[Resolu] Problème virus : fenêtres intempestives
Forum Sécurité - Virus : [Resolu] Problème virus : fenêtres intempestives
Bonjour à tous,
Il y a deux jours alors que j'étais pépère sur mon ordi, des fenêtres internet explorer se sont mises à s'ouvrir non-stop (alors que j'utilise firefox). Puis tout s'est mis a disparaitre, le dock de mon bureau s'est barré. J'ai fais un reboot avant que ça s'empire et au scan disk du démarrage, j'avais apparemment des fichiers erronés. Depuis, des pop-up IE s'ouvrent n'importe quand, ainsi que des messages qui m'incitent à télécharger des virus tels que errorsafe ou systemdoctor, ou qui m'informent que je suis infecté par serwab. Que faire ?
En vous remerciant d'avance,
Zilium
Bonjour
1 Télécharge
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
Ewido
Lance Ewido et clique sur le bouton Update (barre d'outils - au haut).
Sous Manual Update clique Start update. Patiente jusqu'à l'affichage "Update successful".
2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
3 Lance le nettoyage avec CCleaner.
4 Lance Ewido.
Clique sur le bouton Scanner (de la barre d'outils)
Puis sur l'onglets Settings, pour How to Act. Clique sur Recommanded Actions. Sélectionne Quarantine.
Reviens a l'onglet Scan. Clique Complete system Scan
A la fin du scan, choisis l'option " Apply All Actions " en bas.
Clique sur "Save Report", puis "Save Report As". Ceci génère un rapport en fichier texte. Assure-toi de le sauvegarder dans un endroit facile à retrouver.
5 Redémarre normalement et poste le rapport d'Ewido avec un log HijackThis v1.99.1
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm
Merci beaucoup à toi,
Voilà le rapport Ewido :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 21:38:37 05/08/2006
+ Scan result:
C:\WINDOWS\system32\ccapp.exe -> Adware.Chiem : Cleaned with backup (quarantined).
C:\WINDOWS\system32\navshext.dll -> Adware.Chiem : Cleaned with backup (quarantined).
C:\WINDOWS\system32\navshext1.dll -> Adware.Chiem : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} -> Adware.Generic : Cleaned with backup (quarantined).
C:\FOUND.001\FILE3166.CHK/LMSetup2.exe -> Adware.MDH : Cleaned with backup (quarantined).
C:\Program Files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\uninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\themexp\Themexp.org File\NNWDAB638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\ѕуstem32\wіnlogon.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
[1256] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[200] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[248] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[260] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[404] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[476] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[544] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[896] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
C:\Documents and Settings\Zilium\Menu Démarrer\Programmes\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Menu Démarrer\Programmes\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Menu Démarrer\Programmes\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Menu Démarrer\Programmes\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Menu Démarrer\Programmes\WhenU\WhenU Help Desk.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Menu Démarrer\Programmes\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\ACM.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\Save.db -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\SaveNowupdate.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\extra.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\ffext.mod -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\save.htm -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\saveupdate.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\store.db -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\themexp\Themexp.org File\Ezthemes_WhenUSaveNow_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP120\A0021760.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP120\A0021763.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP161\A0030215.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP161\A0030269.exe/Save.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP161\A0030269.exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP165\A0031463.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP165\A0031468.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP167\A0032566.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP167\A0032567.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP167\A0032570.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0032734.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave\Partners\EDON -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave\Partners\WUSV -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hlwin.dll -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\INSTALL.LOG -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\IUCmore.dll -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\TBlogin.users.ucmore.com.4.5.40.0 -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\UNWISE.EXE -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\logo.ico -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\TheSearchAccelerator\toolbar.cfg -> Adware.UCmore : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator -> Adware.UCmore : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs\whinstaller.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0032723.DLL -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0032724.EXE -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0032725.DLL -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj\CurVer -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webhancer\ESO -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Local Settings\Temp\zoqalj2c.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\Program Files\themexp\Themexp.org File\HLsetup2.exe -> Downloader.Small.bke : Cleaned with backup (quarantined).
:mozilla.421:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.422:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.423:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.424:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.425:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.426:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.427:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.575:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.576:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.577:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.578:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.579:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.209:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.211:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.341:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.357:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.385:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.73:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.74:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.75:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.76:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.77:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.78:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.79:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.80:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.81:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.82:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.896:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.287:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.386:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.387:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.990:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Adition : Cleaned with backup (quarantined).
:mozilla.991:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Adition : Cleaned with backup (quarantined).
:mozilla.364:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.981:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.982:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.983:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.345:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.346:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.459:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.460:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.110:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.111:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.112:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.376:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.379:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.380:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.22:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.177:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.464:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.739:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.740:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.288:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.390:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.599:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
:mozilla.742:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
:mozilla.743:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
:mozilla.744:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
:mozilla.745:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
:mozilla.746:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
:mozilla.748:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.767:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.768:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.472:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.763:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.764:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.146:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.147:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.148:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.149:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.152:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.748:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.749:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.750:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.464:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Cqcounter : Cleaned with backup (quarantined).
:mozilla.662:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Cqcounter : Cleaned with backup (quarantined).
:mozilla.63:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.775:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
:mozilla.35:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Estat : Cleaned with backup (quarantined).
:mozilla.296:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.297:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.298:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.299:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.430:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.258:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.259:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.260:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.365:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.43:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.44:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.45:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.46:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.47:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.48:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.290:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.291:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.292:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.801:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned with backup (quarantined).
:mozilla.253:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.530:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.367:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.368:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.521:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.574:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@ehg-ads.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@ehg-ricaud.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.410:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.411:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.412:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.413:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.559:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
:mozilla.836:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Komtrack : Cleaned with backup (quarantined).
:mozilla.773:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.774:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.187:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.635:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
:mozilla.105:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.107:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.634:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.887:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.607:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
:mozilla.431:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.432:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.433:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.434:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.616:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.617:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.648:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.893:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.347:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.676:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.785:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.786:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.234:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.235:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.236:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.237:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.238:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.290:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.291:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.292:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.293:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.294:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.156:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.157:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.158:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.159:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.160:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.161:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.162:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.163:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.164:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.165:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.166:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.167:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.168:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.169:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.170:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.171:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.172:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.173:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.174:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.175:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.482:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.483:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.484:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.485:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.399:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.400:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.401:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
:mozilla.392:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.512:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.179:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.180:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.181:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.182:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.369:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.370:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.371:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.372:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.373:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.374:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.375:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.376:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.377:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.378:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.379:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.380:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.381:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.382:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.678:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.679:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.931:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.932:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.50:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.51:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.52:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.53:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.54:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.55:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.56:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.948:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.949:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.366:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.391:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.349:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.350:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.567:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.64:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.65:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.66:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.67:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.91:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@weborama[1].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.976:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
:mozilla.977:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
:mozilla.17:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.18:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.19:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.20:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.433:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.436:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.437:C:\FOUND.002\FILE2792.CHK -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.714:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.715:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
::Report end
Et le rapport HJT :
Logfile of HijackThis v1.99.1
Scan saved at 21:52:02, on 05/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\eDonkey2000\eDonkey2000.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\PPATCH~1\nslookup.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://offers.whenu.com/installed. [...] 0422182341
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nphb] "C:\WINDOWS\PPATCH~1\nslookup.exe" -vt yazb
O4 - HKCU\..\Run: [Qlzffne] C:\Program Files\??stem32\w?nlogon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - (no file)
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\WINDOWS\system32\ping.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
Tu as encore plusieurs infections.
Étape 1:
Télécharge eScan Antivirus Toolkit
http://www.spywareinfo.dk/download/mwav.exe
Sauvegarde-le sur ton Bureau.
Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.
Étape 2:
Voici comment mettre l'outil à jour :
1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau; dézippe les fichiers dans le nouveau dossier suggéré (Kaspersky) situé à la racine du lecteur C:\ (C:\Kaspersky.). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit" ).
2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.
3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue"; tape sur une clé pour continuer.
Ne pas lancer le scan tout de suite !
Étape 3:
Redémarre en mode Sans Échec
Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
Étape 4:
Du mode Sans Échec, voici comment utiliser le programme :
1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky
2.) Double-clique sur mwavscan.com; l'interface d'eScan va apparaître à l'écran.
3.) Il est très important de bien cocher ces boîtes sous Scan Option
Memory, Registry, Startup Folders, System Folders, Services.
4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.
5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files.
6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite !
7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes" ), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.
Ferme le programme.
Redémarre ton PC en mode Normal.
Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.
Salut,
voilà le rapport de eScan
in32.Small.bke" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Downloads\126002.exe infected by "Trojan-Downloader.Win32.Small.bke" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Zilium\Local Settings\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\Cache\5508BB6Cd01 tagged as not-a-virus
ownloader.Win32.WinFixer.l. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033739.exe infected by "Trojan-Downloader.Win32.Small.bke" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033741.dll tagged as not-a-virus:AdWare.Win32.PurityScan.en. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033742.exe tagged as not-a-virus:AdWare.Win32.WebHancer.390. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033746.exe tagged as not-a-virus:AdWare.Win32.SaveNow.cb. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033747.exe tagged as not-a-virus:AdWare.Win32.SaveNow.cb. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033749.exe tagged as not-a-virus:AdWare.Win32.SaveNow.cb. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033750.exe tagged as not-a-virus:AdWare.Win32.SaveNow.bo. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033751.dll tagged as not-a-virus:AdWare.Win32.Ucmore. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033752.dll tagged as not-a-virus:AdWare.Win32.Ucmore.a. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033756.exe tagged as not-a-virus:AdWare.Win32.Chiem.a. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033757.dll tagged as not-a-virus:AdWare.Win32.Chiem.a. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033758.dll tagged as not-a-virus:AdWare.Win32.Chiem.a. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033759.dll tagged as not-a-virus:AdWare.Win32.Suggestor.n. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033760.dll tagged as not-a-virus:AdWare.Win32.NewDotNet.i. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033761.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033762.exe tagged as not-a-virus:AdWare.Win32.NewDotNet.e. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033763.EXE tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033764.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033765.exe tagged as not-a-virus:AdWare.Win32.NewDotNet.e. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033766.exe tagged as not-a-virus:AdWare.Win32.NewDotNet.e. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP169\A0033767.exe tagged as not-a-virus:AdWare.Win32.NewDotNet.e. No Action Taken.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP170\A0033804.exe infected by "Trojan-Downloader.Win32.Small.bke" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{0E53C2D2-603D-4B01-84F6-6DE602018BFB}\RP170\A0033805.exe infected by "Trojan-Downloader.Win32.Small.bke" Virus. Action Taken: File Deleted.
- Désactive puis ré-active la restauration du système
Refais ensuite un scan Ewido.
Voici le nouveau rapport Ewido :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 15:48:39 06/08/2006
+ Scan result:
HKU\S-1-5-21-662591851-622730507-867875270-1005\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-662591851-622730507-867875270-1005\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-662591851-622730507-867875270-1005\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-662591851-622730507-867875270-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\ѕуstem32\wіnlogon.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
[1020] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[1044] C:\Program Files\ѕуstem32\wіnlogon.exe -> Adware.PurityScan : Error during cleaning.
[1072] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[1156] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[1192] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[1204] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[1308] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[1328] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[1544] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[1592] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[168] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[1696] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[1796] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[1800] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[1876] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[1888] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[1900] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[1912] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[1932] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[1944] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[1960] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[2040] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[2060] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[2420] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[2884] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[3184] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[400] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[412] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[424] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[440] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[452] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[472] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[480] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[496] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[524] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[536] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[616] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[648] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[696] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[708] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[868] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[904] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[924] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
[988] C:\WINDOWS\system32\ping.dll -> Adware.PurityScan : Error during cleaning.
:mozilla.76:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Zilium\Cookies\zilium@weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\Zilium\Application Data\Mozilla\Firefox\Profiles\vl5yxz6l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
::Report end
- Fais un scan en ligne Kaspersky
Aide pour le scan en ligne
Sauvegarde puis colle le rapport en fin d'analyse.
Le scan ne marche pas, apparemment la licence est périmée :
| Citation : Veuillez patienter pendant la mise à jour des définitions de virus...
|
Avec Internet Explorer
Fais un scan en ligne Panda
- Clique sur " Scan your PC "
- Ensuite sur " Check Now "
- /!\ Clique en bas sur " I don't Accept "
Entre ton adresse e-mail puis commence le scan
- Poste le rapport en fin d'analyse
Si tu as Avast! désactive-le lors du scan
Pas d'effet apparemment :
Incident Status Location
Adware:Adware/PurityScan Not disinfected c:\windows\ppatch~1\nslookup.exe
Adware:Adware/SaveNow Not disinfected C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\ping.dll
Adware:adware/block-checker Not disinfected c:\windows\system32\ustart.exe
Adware:adware/webhancer Not disinfected c:\program files\webHancer
Spyware:spyware/new.net Not disinfected Windows Registry
Adware:adware/ucmore Not disinfected Windows Registry
Adware:adware/cws.aboutblank Not disinfected Windows Registry
Spyware:Cookie/PointRoll Not disinfected C:\FOUND.001\FILE0293.CHK
Spyware:Cookie/Bluestreak Not disinfected C:\FOUND.001\FILE0466.CHK
Spyware:Cookie/Tradedoubler Not disinfected C:\FOUND.001\FILE0831.CHK
Spyware:Cookie/Adserver Not disinfected C:\FOUND.001\FILE0898.CHK
Spyware:Cookie/Xiti Not disinfected C:\FOUND.001\FILE0967.CHK
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.001\FILE0997.CHK
Spyware:Cookie/2o7 Not disinfected C:\FOUND.001\FILE1328.CHK
Spyware:Cookie/Adserver Not disinfected C:\FOUND.001\FILE1333.CHK
Spyware:Cookie/Com.com Not disinfected C:\FOUND.001\FILE1423.CHK
Spyware:Cookie/RealMedia Not disinfected C:\FOUND.001\FILE1508.CHK
Spyware:Cookie/Falkag Not disinfected C:\FOUND.001\FILE1604.CHK
Spyware:Cookie/888 Not disinfected C:\FOUND.001\FILE2233.CHK
Spyware:Cookie/Cassava Not disinfected C:\FOUND.001\FILE2234.CHK
Spyware:Cookie/2o7 Not disinfected C:\FOUND.001\FILE2238.CHK
Spyware:Cookie/Belnk Not disinfected C:\FOUND.001\FILE2895.CHK
Spyware:Cookie/Belnk Not disinfected C:\FOUND.001\FILE2901.CHK
Spyware:Cookie/BurstNet Not disinfected C:\FOUND.001\FILE3164.CHK
Spyware:Cookie/Atwola Not disinfected C:\FOUND.001\FILE3341.CHK
Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.001\FILE3508.CHK
Spyware:Cookie/Statcounter Not disinfected C:\FOUND.001\FILE4063.CHK
Spyware:Cookie/Falkag Not disinfected C:\FOUND.001\FILE4467.CHK
Spyware:Cookie/Hbmediapro Not disinfected C:\FOUND.001\FILE4752.CHK
Spyware:Cookie/Falkag Not disinfected C:\FOUND.001\FILE4804.CHK
Spyware:Cookie/PointRoll Not disinfected C:\FOUND.001\FILE5038.CHK
Spyware:Cookie/Reliablestats Not disinfected C:\FOUND.001\FILE6681.CHK
Spyware:Cookie/Zedo Not disinfected C:\FOUND.001\FILE6708.CHK
Spyware:Cookie/Comclick Not disinfected C:\FOUND.001\FILE6939.CHK
Spyware:Cookie/Weborama Not disinfected C:\FOUND.001\FILE7335.CHK
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.001\FILE7539.CHK
Spyware:Cookie/Bluestreak Not disinfected C:\FOUND.001\FILE7748.CHK
Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.001\FILE8458.CHK
Spyware:Cookie/2o7 Not disinfected C:\FOUND.001\FILE8587.CHK
Spyware:Cookie/YieldManager Not disinfected C:\FOUND.001\FILE8863.CHK
Spyware:Cookie/Adtech Not disinfected C:\FOUND.001\FILE9183.CHK
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\__delete_on_reboot__p_i_n_g_._d_l_l_
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32\PreUninstallHL.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\??pPatch\nslookup.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Zilium\Local Settings\Temp\OA.exe
Adware:Adware/Ucmore Not disinfected C:\Documents and Settings\Zilium\Menu Démarrer\Programmes\UCmore - The Search Accelerator\UCmore Tour.lnk
Adware:Adware/Ucmore Not disinfected C:\Documents and Settings\Zilium\Menu Démarrer\Programmes\UCmore - The Search Accelerator\How To Uninstall.lnk
On finit.
1 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
2 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer
3 Désinstalle ces applications (si tu les trouves) dans Ajout-Suppression de programmes :
webHancer
4 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :
c:\program files\webHancer
C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll
c:\windows\ppatch~1
C:\WINDOWS\??pPatch
C:\WINDOWS\system32\ping.dll
C:\WINDOWS\system32\__delete_on_reboot__p_i_n_g_._d_l_l_
C:\WINDOWS\system32\PreUninstallHL.exe
c:\windows\system32\ustart.exe
C:\FOUND.001
C:\Documents and Settings\Zilium\Menu Démarrer\Programmes\UCmore - The Search Accelerator
Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.
5 Lance le nettoyage avec CCleaner.
6 Redémarre normalement.
As tu encore des dysfonctionnements ?
Ca a l'air d'être bon, mais il reste un hic : au démarrage j'ai toujours un message d'erreur :
| Citation : Erreur de chargement de C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL
|
En tout cas merci pour tout ! 
C'est normal, il est encore dans HijackThis.
Télécharge LSPfix
http://www.cexx.org/lspfix.htm
Installes le sur le Bureau
Lances LSPfix et agrandis la fenêtre qui, par défaut, est trop petite et fait apparaître les ascenseurs horizontaux et verticaux, masquant un bouton.
Déconnecte toi d'Internet et ferme toutes les instances (fenêtres) Internet Explorer.
Coche la case "I know what I'm doing" ("Je sais ce que je fais" ).
Sélectionne toutes les instances des dll suivantes
newdotnet7_22.dll
et fais les glisser du panneau de gauche, appelé "keep" au panneau de droite, appelé "Remove".
Clique sur le bouton "Finish".
redémarre et reposte un rapport HijackThis.
Le message d'erreur persiste
rapport hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 00:23:34, on 07/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\eDonkey2000\eDonkey2000.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\PPATCH~1\nslookup.exe
C:\Program Files\??stem32\w?nlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://offers.whenu.com/installed. [...] 0422182341
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nphb] "C:\WINDOWS\PPATCH~1\nslookup.exe" -vt yazb
O4 - HKCU\..\Run: [Qlzffne] C:\Program Files\??stem32\w?nlogon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - (no file)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
Il reste des fichiers infectieux.
Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.
1 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
2 Relance un scan HijackThis et coche les lignes ci-dessous :
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://offers.whenu.com/installed. [...] 0422182341
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [Nphb] "C:\WINDOWS\PPATCH~1\nslookup.exe" -vt yazb
O4 - HKCU\..\Run: [Qlzffne] C:\Program Files\??stem32\w?nlogon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O18 - Filter: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - (no file)
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
3 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer
4 Désinstalle ces applications (si tu les trouves) dans Ajout-Suppression de programmes :
??stem32
newdotnet
5 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :
C:\WINDOWS\PPATCH~1
C:\Program Files\??stem32
C:\Program Files\newdotnet
Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.
6 Lance le nettoyage avec CCleaner.
7 Redémarre normalement et poste un nouveau log HijackThis.
Tout a l'air rentré dans l'ordre, du moins je l' espére. Mille merci pour tout :jap
rapport hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 01:09:19, on 07/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\eDonkey2000\eDonkey2000.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
Bonsoir
Effectivement, plus de signe d'infection ;-)
Il y a 1821 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
