@site.skype[1].txt -> TrackingCookie.Skype : Nettoyé.
E:\Users\Ryan
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ry
an_croft@skype[1].txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.152:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.154:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.155:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.24:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.30:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.31:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.32:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.453:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.454:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.455:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.456:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
E:\Users\James
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ja
mes_croft@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
E:\Users\Ryan
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ry
an_croft@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.684:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Spylog : Nettoyé.
:mozilla.362:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.365:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.366:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.367:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.368:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.369:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.370:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.371:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.372:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.373:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.374:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.375:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.376:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.377:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.526:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.636:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.637:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.638:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Tacoda : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@ad.text.tbn[1].txt -> TrackingCookie.Texttbnru : Nettoyé.
:mozilla.375:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.376:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.590:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.591:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.592:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.91:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.92:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.93:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
E:\Users\James
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ja
mes_croft@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
E:\Users\Ryan
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ry
an_croft@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.489:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.19:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.20:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.21:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.22:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.60:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.61:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.62:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.63:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.64:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.98:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
E:\Users\James
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ja
mes_croft@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
E:\Users\Ryan
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ry
an_croft@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.13:C:\Documents and Settings\Administrateur\Application
Data\Mozilla\Firefox\Profiles\83w7ose6.default\coo
kies.txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.219:C:\Documents and Settings\HP_Administrateur\Application
Data\Mozilla\Firefox\Profiles\xre3fvme.default\coo
kies.txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.290:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
E:\Users\James
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ja
mes_croft@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
E:\Users\Ryan
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ry
an_croft@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.682:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.780:E:\Users\Ryan
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\j3s
eh8ce.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@yadro[2].txt -> TrackingCookie.Yadro : Nettoyé.
:mozilla.106:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.107:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.108:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.109:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.110:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.111:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.112:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.113:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.114:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and
Settings\HP_Administrateur\Cookies\hp_administrate
ur@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
E:\Users\Ryan
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ry
an_croft@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.227:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.228:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.231:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.232:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.233:E:\Users\James
Croft\AppData\Roaming\Mozilla\Firefox\Profiles\9oh
b8qqh.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
E:\Users\Ryan
Croft\AppData\Roaming\Microsoft\Windows\Cookies\ry
an_croft@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
C:\Documents and Settings\HP_Administrateur\jmtuld.exe/install.exe -> Trojan.VB.aqc : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\HP_Administrateur\qcccff.exe/install.exe -> Trojan.VB.aqc : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\HP_Administrateur\umnbxe.exe/install.exe -> Trojan.VB.aqc : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\HP_Administrateur\yieabq.exe/install.exe -> Trojan.VB.aqc : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
Nouveau log HJC.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53, on 2007-12-30
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\SystemPropertiesComputerName.e
xe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Int
ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d´aide de l´Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [edb5] rundll32.exe edb5.dll,yqyb
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Screenshot Captor] "D:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ´SERVICE LOCAL´)
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ´SERVICE LOCAL´)
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User ´SERVICE LOCAL´)
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ´SERVICE RÉSEAU´)
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User ´SYSTEM´)
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User ´Default user´)
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ´Tools´ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgrssvc.exe
O23 - Service:
O23 - Service: Microsoft Exchange Database Storage Engine (edb5) - Unknown owner - rundll32.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l´iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
--
End of file - 6722 bytes