Virus windows live messenger
Forum Sécurité - Virus : Virus windows live messenger
bonjour
j'ai chopé un virus MSN
Sa envoi a plusieurs de mes contacts un lien
je voudrais donc que quelqu'un m'aide
Salut,
Télécharge MsnFix (de !aur3n7) sur ton Bureau. (>>Tuto<< )
Dézippe-le sur ton bureau.
Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat. (L’extension bat peut ne pas apparaître)
- Exécute l'option R.
- Si l'infection est détectée, presse une touche pour lancer le nettoyage. (N)
Si tu dois redémarrer l’ordinateur fais le manuellement.
Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
Note : Si tu obtiens un fichier zip d’upload sur ton bureau, fais ceci
Répondre à XmichouX
J'ai exactement le même problème. Le rapport MSNFIX est
MSNFix 1.673
C:\Jeux\MSNFix
Fix exécuté le 27/02/2008 - 23:33:11,96 By DE KERROS
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\system32\real.txt
... C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\Setup.exe
... C:\log.txt
... C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\DE KERROS\??????.exe
... C:\Documents and Settings\DE KERROS\????????.exe
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\system32\real.txt
.. OK ... C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\Setup.exe
.. OK ... C:\log.txt
/!\ ... C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\DE KERROS\??????.exe
.. OK ... C:\Documents and Settings\DE KERROS\????????.exe
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\system32\real.txt
/!\ ... C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\services.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\WINDOWS\system32\host.zip] F6856706BF083B907FEB6B81109A782F
[C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\azupdater_1.8.5.zip] 2AC49B3BF78D09BC78DCFE649BC337C0
[C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\azupnpav_0.1.7.zip] 9FFA8574D012893CCBE950761E0AD870
[C:\famwssg.exe] 8A56C75C99A8C8BF74227F832596C9CD
[color=#FF0000]==>[/color] SVP merci d'envoyer le fichier C:\DOCUME~1\DEKERR~1\Bureau\Upload_Me.zip sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 27022008_23370878.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
J'ai fait aussi un rapport avec hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 00:21:21, on 28/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Jeux\Daemon\DAEMON Tools\daemon.exe
D:\Mes dossiers\Louis Jeux\Samsung\SMSTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Jeux\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\StarOffice7\program\soffice.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Jeux\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\DEKERR~1\LOCALS~1\Temp\services.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Jeux\Daemon\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SMSTray] D:\Mes dossiers\Louis Jeux\Samsung\SMSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Jeux\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\DE KERROS\Local Settings\Temp\{6A19D6B7-9E2A-4A60-AF8D-693A0EA64CEC}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\DE KERROS\Local Settings\Temp\{55674325-43FD-48E5-B2B1-421A20BA6C59}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
O4 - Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/control [...] oader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fich [...] b?version=
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Slt louloulepr o87 .
Comment t'a fait pour demarer MSNFix????
Il me mais "eror eror eror" le fichier n'estt pas un fichier executable !!!
Aide moi stp !!!
Ben je l'avais chopé sur un autre site d'aide pour virer c virus de merde. Cherche sur google msnfix
^^ ok merci
Bonjour XmichouX, dois je créer un nouveau sujet pour ce même virus ou je peux rester sur ce sujet ?
Merci
...
C'est le sujet de paulo ici .
Répondre à XmichouX
merci pour l'aide
mais comment je vais faire pour savoir comment le virus a disparu ou pas?
Tu m'envoies le rapport d'msn fix déjà 
Répondre à XmichouX
a ok ok
MSNFix 1.673
C:\Documents and Settings\KHMER\Bureau\MSNFix\MSNFix
Fix exécuté le 28/02/2008 - 13:47:50,34 By KHMER
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\system32\real.txt
... C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe
************************ Recherche les dossiers présents
... C:\Temp\
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\system32\real.txt
.. OK ... C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe
************************ Suppression des dossiers
/!\ ... C:\Temp\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
Aucun Fichier trouvé
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\Install.zip] 184E4D33505C93BDC297E2CE5FF39893
[color=#FF0000]==>[/color] SVP merci d'envoyer le fichier C:\DOCUME~1\KHMER\Bureau\Upload_Me.zip sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 28022008_13541835.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Re,
SUpprime C:\Temp.
PUis Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce tuto.
Répondre à XmichouX
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:04, on 28/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\FlashGet\flashget.exe
C:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flash Driver] C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xinek.lnk = C:\Program Files\Xinek\Xinek.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SATARAID5.lnk = ?
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] jhtml?p=ZW
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.co [...] nPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/p [...] taller.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 15118 bytes
Bien,
Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
|
Puis Fix Checked !
**********
Télécharge BTFix (de Bibi26)
Dézippe le sur ton Bureau.
Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, poste le ici.
Répondre à XmichouX
BTFix 1.081 (par bibi26) - 28/02/2008 20:55:04 - Analyse
Lancé depuis D:\Mes documents\My Received Files\BTFix\BTFix.exe
---> Fichiers/Dossiers trouvés
- C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
- C:\Program Files\MSN Messenger\RICHED20.dll
- C:\Documents and Settings\KHMER\Menu Démarrer\Programmes\WhenU\
---> Analyse terminée
yen a encore beaucoup a faire ou c'est le dernier?
Si le virus est partit dis le moi directement
Re,
1 : ne sois pas si hatif, on prend de notre temps libre pour t'aider.
2 : Non.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Btfix, clique sur nettoyer, poste le rapport généré.
Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt
Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
Répondre à XmichouX
le rapport de Btfix :
BTFix 1.081 (par bibi26) - 29/02/2008 19:38:59 - Nettoyage - Mode sans échec
Lancé depuis D:\Mes documents\My Received Files\BTFix\BTFix.exe
---> Fichiers/dossiers supprimés (Première passe)
- Fichiers temporaires effacés
---> Nettoyage terminé
j ai ce probleme mais il ne se manifeste pas exactement comme ca et je n ai aucune réponse depuis hier... je suis un peu désespérée pouvez vous m aider?
rapport de Clean :
29/02/2008 a 19:47:39,46
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\SpoonUninstall.exe FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Everest Poker\" FOUND
Tu as fait deux fois btfix ..?
Télécharge AVG Anti-Spyware Installes-le.
Si le lien ne fonctionne pas : >Clique ici<
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
Ne fais pas d’analyse pour le moment. Fais un clique droit en bas à droite sur l'îcone d'avg, et désactive la case pour démarrer avec windows.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Avg.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le ici.
&
Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.
Répondre à XmichouX
RAPPORT AVG ANTI SPYWARE :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 15:57:30 02/03/2008
+ Résultat de l'analyse:
HKU\S-1-5-21-1292428093-261478967-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.482:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.212:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.36:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.37:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.39:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.40:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.42:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.43:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.44:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.45:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.80:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.858:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@karavel.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@mistergooddeal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.242:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.243:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.244:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.245:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.246:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.247:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.248:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.249:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.250:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.251:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.252:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.253:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.254:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.255:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.256:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.257:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.258:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.259:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.260:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.261:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.262:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.263:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.264:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.265:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.266:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.267:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.268:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.269:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.270:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.271:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.272:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.273:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.274:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.275:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.276:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.277:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.278:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.279:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.280:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.281:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.282:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.283:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.284:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.285:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.286:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.287:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.189:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Addynamix : Nettoyé.
:mozilla.190:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Addynamix : Nettoyé.
:mozilla.881:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.882:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.883:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.884:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.885:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.886:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.887:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.888:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.119:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.237:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.238:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.239:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.240:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.241:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.545:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.51:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.364:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.365:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.366:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.367:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.470:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé.
:mozilla.400:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.401:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.402:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.403:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.404:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.405:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.406:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.407:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.408:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.409:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.778:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Clickhype : Nettoyé.
:mozilla.117:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.118:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.121:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.122:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.123:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.779:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Cqcounter : Nettoyé.
:mozilla.854:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Dealtime : Nettoyé.
:mozilla.34:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.111:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\KHMER\Local Settings\Temp\Cookies\khmer@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.525:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.526:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.527:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.528:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.529:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.530:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.445:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.446:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.447:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.448:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.449:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.450:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.209:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.210:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.47:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Ivwbox : Nettoyé.
:mozilla.157:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.158:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.159:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.290:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Masterstats : Nettoyé.
:mozilla.33:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.32:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.288:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.289:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.96:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.97:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.98:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@france.real[2].txt -> TrackingCookie.Real : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@real[2].txt -> TrackingCookie.Real : Nettoyé.
C:\Documents and Settings\KHMER\Local Settings\Temp\Cookies\khmer@real[2].txt -> TrackingCookie.Real : Nettoyé.
:mozilla.457:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.458:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.459:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.460:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.461:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.462:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.194:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.195:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.196:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.197:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.198:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.199:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.200:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.323:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.617:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.618:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.620:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.635:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.643:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.22:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.23:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.24:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.25:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.485:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.487:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.488:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.489:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.490:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.491:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.492:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.493:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.103:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.104:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.105:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.106:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.107:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.422:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.423:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.424:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.425:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.100:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.101:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.102:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.99:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@bnpparibas.weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.890:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\KHMER\Cookies\khmer@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.634:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.177:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.178:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.179:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.180:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.181:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.410:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.411:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.412:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.421:C:\Documents and Settings\KHMER\Application Data\Mozilla\Firefox\Profiles\uqodphcq.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
D:\Mes documents\Fichiers téléchargés\Downgrade PSP 1.5\MPHDowngrader.zip/PSP/PHOTO/overflow.tif -> Trojan.PSPBrick : Nettoyé et sauvegardé (mise en quarantaine).
D:\Mes documents\Fichiers téléchargés\Downgrade PSP 1.5\MPHDowngrader\PSP\PHOTO\overflow.tif -> Trojan.PSPBrick : Nettoyé et sauvegardé (mise en quarantaine).
D:\Mes documents\Fichiers téléchargés\downgrade.zip/PSP/PHOTO/overflow.tif -> Trojan.PSPBrick : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
RAPPORT CLEAN :
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 02/03/2008 a 16:17:03,95
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
*** Suppression des fichiers dans C:\Program Files
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Reposte un HijackThis.
Répondre à XmichouX
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58:04, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Mes documents\My Received Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [Flash Driver] C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xinek.lnk = C:\Program Files\Xinek\Xinek.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SATARAID5.lnk = ?
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.co [...] nPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/p [...] taller.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Mes documents\My Received Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 13581 bytes
Apparemment, tu n'as pas coché les lignes comme je te l'avais demandé avant..
Télécharger OTMoveIt2 par OldTimer.
- Enregistrer ce fichier sur le Bureau.
- Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
- Copier les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe |
- Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisir Coller.
- Cliquer sur le bouton rouge Moveit!.
- Copier tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
- Fermer OTMoveIt2
Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.
Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
Répondre à XmichouX
c'est quoi la colonne droite de l'outil
Tout est bien expliqué.
Répondre à XmichouX
C'est quoi la colonne droite de l'outil?
Quand j'ouvre le bloc note du dossier Moved files le message me dit :" File move failed" donc je dois faire copier coller sur la colonne droite de l'outil.
Mais elle est ou cette colonne?
Fais ça ..
Copier tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
Répondre à XmichouX
File move failed. C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe scheduled to be moved on reboot.
OTMoveIt2 v1.0.20 log created on 03032008_204649
et meme kan j'ai reboot le bloc note de moved files sa me fait pareil sa m'écrit file move failed
Sélectionne le contenu du cadre ci-dessous :
Files to delete:
|
Copie-colle le contenu précis de ce cadre dans ton bloc note en l’ouvrant.
Il ne doit manquer aucune ligne !
Enregistre ce fichier sur ton bureau que tu renommeras remove.txt
Télécharge The Avenger (de Swandog46)
Dézippe le sur ton bureau.
Lance le en double cliquant sur l’exe puis fais ok.
Sélectionne Load Script from File et clique sur l'cône en forme de dossier à droite.
Sélectionne ton fichier remove.txt se trouvant sur le bureau.
Clique sur le feu vert puis sur oui.
Le programme va te demander de redémarrer ton pc, accepte.
Poste le rapport qui se trouve ici >>C:\avenger.txt<<
Répondre à XmichouX
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Tue Mar 04 13:52:27 2008
13:52:27: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Tue Mar 04 13:52:48 2008
13:52:48: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Tue Mar 04 13:52:56 2008
13:52:56: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Tue Mar 04 13:54:05 2008
13:54:05: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Tue Mar 04 13:54:34 2008
13:54:34: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Tue Mar 04 13:54:51 2008
13:54:51: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Tue Mar 04 13:55:09 2008
13:55:09: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Tue Mar 04 13:55:24 2008
13:55:24: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Tue Mar 04 13:55:43 2008
13:55:43: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Tue Mar 04 13:56:01 2008
13:56:01: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Reposte un HijackThis.
Répondre à XmichouX
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:05:26, on 05/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Mes documents\My Received Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\FlashGet\flashget.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [Flash Driver] C:\DOCUME~1\KHMER\LOCALS~1\Temp\winlogon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xinek.lnk = C:\Program Files\Xinek\Xinek.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SATARAID5.lnk = ?
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.co [...] nPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/p [...] taller.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Mes documents\My Received Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 13734 bytes
Re,
Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software
Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.
Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.
Répondre à XmichouX
Il y a 1737 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
