FireFox devenu fou

[JeeeF]

Bonjour à tous,

 

En temps normal j'arrive à me débarrasser de mes petites bêbettes tout seul mais la ... je sèche

 

Symptome : FireFox s'ouvre régulièrement (toutes les 5min environ) et m'ouvre en format réduit toute sorte de publicités ...

 

Je protège ma bécane avec Kério FireWall et AVG Free Edition (j'ai remplacé ce dernier par Antivir avant de passer ici)

Et j'ai AroVax Antispywar et SpyBot

 

J'ai suivis la démarche demandé et voila les différents rapports :

 

Antivir en mode sans échec :

 

AntiVir PersonalEdition Classic

Report file date: jeudi 24 août 2006 08:29

 

Scanning for 485933 virus strains and unwanted programs.

 

Licensed to: AntiVir PersonalEdition Classic

Serial number: 0000149996-WURGE-0001

Platform: Windows XP

Windows version: (Service Pack 1) [5.1.2600]

Username: Jean-François

Computer name: JF

 

Version informations:

AVSCAN.EXE : 7.0.0.42 557096 24/08/2006 06:10:29

AVSCAN.DLL : 7.0.0.42 53288 24/08/2006 06:10:29

LUKE.DLL : 7.0.0.42 118824 24/08/2006 06:10:30

LUKERES.DLL : 7.0.0.42 25640 24/08/2006 06:10:30

ANTIVIR0.VDF : 6.35.0.1 7371264 24/08/2006 06:10:29

ANTIVIR1.VDF : 6.35.1.122 1270784 24/08/2006 06:10:29

ANTIVIR2.VDF : 6.35.1.123 2048 24/08/2006 06:10:29

ANTIVIR3.VDF : 6.35.1.134 32256 24/08/2006 06:10:29

AVEWIN32.DLL : 7.1.1.2 1782272 24/08/2006 06:10:29

AVPREF.DLL : 7.0.0.1 49192 24/08/2006 06:10:29

AVREP.DLL : 6.35.1.124 774184 24/08/2006 06:10:29

AVRPBASE.DLL : 7.0.0.0 2162728 24/08/2006 06:10:29

AVPACK32.DLL : 7.1.0.1 335912 24/08/2006 06:10:29

AVREG.DLL : 6.31.0.90 27688 24/08/2006 06:10:29

NETNT.DLL : 6.32.0.0 6696 24/08/2006 06:10:30

NETNW.DLL : 6.32.0.0 9768 24/08/2006 06:10:30

RCIMAGE.DLL : 7.0.0.71 1642536 24/08/2006 06:10:31

RCTEXT.DLL : 7.0.0.75 77864 24/08/2006 06:10:31

 

Configuration settings for the scan:

Jobname: '%s'.................: Local Drives

Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp

Boot sectors..................: C,D,E,F,G,H

Scan memory...................: 1

Process scan..................: 1

Scan all files................: 1

Scan archives.................: 1

Recursion depth...............: 20

Smart extensions..............: 1

Macro heuristic...............: 1

File heuristic................: -1

Primary action................: 1

Secondary action..............: 0

 

Start of the scan: jeudi 24 août 2006 08:29

 

 

The scan over running processes will be started

14 Processes was scanned

 

Start scanning boot sectors:

 

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'E:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( 24 files ).

 

 

Starting the file scan:

 

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\NTUSER.DAT

[WARNING] The file could not be opened!

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\ntuser.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-1644491937-776561741-682003330-1003\Dc191.exe

[DETECTION] Contains signature of the dropper DR/LowZones.GA.2

[iNFO] The file was deleted!

C:\WINDOWS\system32\gpp2l37o1.dll

[WARNING] The file could not be opened!

C:\WINDOWS\system32\n2r2lc9o1f.dll

[WARNING] The file could not be opened!

C:\WINDOWS\system32\rBsapi32.dll

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\default

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\default.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\dtscsi.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\sptd2445.sys

[WARNING] The file could not be opened!

The path F:\ could not be found!

Le périphérique n'est pas prêt.

 

The path G:\ could not be found!

Le périphérique n'est pas prêt.

 

 

 

End of the scan: jeudi 24 août 2006 09:24

Used time: 55:47 min

 

The scan has been done completely.

 

8214 Scanning directories

205980 Files were scanned

1 viruses and/or unwanted programs was found

1 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

1524 Archives were scanned

21 Warnings

3 Notes

 

 

HiJackThis :

 

Logfile of HijackThis v1.99.1

Scan saved at 10:06:00, on 24/08/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\Logiciels\Arovax AntiSpyware\arovaxantispyware.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

D:\Logiciels\DAEMON Tools\daemon.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

D:\jeux\valve\steam\steam.exe

D:\Logiciels\SuperCopier\SuperCopier.exe

C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe

C:\Program Files\Fichiers communs\Sony Shared\GMR\GMRMan.exe

C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\LOGICI~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [Arovax AntiSpyware] D:\Logiciels\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Logiciels\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Anti-Blaxx Manager] D:\Logiciels\Anti-Blaxx 1.18\Anti-Blaxx.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DAEMON Tools] "D:\Logiciels\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "d:\jeux\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [superCopier.exe] D:\Logiciels\SuperCopier\SuperCopier.exe

O4 - HKCU\..\Run: [ssAAD.exe] D:\LOGICI~1\SONICS~1\SsAAD.exe

O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe

O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Logiciels\AcrobatReader\Reader\reader_sl.exe

O8 - Extra context menu item: Télécharger avec FlashGet - D:\Logiciels\FlashGet\jc_link.htm

O8 - Extra context menu item: Télécharger tout avec FlashGet - D:\Logiciels\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\LOGICI~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\LOGICI~1\FlashGet\flashget.exe

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\lvps0977e.dll

O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\mlc42.dll (file missing)

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Windows Services Configuration - Unknown owner - C:\WINDOWS\system32\lsvss.exe (file missing)

 

 

 

Quelques trucs ont été corrigé suite à l'utilisation des différents AntiSpyware et Antivirus mais le problême persiste

 

Cela ressemble un peu au problême du Service de messages de Windows qui faisait quelques problême mais celui si est toujours désactivé ...

 

Si quelqu'un avait donc une solution miracle pour moi

 

Merci d'avance

 

 

EDIT : Non pas de massages par Windows Mais ça peut être une idée

Modifié le 24 août 2006 par JeeeF

[Jack_Burton]

Bonjour et bienvenu sur le forum de zebulon,

 

Ton rapport montre des signes d'infection.

Nous allons procéder en plusieurs étapes pour désinfecter ton systeme.

 

1/ Dans le menu Demarrer>Executer >tape: services.msc

 

Recherche le service avec cette orthographe exacte:

Windows Services Configuration

 

Double clic dessus et clic sur [arreter] puis dans :

type de demarrage --> sélectionne désactivé.

 

2/ Désinstalle via "panneau de configuration/ajout-suppression de programmes" le(s) logiciel(s) suivant(s) si présent(s):

 

FlashGet

 

Ce logiciel intègre des spywares

 

3/ Télécharge L2mfix (de Shadowwar) de l'un de ces liens :

http://www.atribune.org/downloads/l2mfix.exe

http://www.downloads.subratam.org/l2mfix.exe

 

Sauvegarde-le sur ton Bureau et double-clique l2mfix.exe. Clique sur le bouton Install pour en extraire le contenu et suis les directives, puis ouvre le nouveau dossier "l2mfix" qui se trouve sur le Bureau. Double-clique l2mfix.bat et choisis l'option #1 pour Run Find Log en tapant 1 et ensuite Entrée. Le scan débutera sans générer d'indications, puis, après une minute ou deux, un fichier texte apparaîtra. Copie/colle le contenu de ce rapport ("report.txt") dans ta prochaine réponse.

 

IMPORTANT : NE PAS lancer l'option #2 OU autres fichiers situés dans le dossier "l2mfix" sans l'avis d'un conseiller !

 

Par contre, si une erreur s'affiche en lançant l'option #1, similaire à ceci : ''C:\windows\system32\cmd.exe

C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. Choose close to terminate the application.."...alors utilise l'option #5 ou le lien web fourni dans le dossier "l2mfix" afin de résoudre cette erreur. Ne pas lancer d'autres options avant d'avoir réglé ce pépin.

 

4/ Ferme toutes les applications en cours, car cette étape nécessite un redémarrage.

 

Du dossier l2mfix situé sur ton Bureau, double-clique l2mfix.bat et choisis l'option #2 pour Run Fix en tapant 2 et ensuite "Entrée". Les icônes du Bureau vont disparaître (tout à fait normal). L2mfix poursuivra le scan et lorsque terminé, il sera prêt à redémarrer le PC. Appuie sur n'importe quelle touche pour redémarrer. Après le redémarrage, un fichier texte devrait apparaître. Copie/colle le contenu de ce rapport dans ta prochaine réponse, et poste un nouveau rapport HijackThis! également.

 

IMPORTANT: NE PAS lancer d'autres fichiers situés dans le dossier "l2mfix" sans l'avis d'un conseiller ! Ne pas lancer cet outil en mode Sans Échec !!

**Si le fichier texte (rapport) n'apparaît pas au redémarrage, double-clique sur le fichier texte ("log.txt") situé dans le dossier "l2mfix".

Modifié le 24 août 2006 par Jack_Burton

[big tom]

windows offre des services de massage??? géniaaaaaaaaaaallll!!! moi qui avait mal au dos a force de rester devant l'écran!

sinon bon courage pour la désinfection...

[JeeeF]

Merci beaucoup de ton aide Jack !

 

Report.txt

 

L2MFIX find log 032106

These are the registry keys present

**********************************************************************************

Winlogon/notify:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

"DLLName"="Ati2evxx.dll"

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000001

"Lock"="AtiLockEvent"

"Logoff"="AtiLogoffEvent"

"Logon"="AtiLogonEvent"

"Disconnect"="AtiDisConnectEvent"

"Reconnect"="AtiReConnectEvent"

"Safe"=dword:00000000

"Shutdown"="AtiShutdownEvent"

"StartScreenSaver"="AtiStartScreenSaverEvent"

"StartShell"="AtiStartShellEvent"

"Startup"="AtiStartupEvent"

"StopScreenSaver"="AtiStopScreenSaverEvent"

"Unlock"="AtiUnLockEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Run-]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\o0ro0a93ed.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SMDEn]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\mlc42.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

**********************************************************************************

useragent:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"{3E7D2C7E-A043-2F33-D2D5-DC1D473596E7}"=""

 

**********************************************************************************

Shell Extension key:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"

"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"

"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"

"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"

"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration"

"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"

"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"

"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"

"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"

"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"

"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"

"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"

"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"

"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"

"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"

"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"

"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"

"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"

"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"

"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"

"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"

"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"

"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension de la page de propri‚t‚s de mise … jour automatique"

"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"

"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"

"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"

"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"

"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"

"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"

"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"

"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"

"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"

"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"

"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"

"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"

"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"

"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"

"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"

"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement"

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"

"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"

"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"

"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"

"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"

"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"

"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"

"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"

"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"

"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"

"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"

"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"

"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"

"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"

"{0B124F8F-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es"

"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"

"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"

"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"

"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"

"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"

"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"

"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"

"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"

"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"

"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"

"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"

"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"

"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"

"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"

"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"

"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"

"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"

"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"

"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"

"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"

"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."

"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

"{B327765E-D724-4347-8B16-78AE18552FC3}"="NeroDigitalIconHandler"

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}"="NeroDigitalPropSheetHandler"

"{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice Property Sheet Handler"

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"

"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"

"{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"

"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"

"{2E5078D9-63DA-4467-A89A-10B61F53047C}"=""

"{F7B778FB-57AF-4FBF-9F02-006146055483}"=""

"{D74A60DF-4574-4B61-8545-A7630414541E}"=""

"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v8"

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning"

"{7976D680-F361-45CD-AC09-7C374184C1B2}"=""

 

**********************************************************************************

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{2E5078D9-63DA-4467-A89A-10B61F53047C}]

@=""

"IDEx"="ADDR"

 

[HKEY_CLASSES_ROOT\CLSID\{2E5078D9-63DA-4467-A89A-10B61F53047C}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{2E5078D9-63DA-4467-A89A-10B61F53047C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{2E5078D9-63DA-4467-A89A-10B61F53047C}\InprocServer32]

@="C:\\WINDOWS\\system32\\mlc42.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{F7B778FB-57AF-4FBF-9F02-006146055483}]

@=""

"IDEx"="ADDR"

 

[HKEY_CLASSES_ROOT\CLSID\{F7B778FB-57AF-4FBF-9F02-006146055483}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{F7B778FB-57AF-4FBF-9F02-006146055483}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{F7B778FB-57AF-4FBF-9F02-006146055483}\InprocServer32]

@="C:\\WINDOWS\\system32\\mxrdim.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{D74A60DF-4574-4B61-8545-A7630414541E}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{D74A60DF-4574-4B61-8545-A7630414541E}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{D74A60DF-4574-4B61-8545-A7630414541E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{D74A60DF-4574-4B61-8545-A7630414541E}\InprocServer32]

@="C:\\WINDOWS\\system32\\cimaddin.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{7976D680-F361-45CD-AC09-7C374184C1B2}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{7976D680-F361-45CD-AC09-7C374184C1B2}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{7976D680-F361-45CD-AC09-7C374184C1B2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{7976D680-F361-45CD-AC09-7C374184C1B2}\InprocServer32]

@="C:\\WINDOWS\\system32\\divmgr.dll"

"ThreadingModel"="Apartment"

 

**********************************************************************************

Files Found are not all bad files:

 

C:\WINDOWS\SYSTEM32\

atikvmag.dll Wed 19 Jul 2006 4:27:58 A.... 204 800 200,00 K

atioglx1.dll Wed 19 Jul 2006 4:22:52 A.... 6 684 672 6,38 M

avsda.dll Fri 2 Jun 2006 11:06:50 A.... 57 384 56,04 K

cimaddin.dll Thu 24 Aug 2006 10:12:32 ..S.R 236 625 231,08 K

cmdlin~1.dll Mon 29 May 2006 20:38:08 A.... 98 304 96,00 K

divmgr.dll Thu 24 Aug 2006 8:18:26 ..S.R 234 618 229,12 K

dtd8thk.dll Wed 23 Aug 2006 20:28:24 ..S.R 234 618 229,12 K

dvlayx.dll Thu 24 Aug 2006 9:28:36 ..S.R 236 625 231,08 K

h62olg~1.dll Wed 23 Aug 2006 20:28:24 ..S.R 235 944 230,41 K

kt24l7~1.dll Wed 23 Aug 2006 19:04:42 ..S.R 235 699 230,17 K

mdls31.dll Thu 24 Aug 2006 7:21:18 ..S.R 234 618 229,12 K

mwc70.dll Wed 23 Aug 2006 21:23:58 ..S.R 234 618 229,12 K

n0r2la~1.dll Thu 24 Aug 2006 10:12:32 ..S.R 233 893 228,41 K

o0ro0a~1.dll Thu 24 Aug 2006 9:38:36 ..S.R 236 625 231,08 K

pncrt.dll Sat 24 Jun 2006 21:37:30 A.... 278 528 272,00 K

pndx5016.dll Sat 24 Jun 2006 21:37:32 A.... 6 656 6,50 K

pndx5032.dll Sat 24 Jun 2006 21:37:32 A.... 5 632 5,50 K

rbsapi32.dll Thu 24 Aug 2006 8:21:58 ..S.R 235 352 229,84 K

rmoc3260.dll Sat 24 Jun 2006 21:37:44 A.... 176 167 172,04 K

wbvemsp.dll Wed 23 Aug 2006 20:33:28 ..S.R 234 618 229,12 K

wfnscard.dll Thu 24 Aug 2006 9:39:36 ..S.R 233 637 228,16 K

 

21 items found: 21 files (13 H/S), 0 directories.

Total of file sizes: 10 569 633 bytes 10,08 M

Locate .tmp files:

 

No matches found.

**********************************************************************************

Directory Listing of system files:

Le volume dans le lecteur C s'appelle Disque local

Le num‚ro de s‚rie du volume est E80D-447E

 

R‚pertoire de C:\WINDOWS\System32

 

24/08/2006 10:12 236ÿ625 cimaddin.dll

24/08/2006 10:12 233ÿ893 n0r2la9o1d.dll

24/08/2006 09:39 233ÿ637 wfnscard.dll

24/08/2006 09:38 236ÿ625 o0ro0a93ed.dll

24/08/2006 09:28 236ÿ625 dvlayx.dll

24/08/2006 08:21 235ÿ352 rBsapi32.dll

24/08/2006 08:18 234ÿ618 divmgr.dll

24/08/2006 07:21 234ÿ618 mdls31.dll

23/08/2006 21:23 234ÿ618 mwc70.dll

23/08/2006 20:33 234ÿ618 wBvemsp.dll

23/08/2006 20:28 234ÿ618 dTd8thk.dll

23/08/2006 20:28 235ÿ944 h62olgf3162.dll

23/08/2006 19:04 235ÿ699 kt24l7fq1.dll

22/08/2006 12:28 <REP> dllcache

10/05/2006 00:52 <REP> Microsoft

13 fichier(s) 3ÿ057ÿ490 octets

2 R‚p(s) 1ÿ498ÿ247ÿ168 octets libres

 

log.txt

 

L2mfix 032106

Creating Account.

La commande s'est termin‚e correctement.

 

Adding Administrative privleges.

Checking for L2MFix account(0=no 1=yes):

1

Granting SeDebugPrivilege to L2MFIX ... successful

 

Running From:

C:\WINDOWS\system32

 

Killing Processes!

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 776 'smss.exe'

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 852 'winlogon.exe'

Killing PID 852 'winlogon.exe'

 

[.............................................] (Quelques centaines de lignes Killing PID 852 'winlogon.exe')

 

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 1696 'explorer.exe'

Killing PID 1696 'explorer.exe'

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 740 'rundll32.exe'

Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrateurs ... successful

 

Scanning First Pass. Please Wait!

 

First Pass Completed

 

Second Pass Scanning

 

Second pass Completed!

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

Deleting: C:\WINDOWS\system32\cimaddin.dll

Successfully Deleted: C:\WINDOWS\system32\cimaddin.dll

Deleting: C:\WINDOWS\system32\divmgr.dll

Successfully Deleted: C:\WINDOWS\system32\divmgr.dll

Deleting: C:\WINDOWS\system32\dTd8thk.dll

Successfully Deleted: C:\WINDOWS\system32\dTd8thk.dll

Deleting: C:\WINDOWS\system32\dvlayx.dll

Successfully Deleted: C:\WINDOWS\system32\dvlayx.dll

Deleting: C:\WINDOWS\system32\h62olgf3162.dll

Successfully Deleted: C:\WINDOWS\system32\h62olgf3162.dll

Deleting: C:\WINDOWS\system32\kt24l7fq1.dll

Successfully Deleted: C:\WINDOWS\system32\kt24l7fq1.dll

Deleting: C:\WINDOWS\system32\mdls31.dll

Successfully Deleted: C:\WINDOWS\system32\mdls31.dll

Deleting: C:\WINDOWS\system32\mwc70.dll

Successfully Deleted: C:\WINDOWS\system32\mwc70.dll

Deleting: C:\WINDOWS\system32\n0r2la9o1d.dll

Successfully Deleted: C:\WINDOWS\system32\n0r2la9o1d.dll

Deleting: C:\WINDOWS\system32\o0ro0a93ed.dll

Successfully Deleted: C:\WINDOWS\system32\o0ro0a93ed.dll

Deleting: C:\WINDOWS\system32\rBsapi32.dll

Successfully Deleted: C:\WINDOWS\system32\rBsapi32.dll

Deleting: C:\WINDOWS\system32\wBvemsp.dll

Successfully Deleted: C:\WINDOWS\system32\wBvemsp.dll

Deleting: C:\WINDOWS\system32\wfnscard.dll

Successfully Deleted: C:\WINDOWS\system32\wfnscard.dll

 

msg11?.dll

0 fichier(s) copi‚(s).

 

 

 

Restoring Windows Update Certificates.:

 

The following Is the Current Export of the Winlogon notify key:

****************************************************************************

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

"DLLName"="Ati2evxx.dll"

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000001

"Lock"="AtiLockEvent"

"Logoff"="AtiLogoffEvent"

"Logon"="AtiLogonEvent"

"Disconnect"="AtiDisConnectEvent"

"Reconnect"="AtiReConnectEvent"

"Safe"=dword:00000000

"Shutdown"="AtiShutdownEvent"

"StartScreenSaver"="AtiStartScreenSaverEvent"

"StartShell"="AtiStartShellEvent"

"Startup"="AtiStartupEvent"

"StopScreenSaver"="AtiStopScreenSaverEvent"

"Unlock"="AtiUnLockEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Run-]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\o0ro0a93ed.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SMDEn]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\mlc42.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

 

The following are the files found:

****************************************************************************

C:\WINDOWS\system32\cimaddin.dll

C:\WINDOWS\system32\divmgr.dll

C:\WINDOWS\system32\dTd8thk.dll

C:\WINDOWS\system32\dvlayx.dll

C:\WINDOWS\system32\h62olgf3162.dll

C:\WINDOWS\system32\kt24l7fq1.dll

C:\WINDOWS\system32\mdls31.dll

C:\WINDOWS\system32\mwc70.dll

C:\WINDOWS\system32\n0r2la9o1d.dll

C:\WINDOWS\system32\o0ro0a93ed.dll

C:\WINDOWS\system32\rBsapi32.dll

C:\WINDOWS\system32\wBvemsp.dll

C:\WINDOWS\system32\wfnscard.dll

 

Registry Entries that were Deleted:

Please verify that the listing looks ok.

If there was something deleted wrongly there are backups in the backreg folder.

****************************************************************************

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{2E5078D9-63DA-4467-A89A-10B61F53047C}]

@=""

"IDEx"="ADDR"

 

[HKEY_CLASSES_ROOT\CLSID\{2E5078D9-63DA-4467-A89A-10B61F53047C}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{2E5078D9-63DA-4467-A89A-10B61F53047C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{2E5078D9-63DA-4467-A89A-10B61F53047C}\InprocServer32]

@="C:\\WINDOWS\\system32\\mlc42.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{F7B778FB-57AF-4FBF-9F02-006146055483}]

@=""

"IDEx"="ADDR"

 

[HKEY_CLASSES_ROOT\CLSID\{F7B778FB-57AF-4FBF-9F02-006146055483}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{F7B778FB-57AF-4FBF-9F02-006146055483}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{F7B778FB-57AF-4FBF-9F02-006146055483}\InprocServer32]

@="C:\\WINDOWS\\system32\\mxrdim.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{D74A60DF-4574-4B61-8545-A7630414541E}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{D74A60DF-4574-4B61-8545-A7630414541E}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{D74A60DF-4574-4B61-8545-A7630414541E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{D74A60DF-4574-4B61-8545-A7630414541E}\InprocServer32]

@="C:\\WINDOWS\\system32\\cimaddin.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{7976D680-F361-45CD-AC09-7C374184C1B2}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{7976D680-F361-45CD-AC09-7C374184C1B2}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{7976D680-F361-45CD-AC09-7C374184C1B2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{7976D680-F361-45CD-AC09-7C374184C1B2}\InprocServer32]

@="C:\\WINDOWS\\system32\\divmgr.dll"

"ThreadingModel"="Apartment"

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{2E5078D9-63DA-4467-A89A-10B61F53047C}"=-

"{F7B778FB-57AF-4FBF-9F02-006146055483}"=-

"{D74A60DF-4574-4B61-8545-A7630414541E}"=-

"{7976D680-F361-45CD-AC09-7C374184C1B2}"=-

[-HKEY_CLASSES_ROOT\CLSID\{2E5078D9-63DA-4467-A89A-10B61F53047C}]

[-HKEY_CLASSES_ROOT\CLSID\{F7B778FB-57AF-4FBF-9F02-006146055483}]

[-HKEY_CLASSES_ROOT\CLSID\{D74A60DF-4574-4B61-8545-A7630414541E}]

[-HKEY_CLASSES_ROOT\CLSID\{7976D680-F361-45CD-AC09-7C374184C1B2}]

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

****************************************************************************

Desktop.ini Contents:

****************************************************************************

 

****************************************************************************

Checking for L2MFix account(0=no 1=yes):

0

Zipping up files for submission:

adding: dlls/cimaddin.dll (164 bytes security) (deflated 5%)

adding: dlls/divmgr.dll (164 bytes security) (deflated 4%)

adding: dlls/dTd8thk.dll (164 bytes security) (deflated 4%)

adding: dlls/dvlayx.dll (164 bytes security) (deflated 5%)

adding: dlls/h62olgf3162.dll (164 bytes security) (deflated 5%)

adding: dlls/kt24l7fq1.dll (164 bytes security) (deflated 5%)

adding: dlls/mdls31.dll (164 bytes security) (deflated 4%)

adding: dlls/mwc70.dll (164 bytes security) (deflated 4%)

adding: dlls/n0r2la9o1d.dll (164 bytes security) (deflated 4%)

adding: dlls/o0ro0a93ed.dll (164 bytes security) (deflated 5%)

adding: dlls/rBsapi32.dll (164 bytes security) (deflated 5%)

adding: dlls/wBvemsp.dll (164 bytes security) (deflated 4%)

adding: dlls/wfnscard.dll (164 bytes security) (deflated 4%)

adding: backregs/2E5078D9-63DA-4467-A89A-10B61F53047C.reg (212 bytes security) (deflated 69%)

adding: backregs/7976D680-F361-45CD-AC09-7C374184C1B2.reg (212 bytes security) (deflated 70%)

adding: backregs/D74A60DF-4574-4B61-8545-A7630414541E.reg (212 bytes security) (deflated 70%)

adding: backregs/F7B778FB-57AF-4FBF-9F02-006146055483.reg (212 bytes security) (deflated 69%)

adding: backregs/notibac.reg (164 bytes security) (deflated 88%)

adding: backregs/shell.reg (164 bytes security) (deflated 73%)

 

HiJackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 11:29:02, on 24/08/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\Logiciels\Arovax AntiSpyware\arovaxantispyware.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe

D:\Logiciels\Anti-Blaxx 1.18\Anti-Blaxx.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

D:\Logiciels\DAEMON Tools\daemon.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

D:\jeux\valve\steam\steam.exe

D:\Logiciels\SuperCopier\SuperCopier.exe

C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe

D:\Logiciels\AcrobatReader\Reader\reader_sl.exe

C:\Program Files\Fichiers communs\Sony Shared\GMR\GMRMan.exe

C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [Arovax AntiSpyware] D:\Logiciels\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Logiciels\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Anti-Blaxx Manager] D:\Logiciels\Anti-Blaxx 1.18\Anti-Blaxx.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DAEMON Tools] "D:\Logiciels\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "d:\jeux\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [superCopier.exe] D:\Logiciels\SuperCopier\SuperCopier.exe

O4 - HKCU\..\Run: [ssAAD.exe] D:\LOGICI~1\SONICS~1\SsAAD.exe

O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe

O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Logiciels\AcrobatReader\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: Run- - C:\WINDOWS\system32\o0ro0a93ed.dll (file missing)

O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\mlc42.dll (file missing)

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

Modifié le 24 août 2006 par JeeeF

[Jack_Burton]

Poursuivons la désinfection.

 

Imprime ces instructions ou sauvegarde les dans un fichier texte de façon à pouvoir les consulter en mode sans échec.

 

1/ *Télécharge et installe EasyCleaner de Toni Helenius: http://personal.inet.fi/business/toniarts/ecleane.htm

 

*Télécharge la version d'évaluation d'Ewido:

http://www.ewido.net/en/download/

Installe la et mets à jour.

 

Démarre Ewido avec l'icône qui se trouve sur ton Bureau.

Clique sur Update Now,

attend la fin de cette mise à jour,

puis ferme le programme.

 

2/ Redémarre en mode sans échec.

(au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuyer sur la touche [F8] ou [F5] jusqu'à l'affichage du menu des options avancées de Windows. Sélectionner "Mode sans échec" et appuyer sur [Entrée].)

 

3/ Vérifie d'avoir accès à tous les fichiers

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Activer la case : Afficher les fichiers et dossiers cachés

Désactiver la case : Masquer les extensions des fichiers dont le type est connu

Désactiver la case : Masquer les fichiers protégés du système d'exploitation

Puis Appliquer

 

4/ Relance un scan HijackThis, clique sur "Do a system scan only" et coche les lignes ci-dessous (si présentes) :

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036

 

R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Logiciels\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

 

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Logiciels\AcrobatReader\Reader\reader_sl.exe

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

 

O20 - Winlogon Notify: Run- - C:\WINDOWS\system32\o0ro0a93ed.dll (file missing)

O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\mlc42.dll (file missing)

 

Ferme toutes les fenêtres sauf HijackThis et "Fix Checked".

 

5/ Supprime le(s) fichier(s) et dossier(s) incriminé(s) [s'il(s) existe(nt) encore] par l'Explorateur Windows :

 

-C:\WINDOWS\system32\lsvss.exe

 

-C:\WINDOWS\web<--- vide ce dossier

 

6/ Execute EasyCleaner: Utilise les fonctions "Inutiles" et "Registre" seulement. Ne touche pas à la fonction "doublons".

 

7/ Relance Ewido et clique sur Scanner

Puis sur l'onglets Settings, pour How to Act sélèctionne Quarantine.

 

Reviens a l'onglet Scan cliques Complete system Scan.

Le scan démarre.

 

A la fin cliquer sur Apply all actions

Puis sur Save report et pour finir Save report as enregistrer sur le Bureau.

Redémarre en mode normal.

poste le rapport dans ta réponse de Ewido accompagné d'un nouveau rapport d'Hijackthis.

[JeeeF]

Je le fais dans les minutes qui suivent mais en tout cas les fenêtres FireFox ne s'ouvrent plus ^^

[JeeeF]

EWIDO

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 13:19:21 24/08/2006

 

+ Scan result:

 

 

 

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\backup.zip/dlls/cimaddin.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\backup.zip/dlls/dTd8thk.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\backup.zip/dlls/divmgr.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\backup.zip/dlls/dvlayx.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\backup.zip/dlls/h62olgf3162.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\backup.zip/dlls/kt24l7fq1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\backup.zip/dlls/mdls31.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\backup.zip/dlls/mwc70.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\backup.zip/dlls/n0r2la9o1d.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\backup.zip/dlls/o0ro0a93ed.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\backup.zip/dlls/rBsapi32.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\backup.zip/dlls/wBvemsp.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\backup.zip/dlls/wfnscard.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\dlls\cimaddin.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\dlls\dTd8thk.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\dlls\divmgr.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\dlls\dvlayx.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\dlls\h62olgf3162.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\dlls\kt24l7fq1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\dlls\mdls31.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\dlls\mwc70.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\dlls\n0r2la9o1d.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\dlls\o0ro0a93ed.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\dlls\rBsapi32.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\dlls\wBvemsp.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Bureau\l2mfix\dlls\wfnscard.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Program Files\Softwin\BitDefender8\Quarantine\wunrnr.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Program Files\themexp\Themexp.org File\Ezthemes_WhenUSaveNow_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).

D:\Logiciels\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined).

C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Temporary Internet Files\Content.IE5\KDQ34X67\ucmoreiex[1].exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).

C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Temporary Internet Files\Content.IE5\KDQ34X67\ucmoreiex[1].exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).

C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Temporary Internet Files\Content.IE5\KDQ34X67\ucmoreiex[1].exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).

:mozilla.55:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).

:mozilla.56:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).

:mozilla.65:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).

:mozilla.53:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).

:mozilla.874:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).

:mozilla.875:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).

:mozilla.33:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.34:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.36:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.37:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.38:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.39:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.40:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.400:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).

:mozilla.401:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).

:mozilla.425:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).

:mozilla.426:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).

:mozilla.434:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).

:mozilla.435:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).

:mozilla.551:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).

:mozilla.64:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).

:mozilla.65:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).

:mozilla.799:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).

:mozilla.800:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).

:mozilla.72:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Clubdicecasino : Cleaned with backup (quarantined).

:mozilla.73:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Clubdicecasino : Cleaned with backup (quarantined).

:mozilla.74:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Clubdicecasino : Cleaned with backup (quarantined).

:mozilla.310:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).

:mozilla.150:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).

:mozilla.224:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).

:mozilla.225:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).

:mozilla.226:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).

:mozilla.227:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).

:mozilla.228:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).

:mozilla.260:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.261:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.262:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.264:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.536:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.537:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.538:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.702:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.742:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.155:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).

:mozilla.247:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).

:mozilla.249:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).

:mozilla.764:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).

:mozilla.786:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).

:mozilla.735:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).

:mozilla.736:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).

:mozilla.737:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).

:mozilla.54:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).

:mozilla.472:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).

:mozilla.475:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).

:mozilla.102:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.103:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.104:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.105:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.106:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.108:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.109:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.450:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.451:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.452:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.453:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.455:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.456:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.457:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.458:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.459:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.461:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.462:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.97:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.145:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.146:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.147:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.148:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.251:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.252:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.253:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.254:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.255:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.100:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.101:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.102:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.103:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.104:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.105:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.106:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.107:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.108:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.109:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.110:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.111:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.112:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.113:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.114:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.115:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.66:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.67:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.68:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.69:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.70:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.71:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.72:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.73:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.74:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.75:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.76:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.77:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.78:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.79:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.80:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.81:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.82:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.83:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.84:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.85:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.86:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.87:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.88:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.89:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.90:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.91:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.92:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.93:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.94:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.95:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.96:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.97:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.98:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.99:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).

:mozilla.541:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).

:mozilla.719:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).

:mozilla.868:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).

:mozilla.869:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).

:mozilla.63:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).

:mozilla.66:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).

:mozilla.67:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).

:mozilla.206:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.207:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.212:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.213:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.214:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.215:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.216:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.217:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.218:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.219:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.876:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).

:mozilla.877:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).

:mozilla.93:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).

:mozilla.94:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).

:mozilla.818:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup (quarantined).

:mozilla.153:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).

:mozilla.154:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).

:mozilla.149:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).

:mozilla.23:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).

:mozilla.24:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).

:mozilla.250:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).

:mozilla.25:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).

C:\RECYCLER\S-1-5-21-1644491937-776561741-682003330-1003\Dc138\j-f@weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).

:mozilla.491:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).

:mozilla.378:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.379:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.40:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.41:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.42:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.43:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.44:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.45:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.46:C:\Documents and Settings\Jean-François.JF-TMKZLAS2CWZ0\Application Data\Mozilla\Firefox\Profiles\1ljvcweb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.441:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).

:mozilla.442:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).

:mozilla.443:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).

:mozilla.444:C:\Documents and Settings\J-F\Application Data\Mozilla\Firefox\Profiles\vlt2sdf5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).

 

 

::Report end

 

 

HiJackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 13:24:19, on 24/08/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

D:\Logiciels\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

D:\Logiciels\Arovax AntiSpyware\arovaxantispyware.exe

C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe

D:\Logiciels\Anti-Blaxx 1.18\Anti-Blaxx.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

D:\Logiciels\DAEMON Tools\daemon.exe

D:\Logiciels\ewido anti-spyware 4.0\ewido.exe

D:\jeux\valve\steam\steam.exe

D:\Logiciels\SuperCopier\SuperCopier.exe

C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe

C:\Program Files\Fichiers communs\Sony Shared\GMR\GMRMan.exe

C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Logiciels\Free Download Manager\iefdmcks.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [Arovax AntiSpyware] D:\Logiciels\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER

O4 - HKLM\..\Run: [Anti-Blaxx Manager] D:\Logiciels\Anti-Blaxx 1.18\Anti-Blaxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DAEMON Tools] "D:\Logiciels\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [!ewido] "D:\Logiciels\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [steam] "d:\jeux\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [superCopier.exe] D:\Logiciels\SuperCopier\SuperCopier.exe

O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Logiciels\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Logiciels\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://D:\Logiciels\Free Download Manager\dllink.htm

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Logiciels\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

 

 

Et voila

[Jack_Burton]

Re bonjour,

 

Le rapport est propre. Fixe encore une ligne :

 

1/ Relance un scan HijackThis, clique sur "Do a system scan only" et coche les lignes ci-dessous (si présentes) :

 

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

 

Ferme toutes les fenêtres sauf HijackThis et "Fix Checked".

 

2/ Vide la quarantaine de Ewido.

 

As tu encore des dysfonctionnements?

[JeeeF]

Merci de ton aide je te remercie tout marche très bien maintenant.

Modifié le 24 août 2006 par JeeeF

[Jack_Burton]

Bonjour,

 

Merci de ton aide je te remercie tout marche très bien maintenant.

C'est parfait.

 

A présent, quelques conseils de sécurité :

 

1/ Règles générales de bonnes conduites a avoir :

 

- Windows Update parfaitement à jour (catégorie critique, Services Pack et Services Release )

- pare-feu bien paramétré- antivirus bien paramétré et mis à jour régulièrement(quotidiennement s'il le faut) avec un scan complet régulier(journalier s'il le faut).

- une attitude prudente vis à vis de la navigation (pas de sites douteux:cracks, warez, sexe...) et vis à vis de la messagerie (fichiers joints aux messages doivent être scanné avant d'être ouvert)

- ne pas utiliser de logiciel de Peer to Peer (les logiciels de P2P sont sources d infections virales)

- une attitude vigilante (être l'affût des fonctionnements inhabituels de ton système)

- nettoyage hebdomadaire du système (suppression des fichiers inutiles, nettoyage de la base de registre, scandisk, defragmentation)

 

 

2/ Installation d'un firewall (parfeu) :

 

Le parfeu "offert" par Xp n'est pas efficace du tout! Il est bourré de failles et ne filtre pas les flux sortants.

 

Nous vous proposons 3 firewalls gratuits et efficaces :

-=> Kerio

-=> Zone Alarm

-=> Sygate Personal Firewall Free (en anglais)

 

vous trouverez ces 3 firewalls avec des tutos pour les configurer ici http://forum.zebulon.fr/index.php?act=ST&a...t=0#entry487252

A noter : Si vous utilisez l'antivirus Avast, ne pas installer ZoneAlarm. Ce dernier est incompatible avec certains services d'Avast.

 

 

3/ Installation d'un antivirus :

 

 

-=> Antivir ( http://www.free-av.com ) que tu peux configurer selon les indications de tesgaz ( http://speedweb1.free.fr/frames2.php?page=tuto5 )

 

-=> Avast! 4.6 téléchargeable ici. Tu trouveras un tutorial pour celui-ci sur ce lien

Un enregistrement gratuit est nécessaire pour avoir les mises a jour! Celui-ci se fait ici

 

 

4/ Logiciels anti-malwares pour scan régulier :

 

-=> Ad-aware SE

 

http://www.ordi-netfr.com/adawarese.html

http://www.lavasoft.de/support/download/#free

Son tuto

http://home.tiscali.be/schouppeguy/adawarese/adawase.htm

 

 

-=> SpyBot-Search & Destroy

 

http://spybot.safer-networking.de/fr/download/index.html

Son tuto

http://assiste.free.fr/p/frameset/07_spybo...rch_destroy.php

A noter que ce logiciel propose une option intéressante de vaccination du systeme qui bloque certaines url néfastes pour le navigateur Internet Explorer. Par ailleurs, il intègre une protection a temps réel : le TeaTimer.

 

-=> a² free (anti-trojans)

 

- Téléchargement : http://www.emsisoft.net/fr/software/free/

Il est nécessaire de s enregistrer sur le site pour pouvoir utiliser et avoir les mises a jour du logiciel!

Attention : a ² free détecte quelque fois des faux positifs! Ayez une attitude prudente raisonnée : ne pas supprimer sans réflexion les entrées trouvées. Et si vous etes pris d un doute, n hésitez pas a poster sur le forum sécurité de zebulon

 

 

5/ Installation de SpywareBlaster :

 

SpywareBlaster: permet d'empêcher l'installation de spywares (logiciels espions) et autres adwares (insertion de publicité) sur votre PC. Contrairement à des logiciels comme Spybot - Search & Destroy ou Ad-aware, SpywareBlaster est un logiciel préventif : il ne supprime pas les spywares déjà présent mais empêche leur installation.

 

http://www.javacoolsoftware.com/downloads.html

Son tuto:

http://www.ordi-netfr.org/tutorialspywareblaster.html

 

 

6/ Installation d'un navigateur web alternatif et sécurisé

 

Pourquoi passer sur Firefox (ou Opera) et abandonner IE?

Tout simplement parce que IE n est pas conforme aux standards du W3C, ils gerent ces funestes ActiveX, souvent porteuses d infections virales, il ne propose pas la navigation par onglets si pratique, il n integre pas d anti popups en interne.

 

Pour toutes ces raisons je te conseille de passer sur Firefox que tu peux davantage sécuriser avec les conseils de megataupe

 

 

 

Si tu veux toujours utiliser Internet Explorer :

 

-=> IE-SPYAD:(Ajoute plus de 5000 sites à la zone de restriction pour te protéger lorsque tu attéris sur un site douteux)

Pour Internet Explorer uniquement!( une fois l'utilitaire dézippé dans son dossier, cliquer sur le fichierie-ads.reg:

les modifications ne sont pas visibles mais l'effet est garanti par le message qui suit! )

http://www.spywarewarrior.com/uiuc/resource.htm

 

 

7/ Installation de ZebProtect

 

Zeb Protect est un logiciel freeware développé par des membres du forum Zebulon.fr (merci a eux) qui permet de sécuriser votre PC sous Windows en fermant certains ports sensibles aux attaques venant d'Internet. D'autres options sont également disponibles comme la suppression des partages ou la désactivation des comptes par défaut.

Téléchargement : http://telechargement.zebulon.fr/123-Zeb-Protect.html

Tutorial : http://www.zebulon.fr/articles/zebprotect.php

 

 

8/ Un antispam :

 

Le spam représente un nouveau fléau. Il s'agit de tous ces messages non sollicités qui arrivent sur votre boite mail!

Selon les études, ce fléau représenterait aujourd'hui de 30 à 40 % du trafic e-mail.

Pour y remédier, il est donc nécessaire d'installer un antispam. Internet Explorer n'en propose pas en interne mais peut recevoir des logiciels annexes qui se chargeront de filtrer les mails recus.

 

Pour ma part, je vous propose l'installation d'une messagerie alternative qui intègre un antispam en interne. Il s'agit de Mozilla Thunderbird.

Téléchargement : http://www.mozilla-europe.org/fr/products/thunderbird/

 

 

9/ Nettoyeurs du systeme :

 

-=> EasyCleaner : EasyCleaner est un logiciel tout en un pour supprimer les entrées obsolètes de la base de registre de Windows, nettoyer le menu ajout/suppression de programmes, effacer les fichiers inutiles, désactiver des programmes qui se lancent automatiquement au démarrage de Windows…

Il integre également un détecteur de fichiers doublons! Celui-ci ne doit absolument pas etre utilisé car non fiable

Télérchargement : http://personal.inet.fi/business/toniarts/ecleane.htm

 

-=> CCleaner (Crap Cleaner) : Excellent nettoyeur du systeme.

Le premier onglet intitulé "Windows" se charge d'effacer les traces laissées sous Windows (cookies, historique, documents récents,...) et d'effacer les éléments inutiles (vider la poubelle, vider le presse papier, effacer les journaux Windows ou les fichiers temporaires).

 

Le second s'occupe de nettoyer les traces et les fichier temporaires d'applications diverses (Mozilla/Firefox, Opera, Office, Acrobat, Google Toolbar, Paint Shop Pro, VNC Viewer, Quicktime ou encore Media player Classic).

 

Le troisième onglet permet de nettoyer la base de registre des éléments orphelins (dll inexistantes, programmes obsolètes, activeX et classes invalides, ou encore extensions de fichier inexistantes).

Téléchargement : http://www.ccleaner.com/

 

-=> Beclean : Tres bon logiciel qui se charge de nettoyer les fichiers temporaires du systeme, le cache Internet, la liste des fichiers récemment utilisé, les liens cassés du menu démarrer et du bureau, les fichiers effacés de la corbeille et les entrées obsolètes dans la base de registre.

Téléchargement : http://boozet.xepher.net/

 

-=> Regcleaner : RegCleaner permet de nettoyer la base de registre en supprimant les entrées inutiles. Il affiche les clés qu'il n'est pas "trop risqué" de supprimer : logiciels, liste de démarrage, menu désinstallation, type de fichiers, nouveau fichier, intégration shell.

Ce logiciel integre une fonction de sauvegarde pour plus de sécurité afin de rétablir les clefs supprimées en cas de probleme.

Téléchargement : http://telechargement.zebulon.fr/28-RegCleaner.html

 

-=> JV16 PowerTools : Utilitaire tres complet : Il integre les fonctions de Regcleaner.

A noter que la version 1.3.0.195 de JV16 proposée ici est la dernière version gratuite, le produit étant maintenant payant.

Ce logiciel integre une fonction de sauvegarde pour plus de sécurité afin de rétablir les clefs supprimées en cas de probleme.

Tutorial : http://www.zebulon.fr/articles/base-de-registre-3.php

Téléchargement : http://telechargement.zebulon.fr/201-jv16-powertools.html

 

-=> Regseeker : RegSeeker est un nettoyeur de base de registre puissant et simple d'utilisation. Ce logiciel permet également d'appliquer de nombreux paramètres Windows.

Ce logiciel integre une fonction de sauvegarde pour plus de sécurité afin de rétablir les clefs supprimées en cas de probleme.

Turorial : http://www.zebulon.fr/articles/regseeker-1.php

Téléchargement : http://www.hoverdesk.net/freeware.htm

 

 

Pour en savoir plus, consulte la page de ipl_001

http://gerard.melone.free.fr/IT/IT-AM0.html