Tom's Guide > Forum > Sécurité - Virus > Probleme page internet

Probleme page internet

Forum Sécurité - Virus : Probleme page internet

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
p0oks   18-06-2008 à 19:49:50

Bonjour a tous ,

Depuis quelque jour quand je vais sur firefox et que je lance une r

recherche sur Google n importe quoi par exemple si je tape "tortue" il va

avoir le résultat avec plusieurs site et j'ai une chance sur deux en

cliquant sur le lien de tomber sur une page qui na aucun rapport

souvent les même page d ailleurs par exemple un dictionnaire turque un site

pornographique ou encore des site de ventes ou des moteur de

recherche(je précise que je n'ai jamais été sur des site comme ceux la

au par avant )et d autre site encore . Que faire pour empêcher ses page

de s afficher et ce que je suis victime d'un virus ?

J'ai déjà fait deux analyse antivirus et ça na rien donné.

Encore plus grave il y a 5 minute mon ordinateur a completement

planter il a changé de site comme décrit juste avant et la boum l'ecran

est devenu tout blanc avec des très de toutes les couleurs

Merci de vos réponse

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Sham_Rock   18-06-2008 à 20:28:19
- 0 +

bonsoir

probablement une infection wareout

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
p0oks   18-06-2008 à 21:54:08
- 0 +

Voila le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:08, on 18/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\Paul\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 9786 bytes

Répondre à p0oks
Sham_Rock   18-06-2008 à 22:08:48
- 0 +

re
pas très causant tout ça...

  • Télécharge SystemScan de la team SuspectFile
  • double-clique dessus (Ignore les alertes de ton antivirus s'il y en a.)
  • Clique sur Unselect all
  • Coche uniquement cette case

-Recent Files, days old 60 days
et
-hidden objects

  • Puis clique sur scan now, soit patient.
  • Une fois qu'il aura terminé, un rapport va s'ouvrir. Poste-le en entier.

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
p0oks   18-06-2008 à 22:34:22
- 0 +

Voil
SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

Running on: Windows VISTA , Service Pack 1 (6001.6.0)
System directory: C:\Windows
SystemScan file: C:\Users\Paul\Desktop\sys76369.exe
Running in: User mode
Date: 18/06/2008
Time: 22:30:09

Output limited to:
-Recent files
-Hidden objects

===================== RECENT FILES =====================

Showing files newer than 60 days

----- recent files in C:\
05/06/2008 18:45:53 (DIR) 0 byte 13 days old -- AcerSW
05/06/2008 23:11:31 (DIR) 0 byte 13 days old -- Users
05/06/2008 23:12:01 (DIR) 0 byte 13 days old -- $RECYCLE.BIN
17/06/2008 12:56:04 (DIR) 0 byte 1 days old -- Program Files
17/06/2008 12:56:04 (DIR) 0 byte 1 days old -- ProgramData
18/06/2008 14:57:28 (DIR) 0 byte 0 days old -- Downloads
18/06/2008 16:03:00 (DIR) 0 byte 0 days old -- System Volume Information
18/06/2008 19:37:15 (DIR)-760926208 byte 0 days old -- pagefile.sys
18/06/2008 19:37:16 (DIR)-1074606080 byte 0 days old -- hiberfil.sys
18/06/2008 19:38:03 (DIR) 0 byte 0 days old -- Windows

----- recent files in C:\Windows\
05/06/2008 18:41:38 (DIR) 0 byte 13 days old -- rescache
05/06/2008 18:44:33 79 byte 13 days old -- MORChangeID.LOG
05/06/2008 18:44:35 25367 byte 13 days old -- Patch.log
05/06/2008 19:00:25 (DIR) 0 byte 13 days old -- Debug
05/06/2008 19:02:01 262162 byte 13 days old -- msxml4-KB936181-enu.LOG
05/06/2008 19:03:26 0 byte 13 days old -- nsreg.dat
05/06/2008 19:04:31 (DIR) 0 byte 13 days old -- AppPatch
05/06/2008 19:09:31 (DIR) 0 byte 13 days old -- SoftwareDistribution
05/06/2008 19:14:28 25 byte 13 days old -- CDE DX7400DEFGIPS.ini
05/06/2008 19:14:37 (DIR) 0 byte 13 days old -- twain_32
05/06/2008 20:16:51 4400 byte 13 days old -- DPINST.LOG
05/06/2008 22:47:16 263060 byte 13 days old -- msxml4-KB941833-enu.LOG
06/06/2008 08:58:56 (DIR) 0 byte 12 days old -- Logs
08/06/2008 11:28:08 119964 byte 10 days old -- DirectX.log
08/06/2008 15:06:53 (DIR) 0 byte 10 days old -- Registration
12/06/2008 19:09:44 (DIR) 0 byte 6 days old -- Downloaded Program Files
13/06/2008 21:06:30 (DIR) 0 byte 5 days old -- Tasks
15/06/2008 08:42:04 (DIR) 0 byte 3 days old -- ehome
15/06/2008 12:44:18 (DIR) 0 byte 3 days old -- Microsoft.NET
15/06/2008 22:30:03 (DIR) 0 byte 3 days old -- winsxs
15/06/2008 22:30:21 (DIR) 0 byte 3 days old -- assembly
17/06/2008 18:54:48 (DIR) 0 byte 1 days old -- Installer
18/06/2008 01:24:57 836 byte 0 days old -- bthservsdp.dat
18/06/2008 15:04:35 104881 byte 0 days old -- setupact.log
18/06/2008 19:17:37 890288 byte 0 days old -- WindowsUpdate.log
18/06/2008 19:37:15 814354 byte 0 days old -- PFRO.log
18/06/2008 19:43:34 (DIR) 0 byte 0 days old -- inf
18/06/2008 19:43:34 (DIR) 0 byte 0 days old -- System32
18/06/2008 21:48:36 67584 byte 0 days old -- bootstat.dat
18/06/2008 22:29:54 (DIR) 0 byte 0 days old -- Temp
18/06/2008 22:30:02 (DIR) 0 byte 0 days old -- Prefetch

----- recent files in C:\Windows\Downloaded Program Files\

----- recent files in C:\Windows\system\

----- recent files in C:\Windows\system32\
23/04/2008 06:41:36 57856 byte 56 days old -- MSDvbNP.ax
23/04/2008 06:41:36 218624 byte 56 days old -- psisrndr.ax
23/04/2008 06:42:37 428544 byte 56 days old -- EncDec.dll
23/04/2008 06:42:37 293376 byte 56 days old -- psisdecd.dll
25/04/2008 04:12:21 1383424 byte 54 days old -- mshtml.tlb
25/04/2008 06:35:13 28160 byte 54 days old -- jsproxy.dll
25/04/2008 06:35:14 3578368 byte 54 days old -- mshtml.dll
25/04/2008 06:35:16 671232 byte 54 days old -- mstime.dll
25/04/2008 06:35:19 1166336 byte 54 days old -- urlmon.dll
25/04/2008 06:35:23 826880 byte 54 days old -- wininet.dll
26/04/2008 10:08:15 1314816 byte 53 days old -- quartz.dll
29/04/2008 05:54:02 181760 byte 50 days old -- fsquirt.exe
10/05/2008 00:22:34 153 byte 39 days old -- RacUREx.xml
10/05/2008 00:22:34 9127 byte 39 days old -- RacUR.xml
10/05/2008 05:35:20 885248 byte 39 days old -- RacEngn.dll
23/05/2008 00:18:54 12288 byte 26 days old -- DivXWMPExtType.dll
23/05/2008 00:19:12 161096 byte 26 days old -- DivXCodecVersionChecker.exe
23/05/2008 00:19:44 3067 byte 26 days old -- dtu_fr.qm
23/05/2008 00:19:46 196608 byte 26 days old -- dtu100.dll
23/05/2008 00:19:46 416 byte 26 days old -- dtu100.dll.manifest
23/05/2008 00:19:46 81920 byte 26 days old -- dpl100.dll
23/05/2008 00:19:46 416 byte 26 days old -- dpl100.dll.manifest
23/05/2008 00:20:42 1044480 byte 26 days old -- libdivx.dll
23/05/2008 00:20:42 200704 byte 26 days old -- ssldivx.dll
23/05/2008 00:22:18 3596288 byte 26 days old -- qt-dx331.dll
23/05/2008 00:22:22 9878 byte 26 days old -- dsm_fr.qm
23/05/2008 00:22:22 4816 byte 26 days old -- divxsm.tlb
23/05/2008 00:22:22 524288 byte 26 days old -- DivXsm.exe
27/05/2008 10:50:34 57344 byte 22 days old -- QuickTime.qts
27/05/2008 10:50:34 90112 byte 22 days old -- QuickTimeVR.qtx
30/05/2008 01:35:11 17486968 byte 19 days old -- mrt.exe
31/05/2008 01:22:40 630784 byte 18 days old -- divxdec.ax
31/05/2008 01:22:46 683520 byte 18 days old -- DivX.dll
31/05/2008 01:22:46 815104 byte 18 days old -- divx_xx0a.dll
31/05/2008 01:22:48 802816 byte 18 days old -- divx_xx11.dll
31/05/2008 01:22:48 823296 byte 18 days old -- divx_xx0c.dll
31/05/2008 01:22:48 823296 byte 18 days old -- divx_xx07.dll
31/05/2008 01:22:54 294912 byte 18 days old -- dpu10.dll
31/05/2008 01:22:54 294912 byte 18 days old -- dpu11.dll
31/05/2008 01:22:54 593920 byte 18 days old -- dpuGUI11.dll
31/05/2008 01:22:54 57344 byte 18 days old -- dpv11.dll
31/05/2008 01:22:54 344064 byte 18 days old -- dpus11.dll
31/05/2008 01:22:58 53248 byte 18 days old -- dpuGUI10.dll
31/05/2008 01:23:12 8835 byte 18 days old -- dpufr.qm
05/06/2008 18:40:24 65328 byte 13 days old -- license.rtf
05/06/2008 19:04:32 (DIR) 0 byte 13 days old -- Boot
05/06/2008 19:06:07 295976 byte 13 days old -- FNTCACHE.DAT
05/06/2008 20:26:25 98304 byte 13 days old -- CmdLineExt.dll
06/06/2008 18:31:48 6450 byte 12 days old -- jupdate-1.6.0_06-b02.log
07/06/2008 11:32:11 (DIR) 0 byte 11 days old -- NDF
08/06/2008 11:28:11 669184 byte 10 days old -- pbsvc.exe
08/06/2008 11:28:12 66872 byte 10 days old -- PnkBstrA.exe
08/06/2008 11:28:19 103736 byte 10 days old -- PnkBstrB.exe
08/06/2008 11:30:38 (DIR) 0 byte 10 days old -- URTTEMP
09/06/2008 23:46:51 (DIR) 0 byte 9 days old -- WDI
11/06/2008 14:06:53 (DIR) 0 byte 7 days old -- migration
11/06/2008 19:48:24 (DIR) 0 byte 7 days old -- LogFiles
16/06/2008 21:18:17 (DIR) 0 byte 2 days old -- Tasks
18/06/2008 12:58:13 (DIR) 0 byte 0 days old -- catroot2
18/06/2008 15:06:10 (DIR) 0 byte 0 days old -- catroot
18/06/2008 15:06:29 (DIR) 0 byte 0 days old -- drivers
18/06/2008 19:43:34 595748 byte 0 days old -- perfh009.dat
18/06/2008 19:43:34 105078 byte 0 days old -- perfc009.dat
18/06/2008 19:43:34 128212 byte 0 days old -- perfc00C.dat
18/06/2008 19:43:34 1499302 byte 0 days old -- PerfStringBackup.INI
18/06/2008 19:43:34 679192 byte 0 days old -- perfh00C.dat
18/06/2008 21:48:44 3216 byte 0 days old -- 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
18/06/2008 21:48:44 3216 byte 0 days old -- 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
18/06/2008 21:48:47 16515 byte 0 days old -- Config.MPF

----- recent files in C:\Windows\system32\drivers\
29/04/2008 03:42:21 29184 byte 50 days old -- BTHUSB.SYS
29/04/2008 03:42:23 220160 byte 50 days old -- bthport.sys
10/05/2008 03:33:10 113664 byte 39 days old -- rmcast.sys
06/06/2008 19:27:30 717296 byte 12 days old -- sptd.sys
08/06/2008 11:28:26 22328 byte 10 days old -- PnkBstrK.sys
15/06/2008 08:42:09 (DIR) 0 byte 3 days old -- UMDF
15/06/2008 08:42:17 0 byte 3 days old -- Msft_User_WpdMtpDr_01_00_00.Wdf

----- recent files in C:\Windows\temp\
05/06/2008 18:41:59 0 byte 13 days old -- sqlite_vtw9Nw7zvPTNar2
05/06/2008 18:41:59 0 byte 13 days old -- sqlite_7EMNoUHMNf6o0S7
05/06/2008 18:42:32 19922944 byte 13 days old -- WinSAT_KernelLog.etl
05/06/2008 18:42:32 33554432 byte 13 days old -- WinSAT_DX.etl
05/06/2008 18:44:22 4194304 byte 13 days old -- WinSAT_StorageAsmt.etl
05/06/2008 18:44:52 (DIR) 0 byte 13 days old -- History
05/06/2008 18:44:52 (DIR) 0 byte 13 days old -- Cookies
05/06/2008 18:44:52 (DIR) 0 byte 13 days old -- Fichiers Internet temporaires
05/06/2008 19:02:02 0 byte 13 days old -- sqlite_tmHDaYiBfHOKWXc
05/06/2008 19:06:32 (DIR) 0 byte 13 days old -- MCE00000
05/06/2008 19:07:29 1024 byte 13 days old -- sqlite_0av8TxPjRxd4uJT
05/06/2008 19:07:29 0 byte 13 days old -- sqlite_ANSiTp3b1jXwjPL
05/06/2008 19:19:15 132 byte 13 days old -- E_S8B8C.tmp
05/06/2008 19:19:18 118 byte 13 days old -- E_S976F.tmp
05/06/2008 19:29:36 (DIR) 0 byte 13 days old -- MCE00001
05/06/2008 19:30:36 0 byte 13 days old -- sqlite_jNqgBxSiwN2IM0c
05/06/2008 19:30:36 0 byte 13 days old -- sqlite_Rb92a2LKJce8daZ
05/06/2008 20:29:35 (DIR) 0 byte 13 days old -- CLDigitalHome
05/06/2008 22:14:21 (DIR) 0 byte 13 days old -- MCE00002
05/06/2008 22:15:19 0 byte 13 days old -- sqlite_r5uS4syZWI4ctrc
05/06/2008 22:15:19 0 byte 13 days old -- sqlite_x3bEfgi0QWJGx4Q
05/06/2008 23:11:32 (DIR) 0 byte 13 days old -- MCE00003
05/06/2008 23:12:32 1024 byte 13 days old -- sqlite_M0EKnegWjbcYTCY
05/06/2008 23:12:32 0 byte 13 days old -- sqlite_gZ2ery1qE3ujAMZ
06/06/2008 00:00:06 0 byte 12 days old -- sqlite_C0bRmKwtQeSf7DM
06/06/2008 08:07:03 (DIR) 0 byte 12 days old -- MCE00004
06/06/2008 08:07:07 0 byte 12 days old -- mcmsc_XlNNx9h1bVLHNSJ
06/06/2008 08:08:03 0 byte 12 days old -- sqlite_GqyToXJ8WrKRZ1D
06/06/2008 08:08:03 0 byte 12 days old -- sqlite_h1ionwc5LrPH1bJ
06/06/2008 16:47:07 (DIR) 0 byte 12 days old -- MCE00005
06/06/2008 16:47:08 0 byte 12 days old -- mcmsc_Zyyd12A3t747Svs
06/06/2008 16:48:02 0 byte 12 days old -- sqlite_p1fWf2sI8pzVazf
06/06/2008 16:48:02 0 byte 12 days old -- sqlite_MHeO0k2xTU5TUwe
06/06/2008 16:55:19 2048 byte 12 days old -- mcafee_J2nm3FgtmGwzvBb
06/06/2008 17:34:28 1024 byte 12 days old -- mcmsc_3aMMjsVfHSL50Sr
06/06/2008 18:31:49 0 byte 12 days old -- mcmsc_Ho4UmTb6WVQydyb
06/06/2008 18:31:49 0 byte 12 days old -- mcmsc_1ieuLmt0VqtkwBf
06/06/2008 18:54:09 (DIR) 0 byte 12 days old -- MCE00006
06/06/2008 18:55:08 0 byte 12 days old -- sqlite_FyKkFgsRxPVqtDe
06/06/2008 18:55:08 0 byte 12 days old -- sqlite_9fbBXEhAYhuooXA
06/06/2008 19:36:52 (DIR) 0 byte 12 days old -- MCE00007
06/06/2008 19:36:56 0 byte 12 days old -- mcmsc_VMUWAhmaUEDbPNz
06/06/2008 19:37:52 0 byte 12 days old -- sqlite_JB1t2dA9ELwf4cw
06/06/2008 19:37:52 0 byte 12 days old -- sqlite_aaSTDs7rQbxHNKg
07/06/2008 01:27:05 0 byte 11 days old -- sqlite_uoUKvmrVY3NEzNh
07/06/2008 08:42:10 (DIR) 0 byte 11 days old -- MCE00008
07/06/2008 08:42:23 0 byte 11 days old -- sqlite_Ha4wVP9QrmGmZff
07/06/2008 08:43:10 0 byte 11 days old -- sqlite_PhOhUfcQnaR1HFC
07/06/2008 08:43:10 0 byte 11 days old -- sqlite_JyH5xtdPbZN27CU
07/06/2008 16:42:57 (DIR) 0 byte 11 days old -- MCE00009
07/06/2008 16:43:56 0 byte 11 days old -- sqlite_9Acx4wibhiEtVeI
07/06/2008 16:43:56 0 byte 11 days old -- sqlite_cE3cfdyfXGQ0i9M
08/06/2008 02:00:00 0 byte 10 days old -- sqlite_DU5srHpHRJUmhZs
08/06/2008 15:06:29 6326 byte 10 days old -- ASPNETSetup.log
08/06/2008 15:07:10 6659 byte 10 days old -- netfxupdate.log
08/06/2008 18:27:35 25830 byte 10 days old -- netfxsl.log
08/06/2008 18:28:03 11458 byte 10 days old -- NetFxUpdate_v1.1.4322.log
09/06/2008 12:10:33 (DIR) 0 byte 9 days old -- MCE0000a
09/06/2008 12:11:33 0 byte 9 days old -- sqlite_LlvXBQ5Oba7QFdQ
09/06/2008 12:11:33 0 byte 9 days old -- sqlite_tBqsjYKqgGJR4lC
09/06/2008 12:12:05 0 byte 9 days old -- sqlite_Ob3cVXxTPanXkRL
10/06/2008 11:59:31 (DIR) 0 byte 8 days old -- MCE0000b
10/06/2008 11:59:43 0 byte 8 days old -- sqlite_Ip1y3DPhhwV2KvH
10/06/2008 12:00:31 0 byte 8 days old -- sqlite_D7rKv4ftqWR6JrT
10/06/2008 12:00:31 0 byte 8 days old -- sqlite_XcNFYnqMUI8ldK0
11/06/2008 14:06:31 (DIR) 0 byte 7 days old -- MCE0000c
11/06/2008 14:06:34 0 byte 7 days old -- mcmsc_31yOMXDnXp12bwm
11/06/2008 14:08:28 (DIR) 0 byte 7 days old -- MCE0000d
11/06/2008 14:08:31 0 byte 7 days old -- mcmsc_nRUZgP1mmVi3Aqz
11/06/2008 14:09:28 0 byte 7 days old -- sqlite_HIccVvj8IpKkXot
11/06/2008 14:09:28 0 byte 7 days old -- sqlite_6RDNfakzThIdHzB
11/06/2008 14:12:30 2048 byte 7 days old -- mcafee_ZX4rR2anvjJbjyS
11/06/2008 16:06:55 1024 byte 7 days old -- mcmsc_Ik414y2ydpuQ5to
11/06/2008 16:53:07 1024 byte 7 days old -- mcmsc_bdC3a5Q4ne85VTg
11/06/2008 16:53:07 1024 byte 7 days old -- mcmsc_1ta6ZhrelDiUJyA
11/06/2008 21:44:29 (DIR) 0 byte 7 days old -- MCE0000e
11/06/2008 21:44:33 0 byte 7 days old -- mcmsc_ySlwBa0CMkWObak
11/06/2008 21:44:52 2048 byte 7 days old -- mcafee_D14qWH2DBVQlcAr
11/06/2008 21:45:29 0 byte 7 days old -- sqlite_bX36hFf8dUYrfua
11/06/2008 21:45:29 0 byte 7 days old -- sqlite_1VQFGYEGbfRVcbF
11/06/2008 22:33:03 1024 byte 7 days old -- mcmsc_Q6bkV2kBfyHfQeZ
12/06/2008 00:20:51 120 byte 6 days old -- fwtsqmfile01.sqm
12/06/2008 12:11:38 (DIR) 0 byte 6 days old -- MCE0000f
12/06/2008 12:11:49 0 byte 6 days old -- sqlite_K26lzM26xvkIy9A
12/06/2008 12:12:38 0 byte 6 days old -- sqlite_mA5uj8IK08xkl2d
12/06/2008 12:12:38 0 byte 6 days old -- sqlite_hNYtOxt4x8X8T4B
12/06/2008 18:48:07 (DIR) 0 byte 6 days old -- MCE00010
12/06/2008 18:49:07 0 byte 6 days old -- sqlite_AMaAV2LCivIYQkh
12/06/2008 18:49:07 0 byte 6 days old -- sqlite_M5ajDnuP9JF7Uzd
13/06/2008 08:25:25 0 byte 5 days old -- sqlite_OIQrLIUkq6yoUj7
13/06/2008 15:40:51 (DIR) 0 byte 5 days old -- MCE00011
13/06/2008 15:41:51 0 byte 5 days old -- sqlite_PiW9XQU1jYHnVlQ
13/06/2008 15:41:51 0 byte 5 days old -- sqlite_T8zVmU4bIWy4LJ7
13/06/2008 21:03:12 (DIR) 0 byte 5 days old -- MCE00012
13/06/2008 21:03:17 0 byte 5 days old -- mcmsc_rW01ejOyrf1L6iU
13/06/2008 21:04:12 0 byte 5 days old -- sqlite_r1FD9l90RUpziP9
13/06/2008 21:04:12 0 byte 5 days old -- sqlite_CNrKmQcmaAdyP3E
13/06/2008 22:53:31 0 byte 5 days old -- sqlite_AT4fKE52fjhoD6o
14/06/2008 00:10:41 (DIR) 0 byte 4 days old -- MCE00013
14/06/2008 00:11:41 0 byte 4 days old -- sqlite_KGc1wO8KWCCHceZ
14/06/2008 00:11:41 0 byte 4 days old -- sqlite_hYLsTOTvVj6cCb8
14/06/2008 20:07:56 (DIR) 0 byte 4 days old -- MCE00014
14/06/2008 20:08:08 0 byte 4 days old -- sqlite_vgV5jzUfk79fM7S
14/06/2008 20:08:56 0 byte 4 days old -- sqlite_fEvidgZpxV46i8i
14/06/2008 20:08:56 0 byte 4 days old -- sqlite_HICmUw4fkVBzhEB
15/06/2008 08:38:09 (DIR) 0 byte 3 days old -- MCE00015
15/06/2008 08:38:50 0 byte 3 days old -- sqlite_KmxEsdlg6chLDAB
15/06/2008 08:39:09 0 byte 3 days old -- sqlite_ERQ0ajsJ7cCgGz3
15/06/2008 08:39:09 0 byte 3 days old -- sqlite_Tm0EB15faE4OoBV
15/06/2008 20:55:25 (DIR) 0 byte 3 days old -- MCE00016
15/06/2008 20:56:25 0 byte 3 days old -- sqlite_kdrtJ68yrCDoicP
15/06/2008 20:56:25 0 byte 3 days old -- sqlite_5tRHEddkWZvhmkK
15/06/2008 23:19:00 (DIR) 0 byte 3 days old -- MCE00017
15/06/2008 23:20:00 0 byte 3 days old -- sqlite_J3t0tYUJWO0P7v1
15/06/2008 23:20:00 0 byte 3 days old -- sqlite_GDlqEDuCR8ouocO
16/06/2008 12:28:51 (DIR) 0 byte 2 days old -- MCE00018
16/06/2008 12:29:02 0 byte 2 days old -- sqlite_ZMDt3psVliLE7Ni
16/06/2008 12:29:51 0 byte 2 days old -- sqlite_0QK9w9TVkEqZqan
16/06/2008 12:29:51 0 byte 2 days old -- sqlite_Ya6i52Rcscvv4xA
16/06/2008 16:43:38 (DIR) 0 byte 2 days old -- MCE00019
16/06/2008 16:44:38 0 byte 2 days old -- sqlite_MxsHMFLLdsZpeet
16/06/2008 16:44:38 0 byte 2 days old -- sqlite_98GWPNqQxsUhGe8
16/06/2008 23:56:24 (DIR) 0 byte 2 days old -- MCE0001a
16/06/2008 23:57:24 0 byte 2 days old -- sqlite_6VmkL7IMun1erNf
16/06/2008 23:57:24 0 byte 2 days old -- sqlite_zceM64dLKdZHjr4
17/06/2008 12:51:44 (DIR) 0 byte 1 days old -- MCE0001b
17/06/2008 12:51:55 0 byte 1 days old -- sqlite_jamVzdNTydQZ0Du
17/06/2008 12:52:43 0 byte 1 days old -- sqlite_9zQec6t9WRLdeoU
17/06/2008 12:52:43 0 byte 1 days old -- sqlite_WO8wXXKLbQdbj9Y
17/06/2008 13:23:24 (DIR) 0 byte 1 days old -- MCE0001c
17/06/2008 13:23:29 0 byte 1 days old -- mcmsc_afkTsv95nOBdM5B
17/06/2008 13:24:24 0 byte 1 days old -- sqlite_Qdw9LEquVUHrRuA
17/06/2008 13:24:24 0 byte 1 days old -- sqlite_wNQSKQao9AT4h1B
17/06/2008 16:12:06 (DIR) 0 byte 1 days old -- MCE0001d
17/06/2008 16:13:06 0 byte 1 days old -- sqlite_2onDfyUtUxnhedf
17/06/2008 16:13:06 0 byte 1 days old -- sqlite_8qN8HCkopRRDCAG
17/06/2008 16:44:20 (DIR) 0 byte 1 days old -- MCE0001e
17/06/2008 16:45:20 0 byte 1 days old -- sqlite_iCbaYyDamdq9cYL
17/06/2008 16:45:20 0 byte 1 days old -- sqlite_wmJNDYQVtKYtgoE
17/06/2008 20:28:31 (DIR) 0 byte 1 days old -- MCE0001f
17/06/2008 20:29:31 0 byte 1 days old -- sqlite_xCwIoOI8khD19Z4
17/06/2008 20:29:31 0 byte 1 days old -- sqlite_hxAva61NMPnvO5j
18/06/2008 00:20:36 (DIR) 0 byte 0 days old -- MCE00020
18/06/2008 00:21:36 0 byte 0 days old -- sqlite_82dFv5kBfqzHfhU
18/06/2008 00:21:36 0 byte 0 days old -- sqlite_uD6KbDQAzAJY603
18/06/2008 11:43:07 (DIR) 0 byte 0 days old -- MCE00021
18/06/2008 11:43:11 0 byte 0 days old -- mcmsc_kW2ThGaUrg5wJ6Z
18/06/2008 11:43:19 0 byte 0 days old -- sqlite_7JEMHxnHpubCq72
18/06/2008 11:44:07 0 byte 0 days old -- sqlite_8pXrCrZBRQ9V88w
18/06/2008 11:44:07 0 byte 0 days old -- sqlite_ZwARojkUMfafEsX
18/06/2008 11:51:02 2048 byte 0 days old -- mcafee_fUNAUYmKgHo8eiv
18/06/2008 12:16:11 1024 byte 0 days old -- mcmsc_TMb8C5T0b8GfmkW
18/06/2008 19:37:27 (DIR) 0 byte 0 days old -- MCE00022
18/06/2008 19:37:31 0 byte 0 days old -- mcmsc_pmG4pC2ADkInfOk
18/06/2008 19:37:37 2048 byte 0 days old -- mcafee_0s2puxzJGAD8nyn
18/06/2008 19:38:27 0 byte 0 days old -- sqlite_on16yuT1KV3uRcd
18/06/2008 19:38:27 0 byte 0 days old -- sqlite_NsmRz08EfafkaNa
18/06/2008 20:27:01 1024 byte 0 days old -- mcmsc_Kod8hFjlbjjHlod
18/06/2008 21:54:52 0 byte 0 days old -- mcafee_XZPUaNZaUI9HgJa

----- recent files in C:\Program Files\
05/06/2008 18:41:20 (DIR) 0 byte 13 days old -- Windows NT
05/06/2008 18:41:20 (DIR) 0 byte 13 days old -- Fichiers communs
05/06/2008 19:01:52 (DIR) 0 byte 13 days old -- MSXML 4.0
05/06/2008 19:03:09 (DIR) 0 byte 13 days old -- Mozilla Firefox
05/06/2008 19:21:44 (DIR) 0 byte 13 days old -- ABBYY FineReader 6.0 Sprint
05/06/2008 19:22:14 (DIR) 0 byte 13 days old -- epson
05/06/2008 19:42:56 (DIR) 0 byte 13 days old -- WinRAR
06/06/2008 08:31:58 (DIR) 0 byte 12 days old -- MSN Messenger
06/06/2008 08:31:58 (DIR) 0 byte 12 days old -- Windows Live
06/06/2008 08:31:58 (DIR) 0 byte 12 days old -- Messenger Plus! Live
06/06/2008 18:31:48 (DIR) 0 byte 12 days old -- Java
06/06/2008 18:51:26 (DIR) 0 byte 12 days old -- SystemRequirementsLab
06/06/2008 19:37:44 (DIR) 0 byte 12 days old -- DAEMON Tools Lite
07/06/2008 22:04:39 (DIR) 0 byte 11 days old -- BitComet
08/06/2008 11:28:13 (DIR) 0 byte 10 days old -- Acer GameZone
09/06/2008 12:13:47 (DIR) 0 byte 9 days old -- Adobe
11/06/2008 14:06:54 (DIR) 0 byte 7 days old -- Windows Mail
11/06/2008 15:08:29 (DIR) 0 byte 7 days old -- Common Files
11/06/2008 15:08:36 (DIR) 0 byte 7 days old -- DivX
13/06/2008 08:29:23 (DIR) 0 byte 5 days old -- SiteAdvisor
15/06/2008 22:30:00 (DIR) 0 byte 3 days old -- Paint.NET
16/06/2008 20:34:40 (DIR) 0 byte 2 days old -- Apple Software Update
16/06/2008 20:35:31 (DIR) 0 byte 2 days old -- QuickTime
16/06/2008 20:35:34 (DIR) 0 byte 2 days old -- Internet Explorer
17/06/2008 12:56:03 (DIR) 0 byte 1 days old -- InstallShield Installation Information
17/06/2008 18:54:54 (DIR) 0 byte 1 days old -- Microsoft Games
17/06/2008 20:28:30 (DIR) 0 byte 1 days old -- McAfee

----- recent files in C:\Program Files\Common Files\
05/06/2008 19:25:34 (DIR) 0 byte 13 days old -- InstallShield
05/06/2008 20:13:18 (DIR) 0 byte 13 days old -- WindowsLiveInstaller
06/06/2008 18:22:57 (DIR) 0 byte 12 days old -- Java
06/06/2008 20:28:24 (DIR) 0 byte 12 days old -- Microsoft Games
08/06/2008 11:13:33 (DIR) 0 byte 10 days old -- microsoft shared
09/06/2008 12:14:01 (DIR) 0 byte 9 days old -- Adobe
11/06/2008 15:08:29 (DIR) 0 byte 7 days old -- PX Storage Engine

----- recent files in C:\Users\Paul\AppData\Roaming\
05/06/2008 18:48:21 (DIR) 0 byte 13 days old -- Identities
05/06/2008 18:48:33 (DIR) 0 byte 13 days old -- ATI
05/06/2008 18:48:34 (DIR) 0 byte 13 days old -- Macromedia
05/06/2008 18:48:43 (DIR) 0 byte 13 days old -- SiteAdvisor
05/06/2008 19:03:13 (DIR) 0 byte 13 days old -- Mozilla
05/06/2008 19:03:51 (DIR) 0 byte 13 days old -- Talkback
05/06/2008 19:38:12 (DIR) 0 byte 13 days old -- CyberLink
05/06/2008 19:45:47 (DIR) 0 byte 13 days old -- WinRAR
05/06/2008 20:07:46 (DIR) 0 byte 13 days old -- Yahoo!
06/06/2008 18:50:55 (DIR) 0 byte 12 days old -- SystemRequirementsLab
06/06/2008 19:27:11 (DIR) 0 byte 12 days old -- DAEMON Tools
06/06/2008 22:46:27 (DIR) 0 byte 12 days old -- PeerNetworking
06/06/2008 22:46:27 27503 byte 12 days old -- UserTile.png
07/06/2008 11:09:21 (DIR) 0 byte 11 days old -- Adobe
07/06/2008 21:59:36 (DIR) 0 byte 11 days old -- eSobi
08/06/2008 11:28:26 22328 byte 10 days old -- PnkBstrK.sys
18/06/2008 19:15:58 (DIR) 0 byte 0 days old -- Microsoft

----- recent files in C:\Users\Paul\AppData\Local\Temp\
04/06/2008 19:37:00 8130528 byte 14 days old -- xpinstall.exe
06/06/2008 15:09:05 450000000 byte 12 days old -- 8kd63pb3.rar
06/06/2008 18:17:35 172948410 byte 12 days old -- 2g8ei4oj.rar
06/06/2008 18:19:20 8262 byte 12 days old -- jinstall.cfg
06/06/2008 18:20:34 1045 byte 12 days old -- java_install_sp.log
06/06/2008 18:31:29 0 byte 12 days old -- java_install.log
06/06/2008 18:31:51 (DIR) 0 byte 12 days old -- hsperfdata_Paul
06/06/2008 19:47:39 13592 byte 12 days old -- temp.ani
06/06/2008 20:11:24 77824 byte 12 days old -- 20fab.mst
06/06/2008 20:11:24 77824 byte 12 days old -- 76da88.mst
06/06/2008 20:28:38 (DIR) 0 byte 12 days old -- {0237C21E-509E-47C7-B59D-4FAF82259A42}
06/06/2008 20:28:51 72192 byte 12 days old -- ~e5.0001
06/06/2008 20:30:29 (DIR) 0 byte 12 days old -- UCDebugger
06/06/2008 22:13:36 3730 byte 12 days old -- SetupExe(20080606221336738).log
06/06/2008 22:13:42 17190 byte 12 days old -- UserInfoSetup(20080606221337738).log
07/06/2008 09:13:26 2729 byte 11 days old -- CdMkr70.ini
07/06/2008 09:13:27 1523712 byte 11 days old -- ~DF678D.tmp
07/06/2008 09:20:36 3065717 byte 11 days old -- gow_patch1_JeuxVideo.com_13496.zip
07/06/2008 11:09:09 (DIR) 0 byte 11 days old -- Adobe
07/06/2008 11:12:55 442424 byte 11 days old -- Gears_of_War_Patch_FR.rar
07/06/2008 13:26:01 (DIR) 0 byte 11 days old -- plugtmp
07/06/2008 16:43:54 31832 byte 11 days old -- Vezier.bmp
07/06/2008 16:43:54 49208 byte 11 days old -- Invité.bmp
07/06/2008 16:43:54 31832 byte 11 days old -- Clément.bmp
07/06/2008 19:02:18 1728 byte 11 days old -- help.txt
07/06/2008 19:02:18 3072 byte 11 days old -- CH.dll
07/06/2008 22:05:02 16384 byte 11 days old -- ~DF6571.tmp
08/06/2008 11:31:08 6515 byte 10 days old -- ASPNETSetup.log
08/06/2008 11:31:30 2737436 byte 10 days old -- netfx.log
08/06/2008 11:31:31 2276 byte 10 days old -- dotNetFx.log
08/06/2008 15:48:35 (DIR) 0 byte 10 days old -- bc_cache
08/06/2008 17:02:21 3734 byte 10 days old -- SetupExe(200806081702201A9C).log
08/06/2008 17:02:28 17192 byte 10 days old -- UserInfoSetup(200806081702211A9C).log
08/06/2008 17:19:08 (DIR) 0 byte 10 days old -- msohtmlclip
08/06/2008 18:35:18 3733 byte 10 days old -- SetupExe(20080608183518304).log
08/06/2008 18:35:24 17191 byte 10 days old -- UserInfoSetup(20080608183519304).log
08/06/2008 22:35:07 3737 byte 10 days old -- SetupExe(200806082235071DF0).log
08/06/2008 22:35:18 17193 byte 10 days old -- UserInfoSetup(200806082235081DF0).log
09/06/2008 12:13:24 16384 byte 9 days old -- ~DF8303.tmp
09/06/2008 12:13:27 642 byte 9 days old -- {AC76BA86-7AD7-1036-7B44-A81000000003}.ini
09/06/2008 12:13:41 531 byte 9 days old -- {AC76BA86-7AD7-1036-7B44-A81200000003}.ini
09/06/2008 12:16:46 3728 byte 9 days old -- SetupExe(2008060912164412A4).log
09/06/2008 12:16:53 17190 byte 9 days old -- UserInfoSetup(2008060912164712A4).log
09/06/2008 18:57:42 3733 byte 9 days old -- SetupExe(200806091857426DC).log
09/06/2008 18:57:48 17191 byte 9 days old -- UserInfoSetup(200806091857436DC).log
09/06/2008 20:12:38 3733 byte 9 days old -- SetupExe(20080609201238FF0).log
09/06/2008 20:13:45 17191 byte 9 days old -- UserInfoSetup(20080609201239FF0).log
09/06/2008 20:18:40 3733 byte 9 days old -- SetupExe(20080609201840480).log
09/06/2008 20:18:47 17191 byte 9 days old -- UserInfoSetup(20080609201840480).log
09/06/2008 21:49:02 3733 byte 9 days old -- SetupExe(20080609214902AC0).log
09/06/2008 21:49:07 17191 byte 9 days old -- UserInfoSetup(20080609214902AC0).log
09/06/2008 21:55:08 (DIR) 0 byte 9 days old -- msohtmlclip1
09/06/2008 21:58:16 3733 byte 9 days old -- SetupExe(20080609215816578).log
09/06/2008 21:58:21 17191 byte 9 days old -- UserInfoSetup(20080609215817578).log
09/06/2008 22:14:11 3734 byte 9 days old -- SetupExe(2008060922141010BC).log
09/06/2008 22:16:18 17192 byte 9 days old -- UserInfoSetup(2008060922141110BC).log
10/06/2008 13:20:13 3731 byte 8 days old -- SetupExe(2008061013201216C8).log
10/06/2008 13:20:19 17191 byte 8 days old -- UserInfoSetup(2008061013201316C8).log
10/06/2008 13:21:39 3731 byte 8 days old -- SetupExe(2008061013213916F4).log
10/06/2008 13:21:47 17365 byte 8 days old -- UserInfoSetup(2008061013213916F4).log
10/06/2008 19:25:45 3733 byte 8 days old -- SetupExe(20080610192545BF8).log
10/06/2008 19:25:57 17602 byte 8 days old -- UserInfoSetup(20080610192545BF8).log
11/06/2008 21:22:10 512 byte 7 days old -- ~DFF56E.tmp
11/06/2008 21:22:14 512 byte 7 days old -- ~DF386.tmp
11/06/2008 21:22:15 294912 byte 7 days old -- ~DFF552.tmp
11/06/2008 21:22:15 294912 byte 7 days old -- ~DF380.tmp
11/06/2008 21:33:59 4081834 byte 7 days old -- fla95AD.tmp
12/06/2008 18:55:40 3727 byte 6 days old -- SetupExe(20080612185539C34).log
12/06/2008 18:56:05 17189 byte 6 days old -- UserInfoSetup(20080612185540C34).log
13/06/2008 12:53:16 3733 byte 5 days old -- SetupExe(200806131253166C8).log
13/06/2008 12:53:22 17191 byte 5 days old -- UserInfoSetup(200806131253166C8).log
13/06/2008 17:37:41 (DIR) 0 byte 5 days old -- eDatasecurity
15/06/2008 16:09:23 491 byte 3 days old -- wmsetup.log
15/06/2008 22:29:24 (DIR) 0 byte 3 days old -- Rar$EX00.931
15/06/2008 22:29:56 123 byte 3 days old -- CFG3DBC.tmp
15/06/2008 22:30:05 190 byte 3 days old -- PdnMsiInstall.log
15/06/2008 22:30:05 6053 byte 3 days old -- PdnSetupNgenInstall.log
15/06/2008 22:30:24 (DIR) 0 byte 3 days old -- PdnSetup2
15/06/2008 22:49:50 (DIR) 0 byte 3 days old -- Rar$DR14.980
16/06/2008 20:35:34 4013 byte 2 days old -- qtplugin.log
16/06/2008 20:35:36 1316 byte 2 days old -- QTInstallCode.log
16/06/2008 21:18:49 (DIR) 0 byte 2 days old -- {c27573d3-3d04-4a48-9873-26b332d53e6f}
16/06/2008 21:35:16 (DIR) 0 byte 2 days old -- ConnectionManager_Pro_Corpo_FRA
16/06/2008 21:35:22 (DIR) 0 byte 2 days old -- ispA838.tmp
16/06/2008 21:36:00 107512 byte 2 days old -- Set5282.tmp
17/06/2008 12:56:01 87 byte 1 days old -- setup.log
17/06/2008 18:35:34 (DIR) 0 byte 1 days old -- plugtmp-1
18/06/2008 14:57:35 (DIR) 0 byte 0 days old -- bc_tmp
18/06/2008 15:06:14 (DIR) 0 byte 0 days old -- CDM
18/06/2008 15:53:57 1544 byte 0 days old -- java_install_reg.log
18/06/2008 19:16:18 512 byte 0 days old -- ~DF6F3B.tmp
18/06/2008 19:16:18 327680 byte 0 days old -- ~DF6F28.tmp
18/06/2008 19:16:21 327680 byte 0 days old -- ~DF9314.tmp
18/06/2008 19:16:21 512 byte 0 days old -- ~DF931A.tmp
18/06/2008 19:32:50 (DIR) 0 byte 0 days old -- plugtmp-2
18/06/2008 19:33:41 2814308 byte 0 days old -- fla73BC.tmp
18/06/2008 19:37:39 (DIR) 0 byte 0 days old -- WPDNSE
18/06/2008 19:42:35 4268 byte 0 days old -- jusched.log
18/06/2008 19:58:30 31832 byte 0 days old -- Paul.bmp
18/06/2008 20:33:58 (DIR) 0 byte 0 days old -- Low
18/06/2008 22:16:54 16384 byte 0 days old -- ~DF8D37.tmp
18/06/2008 22:16:55 16384 byte 0 days old -- ~DF85BD.tmp
18/06/2008 22:16:57 327680 byte 0 days old -- ~DF858B.tmp
18/06/2008 22:16:57 327680 byte 0 days old -- ~DF8D2C.tmp
18/06/2008 22:17:30 16384 byte 0 days old -- ~DF9073.tmp
18/06/2008 22:22:44 (DIR) 0 byte 0 days old -- nsuF2BB.tmp
18/06/2008 22:29:50 34 byte 0 days old -- systemscan.ini
18/06/2008 22:29:52 (DIR) 0 byte 0 days old -- MessengerCache
18/06/2008 22:29:52 (DIR) 0 byte 0 days old -- nst4434.tmp
18/06/2008 22:29:52 16384 byte 0 days old -- ~DFBFB3.tmp

===================== HIDDEN OBJECTS =====================

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583f14174]
"001e7dc907a3"=hex:e1,ac,39,29,e1,81,59,b6,63,f1,99,00,c7,95,e9,c7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:e8,72,49,e1,f2,36,65,a4,61,4d,33,0b,07,01,01,f4,39,4d,0c,8d,cc,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b7,c8,51,c8,ad,6f,ee,2c,43,ea,ac,d7,29,51,e1,c8,a9,..
"khjeh"=hex:05,9d,d0,87,54,3f,7c,9b,43,f3,0e,ea,60,df,0e,8d,e7,ca,d1,8b,1a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5c,12,1c,9b,6c,df,47,d9,73,0a,ce,49,ed,76,f9,2e,02,ea,88,58,c1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001583f14174]
"001e7dc907a3"=hex:e1,ac,39,29,e1,81,59,b6,63,f1,99,00,c7,95,e9,c7
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:e8,72,49,e1,f2,36,65,a4,61,4d,33,0b,07,01,01,f4,39,4d,0c,8d,cc,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b7,c8,51,c8,ad,6f,ee,2c,43,ea,ac,d7,29,51,e1,c8,a9,..
"khjeh"=hex:05,9d,d0,87,54,3f,7c,9b,43,f3,0e,ea,60,df,0e,8d,e7,ca,d1,8b,1a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5c,12,1c,9b,6c,df,47,d9,73,0a,ce,49,ed,76,f9,2e,02,ea,88,58,c1,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 19


===================== RUSTOCK ROOTKIT DETECTION =====================


#### NOTHING FOUND ####

==========================================
Scan completed in 3,9 minutes
End of report


~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
SystemScan uses some freeware tools that remain property of their authors:

* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
* dumphive (Markus Stephany)--> "Registry scan"
* Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
* Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log

Thanks to all of them for their hard work

Répondre à p0oks
p0oks   18-06-2008 à 22:35:10
- 0 +

voila de la lecture ^^

Répondre à p0oks
Sham_Rock   18-06-2008 à 22:42:53
- 0 +

re

Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

ajoute un nouveau rapport Hijackthis.

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
p0oks   19-06-2008 à 12:47:17
- 0 +

Voila mais par contre est ce normale que je n'ai pas pu me connecter pendant 10 minutes ?Après l utilisation du programme .
ComboFix 08-06-16.5 - Paul 2008-06-19 12:20:52.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1984 [GMT 2:00]
Endroit: C:\Users\Paul\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-19 to 2008-06-19 ))))))))))))))))))))))))))))))))))))
.

2008-06-19 12:19 . 2008-06-19 12:20 <REP> d-------- C:\327882R2FWJFW
2008-06-17 13:23 . 2008-06-17 13:23 <REP> d-------- C:\Users\Vezier\AppData\Roaming\DAEMON Tools
2008-06-17 00:04 . 2008-06-17 00:04 <REP> d-------- C:\Users\Clément\AppData\Roaming\DAEMON Tools
2008-06-16 21:35 . 1998-06-17 18:07 57,344 --------- C:\Windows\System32\Mfc42loc.dll
2008-06-16 20:35 . 2008-06-16 20:35 <REP> d-------- C:\Users\All Users\Apple Computer
2008-06-16 20:35 . 2008-06-16 20:35 <REP> d-------- C:\ProgramData\Apple Computer
2008-06-16 20:35 . 2008-06-16 20:35 <REP> d-------- C:\Program Files\QuickTime
2008-06-16 20:34 . 2008-06-16 20:34 <REP> d-------- C:\Users\All Users\Apple
2008-06-16 20:34 . 2008-06-16 20:34 <REP> d-------- C:\ProgramData\Apple
2008-06-16 20:34 . 2008-06-16 20:34 <REP> d-------- C:\Program Files\Apple Software Update
2008-06-15 22:29 . 2008-06-15 22:30 <REP> d-------- C:\Program Files\Paint.NET
2008-06-15 08:42 . 2008-06-15 08:42 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-14 20:32 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 20:32 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 20:32 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 20:32 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-12 12:15 . 2008-05-10 05:35 885,248 --a------ C:\Windows\System32\RacEngn.dll
2008-06-12 12:15 . 2008-05-10 00:22 9,127 --a------ C:\Windows\System32\RacUR.xml
2008-06-12 12:15 . 2008-05-10 00:22 153 --a------ C:\Windows\System32\RacUREx.xml
2008-06-11 15:08 . 2008-06-11 15:08 <REP> d-------- C:\Program Files\DivX
2008-06-11 15:08 . 2008-06-11 15:08 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-09 12:13 . 2008-06-09 12:14 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-06-08 15:36 . 2008-06-19 02:36 836 --a------ C:\Windows\bthservsdp.dat
2008-06-08 11:30 . 2008-06-08 11:30 <REP> d-------- C:\Windows\System32\URTTEMP
2008-06-08 11:28 . 2008-06-10 14:02 <REP> d-a------ C:\Users\All Users\TEMP
2008-06-08 11:28 . 2008-06-10 14:02 <REP> d-a------ C:\ProgramData\TEMP
2008-06-08 11:28 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
2008-06-08 11:28 . 2007-05-16 16:45 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll
2008-06-08 11:28 . 2008-06-08 11:28 669,184 --a------ C:\Windows\System32\pbsvc.exe
2008-06-08 11:28 . 2007-05-16 16:45 443,752 --a------ C:\Windows\System32\d3dx10_34.dll
2008-06-08 11:28 . 2008-06-08 11:28 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2008-06-08 11:28 . 2008-06-08 11:28 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-06-08 11:28 . 2008-06-08 11:28 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-06-08 11:28 . 2008-06-08 11:28 22,328 --a------ C:\Users\Paul\AppData\Roaming\PnkBstrK.sys
2008-06-08 11:27 . 2008-06-08 11:27 <REP> d-------- C:\Users\All Users\Media Center Programs
2008-06-08 11:27 . 2008-06-08 11:27 <REP> d-------- C:\ProgramData\Media Center Programs
2008-06-07 22:42 . 2008-06-07 22:42 <REP> d-------- C:\Users\Public\Crysis_for_wawamania
2008-06-07 22:05 . 2008-06-18 14:57 <REP> d-------- C:\Downloads
2008-06-07 22:04 . 2008-06-07 22:04 <REP> d-------- C:\Program Files\BitComet
2008-06-07 21:59 . 2008-06-07 21:59 <REP> d-------- C:\Users\Paul\AppData\Roaming\eSobi
2008-06-07 21:00 . 2008-06-07 21:00 <REP> d-------- C:\Users\Clément\AppData\Roaming\Talkback
2008-06-07 21:00 . 2008-06-07 21:00 <REP> d-------- C:\Users\Clément\AppData\Roaming\Mozilla
2008-06-06 22:46 . 2008-06-06 22:46 <REP> d-------- C:\Users\Paul\AppData\Roaming\PeerNetworking
2008-06-06 20:28 . 2008-06-06 20:28 <REP> d-------- C:\Program Files\Common Files\Microsoft Games
2008-06-06 20:28 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-06-06 20:28 . 2007-03-12 16:42 3,495,784 --a------ C:\Windows\System32\d3dx9_33.dll
2008-06-06 20:28 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2008-06-06 20:28 . 2007-03-12 16:42 1,123,696 --a------ C:\Windows\System32\D3DCompiler_33.dll
2008-06-06 20:28 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2008-06-06 20:28 . 2007-03-15 16:57 443,752 --a------ C:\Windows\System32\d3dx10_33.dll
2008-06-06 20:28 . 2006-09-28 16:05 237,848 --a------ C:\Windows\System32\xactengine2_4.dll
2008-06-06 20:28 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2008-06-06 20:28 . 2006-09-28 16:03 15,128 --a------ C:\Windows\System32\x3daudio1_1.dll
2008-06-06 19:37 . 2008-06-06 19:37 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-06 19:27 . 2008-06-06 19:27 <REP> d-------- C:\Users\Paul\AppData\Roaming\DAEMON Tools
2008-06-06 19:27 . 2008-06-06 19:27 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-06-06 18:50 . 2008-06-06 18:50 <REP> d-------- C:\Users\Paul\AppData\Roaming\SystemRequirementsLab
2008-06-06 18:50 . 2008-06-06 18:51 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-06-06 18:31 . 2008-06-06 18:31 <REP> d-------- C:\Program Files\Java
2008-06-06 18:22 . 2008-06-06 18:22 <REP> d-------- C:\Program Files\Common Files\Java
2008-06-06 13:55 . 2008-06-06 13:55 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-06-06 13:55 . 2008-06-06 13:55 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-06-06 08:31 . 2008-06-06 08:31 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-06-05 23:21 . 2008-06-05 23:21 <REP> d-------- C:\Users\Clément\AppData\Roaming\Yahoo!
2008-06-05 23:17 . 2008-06-05 23:17 <REP> d-------- C:\Users\Clément\AppData\Roaming\Adobe
2008-06-05 23:12 . 2008-06-05 23:12 <REP> d-------- C:\Users\Clément\AppData\Roaming\SiteAdvisor
2008-06-05 23:12 . 2008-06-05 23:12 <REP> d-------- C:\Users\Clément\AppData\Roaming\Macromedia
2008-06-05 23:12 . 2008-06-05 23:12 <REP> d-------- C:\Users\Clément\AppData\Roaming\ATI
2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Videos
2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Videos
2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Searches
2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Searches
2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Saved Games
2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Saved Games
2008-06-05 23:11 . 2008-06-19 01:41 <REP> dr------- C:\Users\Clément\Pictures
2008-06-05 23:11 . 2008-06-19 01:41 <REP> dr------- C:\Users\Clément\Pictures
2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Music
2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Music
2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Links
2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Links
2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Favorites
2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Favorites
2008-06-05 23:11 . 2008-06-06 14:17 <REP> dr------- C:\Users\Clément\Downloads
2008-06-05 23:11 . 2008-06-06 14:17 <REP> dr------- C:\Users\Clément\Downloads
2008-06-05 23:11 . 2008-06-14 00:37 <REP> dr------- C:\Users\Clément\Documents
2008-06-05 23:11 . 2008-06-14 00:37 <REP> dr------- C:\Users\Clément\Documents
2008-06-05 23:11 . 2008-06-10 13:32 <REP> dr------- C:\Users\Clément\Desktop
2008-06-05 23:11 . 2008-06-10 13:32 <REP> dr------- C:\Users\Clément\Desktop
2008-06-05 23:11 . 2008-06-06 00:20 <REP> dr------- C:\Users\Clément\Contacts
2008-06-05 23:11 . 2008-06-06 00:20 <REP> dr------- C:\Users\Clément\Contacts
2008-06-05 23:11 . 2008-06-13 17:03 <REP> d---s---- C:\Users\Clément\AppData\Roaming\Microsoft
2008-06-05 23:11 . 2006-11-02 14:37 <REP> d-------- C:\Users\Clément\AppData\Roaming\Media Center Programs
2008-06-05 23:11 . 2008-06-05 23:11 <REP> d-------- C:\Users\Clément\AppData\Roaming\Identities
2008-06-05 23:11 . 2008-03-21 13:35 <REP> d-------- C:\Users\Clément\AppData\Roaming\Acer GameZone Console
2008-06-05 23:11 . 2008-06-05 23:11 <REP> d--h----- C:\Users\Clément\AppData
2008-06-05 23:11 . 2008-06-05 23:11 <REP> d--h----- C:\Users\Clément\AppData
2008-06-05 23:11 . 2008-06-05 23:11 <REP> d-------- C:\Users\Clément
2008-06-05 23:11 . 2008-06-19 12:20 1,572,864 --ahs---- C:\Users\Clément\NTUSER.DAT
2008-06-05 23:11 . 2008-06-19 12:20 1,572,864 --ahs---- C:\Users\Clément\NTUSER.DAT
2008-06-05 20:26 . 2008-06-05 20:26 98,304 --a------ C:\Windows\System32\CmdLineExt.dll
2008-06-05 20:16 . 2008-06-06 08:31 <REP> d-------- C:\Program Files\MSN Messenger
2008-06-05 20:09 . 2008-06-05 20:09 <REP> d-------- C:\Users\All Users\WLInstaller
2008-06-05 20:09 . 2008-06-05 20:09 <REP> d-------- C:\ProgramData\WLInstaller
2008-06-05 20:09 . 2008-06-06 08:31 <REP> d-------- C:\Program Files\Windows Live
2008-06-05 20:09 . 2008-06-05 20:13 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-05 20:07 . 2008-06-05 20:07 <REP> d-------- C:\Users\Paul\AppData\Roaming\Yahoo!
2008-06-05 19:38 . 2008-06-05 19:38 <REP> d-------- C:\Users\Paul\AppData\Roaming\CyberLink
2008-06-05 19:31 . 2008-06-05 19:31 <REP> d-------- C:\Users\Vezier\AppData\Roaming\Talkback
2008-06-05 19:27 . 2008-06-05 19:27 <REP> d-------- C:\Users\Vezier\AppData\Roaming\Yahoo!
2008-06-05 19:27 . 2008-06-05 19:27 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-06-05 19:27 . 2008-06-05 19:27 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-06-05 19:23 . 2008-06-05 19:23 <REP> d-------- C:\Users\All Users\UDL
2008-06-05 19:23 . 2008-06-05 19:23 <REP> d-------- C:\ProgramData\UDL
2008-06-05 19:21 . 2008-06-05 19:21 <REP> d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-06-05 19:20 . 2008-06-05 19:20 <REP> d-------- C:\Users\Vezier\AppData\Roaming\InstallShield
2008-06-05 19:19 . 2008-06-05 19:19 <REP> d-------- C:\Users\All Users\EPSON
2008-06-05 19:19 . 2008-06-05 19:19 <REP> d-------- C:\ProgramData\EPSON
2008-06-05 19:15 . 2006-12-08 04:04 76,800 --a------ C:\Windows\System32\E_FLBCDE.DLL
2008-06-05 19:15 . 2006-04-19 04:00 62,976 --a------ C:\Windows\System32\E_FD4BCDE.DLL
2008-06-05 19:15 . 2004-09-10 22:12 49,152 --a------ C:\Windows\System32\E_DCINST.DLL
2008-06-05 19:14 . 2008-06-05 19:22 <REP> d-------- C:\Program Files\epson
2008-06-05 19:14 . 2007-03-27 00:00 67,072 --a------ C:\Windows\System32\escwiad.dll
2008-06-05 19:14 . 2008-06-05 19:14 25 --a------ C:\Windows\CDE DX7400DEFGIPS.ini
2008-06-05 19:03 . 2008-06-05 19:03 <REP> d-------- C:\Users\Paul\AppData\Roaming\Talkback
2008-06-05 19:03 . 2008-06-05 19:03 0 --a------ C:\Windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 10:20 1,572,864 --sha-w C:\Users\Clément\NTUSER.DAT
2008-06-19 10:20 1,572,864 --sha-w C:\Users\Clément\NTUSER.DAT
2008-06-17 18:28 --------- d-----w C:\Program Files\McAfee
2008-06-17 16:54 --------- d-----w C:\Program Files\Microsoft Games
2008-06-17 10:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-16 22:04 --------- d-----w C:\Users\Clément\AppData\Roaming\DAEMON Tools
2008-06-13 15:03 --------- d-s---w C:\Users\Clément\AppData\Roaming\Microsoft
2008-06-13 06:29 --------- d-----w C:\Program Files\SiteAdvisor
2008-06-11 12:06 --------- d-----w C:\Program Files\Windows Mail
2008-06-08 09:28 --------- d-----w C:\Program Files\Acer GameZone
2008-06-07 19:00 --------- d-----w C:\Users\Clément\AppData\Roaming\Talkback
2008-06-07 19:00 --------- d-----w C:\Users\Clément\AppData\Roaming\Mozilla
2008-06-05 21:21 --------- d-----w C:\Users\Clément\AppData\Roaming\Yahoo!
2008-06-05 21:17 --------- d-----w C:\Users\Clément\AppData\Roaming\Adobe
2008-06-05 21:12 --------- d-----w C:\Users\Clément\AppData\Roaming\SiteAdvisor
2008-06-05 21:12 --------- d-----w C:\Users\Clément\AppData\Roaming\Macromedia
2008-06-05 21:12 --------- d-----w C:\Users\Clément\AppData\Roaming\ATI
2008-06-05 21:11 --------- d-----w C:\Users\Clément\AppData\Roaming\Identities
2008-06-05 20:48 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-05 17:38 --------- d-----w C:\ProgramData\CyberLink
2008-06-05 17:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-05 16:41 --------- d-sh--w C:\ProgramData\Modèles
2008-06-05 16:41 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-06-05 16:41 --------- d-sh--w C:\ProgramData\Favoris
2008-06-05 16:41 --------- d-sh--w C:\ProgramData\Bureau
2008-06-05 16:41 --------- d-sh--w C:\Program Files\Fichiers communs
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-03-21 11:11 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-03-21 11:10 315,392 ----a-w C:\Windows\HideWin.exe
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@={30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 00:38 121392 --a------ C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:23 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 04:25 125952]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 04:25 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-21 17:51 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-21 17:50 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-21 17:51 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 20:53 4702208 C:\Windows\RtHDVCpl.exe]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2008-01-09 19:43 326176]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 00:38 526896]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 19:49 204908]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 23:57 36640]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Apanel"="C:\ACERSW\config\NewSetApanel.cmd" [ ]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"eRecoveryService"="" []
"NVRaidService"="C:\Windows\system32\nvraidservice.exe" [2007-12-07 15:28 196128]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2008-03-21 13:29:37 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERDV~2\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9A0FC0E6-C41A-491D-85B2-7B42B0C4D7B6}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9272E7EA-E5B0-4E65-AA03-61B849992A79}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0590D135-20CF-4616-83A2-B4D64D7A7ADC}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{40F60C6C-DD8E-40B8-AB34-5061C567E010}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{EC714915-D3A6-43D3-B785-23155F4ED9A6}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{8FB6D042-3CF4-407D-A2E9-A1CE05C41456}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{542BA28B-703D-48DB-B83F-94E757E578BF}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{B34DAF09-668F-41FD-94EB-A7A892360F5C}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{A924C65E-76C0-4E34-9E09-9FC3F7E6691A}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{F051E17E-51EF-4830-B367-F6DA497077E5}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{F158742F-48F9-4833-8369-7CBA8CC22457}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{57072285-1559-4EA8-9BA9-D616D959450E}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{6E5562B8-B56E-4742-8541-548696BB0A45}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{FD3CA371-04D4-4029-8518-3BD5B5D7BBEE}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{1C85F336-B1AB-4934-8629-3A836D9CE2FC}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"TCP Query User{5D6262F9-41C4-4970-93B3-0612CFB0911B}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{29B973CB-F5BC-4D3D-9039-ED0FC0FE3800}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{1BC8695C-5701-4C7C-AEB3-C49F2DE7AC75}"= UDP:D:\Crysis\Bin32\Crysis.exe:Crysis_32
"{65C1E535-7867-4D4F-9AD3-AD9A88703BCD}"= TCP:D:\Crysis\Bin32\Crysis.exe:Crysis_32
"{8790B0FE-0651-42A5-84CB-909C4119ABB1}"= UDP:D:\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{063970DF-BBA0-48A9-8612-013FCFE73777}"= TCP:D:\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{BC18B21D-94B7-42E9-AE81-085E8891DC8C}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{5374CE1D-4F89-4544-84F0-144F7DE4182B}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4AF8B6F7-526C-48FA-A97B-41D118EE83C2}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{84622E13-BF83-440F-B5C6-775969A9EAC9}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

R0 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-12-08 07:28]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2008-01-25 19:49]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-20 18:52]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2007-07-16 11:38]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1616ecea-33ef-11dd-bff7-001d92aeda96}]
\shell\AutoRun\command - K:\AutoRunCD.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-21 11:54:46 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-21 11:54:46 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-06-18 16:52:06 C:\Windows\Tasks\User_Feed_Synchronization-{25E56C18-230A-4633-9BDC-81EE16BD7306}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 12:22:29
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


C:\Windows\TEMP\fwtsqmfile00.sqm 120 bytes
C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\parent.lock 0 bytes
C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\sessionstore.js 1932 bytes

Scan terminé avec succès
Les fichiers cachés: 3

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
Temps d'accomplissement: 2008-06-19 12:23:11
ComboFix-quarantined-files.txt 2008-06-19 10:23:08

Pre-Run: 91,526,713,344 octets libres
Post-Run: 92,259,008,512 octets libres

293 --- E O F --- 2008-06-18 13:48:19

Répondre à p0oks
p0oks   19-06-2008 à 12:47:55
- 0 +

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:45, on 19/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Paul\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 9287 bytes

Répondre à p0oks
Sham_Rock   19-06-2008 à 21:36:52
- 0 +

bonsoir
explique exactement ton souci, avec un exemple, car rien d'infectieux dans tout ça.

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
p0oks   20-06-2008 à 08:08:57
- 0 +

Dés que le problème remparé je t envoi le lien de la fenêtre qui s ouvre pour te montré mon problème :)

Répondre à p0oks
p0oks   20-06-2008 à 08:12:18
- 0 +

Voila en un essaye j'ai eu le probleme Alors :
j'ai etait sur google j'ai tape tortue
j'ai cliqué sur le 1er lien : " http://www.tortue.com/ "
mais le probleme c'est que ce n'est pas ce lien qui s'est ouvert mais celui si : "http://www.live-player.com/fp/001/?&nums=FDp0VifAAA-FDfqVTlAAA&grpid=588&tag_id=450"

Répondre à p0oks
Sham_Rock   20-06-2008 à 17:17:30
- 0 +

re

effectivement...pub pour un site basé en russie... wareout probablement.

1

Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.


2

~Télécharge SmitfraudFix

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

~Dezippe la totalité de l'archive SmitfraudFix.zip
Recherche:
~Double clique sur SmitfraudFix.cmd
~Sélectionne 1 et presse Entrée dans le menu pour créer un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque système C:\rapport.txt
~Poste ce rapport.
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


Message édité par Sham_Rock le 20-06-2008 à 18:06:12
------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
p0oks   20-06-2008 à 20:55:13
- 0 +

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-06-20 20:54:09
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

INT 0x51 ? 85C07BF8
INT 0x82 ? 85C06BF8
INT 0x83 ? 8707ABF8
INT 0x92 ? 85C07BF8
INT 0x93 ? 8707ABF8

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8EC799BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8EC79958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8EC7996C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8EC799FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8EC79A3F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8EC79930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8EC79944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8EC799D2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8EC79A67]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8EC79A53]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8EC799AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8EC79996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8EC79A2B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8EC79A12]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8EC799E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8EC79982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwYieldExecution 81E3119C 5 Bytes JMP 8EC799EC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? System32\Drivers\spac.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload 8DE3646F 5 Bytes JMP 8707A1D8
.text a5trpixr.SYS 8E590000 22 Bytes [ 26, A2, 1C, 82, 10, A1, 1C, ... ]
.text a5trpixr.SYS 8E590017 105 Bytes [ 00, 32, F7, D9, 82, 3D, F5, ... ]
.text a5trpixr.SYS 8E590081 53 Bytes [ C8, E5, 81, 58, D9, EB, 81, ... ]
.text a5trpixr.SYS 8E5900B7 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text a5trpixr.SYS 8E5900CE 80 Bytes [ 00, 00, 26, 00, 00, 00, E0, ... ]
.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\Windows\system32\svchost.exe[628] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 0008008C
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 0008007B
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 000800A7
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 00080F1A
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 00080056
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00080FB9
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 00080039
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00080F8D
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00080F61
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 00080F7C
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 00080FA8
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 00080F50
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 00080EF5
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 00080FDE
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 00080FEF
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 00080014
.text C:\Windows\system32\svchost.exe[628] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 00080F2B
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 00090FA8
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 00090FC3
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 00090000
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 0009004A
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 00090F8D
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 00090FE5
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 00090011
.text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 00090FD4
.text C:\Windows\system32\svchost.exe[628] WS2_32.dll!socket 775E36D1 5 Bytes JMP 000A000A
.text C:\Windows\system32\services.exe[660] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 00990F41
.text C:\Windows\system32\services.exe[660] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 00990087
.text C:\Windows\system32\services.exe[660] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 009900C4
.text C:\Windows\system32\services.exe[660] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 009900B3
.text C:\Windows\system32\services.exe[660] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 0099005B
.text C:\Windows\system32\services.exe[660] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00990FB9
.text C:\Windows\system32\services.exe[660] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 0099004A
.text C:\Windows\system32\services.exe[660] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00990025
.text C:\Windows\system32\services.exe[660] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00990076
.text C:\Windows\system32\services.exe[660] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 00990F8D
.text C:\Windows\system32\services.exe[660] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 00990FA8
.text C:\Windows\system32\services.exe[660] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 00990F66
.text C:\Windows\system32\services.exe[660] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 00990F1C
.text C:\Windows\system32\services.exe[660] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 0099000A
.text C:\Windows\system32\services.exe[660] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 00990FEF
.text C:\Windows\system32\services.exe[660] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 00990FD4
.text C:\Windows\system32\services.exe[660] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 009900A2
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 009F0F83
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 009F0F9E
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 009F0025
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 009F0040
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 009F000A
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 009F0FD4
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 009F0FB9
.text C:\Windows\system32\services.exe[660] WS2_32.dll!socket 775E36D1 5 Bytes JMP 00A0000A
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 002400B3
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 00240F77
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 002400CE
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 00240F37
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 00240FB4
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00240036
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 0024008E
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00240062
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00240F99
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 0024007D
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 00240051
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreatePipe 76750284 1 Byte [ E9 ]
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreatePipe + 2 76750286 3 Bytes [ 0C, AF, 89 ]
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 00240F26
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 0024000A
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 00240FEF
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 0024001B
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 00240F52
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 00250051
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 00250FAF
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 00250000
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 00250036
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 00250062
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 00250FE5
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 00250011
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 00250FCA
.text C:\Windows\system32\lsass.exe[672] WS2_32.dll!socket 775E36D1 5 Bytes JMP 00270000
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 001F008A
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 001F0F44
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 001F009B
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 001F0F0E
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 001F0040
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 001F0FD4
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 001F0F72
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 001F0F9E
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 001F0F55
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 001F0F83
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 001F0FB9
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 001F0065
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 001F0EE9
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 001F0FE5
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 001F000A
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 001F0025
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 001F0F1F
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 0075007D
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 00750058
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 0075000A
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 00750FD1
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 00750FB6
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 0075002C
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 0075001B
.text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 00750047
.text C:\Windows\system32\svchost.exe[836] WS2_32.dll!socket 775E36D1 5 Bytes JMP 00760FEF
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 006B0F69
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 006B0F84
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 006B0F4E
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 006B00E5
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 006B0080
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 006B0FD4
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 006B006F
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 006B004A
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 006B0F95
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 006B0FB2
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 006B0FC3
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 006B00AF
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 006B010A
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 006B000A
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 006B0FEF
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 006B0025
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 006B00CA
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 00750033
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 00750FA5
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 00750FE5
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 00750022
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 0075004E
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 00750000
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 00750FCA
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 00750011
.text C:\Windows\system32\svchost.exe[896] WS2_32.dll!socket 775E36D1 5 Bytes JMP 00760000
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 008A0F54
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 008A0F6F
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 008A00DA
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 008A00C9
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 008A0FA5
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 008A003D
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 008A0089
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 008A0FCA
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 008A009A
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 008A006C
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 008A0FDB
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 008A0F80
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 008A0F1E
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 008A001B
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 008A000A
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 008A002C
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 008A0F43
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 008C006C
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 008C0FCA
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 008C000A
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 008C0047
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 008C0087
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 008C002C
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 008C001B
.text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 008C0FE5
.text C:\Windows\System32\svchost.exe[1048] WS2_32.dll!socket 775E36D1 5 Bytes JMP 00E70FEF
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 00DF0095
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 00DF0084
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 00DF00CB
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 00DF00BA
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 00DF0F7E
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00DF0036
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 00DF0062
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00DF0FC0
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00DF0F63
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 00DF0FA5
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 00DF0047
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 00DF0073
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 00DF00DC
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 00DF001B
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 00DF000A
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 00DF0FE5
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 00DF0F34
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 0161006C
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 01610FCA
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 01610FEF
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 01610051
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 0161007D
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 0161001B
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 01610000
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 0161002C
.text C:\Windows\System32\svchost.exe[1072] WS2_32.dll!socket 775E36D1 5 Bytes JMP 01620000
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 00DE0F66
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 00DE00AC
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 00DE00D8
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 00DE00C7
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 00DE0076
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00DE0FB9
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 00DE0065
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00DE0FA8
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00DE0091
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 00DE004A
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 00DE0025
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 00DE0F81
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 00DE00F3
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 00DE000A
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 00DE0FEF
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 00DE0FCA
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 00DE0F4B
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 00DF0036
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 00DF0014
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 00DF0FE5
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 00DF0025
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 00DF0047
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 00DF0FC3
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 00DF0FD4
.text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 00DF0FA8
.text C:\Windows\system32\svchost.exe[1084] WS2_32.dll!socket 775E36D1 5 Bytes JMP 01090FEF
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 00320F52
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 00320F63
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 003200BD
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 00320F1C
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 00320F8F
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00320036
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 00320FAC
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00320058
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00320084
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 00320069
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 00320047
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 00320F74
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 00320F01
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 00320011
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 00320000
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 00320FE5
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 00320F41
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 00F20047
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 00F20025
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 00F20FEF
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 00F20036
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 00F2006C
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 00F20014
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 00F20FD4
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 00F20FC3
.text C:\Windows\system32\svchost.exe[1256] WS2_32.dll!socket 775E36D1 5 Bytes JMP 01600FEF
.text C:\Windows\system32\svchost.exe[1256] WinInet.dll!InternetOpenA 76A203DD 5 Bytes JMP 00FE0000
.text C:\Windows\system32\svchost.exe[1256] WinInet.dll!InternetOpenUrlA 76A220A3 5 Bytes JMP 00FE0FCA
.text C:\Windows\system32\svchost.exe[1256] WinInet.dll!InternetOpenW 76A22A58 5 Bytes JMP 00FE0FE5
.text C:\Windows\system32\svchost.exe[1256] WinInet.dll!InternetOpenUrlW 76A6AF69 5 Bytes JMP 00FE001B
.text C:\Windows\system32\svchost.exe[1384] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 00950F55
.text C:\Windows\system32\svchost.exe[1384] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 009500A5
.text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 00950F44
.text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 009500DB
.text C:\Windows\system32\svchost.exe[1384] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 0095006F
.text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00950FD4
.text C:\Windows\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 00950F8B
.text C:\Windows\system32\svchost.exe[1384] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00950FB2
.text C:\Windows\system32\svchost.exe[1384] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00950F7A
.text C:\Windows\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 0095004A
.text C:\Windows\system32\svchost.exe[1384] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 00950FC3
.text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 00950094
.text C:\Windows\system32\svchost.exe[1384] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 009500F6
.text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 00950FEF
.text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 0095000A
.text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 0095001B
.text C:\Windows\system32\svchost.exe[1384] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 009500B6
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 00A20F8D
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 00A20FA8
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 00A20FE5
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 00A2002F
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 00A20F7C
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 00A20014
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 00A20FD4
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 00A20FC3
.text C:\Windows\system32\svchost.exe[1384] WS2_32.dll!socket 775E36D1 5 Bytes JMP 00A30FEF
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 00A30074
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 00A30F2E
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 00A300B1
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 00A30096
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 00A30F75
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00A30FCD
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 00A30F86
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00A30FB2
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00A30F5A
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 00A30F97
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 00A30039
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 00A30F3F
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 00A30EFF
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 00A3000A
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 00A30FEF
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 00A30FDE
.text C:\Windows\system32\svchost.exe[1672] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 00A30085
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 00E10047
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 00E10FB9
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 00E10000
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 00E10036
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 00E10F8A
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 00E10FD4
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 00E10FE5
.text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 00E10025
.text C:\Windows\system32\svchost.exe[1672] WS2_32.dll!socket 775E36D1 5 Bytes JMP 00E20FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2104] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2104] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 00660089
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 00660F43
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 006600D0
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 006600BF
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 00660F94
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00660FD1
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 00660062
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00660FC0
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00660F79
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 00660FA5
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 00660047
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 00660F54
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 006600E1
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 00660011
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 00660000
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 00660022
.text C:\Windows\system32\svchost.exe[2380] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 006600A4
.text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 006C0076
.text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 006C004A
.text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 006C0000
.text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 006C005B
.text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 006C0FB9
.text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 006C0FDE
.text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 006C0FEF
.text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 006C0039
.text C:\Windows\system32\svchost.exe[2380] WS2_32.dll!socket 775E36D1 5 Bytes JMP 006D0FEF
.text C:\Windows\system32\svchost.exe[2516] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 003100A7
.text C:\Windows\system32\svchost.exe[2516] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 00310096
.text C:\Windows\system32\svchost.exe[2516] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 003100D6
.text C:\Windows\system32\svchost.exe[2516] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 00310F35
.text C:\Windows\system32\svchost.exe[2516] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 00310F7C
.text C:\Windows\system32\svchost.exe[2516] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00310FC3
.text C:\Windows\system32\svchost.exe[2516] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 00310056
.text C:\Windows\system32\svchost.exe[2516] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00310F97
.text C:\Windows\system32\svchost.exe[2516] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00310071
.text C:\Windows\system32\svchost.exe[2516] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 0

Répondre à p0oks
p0oks   20-06-2008 à 21:00:54
- 0 +

je n arrive pas a faire le 2 ème programme il n'y a aucun rapport dans le C:/ :(
Et j'ai pourtant desactiver mon antivirus

Répondre à p0oks
Sham_Rock   20-06-2008 à 21:21:28
- 0 +

re

essaye comme ça:
clic-droit sur SmitfraudFix.cmd et choisir "Exécuter en tant qu'administrateur" puis lance l'option 1 et poste le rapport.
si il n'apparait pas il est ici:C:\rapport.txt

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
p0oks   20-06-2008 à 22:47:21
- 0 +

Voila chef
SmitFraudFix v2.328

Scan done at 22:46:28,29, 20/06/2008
Run from C:\Users\Paul\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Users\Paul\Desktop\SmitfraudFix\Policies.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\DllHost.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Paul


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Paul\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Paul\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3463CBB6-6110-4A29-84FF-C94B47675F65}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3463CBB6-6110-4A29-84FF-C94B47675F65}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3463CBB6-6110-4A29-84FF-C94B47675F65}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Répondre à p0oks
Sham_Rock   20-06-2008 à 23:50:31
- 0 +

re


Rends toi sur ce lien : Virus Total

  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :


C:\Windows\system32\Drivers\spac.sys

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé" ), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image : http://perso.orange.fr/-Gof/screen/txtvt.jpg
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.

Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.


Tu fais la même chose avec:
a5trpixr.SYS
probablement dans:
C:\Windows\system32\Drivers\
mais s'il n'y est pas, fais une recherche (démarrer, rechercher un fichier...)

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
p0oks   21-06-2008 à 09:04:08
- 0 +

Je ne trouve aucun des deux malgrès mes longue recherche :(

Répondre à p0oks
Sham_Rock   21-06-2008 à 21:51:00
- 0 +

bonsoir

je sèche. :/
Un autre helper (eric71) a lu tes logs, et il ne voit rien non plus.

ces pubs, tu les as quand tu fais d'autres recherches?



------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
p0oks   22-06-2008 à 00:02:44
- 0 +

Oui je les ai pour plein d'autres recherches . :(

Répondre à p0oks
Sham_Rock   22-06-2008 à 08:23:36
- 0 +

re

Tu as les symptômes d'une infection wareout...sans aucun signe dans tes logs. :/

On va déjà voir si on a quelque chose avec un scan en ligne...

~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://webscanner.kaspersky.fr/kavwebscan.html


~ Clique sur Online Scanner.
~Accepte l'installation du contrôle ActiveX en cliquant sur le bouton Install.

~Sélectionne le poste de travail comme analyse.

~Enregistre le rapport en cliquant sur le bouton "Enregistrer rapport sous". Nomme-le, tu feras un copier/coller dans ta prochaine réponse.

Tuto du scan en ligne


edit, un helper souhaiterait connaître la marque de ton routeur ainsi que son modèle.
Vu que tu es chez free, possible que ça soit une freebox, mais on veut vérifier.

(^^ Malekal)


Message édité par Sham_Rock le 22-06-2008 à 22:37:59
------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
p0oks   23-06-2008 à 18:44:42
- 0 +

Désoler il mes impossible d utiliser cette antivirus car sinon je doit suprime l'otre et après je ne pourrais plus le reinsstaler car il a été fourni dans l'ordinateur a l'achat :s

Répondre à p0oks
p0oks   23-06-2008 à 18:45:34
- 0 +

Par contre si je supprime mas session et j'en recrée une et ce que jaurais encore le problème

Répondre à p0oks
Sham_Rock   24-06-2008 à 00:20:07
- 0 +

bonsoir

tu n'as pas répondu à ma question.

ne désinstalle pas ton antivirus, ce que je te propose est un scan en ligne. pas un remplacement d'antivirus. :)
fais le stp

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
p0oks   24-06-2008 à 19:30:46
- 0 +

Oui j'ai bien essaye masi il me demande de supprimé mon antivirus :/ pour continuer l'installaton

Répondre à p0oks
p0oks   24-06-2008 à 22:29:55
- 0 +

Oui c'est une freebox enfaite je v ressayer de faire le scan :)

Répondre à p0oks
Sham_Rock   24-06-2008 à 23:06:44
- 0 +

re

il faut vérifier quelque chose...

Désactive l'UAC-User Account Control -contrôle des comptes utilisateurs (surtout, bien penser à le réactiver après la désinfection).

  • Démarrer > Panneau de Configuration
  • Double clique sur l'icône Comptes d'utilisateurs
  • Clique ensuite sur Désactiver et valide.


  • Télécharge maintenant Navilog1 depuis-ce lien :


http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

  • Clique-droit sur le lien ci-dessus et choisis Enregistrer la cible (du lien) sous... et range le sur ton Bureau.
  • Clique-droit sur navilog1.exe et choisis "Exécuter en tant que... Administrateur" pour l'installer.
  • Attends la fin de l'installation.


======================================

Option #1 :

Assure-toi que l'UAC-User Account Control -contrôle des comptes utilisateurs est bien désactivé.

Clique-droit sur le raccourci Navilog1 sur le Bureau et choisis "Exécuter en tant que... Administrateur".

  • Sur le menu principal, choisis 1.
  • Suis les instructions et patiente.
  • Patiente jusqu'au message *** Analyse terminée le ….*** (il se peut que ça prenne un certain temps).
  • Appuie sur une touche ainsi que demandé.
  • Un document du Bloc-notes est créé : fixnavi.txt.
  • Copie/colle le contenu de ce compte-rendu dans ta prochaine réponse.
  • Referme le Bloc-notes.

Le rapport fixnavi.txt est également sauvegardé dans %systemdrive%. (en général C:\)

======================================


Message édité par Sham_Rock le 24-06-2008 à 23:49:35
------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
p0oks   25-06-2008 à 16:45:45
- 0 +

Search Navipromo version 3.5.9 commencé le 25/06/2008 à 16:39:19,71

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Paul"

Mise à jour le 24.06.2008 à 18h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6001
Internet Explorer : 7.0.6001.18000
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\CLMENT~1\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\Vezier\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\Paul\AppData\Local\virtualstore\Program Files" ***


*** Recherche dossiers dans "C:\Users\CLMENT~1\AppData\Local\virtualstore\Program Files" ***


*** Recherche dossiers dans "C:\Users\Vezier\AppData\Local\virtualstore\Program Files" ***


*** Recherche dossiers dans "C:\Users\Paul\AppData\Roaming" ***


*** Recherche dossiers dans "C:\Users\CLMENT~1\appdata\roaming" ***


*** Recherche dossiers dans "C:\Users\Vezier\appdata\roaming" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\Paul\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\Paul\AppData\Local" *

* Recherche dans "C:\Users\CLMENT~1\AppData\Local" *

* Recherche dans "C:\Users\Vezier\AppData\Local" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\Windows\system32" :


* Dans "C:\Users\Paul\AppData\Local\Microsoft" :


* Dans "C:\Users\Paul\AppData\Local" :


* Dans "C:\Users\CLMENT~1\AppData\Local" :


* Dans "C:\Users\Vezier\AppData\Local" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 25/06/2008 à 16:44:51,32 ***

Répondre à p0oks
Sham_Rock   25-06-2008 à 23:18:10
- 0 +

bonsoir

incroyable :/

on cherche encore...

1

- Fais un nano/total scan avec panda en désactivant ton antivirus pendant le scan!
- Enregistre-toi sur le site en créant un compte à partir du bouton Register Free à droite.
- Après avoir indiqué une adresse mail valide et un mot de passe.. tu vas recevoir un mail.. clic sur le lien pour activer ton compte
- Retourne sur le site et identifie toi dans la partie droite en indiquant ton adresse mail et ton mot de passe
- Coche au milieu l'option Full Scan puis clic sur le bouton Scan now
- Le site va te demander d'accepter l'installation du contrôle Activex.. accepte en cliquant sur le bouton Oui.
- Le programme va télécharger les mises à jour puis le scan va se faire.. Il peut durer une heure.
- Une fois le scan terminé.. clic en bas de la page de rapport sur le bouton Desinfect
- Ensuite dans la partie haute, clic sur le petit bouton Save.. Cela va te permettre d'enregistrer un rapport sur ton bureau.
- Ouvre ce rapport et Copie/colle le rapport panda ici

AIDE : Si tu es perdu, tu peux suivre cette aide pour les scans en ligne)

2

reposte un log hijackthis


Message édité par Sham_Rock le 25-06-2008 à 23:35:02
------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
p0oks   26-06-2008 à 11:59:24
- 0 +

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-26 12:02:53
PROTECTIONS: 3
MALWARE: 33
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.3007.0 No No
McAfee Internet Security Suite 2007 8.1 No Yes
McAfee VirusScan Plus 12.1 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Microsoft\Windows\Cookies\vezier@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Microsoft\Windows\Cookies\Low\vezier@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@atdmt[2].txt
00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Users\Paul\Desktop\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Navilog1\Process.exe
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@tradedoubler[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.247realmedia.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@mediaplex[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@xiti[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[fe.lea.lycos.fr/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@apmebf[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@bs.serving-sys[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Microsoft\Windows\Cookies\vezier@weborama[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@weborama[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@weborama[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@weborama[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.adtech.de/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[fl01.ct2.comclick.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.overture.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.zedo.com/]
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.metriweb.be/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@bluestreak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.bluestreak.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.adrevolver.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.adultfriendfinder.com/]
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@adviva[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@smartadserver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@smartadserver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@smartadserver[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@smartadserver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.smartadserver.com/]
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.enhance.com/]
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.enhance.com/]
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes Yes C:\Users\Paul\Desktop\SmitfraudFix\Reboot.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes Yes C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes Yes C:\Program Files\Navilog1\reboot.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location 6�U p��
3
;===================================================================================================================================================================================
No C:\USERS\PAUL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IR5YIK5M.DEFAULT\EXTENSIONS\FIREBIT@FIREBIT\COMPONENTS\FIREBIT.DLL
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 6�U p��
3
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Répondre à p0oks
p0oks   26-06-2008 à 12:01:55
- 0 +

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:56, on 26/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Paul\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9738 bytes

Répondre à p0oks
Sham_Rock   26-06-2008 à 21:38:09
- 0 +

bonsoir

toujours rien...

la pub que tu as c'est toujours Live-Player?
as-tu installé ce programme?

des helpers on testé le lien que tu m'avais donné, et il génère une infection connue (navipromo) qui crée des rootkits sur le pc infecté.
Là, pas de rootkit, ni de trace de Live-Player dans tes programmes...
Franchement, c'est à n'y rien comprendre :/


on vide quand même les temp:

Télécharge -AtfCleaner
http://www.atribune.org/public-beta/ATF-Cleaner.exe

Double-cliquer sur ATF-Cleaner.exe afin de lancer le programme.
- Si vous utilisez IE
Sous l'onglet Main, choisir : Select All
Cliquer sur le bouton Empty Selected
- Si vous utilisez le navigateur Firefox :
Cliquer Firefox au haut et choisir : Select All
Cliquer le bouton Empty Selected
Note : Si vous voulez conserver les mots de passe sauvegardés, cliquer "No" à l'invite.
- Si vous utilisez le navigateur Opera :
Cliquer Opera au haut et choisir : Select All
Cliquer le bouton Empty Selected
Note : Si vous voulez conserver les mots de passe sauvegardés, cliquer "No" à l'invite.
Cliquer Exit, du menu principal, afin de fermer le programme


Message édité par Sham_Rock le 26-06-2008 à 22:21:53
------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
p0oks   27-06-2008 à 12:59:55
- 0 +

Non ce n'est pas toujours ça il y a aussi http:*****************
quand je clique sur ca www.tortue.com et encore d autre site ..... et non je n'ai rien telecherge .


Message édité par Sham_Rock le 27-06-2008 à 18:40:02
Répondre à p0oks
p0oks   27-06-2008 à 13:02:02
- 0 +

voila c'est fait .

Répondre à p0oks
Sham_Rock   27-06-2008 à 18:37:08
- 0 +

bonsoir

change le mot de passe de ta freebox
puis vérifie tes DNS, tu dois avoir:
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252


Message édité par Sham_Rock le 27-06-2008 à 23:39:45
------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
p0oks   28-06-2008 à 12:19:28
- 0 +

Comment j peu connaitre mes DNS ? merci

Répondre à p0oks
Sham_Rock   28-06-2008 à 13:30:50
- 0 +

bonjour

regarde cette page:
http://www.dslvalley.com/dossiers/ [...] ration.php


à partir de :4.3 Changer ses paramètres réseaux (ethernet uniquement)

tu dois avoir ces valeurs
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

sur cet exemple:
http://www.dslvalley.com/dossiers/freebox/reseau-ip.gif
c'est dans le bas de l'image, DNS préféré, DNS auxiliaire


------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
p0oks   30-06-2008 à 09:23:08
- 0 +

je suis dsl mais j'arrive pas a trouver car je suis sur vista :sweat:

Répondre à p0oks
Sham_Rock   30-06-2008 à 21:19:02
- 0 +

bonsoir
vive V†sta :/

tu dois avoir une documentation papier de ta freebox ou un cd avec les explications...

sinon, crée un sujet ici:
Section Internet & Réseaux
titre du topic: vérifier les DNS de ma Freebox sous Vista

tiens moi au courant

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
p0oks   30-06-2008 à 21:38:40
- 0 +

Dacord je te dit ca ;)

Répondre à p0oks
Sham_Rock   30-06-2008 à 21:51:35
- 0 +

re

j'ai posté ton cas sur un forum privé car c'est très particulier...

merci à tous les copains helpers qui me donnent un coup de main ^^

voilà ce que tu vas faire:

1

Citation :

Il faudrait jeter un coup d'oeil au log "Acer eNet Management".
Quand ce log est actif, il prend le pas sur tous les réglages de configuration de la connexion.
Si c'est lui qui à été détourné, ce n'est pas étonnant que rien n'apparaisse dans les rapports.

Quand on est dans l'interface de ce log, il faut cliquer sur le bouton "Edition" pour accéder aux paramètres du profil, puis aller sur les onglets TCP/IP WLAN ou TCP/IP LAN suivant la connexion utilisée.



Poste moi ce log

2
On va vérifier le fichier Hosts:
Télécharge Lop S&D.exe sur ton bureau

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )


( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
p0oks   02-07-2008 à 17:23:35
- 0 +

Je n'ai plus de Problème depuis quelque jour j'ai réinstaller firefox et tous roule veu tu vraiment que je te post le log ? en tous cas merci beaucoup pour votre aide vous êtes tous super .

Répondre à p0oks
Sham_Rock   02-07-2008 à 21:17:56
- 0 +

bonsoir

Tu n'as plus de problèmes depuis que tu as changé le mot de passe de ta freebox?
Sinon, qu'as tu fait en particulier?
J'ai besoin de ces infos car ça pourra resservir ;)


Message édité par Sham_Rock le 02-07-2008 à 21:18:33
------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
p0oks   03-07-2008 à 08:23:47
- 0 +

Ba j'ai réinstaller la nouvelle version de firefox et changé de MDP et ca marche niquel ;)

Répondre à p0oks
Sham_Rock   03-07-2008 à 18:51:25
- 0 +

Bonjour
tu peux essayer avec IE?
histoire d'être sûr. ;)


Message édité par Sham_Rock le 03-07-2008 à 18:51:43
------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
p0oks   04-07-2008 à 17:49:43
- 0 +

Je n'ai aucun problème ;)

Répondre à p0oks
Sham_Rock   04-07-2008 à 21:51:24
- 0 +

bonsoir
parfait

Supprime tous les programmes installés pour la désinfection.


Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.

http://www.malekal.com/fichiers/projetantimalwares/reagir_miniban.gif

Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
Page Précédente
1 2
Page Suivante
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > Probleme page internet
Aller à :

Il y a 2118 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,976 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens