Rapport hijackthis

[yazman]

Salut, j'ai effectué les 4 phases que vous avez conseillé et voilà le rapport que j'ai obtenu de la part de Hijackthis :

 

Logfile of HijackThis v1.99.1

Scan saved at 14:36:39, on 15/09/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

C:\WINDOWS\system32\nutsrv4.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\webHancer\Programs\whAgent.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\TBONBin\tbon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe

C:\Program Files\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.tn/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo / Internet avec Planet Tunisie

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\RATIONAL\RATION~1\NUTCROOT\bin\ncoeenv.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [instaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w

O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r

O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - Startup: DKMessenger.lnk = C:\Program Files\DKware\DKMessenger\DKMessenger.exe

O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Startup: WkCalRem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Digital Image Monitor.lnk = ?

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO

O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm

O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by WebHancer

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe

O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

 

 

 

J'espère que vous pouvez m'aider . Merci.

[Thanos]

salut et bienvenue sur le forum

 

Je lance une analyse , et te laisse une réponse

[yazman]

Merci, très sympa.

[Thanos]

salut et bienvenue sur le forum

 

Va jusqu'au bout et si tu rencontres un problème, n'hésite pas à me le dire

 

Tu as deux possiblités pour consulter les instructions qui suivent:

 

-Soit tu copie/colles le contenu de la procédure dans un fichier texte(que tu met sur le bureau) pour pouvoir le consulter en mode sans échec(tu n'auras pas accès à internet!).

 

-Tu peux également enregistrer la page web complète, sur laquelle se trouve la procédure,

en le faisant à partir de ton navigateur :

 

-Aller en haut de page et cliquer sur le menu"Fichier" : une liste apparait=>

-Choisis "Enregistrer sous" et choisis "Bureau".

-Dans le champs "Nom du fichier" en bas de page donne le nom suivant par exemple:procédure

-Dans le champs"Type" en bas de page ,choisis: Page web complète

-ensuite cliquer sur le bouton "Enregistrer" à droite du champs "nom du fichier".

 

Pour lire la procédure en mode sans échec, tu n'auras qu'à double cliquer sur le fichier procédure.htm (avec l'icone de ton navigateur) situé sur le bureau.(tu noteras qu'un nouveau dossier vase créer sur le bureau en plus du fichier "procédure.htm" : c'est normal!) De cette manière, tu conserveras toutes les mises en formes et les couleurs de la procédure, et cela permettra de t'y retrouver.

--------------------------------------------------------------------------------------------------------------------------

 

La procédure:

 

-Télécharge ATF Cleaner by Atribune sur ton bureau.

 

-Télécharge LSPfix -> http://www.downloads.subratam.org/lspfix.zip ou http://www.cexx.org/lspfix.htm

 

-Télécharge la version d'évaluation d'Ewido:

http://www.ewido.net/en/download/

Installe la et mets à jour.

 

*Démarre Ewido avec l'icône qui se trouve sur ton Bureau.

Clique sur Update Now,

attend la fin de cette mise à jour,

puis ferme le programme.

 

Étape 1:

 

*Redémarre le PC, impérativement en mode sans échec,(au démarrage, tapoter immédiatement la touche F8,puis apparaitra un écran avec choix de démarrages : choisir "Mode sans échec" avec les flèches du clavier, puis valider avec "Entrée".

Choisir le compte usuel (et non Administrateur).

 

en cas de problème pour sélectionner le mode sans échec, appliquer la procédure de Symantec "Comment démarrer l'ordinateur en mode sans échec"

 

Étape 2:

 

* Démarre Hijackthis"Do a system scan only", et coche les lignes suivantes :

O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll

 

O4 - HKLM\..\Run: [instaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe

O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"

O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w

O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

 

O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO

-Ferme tous les programmes et clique sur "Fix Checked"

 

Étape 3:

 

*Passe par Installer /Désinstaller(Panneau de Configuration) et désinstalle les programmes suivant:

 

webHancer

Newdotnet

tbon

InstaFinder

RXToolBar

 

Étape 4:

 

-vas dans le menu démarrer executer et tu tapes :cmd

 

dans la boite de dialogue qui s'ouvre, tu tapes :

sc stop Windows Log => clique sur [entrée]

sc delete Windows Log=> clique sur [entrée]

 

Un message t'avertit du succès de l'opération.Quitte l'invite de commandes.

 

Étape 5:

 

*Assure toi d'avoir accès à tous les fichiers,certains fichiers/dossiers sont cachés!!

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Cocher la case : Afficher les fichiers et dossiers cachés

Décocher la case : Masquer les extensions des fichiers dont le type est connu

Décocher la case : Masquer les fichiers protégés du système d'exploitation

cliquer sur "Appliquer"

cliquer sur le bouton "Appliquer à tous les dossiers" / OK

Elimine les fichiers suivants:

 

c:\windows\webhdll.dll

c:\windows\whagent.inf

c:\windows\whInstaller.exe

c:\windows\whInstaller.ini

 

C:\WINDOWS\system\smss.exe => Attention!! ne confond surtout pas avec le fichier légitime qui se trouve dans C:\WINDOWS\system32

C:\WINDOWS\system32\nvsvcd.exe

 

Elimine les dossiers suivants :

 

C:\Program Files\webHancer

C:\Program Files\TBONBin

C:\Program Files\RXToolBar

C:\Program Files\INSTAFINK

C:\Program Files\NewDotNet

 

Étape 6:

 

* Lance ATF-Cleaner:Double-clique sur ATF-Cleaner.exe

 

-Coche la case suivante:"select all"

 

-Clique sur Empty Selected et au message "Done Cleaning" sur Ok

 

Étape 7:

 

Relance Ewido et clique sur Scanner

Puis sur l'onglets Settings, pour How to Act sélèctionne Quarantine.

 

Reviens a l'onglet Scan cliques Complete system Scan.

Le scan démarre.

 

A la fin cliquer sur Apply all actions

Puis sur Save report et pour finir Save report as enregistrer sur le Bureau.

 

Étape 8:

 

Redémarre normalement.

Si après tout ca tu as perdu ton accès à internet, utilise LspFix comme ceci =>

 

Démarre LSPFix

Coche 'I know what I'm doing'

Clique sur 'Finish'.

Redémarre ton PC , tu dois avoir de nouveau accès au réseau.

 

Poste les rapports suivants stp :

 

- Le rapport d'Ewido.

- Un nouveau rapport Hijackthis : avant de le faire, renomme Hijackthis.exe en yazman.exe: pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste .

 

-Télécharge DiagHelp.zip sur ton bureau

• Ne double-clic pas dessus !! Fais un clic droit sur le fichier et "extraire tout"
  
• Un nouveau dossier chercher va être créé DiagHelp
  
• Ouvre le et double-clique sur go.cmd (le .cmd peut ne pas apparaître)
  
• Une fenêtre va s'ouvrir, choisis l'option 1
  
• L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
  
• Copie/colle le contenu du bloc-note qui s'ouvre dans ton prochain post.
  

allez courage! après ca ca ira beaucoup mieux

[yazman]

Bonjour,

voici le rapport d'Ewido :

---------------------------------------------------------

ewido anti-spyware - Scan-Bericht

---------------------------------------------------------

 

+ Erstellt um: 23:32:16 15/09/2006

 

+ Scan-Ergebnis:

 

 

 

C:\Documents and Settings\Yazman\Mes documents\cherif.medjeljeli\kazaa_setup.exe -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Documents and Settings\Yazman\Mes documents\cherif.medjeljeli\kazaa_setup2.exe -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\ceva_vfs.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\ceva_vfs.cvd.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.ivd.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.rvd.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cran.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cran.ivd.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.ivd.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\html.xmd.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\jpeg.xmd.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx_97.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx_97.ivd.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\nelf.cvd.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\sdx.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\sdx.ivd.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\unpack.cvd.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\unpack.ivd.cab -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Microsoft\VisualStudio\Analyzer\Events\{6C736D71-BCBF-11D0-8A23-00AA00B58E10} -> Adware.CoolWebSearch : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\WINDOWS\system32\AdCache\B_329_0_0_106800.htm -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\WINDOWS\system32\AdCache\B_329_0_0_107400.htm -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\WINDOWS\system32\AdCache\B_329_1_0_449200.gif -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\WINDOWS\system32\AdCache\B_329_1_0_449600.gif -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\WINDOWS\system32\AdCache\B_329_1_0_454300.gif -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\WINDOWS\system32\AdCache\B_329_2_0_106800.htm -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\WINDOWS\system32\AdCache\B_329_2_0_107400.htm -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\WINDOWS\system32\AdCache\B_329_3_0_106800.htm -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\WINDOWS\system32\AdCache\B_329_3_0_107400.htm -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\WINDOWS\system32\AdCache\B_329_4_0_111600.htm -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\WINDOWS\system32\AdCache\B_329_4_0_152400.htm -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\WINDOWS\system32\AdCache\B_329_4_0_155300.htm -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\WINDOWS\system32\AdCache\B_329_4_0_164100.htm -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1068 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4492 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4496 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4543 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1068 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1068 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1116 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1524 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1553 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1641 -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Status -> Adware.Cydoor : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Gator.com -> Adware.Gator : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Gator.com\AppInfo -> Adware.Gator : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Gator.com\CMEII -> Adware.Gator : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Gator.com\Gator -> Adware.Gator : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Gator.com\Gator\dyn -> Adware.Gator : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH -> Adware.Gator : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs -> Adware.Gator : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Gator.com\trickles -> Adware.Gator : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Gator.com\trickles\TRICKLER_6106 -> Adware.Gator : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Gator.com\trickles\TRICKLER_6106\Trickler -> Adware.Gator : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Gator.com\trickles\TRICKLER_6106\Trickler\trickle.gator.com:80/download/trickler6.cfg -> Adware.Gator : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Gator.com\trickles\Trickle Thread -> Adware.Gator : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Gator.com\trickles\Trickle Thread\cmeii -> Adware.Gator : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Gator.com\trickles\Trickle Thread\cmeii\gatorcme.gator.com:80/gatorcme/appsenc/gotsmiley_appver2105_libver2101.zip -> Adware.Gator : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Classes\instafink.INSTAFINK -> Adware.InstaFinder : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Classes\instafink.INSTAFINK\Clsid -> Adware.InstaFinder : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Mit Backup gesäubert (unter Quarantäne gestellt).

[1148] C:\WINDOWS\NDNUNI~1.EXE -> Adware.NewDotNet : Fehler während der Säuberung.

[1232] C:\WINDOWS\NDNUNI~1.EXE -> Adware.NewDotNet : Fehler während der Säuberung.

HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer -> Adware.P2PNetworking : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer.1 -> Adware.P2PNetworking : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CLSID -> Adware.P2PNetworking : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CurVer -> Adware.P2PNetworking : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\WINDOWS\system32\WebP2PInstaller.dl$ -> Adware.PeerNet : Mit Backup gesäubert (unter Quarantäne gestellt).

HKU\S-1-5-21-2302908614-540667360-2728830427-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\whInstall -> Adware.Webhancer : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\whInstall\whAgent.inf -> Adware.Webhancer : Mit Backup gesäubert (unter Quarantäne gestellt).

C:\Program Files\whInstall\whInstaller.ini -> Adware.Webhancer : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\webHancer -> Adware.WebHancer : Mit Backup gesäubert (unter Quarantäne gestellt).

HKLM\SOFTWARE\webHancer\CC -> Adware.WebHancer : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.863:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.2o7 : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.89:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.2o7 : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.934:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.2o7 : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.188:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Adbrite : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.189:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Adbrite : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.771:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Adjuggler : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.772:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Adjuggler : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.161:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Adtech : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.162:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Adtech : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.103:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Atdmt : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.100:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Bluestreak : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.19:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Doubleclick : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.196:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Estat : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.428:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Etracker : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.76:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Falkag : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.77:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Falkag : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.78:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Falkag : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.79:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Falkag : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.80:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Falkag : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.81:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Falkag : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.185:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Fastclick : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.186:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Fastclick : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.881:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Hitbox : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.18:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Ivwbox : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.761:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Liveperson : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.112:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Mediaplex : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.962:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Need2find : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.662:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Onestat : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.665:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Onestat : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.666:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Onestat : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.667:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Onestat : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.668:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Onestat : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.669:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Onestat : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.145:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Overture : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.146:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Overture : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.147:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Overture : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.115:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Popularix : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.816:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Qksrv : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.817:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Qksrv : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.822:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Questionmarket : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.823:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Questionmarket : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.767:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Revenue : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.116:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Serving-sys : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.117:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Serving-sys : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.118:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Serving-sys : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.119:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Serving-sys : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.120:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Serving-sys : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.633:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Sitestat : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.639:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Sitestat : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.763:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Sitestat : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.164:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Smartadserver : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.165:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Smartadserver : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.166:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Smartadserver : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.167:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Smartadserver : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.168:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Smartadserver : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.648:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Spylog : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.211:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Starware : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.634:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.635:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.636:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.637:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.638:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.640:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.641:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.644:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.645:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.646:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.652:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.656:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.657:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.658:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.679:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.680:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.681:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.682:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.683:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.696:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Statcounter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.642:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Tacoda : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.643:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Tacoda : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.711:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Targetnet : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.39:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Tradedoubler : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.40:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Tradedoubler : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.41:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Tradedoubler : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.42:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Tradedoubler : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.43:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Tradedoubler : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.580:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Trafficcenter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.581:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Trafficcenter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.582:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Trafficcenter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.583:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Trafficcenter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.584:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Trafficcenter : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.569:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Trafic : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.599:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Tribalfusion : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.557:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Valueclick : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.592:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Valueclick : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.718:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Valueclick : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.753:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Valueclick : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.558:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Web-stat : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.559:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Web-stat : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.577:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Web-stat : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.578:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Web-stat : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.579:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Web-stat : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.124:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Weborama : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.125:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Weborama : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.126:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Weborama : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.127:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Weborama : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.128:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Weborama : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.632:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Webtrendslive : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.226:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Yadro : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.230:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Yadro : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.239:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Zedo : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.240:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Zedo : Mit Backup gesäubert (unter Quarantäne gestellt).

:mozilla.246:C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt -> TrackingCookie.Zedo : Mit Backup gesäubert (unter Quarantäne gestellt).

 

 

::Berichtende

 

 

Voici le rapport de HiJackThis (je l'ai renommé en yazman):

Logfile of HijackThis v1.99.1

Scan saved at 23:45:25, on 15/09/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe

C:\WINDOWS\system32\nutsrv4.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Canon\MultiPASS4\MPTBox.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Digital Image\Monitor.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\hijackthis\yazman.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.tn/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo / Internet avec Planet Tunisie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\RATIONAL\RATION~1\NUTCROOT\bin\ncoeenv.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: DKMessenger.lnk = C:\Program Files\DKware\DKMessenger\DKMessenger.exe

O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Startup: WkCalRem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Digital Image Monitor.lnk = ?

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm

O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7B856455-4B25-4709-8077-7870CEF040CB}: NameServer = 193.95.122.40 193.95.93.77

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe

O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)

 

Concernant le rapport de DiagHelp, le site ne voulait pas s'ouvrir pas chez moi. Si c'est nécessaire je t'envoyerai par un mp mon mail et tu pourras si tu as le temps et l'envis de m'envoyer le zip .

 

Merci en tout cas pour l'aide.

[Thanos]

salut

 

Tu as fait du bon boulot : c'est déjà beaucoup plus propre!

 

Je vois que tu as mis Ewido en allemand , je comprend encore un peu, et je vois qu'il a eu du mal à éliminer 1 fichier, qu'on va virer manuellement!

 

1)* Créé un fichier Bloc Notes avec le texte qui se trouve dans l'espace "code" ci-dessous (copie/colle, sans le mot "Code"=>Attention pas de ligne vierge avant REGEDIT4 ) :

 

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Log]

-Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

-Choisis "Enregistrer sous" et choisis "Bureau"

-Dans le champs "Nom du fichier" en bas de page donne le nom suivant: remove.reg

-Dans le champs"Type" en bas de page ,choisis: "tous les fichiers"

-ensuite clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

-quitte le Bloc Notes. ne clique pas sur le fichier maintenant!

 

=>Voici ce à quoi doit ressembler l'icone du fichier reg que tu viens de créer:

si ce n'est pas le cas,reprends les informations ci dessus et recommence!

 

2)* Démarre Hijackthis"Do a system scan only", et coche les lignes suivantes :

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

-Ferme tous les programmes et clique sur "Fix Checked"

 

3)* Redémarre en mode sans échec.

 

4)*Supprime le fichier en gras dans C:\WINDOWS:

 

C:\WINDOWS\NDNUNI~1.EXE

 

as tu bien éliminé le dossier suivant ?(si ce n'est pas fait, fais le!)=>

 

C:\Program Files\RXToolBar

 

* Double clique sur le fichier remove.reg pour qu'il s'exécute.Un message te demandera la fusion,accepte.Elimine le fichier reg.

 

*Vide la corbeille.

 

5)Double-clique sur ATF-Cleaner.exe afin de lancer le programme.

• Pour internet explorer
  Sous l'onglet Main, choisis : Select All
  Clique sur le bouton Empty Selected
   
  Pour Firefox
  Sous l'onglet Firefox, choisis : Select All
  Clique le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
  Clique Exit, du menu prinicipal, afin de fermer le programme.
  

6) Redémarre normalement et stp réessaie de télécharger et de lancer DiagHelp . Si tu ne parviens pas à le faire fonctionner, essaie ceci =>

 

-télécharge WinPFind:

http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip

dezippe le et lance winpfind.exe

clique sur Start Scan et soit patient ca peut durer un moment, patiente!

Poste le rapport généré stp.

 

-J'aimerai stp voir un rapport hijackthis fait comme ceci en plus! =>

 

Ouvre HijackThis.

Clique sur Open Misc Tools Section

Assure toi que les deux cases de droite sont bien cochées:

* List all minor sections(Full)

* List Empty Sections(Complete)

Clique surGenerate StartupList Log

Click sur "oui" lorsque l'on te le demande.

Cela va générer un rapport,copie le et poste le ici.

 

-Pour finir, un scan en ligne =>

 

Fais un scan en ligne avec Panda :

http://www.pandasoftware.fr/Activescan/Activescan.html .

Et poste le rapport qu'il t'affichera à la fin, pour cela, assure toi que IE est correctement configuré pour le scan en ligne comme indiqué ici : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId898809 .

Si tu n'y arrives pas, le tuto est : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId237368

 

Tu n'es pas obligé de donner ton email, tu peux utiliser une adresse jetable si tu le souhaites : http://www.jetable.org/fr/index

 

Tu peux remercier les logiciels P2P tel kazaa d'avoir infecté ton pc!! lis ceci pour comprendre =>

http://forum.zebulon.fr/index.php?showtopic=85544

 

@+

Modifié le 16 septembre 2006 par charles ingals

[yazman]

Salut, merci pour ton aide .

 

J'ai pas trouvé ce que tu voulais que je supprimer (donc peut être déjà supprimés):

C:\WINDOWS\NDNUNI~1.EXE

 

as tu bien éliminé le dossier suivant ?(si ce n'est pas fait, fais le!)=>

 

C:\Program Files\RXToolBar

(tant mieux peut être )

 

Voici le rapport de HiJackThis comme tu le voulais :

StartupList report, 18/09/2006, 18:07:07

StartupList version: 1.52.2

Started from : C:\Program Files\hijackthis\yazman.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe

C:\WINDOWS\system32\nutsrv4.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Canon\MultiPASS4\MPTBox.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Digital Image\Monitor.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\hijackthis\yazman.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\Yazman\Menu Démarrer\Programmes\Démarrage]

DKMessenger.lnk = C:\Program Files\DKware\DKMessenger\DKMessenger.exe

Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

WkCalRem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]

Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

Digital Image Monitor.lnk = ?

DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

Lancement rapide d'Adobe Acrobat.lnk = ?

Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

Apoint = C:\Program Files\Apoint2K\Apoint.exe

PadTouch = C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

LtMoh = C:\Program Files\ltmoh\Ltmoh.exe

AGRSMMSG = AGRSMMSG.exe

CeEKEY = C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

(Default) =

TPNF = C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

TOSHIBA Accessibility = C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe

HWSetup = C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

SVPWUTIL = C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

Zooming = ZoomingHook.exe

TCtryIOHook = TCtrlIOHook.exe

TPSMain = TPSMain.exe

SmoothView = C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

Tvs = C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

NDSTray.exe = NDSTray.exe

dla = C:\WINDOWS\system32\dla\tfswctrl.exe

IgfxTray = C:\WINDOWS\system32\igfxtray.exe

HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe

TFncKy = TFncKy.exe

CFSServ.exe = CFSServ.exe -NoClient

NuTCSetupEnviron = C:\PROGRA~1\RATIONAL\RATION~1\NUTCROOT\bin\ncoeenv.exe

DAEMON Tools-1033 = "C:\Program Files\D-Tools\daemon.exe" -lang 1033

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

WOOWATCH = C:\PROGRA~1\Wanadoo\Watch.exe

WOOTASKBARICON = C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

MessengerPlus3 = "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

MPTBox = C:\Program Files\Canon\MultiPASS4\MPTBox.exe

SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

VirtualCloneDrive = "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

Babylon Client = C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

NeroFilterCheck = C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

Acrobat Assistant 7.0 = "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

!ewido = "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

Eyeball Chat = "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

MessengerPlus3 = "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

Yahoo! Pager = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=C:\PROGRA~1\Picasa2\Picasa2.scr

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

 

Enumerating Browser Helper Objects:

 

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

(no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}

(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Rappel d'enregistrement 2.job

Rappel d'enregistrement 3.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll

CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

 

[YInstStarter Class]

InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll

CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll

 

[{33564D57-9980-0010-8000-00AA00389B71}]

CODEBASE = http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

[MSN Chat Control 4.5]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx

CODEBASE = http://chat.msn.com/controls/msnchat45.cab

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

Protocol #7: C:\WINDOWS\system32\nutafun4.dll

Protocol #8: C:\WINDOWS\system32\nutafun4.dll

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

 

--------------------------------------------------

End of report, 10 519 bytes

Report generated in 1,641 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

 

 

Voici le rapport de Panda :

 

Incident Statut Analyse

 

Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt[.tradedoubler.com/]

Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt[.xiti.com/]

Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt[.com.com/]

Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/Tribalfusion No Désinfecté C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt[.bluestreak.com/]

Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt[as1.falkag.de/]

Spyware:Cookie/Casalemedia No Désinfecté C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Yazman\Application Data\Mozilla\Firefox\Profiles\wqwibska.default\cookies.txt[.mediaplex.com/]

Adware:Adware/nCase No Désinfecté C:\Documents and Settings\Yazman\Bureau\New QoS\EZ-Emoticons.exe[saap.exe]

Spyware:Spyware/New.net No Désinfecté C:\Documents and Settings\Yazman\Bureau\New QoS\Install-Animated-Emoticons.exe[sHNT288.exe]

Adware:Adware/WebHancer No Désinfecté C:\Documents and Settings\Yazman\Bureau\New QoS\Install-Animated-Emoticons.exe[wh.exe]

Adware:Adware/WebHancer No Désinfecté C:\Documents and Settings\Yazman\Bureau\New QoS\Install-Animated-Emoticons.exe[wh.exe][whAgent.inf]

Adware:Adware/WebHancer No Désinfecté C:\Documents and Settings\Yazman\Bureau\New QoS\Install-Animated-Emoticons.exe[wh.exe][whAgent.exe]

Adware:Adware/WebHancer No Désinfecté C:\Documents and Settings\Yazman\Bureau\New QoS\Install-Animated-Emoticons.exe[wh.exe][whInstaller.exe]

Adware:Adware/WebHancer No Désinfecté C:\Documents and Settings\Yazman\Bureau\New QoS\Install-Animated-Emoticons.exe[wh.exe][whSurvey.exe]

Adware:Adware/WebHancer No Désinfecté C:\Documents and Settings\Yazman\Bureau\New QoS\Install-Animated-Emoticons.exe[wh.exe][webhdll.dll]

Adware:Adware/WebHancer No Désinfecté C:\Documents and Settings\Yazman\Bureau\New QoS\Install-Animated-Emoticons.exe[wh.exe][whiehlpr.dll]

Adware:Adware/WinAD No Désinfecté C:\Documents and Settings\Yazman\Bureau\New QoS\Install-Animated-Emoticons.exe[MGW_SH.exe]

 

 

Pour l'autre (DiagHelp), j'ai pas pu de nouveau de le télécharger mais je vais réessayer.

Merci.

Modifié le 18 septembre 2006 par yazman

[Thanos]

salut

 

De mieux en mieux il reste un peu de nettoyage car PAnda a trouvé des fichiers infecté dans un dossier!

 

Elimine le dossier en entier(en gras) =>

 

C:\Documents and Settings\Yazman\Bureau\New QoS

 

Fais gaffe à faire analyser systématiquement ce type de programme avant de l'installer!!souvent ils installent des spywares (Emoticons , fonds d'écran etc...)

 

ouvre Firefox=>menu Outils=>Options=> Vie Privée=> Cookies=>clique sur le bouton "Supprimer les cookies".

 

Double-clique surATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected

 

Stp poste le rapport de WinPFind comme demandé plus haut (ca remplacera le rapport de DiagHelp).

+ un rapport hijackthis fait normalement.

 

@+

Sinon, beau boulot!

Modifié le 18 septembre 2006 par charles ingals

[yazman]

Bonsoir, quel boulot ! ça ne finit jamais

J'ai supprimé les fichiers que Panda a trouvé.

 

Voici le rapport de HiJackThis :

Logfile of HijackThis v1.99.1

Scan saved at 00:22:18, on 19/09/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe

C:\WINDOWS\system32\nutsrv4.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Canon\MultiPASS4\MPTBox.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Digital Image\Monitor.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Yazman\Bureau\WinPFind\WinPFind\winpfind.exe

C:\WINDOWS\notepad.exe

C:\Program Files\hijackthis\yazman.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.tn/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo / Internet avec Planet Tunisie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\RATIONAL\RATION~1\NUTCROOT\bin\ncoeenv.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: DKMessenger.lnk = C:\Program Files\DKware\DKMessenger\DKMessenger.exe

O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Startup: WkCalRem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Digital Image Monitor.lnk = ?

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm

O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7B856455-4B25-4709-8077-7870CEF040CB}: NameServer = 193.95.122.40 193.95.93.77

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe

 

Voici le rapport de WinPFind :

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

 

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

 

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Logfile created on: 19/09/2006 00:08:03

WinPFind v1.5.0 Folder = C:\Documents and Settings\Yazman\Bureau\WinPFind\WinPFind\

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)

Internet Explorer (Version = 6.0.2900.2180)

 

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

 

Checking %SystemDrive% folder...

WSUD 25/03/2006 12:51:46 108459237 C:\eclipse-SDK-3.1.2-win32.zip ()

 

Checking %ProgramFilesDir% folder...

 

Checking %WinDir% folder...

UPX! 22/08/2004 18:04:56 69120 C:\WINDOWS\daemon.dll ()

FSG! 08/04/2005 19:10:40 7572683 C:\WINDOWS\dmbsetup.exe ()

PEC2 08/04/2005 19:10:40 7572683 C:\WINDOWS\dmbsetup.exe ()

PECompact2 08/04/2005 19:10:40 7572683 C:\WINDOWS\dmbsetup.exe ()

qoologic 13/08/2006 20:05:46 89452544 C:\WINDOWS\MEMORY.DMP ()

WSUD 13/08/2006 20:05:46 89452544 C:\WINDOWS\MEMORY.DMP ()

 

Checking %System% folder...

WSUD 27/10/2004 18:42:44 16179200 C:\WINDOWS\SYSTEM32\alsndmgr.cpl (Realtek Semiconductor Corp.)

PEC2 19/03/2003 05:05:48 2052096 C:\WINDOWS\SYSTEM32\atl71.pdb ()

PEC2 14/02/2005 20:08:46 31232 C:\WINDOWS\SYSTEM32\ColorPicker.ocx (xFX JumpStart)

PECompact2 14/02/2005 20:08:46 31232 C:\WINDOWS\SYSTEM32\ColorPicker.ocx (xFX JumpStart)

PEC2 05/08/2004 13:00:00 41131 C:\WINDOWS\SYSTEM32\dfrg.msc ()

PEC2 22/03/2005 22:44:26 49664 C:\WINDOWS\SYSTEM32\DMBSampleControl.ocx ( )

PECompact2 22/03/2005 22:44:26 49664 C:\WINDOWS\SYSTEM32\DMBSampleControl.ocx ( )

PEC2 11/06/2002 04:35:20 12800 C:\WINDOWS\SYSTEM32\FormShaper.ocx (xFX JumpStart)

PEC2 15/02/2005 00:40:20 21504 C:\WINDOWS\SYSTEM32\HREF.OCX (xFX JumpStart)

PECompact2 15/02/2005 00:40:20 21504 C:\WINDOWS\SYSTEM32\HREF.OCX (xFX JumpStart)

PEC2 27/06/2003 00:02:36 20480 C:\WINDOWS\SYSTEM32\ICONTAINER.OCX (xFX JumpStart)

PEC2 07/05/2004 05:54:00 11776 C:\WINDOWS\SYSTEM32\LINE3D.OCX (xFX JumpStart)

PEC2 18/06/1998 01:00:00 8015872 C:\WINDOWS\SYSTEM32\MFC42.PDB ()

PEC2 18/06/1998 01:00:00 3944448 C:\WINDOWS\SYSTEM32\MFC42D.PDB ()

PEC2 19/03/2003 07:20:00 10357760 C:\WINDOWS\SYSTEM32\mfc71.pdb ()

PEC2 19/03/2003 06:28:40 8252416 C:\WINDOWS\SYSTEM32\MFC71d.pdb ()

PEC2 19/03/2003 07:12:12 10333184 C:\WINDOWS\SYSTEM32\mfc71u.pdb ()

PEC2 19/03/2003 06:31:58 8293376 C:\WINDOWS\SYSTEM32\mfc71ud.pdb ()

PEC2 18/06/1998 01:00:00 2052096 C:\WINDOWS\SYSTEM32\MFCD42D.PDB ()

PEC2 18/06/1998 01:00:00 1454080 C:\WINDOWS\SYSTEM32\MFCN42D.PDB ()

PEC2 18/06/1998 01:00:00 4395008 C:\WINDOWS\SYSTEM32\MFCO42D.PDB ()

PECompact2 09/08/2006 21:03:04 8325544 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)

aspack 09/08/2006 21:03:04 8325544 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)

aspack 05/08/2004 13:00:00 733184 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)

WSUD 05/08/2004 13:00:00 261120 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)

WSUD 02/09/2001 12:29:22 13107200 C:\WINDOWS\SYSTEM32\oembios.bin ()

Umonitor 05/08/2004 13:00:00 685056 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)

PEC2 11/02/2003 23:17:24 11776 C:\WINDOWS\SYSTEM32\SmartSubClass.dll (VBSmart)

aspack 02/05/2006 23:55:10 53248 C:\WINDOWS\SYSTEM32\suppdll.dll ()

UPX! 29/08/2006 15:52:54 248832 C:\WINDOWS\SYSTEM32\trjscan.trb (Simply Super Software)

aspack 17/06/2006 01:46:58 345088 C:\WINDOWS\SYSTEM32\trupd.trb (Simply Super Software)

PEC2 14/04/2004 18:42:32 13312 C:\WINDOWS\SYSTEM32\tsys.dll (xFX JumpStart)

winsync 05/08/2004 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()

PEC2 30/10/2002 02:02:04 17920 C:\WINDOWS\SYSTEM32\xfxbinimg.dll ()

PEC2 26/05/2004 00:24:12 35840 C:\WINDOWS\SYSTEM32\xFXSlider.ocx (xFX JumpStart)

PECompact2 26/05/2004 00:24:12 35840 C:\WINDOWS\SYSTEM32\xFXSlider.ocx (xFX JumpStart)

 

Checking %System%\Drivers folder and sub-folders...

UPX! 13/09/2006 15:16:46 777472 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)

FSG! 13/09/2006 15:16:46 777472 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)

PEC2 13/09/2006 15:16:46 777472 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)

aspack 13/09/2006 15:16:46 777472 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)

 

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

 

 

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...

18/09/2006 23:55:28 S 2048 C:\WINDOWS\bootstat.dat ()

07/09/2006 15:10:36 RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index27.dat ()

07/09/2006 15:10:36 RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index28.dat ()

28/07/2006 22:21:24 H 626422 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1369c6d3d1e461b8f6eb4aab4a0a2c8a\download\BIT18.tmp ()

02/08/2006 01:36:22 H 1079032 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\813393cacabba48c35f9d086fb3055ff\download\BIT1A.tmp ()

28/07/2006 23:38:22 H 155879 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8a7f7c98df0a30ead57d10a0a13cfc46\download\BIT17.tmp ()

28/07/2006 23:30:06 H 36246 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9d141fe443dceca575dc6e6f2f0eca89\download\BIT19.tmp ()

28/07/2006 23:27:20 H 69744 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c40c0e3d7dcfb5be7fb7777a31340af0\download\BIT1C.tmp ()

28/07/2006 23:54:10 H 24986 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d8661e60d3aee3a77c6330f550a29252\download\BIT1D.tmp ()

08/08/2006 07:11:34 H 560028 C:\WINDOWS\system32\mlfcache.dat ()

18/09/2006 23:57:52 H 1024 C:\WINDOWS\system32\config\default.LOG ()

18/09/2006 23:56:16 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()

18/09/2006 23:58:42 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()

19/09/2006 00:19:04 H 1024 C:\WINDOWS\system32\config\software.LOG ()

19/09/2006 00:02:56 H 1024 C:\WINDOWS\system32\config\system.LOG ()

04/09/2006 12:53:30 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()

22/08/2006 01:14:18 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\960ebf89-073c-453b-a1fd-c2225581237b ()

22/08/2006 01:14:18 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()

18/09/2006 23:55:42 H 6 C:\WINDOWS\Tasks\SA.DAT ()

 

Checking for CPL files...

05/08/2004 13:00:00 71680 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)

27/10/2004 18:42:44 16179200 C:\WINDOWS\SYSTEM32\alsndmgr.cpl (Realtek Semiconductor Corp.)

05/08/2004 13:00:00 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)

05/08/2004 13:00:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)

05/08/2004 13:00:00 138240 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)

05/08/2004 13:00:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)

05/08/2004 13:00:00 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)

25/02/2005 16:31:38 364544 C:\WINDOWS\SYSTEM32\HWSetup.cpl (TOSHIBA CO.,LTD.)

02/11/2004 10:01:34 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)

05/08/2004 13:00:00 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)

05/08/2004 13:00:00 134144 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)

05/08/2004 13:00:00 380928 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)

05/08/2004 13:00:00 70144 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)

10/11/2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)

05/08/2004 13:00:00 189952 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)

05/08/2004 13:00:00 626176 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)

05/08/2004 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)

05/08/2004 13:00:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)

05/08/2004 13:00:00 261120 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)

27/05/1999 15:47:42 606720 C:\WINDOWS\SYSTEM32\NutCPApp.cpl (DataFocus, Inc.)

05/08/2004 13:00:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)

05/08/2004 13:00:00 118272 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)

30/09/2004 17:07:26 324608 C:\WINDOWS\SYSTEM32\QuickTime.cpl (Apple Computer, Inc.)

05/08/2004 13:00:00 305152 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)

05/08/2004 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)

05/08/2004 13:00:00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)

15/03/2005 18:39:32 495616 C:\WINDOWS\SYSTEM32\TOSCDSPD.cpl ()

21/01/2005 11:28:28 1171456 C:\WINDOWS\SYSTEM32\TPwrSave.cpl (TOSHIBA Corporation)

05/08/2004 13:00:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)

26/05/2005 05:16:32 175896 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)

26/05/2005 05:16:32 175896 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)

02/11/2004 10:01:34 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\igfxcpl.cpl (Intel Corporation)

02/11/2004 10:01:34 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0015\DriverFiles\igfxcpl.cpl (Intel Corporation)

 

Checking for Downloaded Program Files...

{00000055-9980-0010-8000-00AA00389B71} - - CodeBase = http://codecs.microsoft.com/codecs/i386/fhg.CAB

{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll

{33564D57-9980-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - MSN Chat Control 4.5 - CodeBase = http://chat.msn.com/controls/msnchat45.cab

Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

 

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

 

Checking files in %ALLUSERSPROFILE%\Startup folder...

06/12/2005 22:14:28 1014 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk ()

17/03/2005 09:21:28 HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

23/12/2005 11:20:22 483 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Image Monitor.lnk ()

01/04/2006 10:58:32 836 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk ()

18/09/2006 23:57:20 2335 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk ()

06/12/2005 22:03:26 1757 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk ()

25/11/2005 19:31:00 1740 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk ()

 

Checking files in %ALLUSERSPROFILE%\Application Data folder...

15/09/2006 00:47:46 305 C:\Documents and Settings\All Users\Application Data\addr_file.html ()

17/03/2005 10:13:24 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()

 

Checking files in %USERPROFILE%\Startup folder...

17/03/2005 09:21:28 HS 84 C:\Documents and Settings\Yazman\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

23/03/2006 11:08:14 813 C:\Documents and Settings\Yazman\Menu Démarrer\Programmes\Démarrage\DKMessenger.lnk ()

24/11/2005 22:29:46 899 C:\Documents and Settings\Yazman\Menu Démarrer\Programmes\Démarrage\Lancement rapide de Microsoft Office OneNote 2003.lnk ()

25/11/2005 21:52:18 950 C:\Documents and Settings\Yazman\Menu Démarrer\Programmes\Démarrage\WkCalRem.LNK ()

 

Checking files in %USERPROFILE%\Application Data folder...

17/03/2005 10:13:24 HS 62 C:\Documents and Settings\Yazman\Application Data\desktop.ini ()

01/06/2006 10:49:08 553256 C:\Documents and Settings\Yazman\Application Data\GDIPFONTCACHEV1.DAT ()

25/11/2005 21:53:26 0 C:\Documents and Settings\Yazman\Application Data\wklnhst.dat ()

 

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

 

>>> Internet Explorer Settings <<<

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

\\Start Page - http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

\\Local Page - %SystemRoot%\system32\blank.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

\\Start Page - http://www.wanadoo.tn/

\\Search Bar -

\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

\\Local Page - C:\WINDOWS\system32\blank.htm

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

\\{08C06D61-F1F3-4799-86F8-BE1A89362C85} - Search Class = C:\PROGRA~1\Wanadoo\SEARCH~1.DLL ()

\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

 

>>> BHO's <<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

\{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

\{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

\{AE7CD045-E861-484f-8273-0445EE161910} - AcroIEToolbarHelper Class = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

 

>>> Internet Explorer Bars, Toolbars and Extensions <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]

\{182EC0BE-5110-49C8-A062-BEB1D02A220B} - Adobe PDF = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll (Yahoo! Inc.)

\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Astuce du jour = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll (Yahoo! Inc.)

\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - Bandeau de recherche de l'Explorateur = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]

\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Liens = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Liens = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - = ()

\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()

\WebBrowser\\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - = ()

\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]

\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Console Java (Sun)

\\NEXTID - 8195

\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - 8193 = Yahoo! Messenger

\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8194 =

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

\-{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Console Java (Sun) = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)

\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Console Java (Sun) = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)

\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - ButtonText: Messenger =

\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Recherche =

 

>>> Approved Shell Extensions (Non-Microsoft Only) <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Extension Affichage Panorama du Panneau de configuration = deskpan.dll ()

\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Extensions de l'environnement de compression de fichiers = ()

\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Menu contextuel de cryptage = ()

\\{88895560-9AA2-1069-930E-00AA0030EBC8} - Extension icône HyperTerminal = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)

\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Barre des tâches et menu Démarrer = ()

\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()

\\{7A9D77BD-5403-11d2-8785-2E0420524153} - Comptes d'utilisateurs = ()

\\{9ED66769-A198-41FE-8615-601691C68846} - TouchPad Property Sheet = C:\WINDOWS\system32\TPprop.dll (COMPAL ELECTRONIC INC.)

\\{DEE12703-6333-4D4E-8F34-738C4DCC2E04} - RecordNow! SendToExt = C:\Program Files\Sonic\RecordNow!\shlext.dll ()

\\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

\\{32020A01-506E-484D-A2A8-BE3CF17601C3} - AlcoholShellEx = ()

\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()

\\{4B4604E0-8961-11D4-A0EC-009099164712} - Mon MultiPASS = C:\Program Files\Canon\MultiPASS4\DTM4.DLL (Canon Inc.)

\\{B7056B8E-4F99-44f8-8CBD-282390FE5428} - VirtualCloneDrive = C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll (Elaborate Bytes AG)

\\{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll (Nero AG)

\\{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll (Nero AG)

\\{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} - Adobe.Acrobat.ContextMenu = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll (Adobe Systems Inc.)

\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)

\\{52B87208-9CCF-42C9-B88E-069281105805} - Trojan Remover Shell Extension = C:\PROGRA~1\TROJAN~1\Trshlex.dll (Simply Super Software)

\\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\PROGRA~1\Grisoft\AVGFRE~1\avgse.dll (GRISOFT, s.r.o.)

\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\PROGRA~1\Grisoft\AVGFRE~1\avgse.dll (GRISOFT, s.r.o.)

\\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} - Shell Extension for Malware scanning = ()

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

 

 

>>> Context Menu Handlers (Non-Microsoft Only) <<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]

\Adobe.Acrobat.ContextMenu - {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll (Adobe Systems Inc.)

\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\PROGRA~1\Grisoft\AVGFRE~1\avgse.dll (GRISOFT, s.r.o.)

\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)

\Trojan Remover - {52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll (Simply Super Software)

\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)

\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)

 

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

 

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]

\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)

\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

 

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

\igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation)

 

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]

\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\PROGRA~1\Grisoft\AVGFRE~1\avgse.dll (GRISOFT, s.r.o.)

\Trojan Remover - {52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll (Simply Super Software)

\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)

 

>>> Column Handlers (Non-Microsoft Only) <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

\{7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalExt.NeroDigitalColumnHandler = C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll (Nero AG)

\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

 

>>> Registry Run Keys <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

Apoint - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)

PadTouch - C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)

LtMoh - C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)

AGRSMMSG - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)

CeEKEY - C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)

- Reg Data missing or invalid ()

TPNF - C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)

TOSHIBA Accessibility - C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe (TOSHIBA)

HWSetup - C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)

SVPWUTIL - C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)

Zooming - C:\WINDOWS\SYSTEM32\ZoomingHook.exe (TOSHIBA)

TCtryIOHook - C:\WINDOWS\SYSTEM32\TCtrlIOHook.exe (TOSHIBA)

TPSMain - C:\WINDOWS\SYSTEM32\TPSMain.exe (TOSHIBA Corporation)

SmoothView - C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe (TOSHIBA Corporation)

Tvs - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)

NDSTray.exe - NDSTray.exe ()

dla - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)

IgfxTray - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

HotKeysCmds - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

TFncKy - TFncKy.exe ()

CFSServ.exe - CFSServ.exe ()

NuTCSetupEnviron - C:\PROGRA~1\RATIONAL\RATION~1\NUTCROOT\bin\ncoeenv.exe ()

DAEMON Tools-1033 - C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)

QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)

WOOWATCH - C:\PROGRA~1\Wanadoo\Watch.exe (France Télécom R&D)

WOOTASKBARICON - C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe ()

MessengerPlus3 - C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou)

MPTBox - C:\Program Files\Canon\MultiPASS4\MPTBox.exe (Canon Inc.)

SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)

VirtualCloneDrive - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)

Babylon Client - C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)

NeroFilterCheck - C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)

Acrobat Assistant 7.0 - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)

AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe (GRISOFT, s.r.o.)

!ewido - C:\Program Files\ewido anti-spyware 4.0\ewido.exe (Anti-Malware Development a.s.)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

IMAIL Installed = 1

MAPI Installed = 1

MSFS Installed = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

CTFMON.EXE - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

TOSCDSPD - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)

Eyeball Chat - C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe ()

MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

MessengerPlus3 - C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou)

BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe (Nero AG)

Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

 

>>> Startup Links <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Image Monitor.lnk - C:\Program Files\Digital Image\Monitor.exe ()

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe ()

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]

C:\Documents and Settings\Yazman\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

C:\Documents and Settings\Yazman\Menu Démarrer\Programmes\Démarrage\DKMessenger.lnk - C:\Program Files\DKware\DKMessenger\DKMessenger.exe ()

C:\Documents and Settings\Yazman\Menu Démarrer\Programmes\Démarrage\Lancement rapide de Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)

C:\Documents and Settings\Yazman\Menu Démarrer\Programmes\Démarrage\WkCalRem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)

 

>>> MSConfig Disabled Items <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

 

[All Users Startup Folder Disabled Items]

 

[Current User Startup Folder Disabled Items]

 

>>> User Agent Post Platform <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

\\SV1 -

 

>>> AppInit Dll's <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

 

>>> Image File Execution Options <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

\Your Image File Name Here without a path - Debugger = ntsd -d

 

>>> Shell Service Object Delay Load <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)

\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

\\UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

 

>>> Shell Execute Hooks <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)

 

>>> Shared Task Scheduler <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

 

>>> Winlogon <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

\\UserInit = C:\WINDOWS\system32\userinit.exe,

\\Shell = Explorer.exe

\\System =

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

\crypt32chain - crypt32.dll = (Microsoft Corporation)

\cryptnet - cryptnet.dll = (Microsoft Corporation)

\cscdll - cscdll.dll = (Microsoft Corporation)

\igfxcui - igfxsrvc.dll = (Intel Corporation)

\ScCertProp - wlnotify.dll = (Microsoft Corporation)

\Schedule - wlnotify.dll = (Microsoft Corporation)

\sclgntfy - sclgntfy.dll = (Microsoft Corporation)

\SensLogn - WlNotify.dll = (Microsoft Corporation)

\termsrv - wlnotify.dll = (Microsoft Corporation)

\wlballoon - wlnotify.dll = (Microsoft Corporation)

 

>>> DNS Name Servers <<<

{01E58180-65A3-4DB5-B76D-F2711A038FFC} - ()

{28B1FF32-8123-4D7E-AE95-86CC5336B5A9} - (SMC ADSL2 Barricade)

[Thanos]

re!

 

J'ai qu'une chose à dire...bien joué les rapports sont propres!! comment fonctionne le pc ?

 

 

je vais repasser te laisser des conseils de sécurité pour sécuriser le pc

 

ps: ton pc doit ramer avec toutes ces applications qui se lancent au démarrage? si tu veux on peut faire un peu d'optimisation.

 

Ouvre HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> enregistre le fichier -> fais-en un copier/coller ici pour finir

Modifié le 18 septembre 2006 par charles ingals