Votre question

Probleme page internet

Tags :
  • Acer
  • Sécurité
Dernière réponse : dans Sécurité et virus
18 Juin 2008 19:49:50

Bonjour a tous ,

Depuis quelque jour quand je vais sur firefox et que je lance une r

recherche sur Google n importe quoi par exemple si je tape "tortue" il va

avoir le résultat avec plusieurs site et j'ai une chance sur deux en

cliquant sur le lien de tomber sur une page qui na aucun rapport

souvent les même page d ailleurs par exemple un dictionnaire turque un site

pornographique ou encore des site de ventes ou des moteur de

recherche(je précise que je n'ai jamais été sur des site comme ceux la

au par avant )et d autre site encore . Que faire pour empêcher ses page

de s afficher et ce que je suis victime d'un virus ?

J'ai déjà fait deux analyse antivirus et ça na rien donné.

Encore plus grave il y a 5 minute mon ordinateur a completement

planter il a changé de site comme décrit juste avant et la boum l'ecran

est devenu tout blanc avec des très de toutes les couleurs

Merci de vos réponse

Autres pages sur : probleme page internet

18 Juin 2008 20:28:19

bonsoir

probablement une infection wareout

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
18 Juin 2008 21:54:08

Voila le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:08, on 18/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\Paul\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 9786 bytes
Contenus similaires
18 Juin 2008 22:08:48

re
pas très causant tout ça...

  • Télécharge SystemScan de la team SuspectFile
  • double-clique dessus (Ignore les alertes de ton antivirus s'il y en a.)
  • Clique sur Unselect all
  • Coche uniquement cette case
    -Recent Files, days old 60 days
    et
    -hidden objects

  • Puis clique sur scan now, soit patient.
  • Une fois qu'il aura terminé, un rapport va s'ouvrir. Poste-le en entier.
    18 Juin 2008 22:34:22

    Voil
    SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

    Running on: Windows VISTA , Service Pack 1 (6001.6.0)
    System directory: C:\Windows
    SystemScan file: C:\Users\Paul\Desktop\sys76369.exe
    Running in: User mode
    Date: 18/06/2008
    Time: 22:30:09

    Output limited to:
    -Recent files
    -Hidden objects

    ===================== RECENT FILES =====================

    Showing files newer than 60 days

    ----- recent files in C:\
    05/06/2008 18:45:53 (DIR) 0 byte 13 days old -- AcerSW
    05/06/2008 23:11:31 (DIR) 0 byte 13 days old -- Users
    05/06/2008 23:12:01 (DIR) 0 byte 13 days old -- $RECYCLE.BIN
    17/06/2008 12:56:04 (DIR) 0 byte 1 days old -- Program Files
    17/06/2008 12:56:04 (DIR) 0 byte 1 days old -- ProgramData
    18/06/2008 14:57:28 (DIR) 0 byte 0 days old -- Downloads
    18/06/2008 16:03:00 (DIR) 0 byte 0 days old -- System Volume Information
    18/06/2008 19:37:15 (DIR)-760926208 byte 0 days old -- pagefile.sys
    18/06/2008 19:37:16 (DIR)-1074606080 byte 0 days old -- hiberfil.sys
    18/06/2008 19:38:03 (DIR) 0 byte 0 days old -- Windows

    ----- recent files in C:\Windows\
    05/06/2008 18:41:38 (DIR) 0 byte 13 days old -- rescache
    05/06/2008 18:44:33 79 byte 13 days old -- MORChangeID.LOG
    05/06/2008 18:44:35 25367 byte 13 days old -- Patch.log
    05/06/2008 19:00:25 (DIR) 0 byte 13 days old -- Debug
    05/06/2008 19:02:01 262162 byte 13 days old -- msxml4-KB936181-enu.LOG
    05/06/2008 19:03:26 0 byte 13 days old -- nsreg.dat
    05/06/2008 19:04:31 (DIR) 0 byte 13 days old -- AppPatch
    05/06/2008 19:09:31 (DIR) 0 byte 13 days old -- SoftwareDistribution
    05/06/2008 19:14:28 25 byte 13 days old -- CDE DX7400DEFGIPS.ini
    05/06/2008 19:14:37 (DIR) 0 byte 13 days old -- twain_32
    05/06/2008 20:16:51 4400 byte 13 days old -- DPINST.LOG
    05/06/2008 22:47:16 263060 byte 13 days old -- msxml4-KB941833-enu.LOG
    06/06/2008 08:58:56 (DIR) 0 byte 12 days old -- Logs
    08/06/2008 11:28:08 119964 byte 10 days old -- DirectX.log
    08/06/2008 15:06:53 (DIR) 0 byte 10 days old -- Registration
    12/06/2008 19:09:44 (DIR) 0 byte 6 days old -- Downloaded Program Files
    13/06/2008 21:06:30 (DIR) 0 byte 5 days old -- Tasks
    15/06/2008 08:42:04 (DIR) 0 byte 3 days old -- ehome
    15/06/2008 12:44:18 (DIR) 0 byte 3 days old -- Microsoft.NET
    15/06/2008 22:30:03 (DIR) 0 byte 3 days old -- winsxs
    15/06/2008 22:30:21 (DIR) 0 byte 3 days old -- assembly
    17/06/2008 18:54:48 (DIR) 0 byte 1 days old -- Installer
    18/06/2008 01:24:57 836 byte 0 days old -- bthservsdp.dat
    18/06/2008 15:04:35 104881 byte 0 days old -- setupact.log
    18/06/2008 19:17:37 890288 byte 0 days old -- WindowsUpdate.log
    18/06/2008 19:37:15 814354 byte 0 days old -- PFRO.log
    18/06/2008 19:43:34 (DIR) 0 byte 0 days old -- inf
    18/06/2008 19:43:34 (DIR) 0 byte 0 days old -- System32
    18/06/2008 21:48:36 67584 byte 0 days old -- bootstat.dat
    18/06/2008 22:29:54 (DIR) 0 byte 0 days old -- Temp
    18/06/2008 22:30:02 (DIR) 0 byte 0 days old -- Prefetch

    ----- recent files in C:\Windows\Downloaded Program Files\

    ----- recent files in C:\Windows\system\

    ----- recent files in C:\Windows\system32\
    23/04/2008 06:41:36 57856 byte 56 days old -- MSDvbNP.ax
    23/04/2008 06:41:36 218624 byte 56 days old -- psisrndr.ax
    23/04/2008 06:42:37 428544 byte 56 days old -- EncDec.dll
    23/04/2008 06:42:37 293376 byte 56 days old -- psisdecd.dll
    25/04/2008 04:12:21 1383424 byte 54 days old -- mshtml.tlb
    25/04/2008 06:35:13 28160 byte 54 days old -- jsproxy.dll
    25/04/2008 06:35:14 3578368 byte 54 days old -- mshtml.dll
    25/04/2008 06:35:16 671232 byte 54 days old -- mstime.dll
    25/04/2008 06:35:19 1166336 byte 54 days old -- urlmon.dll
    25/04/2008 06:35:23 826880 byte 54 days old -- wininet.dll
    26/04/2008 10:08:15 1314816 byte 53 days old -- quartz.dll
    29/04/2008 05:54:02 181760 byte 50 days old -- fsquirt.exe
    10/05/2008 00:22:34 153 byte 39 days old -- RacUREx.xml
    10/05/2008 00:22:34 9127 byte 39 days old -- RacUR.xml
    10/05/2008 05:35:20 885248 byte 39 days old -- RacEngn.dll
    23/05/2008 00:18:54 12288 byte 26 days old -- DivXWMPExtType.dll
    23/05/2008 00:19:12 161096 byte 26 days old -- DivXCodecVersionChecker.exe
    23/05/2008 00:19:44 3067 byte 26 days old -- dtu_fr.qm
    23/05/2008 00:19:46 196608 byte 26 days old -- dtu100.dll
    23/05/2008 00:19:46 416 byte 26 days old -- dtu100.dll.manifest
    23/05/2008 00:19:46 81920 byte 26 days old -- dpl100.dll
    23/05/2008 00:19:46 416 byte 26 days old -- dpl100.dll.manifest
    23/05/2008 00:20:42 1044480 byte 26 days old -- libdivx.dll
    23/05/2008 00:20:42 200704 byte 26 days old -- ssldivx.dll
    23/05/2008 00:22:18 3596288 byte 26 days old -- qt-dx331.dll
    23/05/2008 00:22:22 9878 byte 26 days old -- dsm_fr.qm
    23/05/2008 00:22:22 4816 byte 26 days old -- divxsm.tlb
    23/05/2008 00:22:22 524288 byte 26 days old -- DivXsm.exe
    27/05/2008 10:50:34 57344 byte 22 days old -- QuickTime.qts
    27/05/2008 10:50:34 90112 byte 22 days old -- QuickTimeVR.qtx
    30/05/2008 01:35:11 17486968 byte 19 days old -- mrt.exe
    31/05/2008 01:22:40 630784 byte 18 days old -- divxdec.ax
    31/05/2008 01:22:46 683520 byte 18 days old -- DivX.dll
    31/05/2008 01:22:46 815104 byte 18 days old -- divx_xx0a.dll
    31/05/2008 01:22:48 802816 byte 18 days old -- divx_xx11.dll
    31/05/2008 01:22:48 823296 byte 18 days old -- divx_xx0c.dll
    31/05/2008 01:22:48 823296 byte 18 days old -- divx_xx07.dll
    31/05/2008 01:22:54 294912 byte 18 days old -- dpu10.dll
    31/05/2008 01:22:54 294912 byte 18 days old -- dpu11.dll
    31/05/2008 01:22:54 593920 byte 18 days old -- dpuGUI11.dll
    31/05/2008 01:22:54 57344 byte 18 days old -- dpv11.dll
    31/05/2008 01:22:54 344064 byte 18 days old -- dpus11.dll
    31/05/2008 01:22:58 53248 byte 18 days old -- dpuGUI10.dll
    31/05/2008 01:23:12 8835 byte 18 days old -- dpufr.qm
    05/06/2008 18:40:24 65328 byte 13 days old -- license.rtf
    05/06/2008 19:04:32 (DIR) 0 byte 13 days old -- Boot
    05/06/2008 19:06:07 295976 byte 13 days old -- FNTCACHE.DAT
    05/06/2008 20:26:25 98304 byte 13 days old -- CmdLineExt.dll
    06/06/2008 18:31:48 6450 byte 12 days old -- jupdate-1.6.0_06-b02.log
    07/06/2008 11:32:11 (DIR) 0 byte 11 days old -- NDF
    08/06/2008 11:28:11 669184 byte 10 days old -- pbsvc.exe
    08/06/2008 11:28:12 66872 byte 10 days old -- PnkBstrA.exe
    08/06/2008 11:28:19 103736 byte 10 days old -- PnkBstrB.exe
    08/06/2008 11:30:38 (DIR) 0 byte 10 days old -- URTTEMP
    09/06/2008 23:46:51 (DIR) 0 byte 9 days old -- WDI
    11/06/2008 14:06:53 (DIR) 0 byte 7 days old -- migration
    11/06/2008 19:48:24 (DIR) 0 byte 7 days old -- LogFiles
    16/06/2008 21:18:17 (DIR) 0 byte 2 days old -- Tasks
    18/06/2008 12:58:13 (DIR) 0 byte 0 days old -- catroot2
    18/06/2008 15:06:10 (DIR) 0 byte 0 days old -- catroot
    18/06/2008 15:06:29 (DIR) 0 byte 0 days old -- drivers
    18/06/2008 19:43:34 595748 byte 0 days old -- perfh009.dat
    18/06/2008 19:43:34 105078 byte 0 days old -- perfc009.dat
    18/06/2008 19:43:34 128212 byte 0 days old -- perfc00C.dat
    18/06/2008 19:43:34 1499302 byte 0 days old -- PerfStringBackup.INI
    18/06/2008 19:43:34 679192 byte 0 days old -- perfh00C.dat
    18/06/2008 21:48:44 3216 byte 0 days old -- 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    18/06/2008 21:48:44 3216 byte 0 days old -- 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    18/06/2008 21:48:47 16515 byte 0 days old -- Config.MPF

    ----- recent files in C:\Windows\system32\drivers\
    29/04/2008 03:42:21 29184 byte 50 days old -- BTHUSB.SYS
    29/04/2008 03:42:23 220160 byte 50 days old -- bthport.sys
    10/05/2008 03:33:10 113664 byte 39 days old -- rmcast.sys
    06/06/2008 19:27:30 717296 byte 12 days old -- sptd.sys
    08/06/2008 11:28:26 22328 byte 10 days old -- PnkBstrK.sys
    15/06/2008 08:42:09 (DIR) 0 byte 3 days old -- UMDF
    15/06/2008 08:42:17 0 byte 3 days old -- Msft_User_WpdMtpDr_01_00_00.Wdf

    ----- recent files in C:\Windows\temp\
    05/06/2008 18:41:59 0 byte 13 days old -- sqlite_vtw9Nw7zvPTNar2
    05/06/2008 18:41:59 0 byte 13 days old -- sqlite_7EMNoUHMNf6o0S7
    05/06/2008 18:42:32 19922944 byte 13 days old -- WinSAT_KernelLog.etl
    05/06/2008 18:42:32 33554432 byte 13 days old -- WinSAT_DX.etl
    05/06/2008 18:44:22 4194304 byte 13 days old -- WinSAT_StorageAsmt.etl
    05/06/2008 18:44:52 (DIR) 0 byte 13 days old -- History
    05/06/2008 18:44:52 (DIR) 0 byte 13 days old -- Cookies
    05/06/2008 18:44:52 (DIR) 0 byte 13 days old -- Fichiers Internet temporaires
    05/06/2008 19:02:02 0 byte 13 days old -- sqlite_tmHDaYiBfHOKWXc
    05/06/2008 19:06:32 (DIR) 0 byte 13 days old -- MCE00000
    05/06/2008 19:07:29 1024 byte 13 days old -- sqlite_0av8TxPjRxd4uJT
    05/06/2008 19:07:29 0 byte 13 days old -- sqlite_ANSiTp3b1jXwjPL
    05/06/2008 19:19:15 132 byte 13 days old -- E_S8B8C.tmp
    05/06/2008 19:19:18 118 byte 13 days old -- E_S976F.tmp
    05/06/2008 19:29:36 (DIR) 0 byte 13 days old -- MCE00001
    05/06/2008 19:30:36 0 byte 13 days old -- sqlite_jNqgBxSiwN2IM0c
    05/06/2008 19:30:36 0 byte 13 days old -- sqlite_Rb92a2LKJce8daZ
    05/06/2008 20:29:35 (DIR) 0 byte 13 days old -- CLDigitalHome
    05/06/2008 22:14:21 (DIR) 0 byte 13 days old -- MCE00002
    05/06/2008 22:15:19 0 byte 13 days old -- sqlite_r5uS4syZWI4ctrc
    05/06/2008 22:15:19 0 byte 13 days old -- sqlite_x3bEfgi0QWJGx4Q
    05/06/2008 23:11:32 (DIR) 0 byte 13 days old -- MCE00003
    05/06/2008 23:12:32 1024 byte 13 days old -- sqlite_M0EKnegWjbcYTCY
    05/06/2008 23:12:32 0 byte 13 days old -- sqlite_gZ2ery1qE3ujAMZ
    06/06/2008 00:00:06 0 byte 12 days old -- sqlite_C0bRmKwtQeSf7DM
    06/06/2008 08:07:03 (DIR) 0 byte 12 days old -- MCE00004
    06/06/2008 08:07:07 0 byte 12 days old -- mcmsc_XlNNx9h1bVLHNSJ
    06/06/2008 08:08:03 0 byte 12 days old -- sqlite_GqyToXJ8WrKRZ1D
    06/06/2008 08:08:03 0 byte 12 days old -- sqlite_h1ionwc5LrPH1bJ
    06/06/2008 16:47:07 (DIR) 0 byte 12 days old -- MCE00005
    06/06/2008 16:47:08 0 byte 12 days old -- mcmsc_Zyyd12A3t747Svs
    06/06/2008 16:48:02 0 byte 12 days old -- sqlite_p1fWf2sI8pzVazf
    06/06/2008 16:48:02 0 byte 12 days old -- sqlite_MHeO0k2xTU5TUwe
    06/06/2008 16:55:19 2048 byte 12 days old -- mcafee_J2nm3FgtmGwzvBb
    06/06/2008 17:34:28 1024 byte 12 days old -- mcmsc_3aMMjsVfHSL50Sr
    06/06/2008 18:31:49 0 byte 12 days old -- mcmsc_Ho4UmTb6WVQydyb
    06/06/2008 18:31:49 0 byte 12 days old -- mcmsc_1ieuLmt0VqtkwBf
    06/06/2008 18:54:09 (DIR) 0 byte 12 days old -- MCE00006
    06/06/2008 18:55:08 0 byte 12 days old -- sqlite_FyKkFgsRxPVqtDe
    06/06/2008 18:55:08 0 byte 12 days old -- sqlite_9fbBXEhAYhuooXA
    06/06/2008 19:36:52 (DIR) 0 byte 12 days old -- MCE00007
    06/06/2008 19:36:56 0 byte 12 days old -- mcmsc_VMUWAhmaUEDbPNz
    06/06/2008 19:37:52 0 byte 12 days old -- sqlite_JB1t2dA9ELwf4cw
    06/06/2008 19:37:52 0 byte 12 days old -- sqlite_aaSTDs7rQbxHNKg
    07/06/2008 01:27:05 0 byte 11 days old -- sqlite_uoUKvmrVY3NEzNh
    07/06/2008 08:42:10 (DIR) 0 byte 11 days old -- MCE00008
    07/06/2008 08:42:23 0 byte 11 days old -- sqlite_Ha4wVP9QrmGmZff
    07/06/2008 08:43:10 0 byte 11 days old -- sqlite_PhOhUfcQnaR1HFC
    07/06/2008 08:43:10 0 byte 11 days old -- sqlite_JyH5xtdPbZN27CU
    07/06/2008 16:42:57 (DIR) 0 byte 11 days old -- MCE00009
    07/06/2008 16:43:56 0 byte 11 days old -- sqlite_9Acx4wibhiEtVeI
    07/06/2008 16:43:56 0 byte 11 days old -- sqlite_cE3cfdyfXGQ0i9M
    08/06/2008 02:00:00 0 byte 10 days old -- sqlite_DU5srHpHRJUmhZs
    08/06/2008 15:06:29 6326 byte 10 days old -- ASPNETSetup.log
    08/06/2008 15:07:10 6659 byte 10 days old -- netfxupdate.log
    08/06/2008 18:27:35 25830 byte 10 days old -- netfxsl.log
    08/06/2008 18:28:03 11458 byte 10 days old -- NetFxUpdate_v1.1.4322.log
    09/06/2008 12:10:33 (DIR) 0 byte 9 days old -- MCE0000a
    09/06/2008 12:11:33 0 byte 9 days old -- sqlite_LlvXBQ5Oba7QFdQ
    09/06/2008 12:11:33 0 byte 9 days old -- sqlite_tBqsjYKqgGJR4lC
    09/06/2008 12:12:05 0 byte 9 days old -- sqlite_Ob3cVXxTPanXkRL
    10/06/2008 11:59:31 (DIR) 0 byte 8 days old -- MCE0000b
    10/06/2008 11:59:43 0 byte 8 days old -- sqlite_Ip1y3DPhhwV2KvH
    10/06/2008 12:00:31 0 byte 8 days old -- sqlite_D7rKv4ftqWR6JrT
    10/06/2008 12:00:31 0 byte 8 days old -- sqlite_XcNFYnqMUI8ldK0
    11/06/2008 14:06:31 (DIR) 0 byte 7 days old -- MCE0000c
    11/06/2008 14:06:34 0 byte 7 days old -- mcmsc_31yOMXDnXp12bwm
    11/06/2008 14:08:28 (DIR) 0 byte 7 days old -- MCE0000d
    11/06/2008 14:08:31 0 byte 7 days old -- mcmsc_nRUZgP1mmVi3Aqz
    11/06/2008 14:09:28 0 byte 7 days old -- sqlite_HIccVvj8IpKkXot
    11/06/2008 14:09:28 0 byte 7 days old -- sqlite_6RDNfakzThIdHzB
    11/06/2008 14:12:30 2048 byte 7 days old -- mcafee_ZX4rR2anvjJbjyS
    11/06/2008 16:06:55 1024 byte 7 days old -- mcmsc_Ik414y2ydpuQ5to
    11/06/2008 16:53:07 1024 byte 7 days old -- mcmsc_bdC3a5Q4ne85VTg
    11/06/2008 16:53:07 1024 byte 7 days old -- mcmsc_1ta6ZhrelDiUJyA
    11/06/2008 21:44:29 (DIR) 0 byte 7 days old -- MCE0000e
    11/06/2008 21:44:33 0 byte 7 days old -- mcmsc_ySlwBa0CMkWObak
    11/06/2008 21:44:52 2048 byte 7 days old -- mcafee_D14qWH2DBVQlcAr
    11/06/2008 21:45:29 0 byte 7 days old -- sqlite_bX36hFf8dUYrfua
    11/06/2008 21:45:29 0 byte 7 days old -- sqlite_1VQFGYEGbfRVcbF
    11/06/2008 22:33:03 1024 byte 7 days old -- mcmsc_Q6bkV2kBfyHfQeZ
    12/06/2008 00:20:51 120 byte 6 days old -- fwtsqmfile01.sqm
    12/06/2008 12:11:38 (DIR) 0 byte 6 days old -- MCE0000f
    12/06/2008 12:11:49 0 byte 6 days old -- sqlite_K26lzM26xvkIy9A
    12/06/2008 12:12:38 0 byte 6 days old -- sqlite_mA5uj8IK08xkl2d
    12/06/2008 12:12:38 0 byte 6 days old -- sqlite_hNYtOxt4x8X8T4B
    12/06/2008 18:48:07 (DIR) 0 byte 6 days old -- MCE00010
    12/06/2008 18:49:07 0 byte 6 days old -- sqlite_AMaAV2LCivIYQkh
    12/06/2008 18:49:07 0 byte 6 days old -- sqlite_M5ajDnuP9JF7Uzd
    13/06/2008 08:25:25 0 byte 5 days old -- sqlite_OIQrLIUkq6yoUj7
    13/06/2008 15:40:51 (DIR) 0 byte 5 days old -- MCE00011
    13/06/2008 15:41:51 0 byte 5 days old -- sqlite_PiW9XQU1jYHnVlQ
    13/06/2008 15:41:51 0 byte 5 days old -- sqlite_T8zVmU4bIWy4LJ7
    13/06/2008 21:03:12 (DIR) 0 byte 5 days old -- MCE00012
    13/06/2008 21:03:17 0 byte 5 days old -- mcmsc_rW01ejOyrf1L6iU
    13/06/2008 21:04:12 0 byte 5 days old -- sqlite_r1FD9l90RUpziP9
    13/06/2008 21:04:12 0 byte 5 days old -- sqlite_CNrKmQcmaAdyP3E
    13/06/2008 22:53:31 0 byte 5 days old -- sqlite_AT4fKE52fjhoD6o
    14/06/2008 00:10:41 (DIR) 0 byte 4 days old -- MCE00013
    14/06/2008 00:11:41 0 byte 4 days old -- sqlite_KGc1wO8KWCCHceZ
    14/06/2008 00:11:41 0 byte 4 days old -- sqlite_hYLsTOTvVj6cCb8
    14/06/2008 20:07:56 (DIR) 0 byte 4 days old -- MCE00014
    14/06/2008 20:08:08 0 byte 4 days old -- sqlite_vgV5jzUfk79fM7S
    14/06/2008 20:08:56 0 byte 4 days old -- sqlite_fEvidgZpxV46i8i
    14/06/2008 20:08:56 0 byte 4 days old -- sqlite_HICmUw4fkVBzhEB
    15/06/2008 08:38:09 (DIR) 0 byte 3 days old -- MCE00015
    15/06/2008 08:38:50 0 byte 3 days old -- sqlite_KmxEsdlg6chLDAB
    15/06/2008 08:39:09 0 byte 3 days old -- sqlite_ERQ0ajsJ7cCgGz3
    15/06/2008 08:39:09 0 byte 3 days old -- sqlite_Tm0EB15faE4OoBV
    15/06/2008 20:55:25 (DIR) 0 byte 3 days old -- MCE00016
    15/06/2008 20:56:25 0 byte 3 days old -- sqlite_kdrtJ68yrCDoicP
    15/06/2008 20:56:25 0 byte 3 days old -- sqlite_5tRHEddkWZvhmkK
    15/06/2008 23:19:00 (DIR) 0 byte 3 days old -- MCE00017
    15/06/2008 23:20:00 0 byte 3 days old -- sqlite_J3t0tYUJWO0P7v1
    15/06/2008 23:20:00 0 byte 3 days old -- sqlite_GDlqEDuCR8ouocO
    16/06/2008 12:28:51 (DIR) 0 byte 2 days old -- MCE00018
    16/06/2008 12:29:02 0 byte 2 days old -- sqlite_ZMDt3psVliLE7Ni
    16/06/2008 12:29:51 0 byte 2 days old -- sqlite_0QK9w9TVkEqZqan
    16/06/2008 12:29:51 0 byte 2 days old -- sqlite_Ya6i52Rcscvv4xA
    16/06/2008 16:43:38 (DIR) 0 byte 2 days old -- MCE00019
    16/06/2008 16:44:38 0 byte 2 days old -- sqlite_MxsHMFLLdsZpeet
    16/06/2008 16:44:38 0 byte 2 days old -- sqlite_98GWPNqQxsUhGe8
    16/06/2008 23:56:24 (DIR) 0 byte 2 days old -- MCE0001a
    16/06/2008 23:57:24 0 byte 2 days old -- sqlite_6VmkL7IMun1erNf
    16/06/2008 23:57:24 0 byte 2 days old -- sqlite_zceM64dLKdZHjr4
    17/06/2008 12:51:44 (DIR) 0 byte 1 days old -- MCE0001b
    17/06/2008 12:51:55 0 byte 1 days old -- sqlite_jamVzdNTydQZ0Du
    17/06/2008 12:52:43 0 byte 1 days old -- sqlite_9zQec6t9WRLdeoU
    17/06/2008 12:52:43 0 byte 1 days old -- sqlite_WO8wXXKLbQdbj9Y
    17/06/2008 13:23:24 (DIR) 0 byte 1 days old -- MCE0001c
    17/06/2008 13:23:29 0 byte 1 days old -- mcmsc_afkTsv95nOBdM5B
    17/06/2008 13:24:24 0 byte 1 days old -- sqlite_Qdw9LEquVUHrRuA
    17/06/2008 13:24:24 0 byte 1 days old -- sqlite_wNQSKQao9AT4h1B
    17/06/2008 16:12:06 (DIR) 0 byte 1 days old -- MCE0001d
    17/06/2008 16:13:06 0 byte 1 days old -- sqlite_2onDfyUtUxnhedf
    17/06/2008 16:13:06 0 byte 1 days old -- sqlite_8qN8HCkopRRDCAG
    17/06/2008 16:44:20 (DIR) 0 byte 1 days old -- MCE0001e
    17/06/2008 16:45:20 0 byte 1 days old -- sqlite_iCbaYyDamdq9cYL
    17/06/2008 16:45:20 0 byte 1 days old -- sqlite_wmJNDYQVtKYtgoE
    17/06/2008 20:28:31 (DIR) 0 byte 1 days old -- MCE0001f
    17/06/2008 20:29:31 0 byte 1 days old -- sqlite_xCwIoOI8khD19Z4
    17/06/2008 20:29:31 0 byte 1 days old -- sqlite_hxAva61NMPnvO5j
    18/06/2008 00:20:36 (DIR) 0 byte 0 days old -- MCE00020
    18/06/2008 00:21:36 0 byte 0 days old -- sqlite_82dFv5kBfqzHfhU
    18/06/2008 00:21:36 0 byte 0 days old -- sqlite_uD6KbDQAzAJY603
    18/06/2008 11:43:07 (DIR) 0 byte 0 days old -- MCE00021
    18/06/2008 11:43:11 0 byte 0 days old -- mcmsc_kW2ThGaUrg5wJ6Z
    18/06/2008 11:43:19 0 byte 0 days old -- sqlite_7JEMHxnHpubCq72
    18/06/2008 11:44:07 0 byte 0 days old -- sqlite_8pXrCrZBRQ9V88w
    18/06/2008 11:44:07 0 byte 0 days old -- sqlite_ZwARojkUMfafEsX
    18/06/2008 11:51:02 2048 byte 0 days old -- mcafee_fUNAUYmKgHo8eiv
    18/06/2008 12:16:11 1024 byte 0 days old -- mcmsc_TMb8C5T0b8GfmkW
    18/06/2008 19:37:27 (DIR) 0 byte 0 days old -- MCE00022
    18/06/2008 19:37:31 0 byte 0 days old -- mcmsc_pmG4pC2ADkInfOk
    18/06/2008 19:37:37 2048 byte 0 days old -- mcafee_0s2puxzJGAD8nyn
    18/06/2008 19:38:27 0 byte 0 days old -- sqlite_on16yuT1KV3uRcd
    18/06/2008 19:38:27 0 byte 0 days old -- sqlite_NsmRz08EfafkaNa
    18/06/2008 20:27:01 1024 byte 0 days old -- mcmsc_Kod8hFjlbjjHlod
    18/06/2008 21:54:52 0 byte 0 days old -- mcafee_XZPUaNZaUI9HgJa

    ----- recent files in C:\Program Files\
    05/06/2008 18:41:20 (DIR) 0 byte 13 days old -- Windows NT
    05/06/2008 18:41:20 (DIR) 0 byte 13 days old -- Fichiers communs
    05/06/2008 19:01:52 (DIR) 0 byte 13 days old -- MSXML 4.0
    05/06/2008 19:03:09 (DIR) 0 byte 13 days old -- Mozilla Firefox
    05/06/2008 19:21:44 (DIR) 0 byte 13 days old -- ABBYY FineReader 6.0 Sprint
    05/06/2008 19:22:14 (DIR) 0 byte 13 days old -- epson
    05/06/2008 19:42:56 (DIR) 0 byte 13 days old -- WinRAR
    06/06/2008 08:31:58 (DIR) 0 byte 12 days old -- MSN Messenger
    06/06/2008 08:31:58 (DIR) 0 byte 12 days old -- Windows Live
    06/06/2008 08:31:58 (DIR) 0 byte 12 days old -- Messenger Plus! Live
    06/06/2008 18:31:48 (DIR) 0 byte 12 days old -- Java
    06/06/2008 18:51:26 (DIR) 0 byte 12 days old -- SystemRequirementsLab
    06/06/2008 19:37:44 (DIR) 0 byte 12 days old -- DAEMON Tools Lite
    07/06/2008 22:04:39 (DIR) 0 byte 11 days old -- BitComet
    08/06/2008 11:28:13 (DIR) 0 byte 10 days old -- Acer GameZone
    09/06/2008 12:13:47 (DIR) 0 byte 9 days old -- Adobe
    11/06/2008 14:06:54 (DIR) 0 byte 7 days old -- Windows Mail
    11/06/2008 15:08:29 (DIR) 0 byte 7 days old -- Common Files
    11/06/2008 15:08:36 (DIR) 0 byte 7 days old -- DivX
    13/06/2008 08:29:23 (DIR) 0 byte 5 days old -- SiteAdvisor
    15/06/2008 22:30:00 (DIR) 0 byte 3 days old -- Paint.NET
    16/06/2008 20:34:40 (DIR) 0 byte 2 days old -- Apple Software Update
    16/06/2008 20:35:31 (DIR) 0 byte 2 days old -- QuickTime
    16/06/2008 20:35:34 (DIR) 0 byte 2 days old -- Internet Explorer
    17/06/2008 12:56:03 (DIR) 0 byte 1 days old -- InstallShield Installation Information
    17/06/2008 18:54:54 (DIR) 0 byte 1 days old -- Microsoft Games
    17/06/2008 20:28:30 (DIR) 0 byte 1 days old -- McAfee

    ----- recent files in C:\Program Files\Common Files\
    05/06/2008 19:25:34 (DIR) 0 byte 13 days old -- InstallShield
    05/06/2008 20:13:18 (DIR) 0 byte 13 days old -- WindowsLiveInstaller
    06/06/2008 18:22:57 (DIR) 0 byte 12 days old -- Java
    06/06/2008 20:28:24 (DIR) 0 byte 12 days old -- Microsoft Games
    08/06/2008 11:13:33 (DIR) 0 byte 10 days old -- microsoft shared
    09/06/2008 12:14:01 (DIR) 0 byte 9 days old -- Adobe
    11/06/2008 15:08:29 (DIR) 0 byte 7 days old -- PX Storage Engine

    ----- recent files in C:\Users\Paul\AppData\Roaming\
    05/06/2008 18:48:21 (DIR) 0 byte 13 days old -- Identities
    05/06/2008 18:48:33 (DIR) 0 byte 13 days old -- ATI
    05/06/2008 18:48:34 (DIR) 0 byte 13 days old -- Macromedia
    05/06/2008 18:48:43 (DIR) 0 byte 13 days old -- SiteAdvisor
    05/06/2008 19:03:13 (DIR) 0 byte 13 days old -- Mozilla
    05/06/2008 19:03:51 (DIR) 0 byte 13 days old -- Talkback
    05/06/2008 19:38:12 (DIR) 0 byte 13 days old -- CyberLink
    05/06/2008 19:45:47 (DIR) 0 byte 13 days old -- WinRAR
    05/06/2008 20:07:46 (DIR) 0 byte 13 days old -- Yahoo!
    06/06/2008 18:50:55 (DIR) 0 byte 12 days old -- SystemRequirementsLab
    06/06/2008 19:27:11 (DIR) 0 byte 12 days old -- DAEMON Tools
    06/06/2008 22:46:27 (DIR) 0 byte 12 days old -- PeerNetworking
    06/06/2008 22:46:27 27503 byte 12 days old -- UserTile.png
    07/06/2008 11:09:21 (DIR) 0 byte 11 days old -- Adobe
    07/06/2008 21:59:36 (DIR) 0 byte 11 days old -- eSobi
    08/06/2008 11:28:26 22328 byte 10 days old -- PnkBstrK.sys
    18/06/2008 19:15:58 (DIR) 0 byte 0 days old -- Microsoft

    ----- recent files in C:\Users\Paul\AppData\Local\Temp\
    04/06/2008 19:37:00 8130528 byte 14 days old -- xpinstall.exe
    06/06/2008 15:09:05 450000000 byte 12 days old -- 8kd63pb3.rar
    06/06/2008 18:17:35 172948410 byte 12 days old -- 2g8ei4oj.rar
    06/06/2008 18:19:20 8262 byte 12 days old -- jinstall.cfg
    06/06/2008 18:20:34 1045 byte 12 days old -- java_install_sp.log
    06/06/2008 18:31:29 0 byte 12 days old -- java_install.log
    06/06/2008 18:31:51 (DIR) 0 byte 12 days old -- hsperfdata_Paul
    06/06/2008 19:47:39 13592 byte 12 days old -- temp.ani
    06/06/2008 20:11:24 77824 byte 12 days old -- 20fab.mst
    06/06/2008 20:11:24 77824 byte 12 days old -- 76da88.mst
    06/06/2008 20:28:38 (DIR) 0 byte 12 days old -- {0237C21E-509E-47C7-B59D-4FAF82259A42}
    06/06/2008 20:28:51 72192 byte 12 days old -- ~e5.0001
    06/06/2008 20:30:29 (DIR) 0 byte 12 days old -- UCDebugger
    06/06/2008 22:13:36 3730 byte 12 days old -- SetupExe(20080606221336738).log
    06/06/2008 22:13:42 17190 byte 12 days old -- UserInfoSetup(20080606221337738).log
    07/06/2008 09:13:26 2729 byte 11 days old -- CdMkr70.ini
    07/06/2008 09:13:27 1523712 byte 11 days old -- ~DF678D.tmp
    07/06/2008 09:20:36 3065717 byte 11 days old -- gow_patch1_JeuxVideo.com_13496.zip
    07/06/2008 11:09:09 (DIR) 0 byte 11 days old -- Adobe
    07/06/2008 11:12:55 442424 byte 11 days old -- Gears_of_War_Patch_FR.rar
    07/06/2008 13:26:01 (DIR) 0 byte 11 days old -- plugtmp
    07/06/2008 16:43:54 31832 byte 11 days old -- Vezier.bmp
    07/06/2008 16:43:54 49208 byte 11 days old -- Invité.bmp
    07/06/2008 16:43:54 31832 byte 11 days old -- Clément.bmp
    07/06/2008 19:02:18 1728 byte 11 days old -- help.txt
    07/06/2008 19:02:18 3072 byte 11 days old -- CH.dll
    07/06/2008 22:05:02 16384 byte 11 days old -- ~DF6571.tmp
    08/06/2008 11:31:08 6515 byte 10 days old -- ASPNETSetup.log
    08/06/2008 11:31:30 2737436 byte 10 days old -- netfx.log
    08/06/2008 11:31:31 2276 byte 10 days old -- dotNetFx.log
    08/06/2008 15:48:35 (DIR) 0 byte 10 days old -- bc_cache
    08/06/2008 17:02:21 3734 byte 10 days old -- SetupExe(200806081702201A9C).log
    08/06/2008 17:02:28 17192 byte 10 days old -- UserInfoSetup(200806081702211A9C).log
    08/06/2008 17:19:08 (DIR) 0 byte 10 days old -- msohtmlclip
    08/06/2008 18:35:18 3733 byte 10 days old -- SetupExe(20080608183518304).log
    08/06/2008 18:35:24 17191 byte 10 days old -- UserInfoSetup(20080608183519304).log
    08/06/2008 22:35:07 3737 byte 10 days old -- SetupExe(200806082235071DF0).log
    08/06/2008 22:35:18 17193 byte 10 days old -- UserInfoSetup(200806082235081DF0).log
    09/06/2008 12:13:24 16384 byte 9 days old -- ~DF8303.tmp
    09/06/2008 12:13:27 642 byte 9 days old -- {AC76BA86-7AD7-1036-7B44-A81000000003}.ini
    09/06/2008 12:13:41 531 byte 9 days old -- {AC76BA86-7AD7-1036-7B44-A81200000003}.ini
    09/06/2008 12:16:46 3728 byte 9 days old -- SetupExe(2008060912164412A4).log
    09/06/2008 12:16:53 17190 byte 9 days old -- UserInfoSetup(2008060912164712A4).log
    09/06/2008 18:57:42 3733 byte 9 days old -- SetupExe(200806091857426DC).log
    09/06/2008 18:57:48 17191 byte 9 days old -- UserInfoSetup(200806091857436DC).log
    09/06/2008 20:12:38 3733 byte 9 days old -- SetupExe(20080609201238FF0).log
    09/06/2008 20:13:45 17191 byte 9 days old -- UserInfoSetup(20080609201239FF0).log
    09/06/2008 20:18:40 3733 byte 9 days old -- SetupExe(20080609201840480).log
    09/06/2008 20:18:47 17191 byte 9 days old -- UserInfoSetup(20080609201840480).log
    09/06/2008 21:49:02 3733 byte 9 days old -- SetupExe(20080609214902AC0).log
    09/06/2008 21:49:07 17191 byte 9 days old -- UserInfoSetup(20080609214902AC0).log
    09/06/2008 21:55:08 (DIR) 0 byte 9 days old -- msohtmlclip1
    09/06/2008 21:58:16 3733 byte 9 days old -- SetupExe(20080609215816578).log
    09/06/2008 21:58:21 17191 byte 9 days old -- UserInfoSetup(20080609215817578).log
    09/06/2008 22:14:11 3734 byte 9 days old -- SetupExe(2008060922141010BC).log
    09/06/2008 22:16:18 17192 byte 9 days old -- UserInfoSetup(2008060922141110BC).log
    10/06/2008 13:20:13 3731 byte 8 days old -- SetupExe(2008061013201216C8).log
    10/06/2008 13:20:19 17191 byte 8 days old -- UserInfoSetup(2008061013201316C8).log
    10/06/2008 13:21:39 3731 byte 8 days old -- SetupExe(2008061013213916F4).log
    10/06/2008 13:21:47 17365 byte 8 days old -- UserInfoSetup(2008061013213916F4).log
    10/06/2008 19:25:45 3733 byte 8 days old -- SetupExe(20080610192545BF8).log
    10/06/2008 19:25:57 17602 byte 8 days old -- UserInfoSetup(20080610192545BF8).log
    11/06/2008 21:22:10 512 byte 7 days old -- ~DFF56E.tmp
    11/06/2008 21:22:14 512 byte 7 days old -- ~DF386.tmp
    11/06/2008 21:22:15 294912 byte 7 days old -- ~DFF552.tmp
    11/06/2008 21:22:15 294912 byte 7 days old -- ~DF380.tmp
    11/06/2008 21:33:59 4081834 byte 7 days old -- fla95AD.tmp
    12/06/2008 18:55:40 3727 byte 6 days old -- SetupExe(20080612185539C34).log
    12/06/2008 18:56:05 17189 byte 6 days old -- UserInfoSetup(20080612185540C34).log
    13/06/2008 12:53:16 3733 byte 5 days old -- SetupExe(200806131253166C8).log
    13/06/2008 12:53:22 17191 byte 5 days old -- UserInfoSetup(200806131253166C8).log
    13/06/2008 17:37:41 (DIR) 0 byte 5 days old -- eDatasecurity
    15/06/2008 16:09:23 491 byte 3 days old -- wmsetup.log
    15/06/2008 22:29:24 (DIR) 0 byte 3 days old -- Rar$EX00.931
    15/06/2008 22:29:56 123 byte 3 days old -- CFG3DBC.tmp
    15/06/2008 22:30:05 190 byte 3 days old -- PdnMsiInstall.log
    15/06/2008 22:30:05 6053 byte 3 days old -- PdnSetupNgenInstall.log
    15/06/2008 22:30:24 (DIR) 0 byte 3 days old -- PdnSetup2
    15/06/2008 22:49:50 (DIR) 0 byte 3 days old -- Rar$DR14.980
    16/06/2008 20:35:34 4013 byte 2 days old -- qtplugin.log
    16/06/2008 20:35:36 1316 byte 2 days old -- QTInstallCode.log
    16/06/2008 21:18:49 (DIR) 0 byte 2 days old -- {c27573d3-3d04-4a48-9873-26b332d53e6f}
    16/06/2008 21:35:16 (DIR) 0 byte 2 days old -- ConnectionManager_Pro_Corpo_FRA
    16/06/2008 21:35:22 (DIR) 0 byte 2 days old -- ispA838.tmp
    16/06/2008 21:36:00 107512 byte 2 days old -- Set5282.tmp
    17/06/2008 12:56:01 87 byte 1 days old -- setup.log
    17/06/2008 18:35:34 (DIR) 0 byte 1 days old -- plugtmp-1
    18/06/2008 14:57:35 (DIR) 0 byte 0 days old -- bc_tmp
    18/06/2008 15:06:14 (DIR) 0 byte 0 days old -- CDM
    18/06/2008 15:53:57 1544 byte 0 days old -- java_install_reg.log
    18/06/2008 19:16:18 512 byte 0 days old -- ~DF6F3B.tmp
    18/06/2008 19:16:18 327680 byte 0 days old -- ~DF6F28.tmp
    18/06/2008 19:16:21 327680 byte 0 days old -- ~DF9314.tmp
    18/06/2008 19:16:21 512 byte 0 days old -- ~DF931A.tmp
    18/06/2008 19:32:50 (DIR) 0 byte 0 days old -- plugtmp-2
    18/06/2008 19:33:41 2814308 byte 0 days old -- fla73BC.tmp
    18/06/2008 19:37:39 (DIR) 0 byte 0 days old -- WPDNSE
    18/06/2008 19:42:35 4268 byte 0 days old -- jusched.log
    18/06/2008 19:58:30 31832 byte 0 days old -- Paul.bmp
    18/06/2008 20:33:58 (DIR) 0 byte 0 days old -- Low
    18/06/2008 22:16:54 16384 byte 0 days old -- ~DF8D37.tmp
    18/06/2008 22:16:55 16384 byte 0 days old -- ~DF85BD.tmp
    18/06/2008 22:16:57 327680 byte 0 days old -- ~DF858B.tmp
    18/06/2008 22:16:57 327680 byte 0 days old -- ~DF8D2C.tmp
    18/06/2008 22:17:30 16384 byte 0 days old -- ~DF9073.tmp
    18/06/2008 22:22:44 (DIR) 0 byte 0 days old -- nsuF2BB.tmp
    18/06/2008 22:29:50 34 byte 0 days old -- systemscan.ini
    18/06/2008 22:29:52 (DIR) 0 byte 0 days old -- MessengerCache
    18/06/2008 22:29:52 (DIR) 0 byte 0 days old -- nst4434.tmp
    18/06/2008 22:29:52 16384 byte 0 days old -- ~DFBFB3.tmp

    ===================== HIDDEN OBJECTS =====================

    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583f14174]
    "001e7dc907a3"=hex:e1,ac,39,29,e1,81,59,b6,63,f1,99,00,c7,95,e9,c7
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:e8,72,49,e1,f2,36,65,a4,61,4d,33,0b,07,01,01,f4,39,4d,0c,8d,cc,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,b7,c8,51,c8,ad,6f,ee,2c,43,ea,ac,d7,29,51,e1,c8,a9,..
    "khjeh"=hex:05,9d,d0,87,54,3f,7c,9b,43,f3,0e,ea,60,df,0e,8d,e7,ca,d1,8b,1a,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:5c,12,1c,9b,6c,df,47,d9,73,0a,ce,49,ed,76,f9,2e,02,ea,88,58,c1,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001583f14174]
    "001e7dc907a3"=hex:e1,ac,39,29,e1,81,59,b6,63,f1,99,00,c7,95,e9,c7
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:e8,72,49,e1,f2,36,65,a4,61,4d,33,0b,07,01,01,f4,39,4d,0c,8d,cc,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,b7,c8,51,c8,ad,6f,ee,2c,43,ea,ac,d7,29,51,e1,c8,a9,..
    "khjeh"=hex:05,9d,d0,87,54,3f,7c,9b,43,f3,0e,ea,60,df,0e,8d,e7,ca,d1,8b,1a,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:5c,12,1c,9b,6c,df,47,d9,73,0a,ce,49,ed,76,f9,2e,02,ea,88,58,c1,..

    scanning hidden registry entries ...

    scanning hidden files ...


    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 19


    ===================== RUSTOCK ROOTKIT DETECTION =====================


    #### NOTHING FOUND ####

    ==========================================
    Scan completed in 3,9 minutes
    End of report


    ~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
    SystemScan uses some freeware tools that remain property of their authors:

    * SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
    * dumphive (Markus Stephany)--> "Registry scan"
    * Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
    * Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
    ---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log

    Thanks to all of them for their hard work

    18 Juin 2008 22:35:10

    voila de la lecture ^^
    18 Juin 2008 22:42:53

    re

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    ajoute un nouveau rapport Hijackthis.

    19 Juin 2008 12:47:17

    Voila mais par contre est ce normale que je n'ai pas pu me connecter pendant 10 minutes ?Après l utilisation du programme .
    ComboFix 08-06-16.5 - Paul 2008-06-19 12:20:52.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1984 [GMT 2:00]
    Endroit: C:\Users\Paul\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-19 to 2008-06-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-19 12:19 . 2008-06-19 12:20 <REP> d-------- C:\327882R2FWJFW
    2008-06-17 13:23 . 2008-06-17 13:23 <REP> d-------- C:\Users\Vezier\AppData\Roaming\DAEMON Tools
    2008-06-17 00:04 . 2008-06-17 00:04 <REP> d-------- C:\Users\Clément\AppData\Roaming\DAEMON Tools
    2008-06-16 21:35 . 1998-06-17 18:07 57,344 --------- C:\Windows\System32\Mfc42loc.dll
    2008-06-16 20:35 . 2008-06-16 20:35 <REP> d-------- C:\Users\All Users\Apple Computer
    2008-06-16 20:35 . 2008-06-16 20:35 <REP> d-------- C:\ProgramData\Apple Computer
    2008-06-16 20:35 . 2008-06-16 20:35 <REP> d-------- C:\Program Files\QuickTime
    2008-06-16 20:34 . 2008-06-16 20:34 <REP> d-------- C:\Users\All Users\Apple
    2008-06-16 20:34 . 2008-06-16 20:34 <REP> d-------- C:\ProgramData\Apple
    2008-06-16 20:34 . 2008-06-16 20:34 <REP> d-------- C:\Program Files\Apple Software Update
    2008-06-15 22:29 . 2008-06-15 22:30 <REP> d-------- C:\Program Files\Paint.NET
    2008-06-15 08:42 . 2008-06-15 08:42 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2008-06-14 20:32 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
    2008-06-14 20:32 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
    2008-06-14 20:32 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
    2008-06-14 20:32 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
    2008-06-12 12:15 . 2008-05-10 05:35 885,248 --a------ C:\Windows\System32\RacEngn.dll
    2008-06-12 12:15 . 2008-05-10 00:22 9,127 --a------ C:\Windows\System32\RacUR.xml
    2008-06-12 12:15 . 2008-05-10 00:22 153 --a------ C:\Windows\System32\RacUREx.xml
    2008-06-11 15:08 . 2008-06-11 15:08 <REP> d-------- C:\Program Files\DivX
    2008-06-11 15:08 . 2008-06-11 15:08 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
    2008-06-09 12:13 . 2008-06-09 12:14 <REP> d-------- C:\Program Files\Common Files\Adobe
    2008-06-08 15:36 . 2008-06-19 02:36 836 --a------ C:\Windows\bthservsdp.dat
    2008-06-08 11:30 . 2008-06-08 11:30 <REP> d-------- C:\Windows\System32\URTTEMP
    2008-06-08 11:28 . 2008-06-10 14:02 <REP> d-a------ C:\Users\All Users\TEMP
    2008-06-08 11:28 . 2008-06-10 14:02 <REP> d-a------ C:\ProgramData\TEMP
    2008-06-08 11:28 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
    2008-06-08 11:28 . 2007-05-16 16:45 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll
    2008-06-08 11:28 . 2008-06-08 11:28 669,184 --a------ C:\Windows\System32\pbsvc.exe
    2008-06-08 11:28 . 2007-05-16 16:45 443,752 --a------ C:\Windows\System32\d3dx10_34.dll
    2008-06-08 11:28 . 2008-06-08 11:28 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
    2008-06-08 11:28 . 2008-06-08 11:28 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
    2008-06-08 11:28 . 2008-06-08 11:28 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
    2008-06-08 11:28 . 2008-06-08 11:28 22,328 --a------ C:\Users\Paul\AppData\Roaming\PnkBstrK.sys
    2008-06-08 11:27 . 2008-06-08 11:27 <REP> d-------- C:\Users\All Users\Media Center Programs
    2008-06-08 11:27 . 2008-06-08 11:27 <REP> d-------- C:\ProgramData\Media Center Programs
    2008-06-07 22:42 . 2008-06-07 22:42 <REP> d-------- C:\Users\Public\Crysis_for_wawamania
    2008-06-07 22:05 . 2008-06-18 14:57 <REP> d-------- C:\Downloads
    2008-06-07 22:04 . 2008-06-07 22:04 <REP> d-------- C:\Program Files\BitComet
    2008-06-07 21:59 . 2008-06-07 21:59 <REP> d-------- C:\Users\Paul\AppData\Roaming\eSobi
    2008-06-07 21:00 . 2008-06-07 21:00 <REP> d-------- C:\Users\Clément\AppData\Roaming\Talkback
    2008-06-07 21:00 . 2008-06-07 21:00 <REP> d-------- C:\Users\Clément\AppData\Roaming\Mozilla
    2008-06-06 22:46 . 2008-06-06 22:46 <REP> d-------- C:\Users\Paul\AppData\Roaming\PeerNetworking
    2008-06-06 20:28 . 2008-06-06 20:28 <REP> d-------- C:\Program Files\Common Files\Microsoft Games
    2008-06-06 20:28 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
    2008-06-06 20:28 . 2007-03-12 16:42 3,495,784 --a------ C:\Windows\System32\d3dx9_33.dll
    2008-06-06 20:28 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
    2008-06-06 20:28 . 2007-03-12 16:42 1,123,696 --a------ C:\Windows\System32\D3DCompiler_33.dll
    2008-06-06 20:28 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
    2008-06-06 20:28 . 2007-03-15 16:57 443,752 --a------ C:\Windows\System32\d3dx10_33.dll
    2008-06-06 20:28 . 2006-09-28 16:05 237,848 --a------ C:\Windows\System32\xactengine2_4.dll
    2008-06-06 20:28 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll
    2008-06-06 20:28 . 2006-09-28 16:03 15,128 --a------ C:\Windows\System32\x3daudio1_1.dll
    2008-06-06 19:37 . 2008-06-06 19:37 <REP> d-------- C:\Program Files\DAEMON Tools Lite
    2008-06-06 19:27 . 2008-06-06 19:27 <REP> d-------- C:\Users\Paul\AppData\Roaming\DAEMON Tools
    2008-06-06 19:27 . 2008-06-06 19:27 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
    2008-06-06 18:50 . 2008-06-06 18:50 <REP> d-------- C:\Users\Paul\AppData\Roaming\SystemRequirementsLab
    2008-06-06 18:50 . 2008-06-06 18:51 <REP> d-------- C:\Program Files\SystemRequirementsLab
    2008-06-06 18:31 . 2008-06-06 18:31 <REP> d-------- C:\Program Files\Java
    2008-06-06 18:22 . 2008-06-06 18:22 <REP> d-------- C:\Program Files\Common Files\Java
    2008-06-06 13:55 . 2008-06-06 13:55 <REP> d-------- C:\Users\All Users\Messenger Plus!
    2008-06-06 13:55 . 2008-06-06 13:55 <REP> d-------- C:\ProgramData\Messenger Plus!
    2008-06-06 08:31 . 2008-06-06 08:31 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-06-05 23:21 . 2008-06-05 23:21 <REP> d-------- C:\Users\Clément\AppData\Roaming\Yahoo!
    2008-06-05 23:17 . 2008-06-05 23:17 <REP> d-------- C:\Users\Clément\AppData\Roaming\Adobe
    2008-06-05 23:12 . 2008-06-05 23:12 <REP> d-------- C:\Users\Clément\AppData\Roaming\SiteAdvisor
    2008-06-05 23:12 . 2008-06-05 23:12 <REP> d-------- C:\Users\Clément\AppData\Roaming\Macromedia
    2008-06-05 23:12 . 2008-06-05 23:12 <REP> d-------- C:\Users\Clément\AppData\Roaming\ATI
    2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Videos
    2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Videos
    2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Searches
    2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Searches
    2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Saved Games
    2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Saved Games
    2008-06-05 23:11 . 2008-06-19 01:41 <REP> dr------- C:\Users\Clément\Pictures
    2008-06-05 23:11 . 2008-06-19 01:41 <REP> dr------- C:\Users\Clément\Pictures
    2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Music
    2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Music
    2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Links
    2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Links
    2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Favorites
    2008-06-05 23:11 . 2008-06-05 23:11 <REP> dr------- C:\Users\Clément\Favorites
    2008-06-05 23:11 . 2008-06-06 14:17 <REP> dr------- C:\Users\Clément\Downloads
    2008-06-05 23:11 . 2008-06-06 14:17 <REP> dr------- C:\Users\Clément\Downloads
    2008-06-05 23:11 . 2008-06-14 00:37 <REP> dr------- C:\Users\Clément\Documents
    2008-06-05 23:11 . 2008-06-14 00:37 <REP> dr------- C:\Users\Clément\Documents
    2008-06-05 23:11 . 2008-06-10 13:32 <REP> dr------- C:\Users\Clément\Desktop
    2008-06-05 23:11 . 2008-06-10 13:32 <REP> dr------- C:\Users\Clément\Desktop
    2008-06-05 23:11 . 2008-06-06 00:20 <REP> dr------- C:\Users\Clément\Contacts
    2008-06-05 23:11 . 2008-06-06 00:20 <REP> dr------- C:\Users\Clément\Contacts
    2008-06-05 23:11 . 2008-06-13 17:03 <REP> d---s---- C:\Users\Clément\AppData\Roaming\Microsoft
    2008-06-05 23:11 . 2006-11-02 14:37 <REP> d-------- C:\Users\Clément\AppData\Roaming\Media Center Programs
    2008-06-05 23:11 . 2008-06-05 23:11 <REP> d-------- C:\Users\Clément\AppData\Roaming\Identities
    2008-06-05 23:11 . 2008-03-21 13:35 <REP> d-------- C:\Users\Clément\AppData\Roaming\Acer GameZone Console
    2008-06-05 23:11 . 2008-06-05 23:11 <REP> d--h----- C:\Users\Clément\AppData
    2008-06-05 23:11 . 2008-06-05 23:11 <REP> d--h----- C:\Users\Clément\AppData
    2008-06-05 23:11 . 2008-06-05 23:11 <REP> d-------- C:\Users\Clément
    2008-06-05 23:11 . 2008-06-19 12:20 1,572,864 --ahs---- C:\Users\Clément\NTUSER.DAT
    2008-06-05 23:11 . 2008-06-19 12:20 1,572,864 --ahs---- C:\Users\Clément\NTUSER.DAT
    2008-06-05 20:26 . 2008-06-05 20:26 98,304 --a------ C:\Windows\System32\CmdLineExt.dll
    2008-06-05 20:16 . 2008-06-06 08:31 <REP> d-------- C:\Program Files\MSN Messenger
    2008-06-05 20:09 . 2008-06-05 20:09 <REP> d-------- C:\Users\All Users\WLInstaller
    2008-06-05 20:09 . 2008-06-05 20:09 <REP> d-------- C:\ProgramData\WLInstaller
    2008-06-05 20:09 . 2008-06-06 08:31 <REP> d-------- C:\Program Files\Windows Live
    2008-06-05 20:09 . 2008-06-05 20:13 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-06-05 20:07 . 2008-06-05 20:07 <REP> d-------- C:\Users\Paul\AppData\Roaming\Yahoo!
    2008-06-05 19:38 . 2008-06-05 19:38 <REP> d-------- C:\Users\Paul\AppData\Roaming\CyberLink
    2008-06-05 19:31 . 2008-06-05 19:31 <REP> d-------- C:\Users\Vezier\AppData\Roaming\Talkback
    2008-06-05 19:27 . 2008-06-05 19:27 <REP> d-------- C:\Users\Vezier\AppData\Roaming\Yahoo!
    2008-06-05 19:27 . 2008-06-05 19:27 <REP> d-------- C:\Users\All Users\Yahoo! Companion
    2008-06-05 19:27 . 2008-06-05 19:27 <REP> d-------- C:\ProgramData\Yahoo! Companion
    2008-06-05 19:23 . 2008-06-05 19:23 <REP> d-------- C:\Users\All Users\UDL
    2008-06-05 19:23 . 2008-06-05 19:23 <REP> d-------- C:\ProgramData\UDL
    2008-06-05 19:21 . 2008-06-05 19:21 <REP> d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
    2008-06-05 19:20 . 2008-06-05 19:20 <REP> d-------- C:\Users\Vezier\AppData\Roaming\InstallShield
    2008-06-05 19:19 . 2008-06-05 19:19 <REP> d-------- C:\Users\All Users\EPSON
    2008-06-05 19:19 . 2008-06-05 19:19 <REP> d-------- C:\ProgramData\EPSON
    2008-06-05 19:15 . 2006-12-08 04:04 76,800 --a------ C:\Windows\System32\E_FLBCDE.DLL
    2008-06-05 19:15 . 2006-04-19 04:00 62,976 --a------ C:\Windows\System32\E_FD4BCDE.DLL
    2008-06-05 19:15 . 2004-09-10 22:12 49,152 --a------ C:\Windows\System32\E_DCINST.DLL
    2008-06-05 19:14 . 2008-06-05 19:22 <REP> d-------- C:\Program Files\epson
    2008-06-05 19:14 . 2007-03-27 00:00 67,072 --a------ C:\Windows\System32\escwiad.dll
    2008-06-05 19:14 . 2008-06-05 19:14 25 --a------ C:\Windows\CDE DX7400DEFGIPS.ini
    2008-06-05 19:03 . 2008-06-05 19:03 <REP> d-------- C:\Users\Paul\AppData\Roaming\Talkback
    2008-06-05 19:03 . 2008-06-05 19:03 0 --a------ C:\Windows\nsreg.dat

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-19 10:20 1,572,864 --sha-w C:\Users\Clément\NTUSER.DAT
    2008-06-19 10:20 1,572,864 --sha-w C:\Users\Clément\NTUSER.DAT
    2008-06-17 18:28 --------- d-----w C:\Program Files\McAfee
    2008-06-17 16:54 --------- d-----w C:\Program Files\Microsoft Games
    2008-06-17 10:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-16 22:04 --------- d-----w C:\Users\Clément\AppData\Roaming\DAEMON Tools
    2008-06-13 15:03 --------- d-s---w C:\Users\Clément\AppData\Roaming\Microsoft
    2008-06-13 06:29 --------- d-----w C:\Program Files\SiteAdvisor
    2008-06-11 12:06 --------- d-----w C:\Program Files\Windows Mail
    2008-06-08 09:28 --------- d-----w C:\Program Files\Acer GameZone
    2008-06-07 19:00 --------- d-----w C:\Users\Clément\AppData\Roaming\Talkback
    2008-06-07 19:00 --------- d-----w C:\Users\Clément\AppData\Roaming\Mozilla
    2008-06-05 21:21 --------- d-----w C:\Users\Clément\AppData\Roaming\Yahoo!
    2008-06-05 21:17 --------- d-----w C:\Users\Clément\AppData\Roaming\Adobe
    2008-06-05 21:12 --------- d-----w C:\Users\Clément\AppData\Roaming\SiteAdvisor
    2008-06-05 21:12 --------- d-----w C:\Users\Clément\AppData\Roaming\Macromedia
    2008-06-05 21:12 --------- d-----w C:\Users\Clément\AppData\Roaming\ATI
    2008-06-05 21:11 --------- d-----w C:\Users\Clément\AppData\Roaming\Identities
    2008-06-05 20:48 --------- d-----w C:\ProgramData\Microsoft Help
    2008-06-05 17:38 --------- d-----w C:\ProgramData\CyberLink
    2008-06-05 17:25 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-06-05 16:41 --------- d-sh--w C:\ProgramData\Modèles
    2008-06-05 16:41 --------- d-sh--w C:\ProgramData\Menu Démarrer
    2008-06-05 16:41 --------- d-sh--w C:\ProgramData\Favoris
    2008-06-05 16:41 --------- d-sh--w C:\ProgramData\Bureau
    2008-06-05 16:41 --------- d-sh--w C:\Program Files\Fichiers communs
    2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
    2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
    2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
    2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
    2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
    2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
    2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
    2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
    2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
    2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
    2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
    2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
    2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe
    2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
    2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
    2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
    2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
    2008-03-21 11:11 319,456 ----a-w C:\Windows\DIFxAPI.dll
    2008-03-21 11:10 315,392 ----a-w C:\Windows\HideWin.exe
    2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @={30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}

    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-03-05 00:38 121392 --a------ C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:23 1233920]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 04:25 125952]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 04:25 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-21 17:51 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-21 17:50 8497696]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-21 17:51 81920]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 20:53 4702208 C:\Windows\RtHDVCpl.exe]
    "Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2008-01-09 19:43 326176]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 00:38 526896]
    "PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 19:49 204908]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 23:57 36640]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
    "Apanel"="C:\ACERSW\config\NewSetApanel.cmd" [ ]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
    "eRecoveryService"="" []
    "NVRaidService"="C:\Windows\system32\nvraidservice.exe" [2007-12-07 15:28 196128]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2008-03-21 13:29:37 535336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERDV~2\Kernel\Burner\MKDMP3Enc.ACM

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{9A0FC0E6-C41A-491D-85B2-7B42B0C4D7B6}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{9272E7EA-E5B0-4E65-AA03-61B849992A79}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{0590D135-20CF-4616-83A2-B4D64D7A7ADC}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
    "{40F60C6C-DD8E-40B8-AB34-5061C567E010}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
    "{EC714915-D3A6-43D3-B785-23155F4ED9A6}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
    "{8FB6D042-3CF4-407D-A2E9-A1CE05C41456}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
    "{542BA28B-703D-48DB-B83F-94E757E578BF}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
    "{B34DAF09-668F-41FD-94EB-A7A892360F5C}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
    "{A924C65E-76C0-4E34-9E09-9FC3F7E6691A}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
    "{F051E17E-51EF-4830-B367-F6DA497077E5}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
    "{F158742F-48F9-4833-8369-7CBA8CC22457}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
    "{57072285-1559-4EA8-9BA9-D616D959450E}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
    "{6E5562B8-B56E-4742-8541-548696BB0A45}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{FD3CA371-04D4-4029-8518-3BD5B5D7BBEE}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
    "{1C85F336-B1AB-4934-8629-3A836D9CE2FC}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
    "TCP Query User{5D6262F9-41C4-4970-93B3-0612CFB0911B}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "UDP Query User{29B973CB-F5BC-4D3D-9039-ED0FC0FE3800}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
    "{1BC8695C-5701-4C7C-AEB3-C49F2DE7AC75}"= UDP:D :\Crysis\Bin32\Crysis.exe:Crysis_32
    "{65C1E535-7867-4D4F-9AD3-AD9A88703BCD}"= TCP:D :\Crysis\Bin32\Crysis.exe:Crysis_32
    "{8790B0FE-0651-42A5-84CB-909C4119ABB1}"= UDP:D :\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
    "{063970DF-BBA0-48A9-8612-013FCFE73777}"= TCP:D :\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
    "{BC18B21D-94B7-42E9-AE81-085E8891DC8C}"= UDP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{5374CE1D-4F89-4544-84F0-144F7DE4182B}"= TCP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{4AF8B6F7-526C-48FA-A97B-41D118EE83C2}"= UDP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{84622E13-BF83-440F-B5C6-775969A9EAC9}"= TCP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB

    R0 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-12-08 07:28]
    R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2008-01-25 19:49]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-20 18:52]
    R3 NVHDA;Service for NVIDIA HDMI Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2007-07-16 11:38]
    S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:23]
    S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:23]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1616ecea-33ef-11dd-bff7-001d92aeda96}]
    \shell\AutoRun\command - K:\AutoRunCD.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-21 11:54:46 C:\Windows\Tasks\McDefragTask.job"
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
    "2008-03-21 11:54:46 C:\Windows\Tasks\McQcTask.job"
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
    "2008-06-18 16:52:06 C:\Windows\Tasks\User_Feed_Synchronization-{25E56C18-230A-4633-9BDC-81EE16BD7306}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-19 12:22:29
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...


    C:\Windows\TEMP\fwtsqmfile00.sqm 120 bytes
    C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\parent.lock 0 bytes
    C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\sessionstore.js 1932 bytes

    Scan terminé avec succès
    Les fichiers cachés: 3

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\Windows\Explorer.exe
    -> C:\Program Files\SiteAdvisor\6261\saHook.dll
    .
    Temps d'accomplissement: 2008-06-19 12:23:11
    ComboFix-quarantined-files.txt 2008-06-19 10:23:08

    Pre-Run: 91,526,713,344 octets libres
    Post-Run: 92,259,008,512 octets libres

    293 --- E O F --- 2008-06-18 13:48:19
    19 Juin 2008 12:47:55

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:47:45, on 19/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\System32\nvraidservice.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Users\Paul\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

    --
    End of file - 9287 bytes
    19 Juin 2008 21:36:52

    bonsoir
    explique exactement ton souci, avec un exemple, car rien d'infectieux dans tout ça.
    20 Juin 2008 08:08:57

    Dés que le problème remparé je t envoi le lien de la fenêtre qui s ouvre pour te montré mon problème :) 
    20 Juin 2008 17:17:30

    re

    effectivement...pub pour un site basé en russie... wareout probablement.

    1

    Télécharge Gmer.
    Dézippe le dans un dossier ou sur ton bureau.

    Déconnecte toi d'Internet puis et ferme tous les programmes.
    Double-clique sur Gmer.exe.

    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

    Clique sur l'onglet rootkit.
    A droite, coche Files et Services.
    Clique maintenant sur Scan.

    Lorsque le scan est terminé, clique sur Copy.

    Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
    Enregistre le fichier sur ton bureau et copie/colle le contenu ici.


    2

    ~Télécharge SmitfraudFix

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    ~Dezippe la totalité de l'archive SmitfraudFix.zip
    Recherche:
    ~Double clique sur SmitfraudFix.cmd
    ~Sélectionne 1 et presse Entrée dans le menu pour créer un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque système C:\rapport.txt
    ~Poste ce rapport.
    process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    20 Juin 2008 20:55:13

    GMER 1.0.14.14536 - http://www.gmer.net
    Rootkit scan 2008-06-20 20:54:09
    Windows 6.0.6001 Service Pack 1


    ---- System - GMER 1.0.14 ----

    INT 0x51 ? 85C07BF8
    INT 0x82 ? 85C06BF8
    INT 0x83 ? 8707ABF8
    INT 0x92 ? 85C07BF8
    INT 0x93 ? 8707ABF8

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8EC799BE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8EC79958]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8EC7996C]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8EC799FC]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8EC79A3F]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8EC79930]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8EC79944]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8EC799D2]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8EC79A67]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8EC79A53]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8EC799AA]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8EC79996]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8EC79A2B]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8EC79A12]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8EC799E8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8EC79982]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Kernel code sections - GMER 1.0.14 ----

    .text ntkrnlpa.exe!ZwYieldExecution 81E3119C 5 Bytes JMP 8EC799EC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    ? System32\Drivers\spac.sys Le fichier spécifié est introuvable. !
    .text USBPORT.SYS!DllUnload 8DE3646F 5 Bytes JMP 8707A1D8
    .text a5trpixr.SYS 8E590000 22 Bytes [ 26, A2, 1C, 82, 10, A1, 1C, ... ]
    .text a5trpixr.SYS 8E590017 105 Bytes [ 00, 32, F7, D9, 82, 3D, F5, ... ]
    .text a5trpixr.SYS 8E590081 53 Bytes [ C8, E5, 81, 58, D9, EB, 81, ... ]
    .text a5trpixr.SYS 8E5900B7 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text a5trpixr.SYS 8E5900CE 80 Bytes [ 00, 00, 26, 00, 00, 00, E0, ... ]
    .text ...

    ---- User code sections - GMER 1.0.14 ----

    .text C:\Windows\system32\svchost.exe[628] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 0008008C
    .text C:\Windows\system32\svchost.exe[628] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 0008007B
    .text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 000800A7
    .text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 00080F1A
    .text C:\Windows\system32\svchost.exe[628] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 00080056
    .text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00080FB9
    .text C:\Windows\system32\svchost.exe[628] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 00080039
    .text C:\Windows\system32\svchost.exe[628] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00080F8D
    .text C:\Windows\system32\svchost.exe[628] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00080F61
    .text C:\Windows\system32\svchost.exe[628] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 00080F7C
    .text C:\Windows\system32\svchost.exe[628] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 00080FA8
    .text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 00080F50
    .text C:\Windows\system32\svchost.exe[628] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 00080EF5
    .text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 00080FDE
    .text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 00080FEF
    .text C:\Windows\system32\svchost.exe[628] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 00080014
    .text C:\Windows\system32\svchost.exe[628] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 00080F2B
    .text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 00090FA8
    .text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 00090FC3
    .text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 00090000
    .text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 0009004A
    .text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 00090F8D
    .text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 00090FE5
    .text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 00090011
    .text C:\Windows\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 00090FD4
    .text C:\Windows\system32\svchost.exe[628] WS2_32.dll!socket 775E36D1 5 Bytes JMP 000A000A
    .text C:\Windows\system32\services.exe[660] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 00990F41
    .text C:\Windows\system32\services.exe[660] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 00990087
    .text C:\Windows\system32\services.exe[660] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 009900C4
    .text C:\Windows\system32\services.exe[660] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 009900B3
    .text C:\Windows\system32\services.exe[660] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 0099005B
    .text C:\Windows\system32\services.exe[660] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00990FB9
    .text C:\Windows\system32\services.exe[660] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 0099004A
    .text C:\Windows\system32\services.exe[660] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00990025
    .text C:\Windows\system32\services.exe[660] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00990076
    .text C:\Windows\system32\services.exe[660] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 00990F8D
    .text C:\Windows\system32\services.exe[660] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 00990FA8
    .text C:\Windows\system32\services.exe[660] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 00990F66
    .text C:\Windows\system32\services.exe[660] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 00990F1C
    .text C:\Windows\system32\services.exe[660] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 0099000A
    .text C:\Windows\system32\services.exe[660] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 00990FEF
    .text C:\Windows\system32\services.exe[660] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 00990FD4
    .text C:\Windows\system32\services.exe[660] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 009900A2
    .text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 009F0F83
    .text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 009F0F9E
    .text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 009F0FEF
    .text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 009F0025
    .text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 009F0040
    .text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 009F000A
    .text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 009F0FD4
    .text C:\Windows\system32\services.exe[660] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 009F0FB9
    .text C:\Windows\system32\services.exe[660] WS2_32.dll!socket 775E36D1 5 Bytes JMP 00A0000A
    .text C:\Windows\system32\lsass.exe[672] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 002400B3
    .text C:\Windows\system32\lsass.exe[672] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 00240F77
    .text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 002400CE
    .text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 00240F37
    .text C:\Windows\system32\lsass.exe[672] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 00240FB4
    .text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00240036
    .text C:\Windows\system32\lsass.exe[672] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 0024008E
    .text C:\Windows\system32\lsass.exe[672] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00240062
    .text C:\Windows\system32\lsass.exe[672] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00240F99
    .text C:\Windows\system32\lsass.exe[672] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 0024007D
    .text C:\Windows\system32\lsass.exe[672] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 00240051
    .text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreatePipe 76750284 1 Byte [ E9 ]
    .text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreatePipe + 2 76750286 3 Bytes [ 0C, AF, 89 ]
    .text C:\Windows\system32\lsass.exe[672] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 00240F26
    .text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 0024000A
    .text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 00240FEF
    .text C:\Windows\system32\lsass.exe[672] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 0024001B
    .text C:\Windows\system32\lsass.exe[672] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 00240F52
    .text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 00250051
    .text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 00250FAF
    .text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 00250000
    .text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 00250036
    .text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 00250062
    .text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 00250FE5
    .text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 00250011
    .text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 00250FCA
    .text C:\Windows\system32\lsass.exe[672] WS2_32.dll!socket 775E36D1 5 Bytes JMP 00270000
    .text C:\Windows\system32\svchost.exe[836] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 001F008A
    .text C:\Windows\system32\svchost.exe[836] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 001F0F44
    .text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 001F009B
    .text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 001F0F0E
    .text C:\Windows\system32\svchost.exe[836] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 001F0040
    .text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 001F0FD4
    .text C:\Windows\system32\svchost.exe[836] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 001F0F72
    .text C:\Windows\system32\svchost.exe[836] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 001F0F9E
    .text C:\Windows\system32\svchost.exe[836] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 001F0F55
    .text C:\Windows\system32\svchost.exe[836] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 001F0F83
    .text C:\Windows\system32\svchost.exe[836] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 001F0FB9
    .text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 001F0065
    .text C:\Windows\system32\svchost.exe[836] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 001F0EE9
    .text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 001F0FE5
    .text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 001F000A
    .text C:\Windows\system32\svchost.exe[836] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 001F0025
    .text C:\Windows\system32\svchost.exe[836] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 001F0F1F
    .text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 0075007D
    .text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 00750058
    .text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 0075000A
    .text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 00750FD1
    .text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 00750FB6
    .text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 0075002C
    .text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 0075001B
    .text C:\Windows\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 00750047
    .text C:\Windows\system32\svchost.exe[836] WS2_32.dll!socket 775E36D1 5 Bytes JMP 00760FEF
    .text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 006B0F69
    .text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 006B0F84
    .text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 006B0F4E
    .text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 006B00E5
    .text C:\Windows\system32\svchost.exe[896] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 006B0080
    .text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 006B0FD4
    .text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 006B006F
    .text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 006B004A
    .text C:\Windows\system32\svchost.exe[896] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 006B0F95
    .text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 006B0FB2
    .text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 006B0FC3
    .text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 006B00AF
    .text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 006B010A
    .text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 006B000A
    .text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 006B0FEF
    .text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 006B0025
    .text C:\Windows\system32\svchost.exe[896] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 006B00CA
    .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 00750033
    .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 00750FA5
    .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 00750FE5
    .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 00750022
    .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 0075004E
    .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 00750000
    .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 00750FCA
    .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 00750011
    .text C:\Windows\system32\svchost.exe[896] WS2_32.dll!socket 775E36D1 5 Bytes JMP 00760000
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 008A0F54
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 008A0F6F
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 008A00DA
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 008A00C9
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 008A0FA5
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 008A003D
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 008A0089
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 008A0FCA
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 008A009A
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 008A006C
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 008A0FDB
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 008A0F80
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 008A0F1E
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 008A001B
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 008A000A
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 008A002C
    .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 008A0F43
    .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 008C006C
    .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 008C0FCA
    .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 008C000A
    .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 008C0047
    .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 008C0087
    .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 008C002C
    .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 008C001B
    .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 008C0FE5
    .text C:\Windows\System32\svchost.exe[1048] WS2_32.dll!socket 775E36D1 5 Bytes JMP 00E70FEF
    .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 00DF0095
    .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 00DF0084
    .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 00DF00CB
    .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 00DF00BA
    .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 00DF0F7E
    .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00DF0036
    .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 00DF0062
    .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00DF0FC0
    .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00DF0F63
    .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 00DF0FA5
    .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 00DF0047
    .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 00DF0073
    .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 00DF00DC
    .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 00DF001B
    .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 00DF000A
    .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 00DF0FE5
    .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 00DF0F34
    .text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 0161006C
    .text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 01610FCA
    .text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 01610FEF
    .text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 01610051
    .text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 0161007D
    .text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 0161001B
    .text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 01610000
    .text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 0161002C
    .text C:\Windows\System32\svchost.exe[1072] WS2_32.dll!socket 775E36D1 5 Bytes JMP 01620000
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 00DE0F66
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 00DE00AC
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 00DE00D8
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 00DE00C7
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 00DE0076
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00DE0FB9
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 00DE0065
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00DE0FA8
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00DE0091
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 00DE004A
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 00DE0025
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 00DE0F81
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 00DE00F3
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 00DE000A
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 00DE0FEF
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 00DE0FCA
    .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 00DE0F4B
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 00DF0036
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 00DF0014
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 00DF0FE5
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 00DF0025
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 00DF0047
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 00DF0FC3
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 00DF0FD4
    .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 00DF0FA8
    .text C:\Windows\system32\svchost.exe[1084] WS2_32.dll!socket 775E36D1 5 Bytes JMP 01090FEF
    .text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 00320F52
    .text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 00320F63
    .text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 003200BD
    .text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 00320F1C
    .text C:\Windows\system32\svchost.exe[1256] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 00320F8F
    .text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00320036
    .text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 00320FAC
    .text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00320058
    .text C:\Windows\system32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00320084
    .text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 00320069
    .text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 00320047
    .text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 00320F74
    .text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 00320F01
    .text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 00320011
    .text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 00320000
    .text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 00320FE5
    .text C:\Windows\system32\svchost.exe[1256] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 00320F41
    .text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 00F20047
    .text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 00F20025
    .text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 00F20FEF
    .text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 00F20036
    .text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 00F2006C
    .text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 00F20014
    .text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 00F20FD4
    .text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 00F20FC3
    .text C:\Windows\system32\svchost.exe[1256] WS2_32.dll!socket 775E36D1 5 Bytes JMP 01600FEF
    .text C:\Windows\system32\svchost.exe[1256] WinInet.dll!InternetOpenA 76A203DD 5 Bytes JMP 00FE0000
    .text C:\Windows\system32\svchost.exe[1256] WinInet.dll!InternetOpenUrlA 76A220A3 5 Bytes JMP 00FE0FCA
    .text C:\Windows\system32\svchost.exe[1256] WinInet.dll!InternetOpenW 76A22A58 5 Bytes JMP 00FE0FE5
    .text C:\Windows\system32\svchost.exe[1256] WinInet.dll!InternetOpenUrlW 76A6AF69 5 Bytes JMP 00FE001B
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 00950F55
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 009500A5
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 00950F44
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 009500DB
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 0095006F
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00950FD4
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 00950F8B
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00950FB2
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00950F7A
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 0095004A
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 00950FC3
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 00950094
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 009500F6
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 00950FEF
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 0095000A
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 0095001B
    .text C:\Windows\system32\svchost.exe[1384] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 009500B6
    .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 00A20F8D
    .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 00A20FA8
    .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 00A20FE5
    .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 00A2002F
    .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 00A20F7C
    .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 00A20014
    .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 00A20FD4
    .text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 00A20FC3
    .text C:\Windows\system32\svchost.exe[1384] WS2_32.dll!socket 775E36D1 5 Bytes JMP 00A30FEF
    .text C:\Windows\system32\svchost.exe[1672] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 00A30074
    .text C:\Windows\system32\svchost.exe[1672] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 00A30F2E
    .text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 00A300B1
    .text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 00A30096
    .text C:\Windows\system32\svchost.exe[1672] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 00A30F75
    .text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00A30FCD
    .text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 00A30F86
    .text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00A30FB2
    .text C:\Windows\system32\svchost.exe[1672] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00A30F5A
    .text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 00A30F97
    .text C:\Windows\system32\svchost.exe[1672] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 00A30039
    .text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 00A30F3F
    .text C:\Windows\system32\svchost.exe[1672] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 00A30EFF
    .text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 00A3000A
    .text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 00A30FEF
    .text C:\Windows\system32\svchost.exe[1672] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 00A30FDE
    .text C:\Windows\system32\svchost.exe[1672] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 00A30085
    .text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 00E10047
    .text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 00E10FB9
    .text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 00E10000
    .text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 00E10036
    .text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 00E10F8A
    .text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 00E10FD4
    .text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 00E10FE5
    .text C:\Windows\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 00E10025
    .text C:\Windows\system32\svchost.exe[1672] WS2_32.dll!socket 775E36D1 5 Bytes JMP 00E20FEF
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2104] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2104] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Windows\system32\svchost.exe[2380] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 00660089
    .text C:\Windows\system32\svchost.exe[2380] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 00660F43
    .text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 006600D0
    .text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 006600BF
    .text C:\Windows\system32\svchost.exe[2380] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 00660F94
    .text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00660FD1
    .text C:\Windows\system32\svchost.exe[2380] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 00660062
    .text C:\Windows\system32\svchost.exe[2380] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00660FC0
    .text C:\Windows\system32\svchost.exe[2380] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00660F79
    .text C:\Windows\system32\svchost.exe[2380] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 00660FA5
    .text C:\Windows\system32\svchost.exe[2380] kernel32.dll!LoadLibraryA 76749491 5 Bytes JMP 00660047
    .text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreatePipe 76750284 5 Bytes JMP 00660F54
    .text C:\Windows\system32\svchost.exe[2380] kernel32.dll!GetProcAddress 7676B8B6 5 Bytes JMP 006600E1
    .text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreateFileW 7676CC4E 5 Bytes JMP 00660011
    .text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreateFileA 7676CF71 5 Bytes JMP 00660000
    .text C:\Windows\system32\svchost.exe[2380] kernel32.dll!CreateNamedPipeA 767B41F6 5 Bytes JMP 00660022
    .text C:\Windows\system32\svchost.exe[2380] kernel32.dll!WinExec 767B53E7 5 Bytes JMP 006600A4
    .text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyExA 7681B5E7 5 Bytes JMP 006C0076
    .text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyA 7681B8AE 5 Bytes JMP 006C004A
    .text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyA 76820BF5 5 Bytes JMP 006C0000
    .text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyW 7682B83D 5 Bytes JMP 006C005B
    .text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyExW 7682BCE1 5 Bytes JMP 006C0FB9
    .text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyExA 7682D4E8 5 Bytes JMP 006C0FDE
    .text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyW 76833CB0 5 Bytes JMP 006C0FEF
    .text C:\Windows\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyExW 7683F09D 5 Bytes JMP 006C0039
    .text C:\Windows\system32\svchost.exe[2380] WS2_32.dll!socket 775E36D1 5 Bytes JMP 006D0FEF
    .text C:\Windows\system32\svchost.exe[2516] kernel32.dll!GetStartupInfoW 76721929 5 Bytes JMP 003100A7
    .text C:\Windows\system32\svchost.exe[2516] kernel32.dll!GetStartupInfoA 767219C9 5 Bytes JMP 00310096
    .text C:\Windows\system32\svchost.exe[2516] kernel32.dll!CreateProcessW 76721C01 5 Bytes JMP 003100D6
    .text C:\Windows\system32\svchost.exe[2516] kernel32.dll!CreateProcessA 76721C36 5 Bytes JMP 00310F35
    .text C:\Windows\system32\svchost.exe[2516] kernel32.dll!VirtualProtect 76721DD1 5 Bytes JMP 00310F7C
    .text C:\Windows\system32\svchost.exe[2516] kernel32.dll!CreateNamedPipeW 76725C44 5 Bytes JMP 00310FC3
    .text C:\Windows\system32\svchost.exe[2516] kernel32.dll!LoadLibraryExW 767430C3 5 Bytes JMP 00310056
    .text C:\Windows\system32\svchost.exe[2516] kernel32.dll!LoadLibraryW 7674361F 5 Bytes JMP 00310F97
    .text C:\Windows\system32\svchost.exe[2516] kernel32.dll!VirtualProtectEx 76748D7E 5 Bytes JMP 00310071
    .text C:\Windows\system32\svchost.exe[2516] kernel32.dll!LoadLibraryExA 76749469 5 Bytes JMP 0
    20 Juin 2008 21:00:54

    je n arrive pas a faire le 2 ème programme il n'y a aucun rapport dans le C:/ :( 
    Et j'ai pourtant desactiver mon antivirus
    20 Juin 2008 21:21:28

    re

    essaye comme ça:
    clic-droit sur SmitfraudFix.cmd et choisir "Exécuter en tant qu'administrateur" puis lance l'option 1 et poste le rapport.
    si il n'apparait pas il est ici:C:\rapport.txt
    20 Juin 2008 22:47:21

    Voila chef
    SmitFraudFix v2.328

    Scan done at 22:46:28,29, 20/06/2008
    Run from C:\Users\Paul\Desktop\SmitfraudFix
    OS: Microsoft Windows [version 6.0.6001] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Windows\system32\svchost.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\SiteAdvisor\6261\SAService.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\SysMonitor.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\System32\nvraidservice.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\MSN Messenger\usnsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conime.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Users\Paul\Desktop\SmitfraudFix\Policies.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\DllHost.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Paul


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Paul\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Paul\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\Windows\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: NVIDIA nForce Networking Controller
    DNS Server Search Order: 212.27.54.252
    DNS Server Search Order: 212.27.53.252

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{3463CBB6-6110-4A29-84FF-C94B47675F65}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{3463CBB6-6110-4A29-84FF-C94B47675F65}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{3463CBB6-6110-4A29-84FF-C94B47675F65}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    20 Juin 2008 23:50:31

    re


    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\Windows\system32\Drivers\spac.sys

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.


    Tu fais la même chose avec:
    a5trpixr.SYS
    probablement dans:
    C:\Windows\system32\Drivers\
    mais s'il n'y est pas, fais une recherche (démarrer, rechercher un fichier...)

    21 Juin 2008 09:04:08

    Je ne trouve aucun des deux malgrès mes longue recherche :( 
    21 Juin 2008 21:51:00

    bonsoir

    je sèche. :/ 
    Un autre helper (eric71) a lu tes logs, et il ne voit rien non plus.

    ces pubs, tu les as quand tu fais d'autres recherches?



    22 Juin 2008 00:02:44

    Oui je les ai pour plein d'autres recherches . :( 
    22 Juin 2008 08:23:36

    re

    Tu as les symptômes d'une infection wareout...sans aucun signe dans tes logs. :/ 

    On va déjà voir si on a quelque chose avec un scan en ligne...

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://webscanner.kaspersky.fr/kavwebscan.html


    ~ Clique sur Online Scanner.
    ~Accepte l'installation du contrôle ActiveX en cliquant sur le bouton Install.

    ~Sélectionne le poste de travail comme analyse.

    ~Enregistre le rapport en cliquant sur le bouton "Enregistrer rapport sous". Nomme-le, tu feras un copier/coller dans ta prochaine réponse.

    Tuto du scan en ligne


    edit, un helper souhaiterait connaître la marque de ton routeur ainsi que son modèle.
    Vu que tu es chez free, possible que ça soit une freebox, mais on veut vérifier.

    (^^ Malekal)
    23 Juin 2008 18:44:42

    Désoler il mes impossible d utiliser cette antivirus car sinon je doit suprime l'otre et après je ne pourrais plus le reinsstaler car il a été fourni dans l'ordinateur a l'achat :s
    23 Juin 2008 18:45:34

    Par contre si je supprime mas session et j'en recrée une et ce que jaurais encore le problème
    24 Juin 2008 00:20:07

    bonsoir

    tu n'as pas répondu à ma question.

    ne désinstalle pas ton antivirus, ce que je te propose est un scan en ligne. pas un remplacement d'antivirus. :) 
    fais le stp
    24 Juin 2008 19:30:46

    Oui j'ai bien essaye masi il me demande de supprimé mon antivirus :/  pour continuer l'installaton
    24 Juin 2008 22:29:55

    Oui c'est une freebox enfaite je v ressayer de faire le scan :) 
    24 Juin 2008 22:32:52

    24 Juin 2008 23:06:44

    re

    il faut vérifier quelque chose...

    Désactive l'UAC-User Account Control -contrôle des comptes utilisateurs (surtout, bien penser à le réactiver après la désinfection).
  • Démarrer > Panneau de Configuration
  • Double clique sur l'icône Comptes d'utilisateurs
  • Clique ensuite sur Désactiver et valide.

  • Télécharge maintenant Navilog1 depuis-ce lien :

    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

  • Clique-droit sur le lien ci-dessus et choisis Enregistrer la cible (du lien) sous... et range le sur ton Bureau.
  • Clique-droit sur navilog1.exe et choisis "Exécuter en tant que... Administrateur" pour l'installer.
  • Attends la fin de l'installation.

    ======================================

    Option #1 :

    Assure-toi que l'UAC-User Account Control -contrôle des comptes utilisateurs est bien désactivé.

    Clique-droit sur le raccourci Navilog1 sur le Bureau et choisis "Exécuter en tant que... Administrateur".
  • Sur le menu principal, choisis 1.
  • Suis les instructions et patiente.
  • Patiente jusqu'au message *** Analyse terminée le ….*** (il se peut que ça prenne un certain temps).
  • Appuie sur une touche ainsi que demandé.
  • Un document du Bloc-notes est créé : fixnavi.txt.
  • Copie/colle le contenu de ce compte-rendu dans ta prochaine réponse.
  • Referme le Bloc-notes.
    Le rapport fixnavi.txt est également sauvegardé dans %systemdrive%. (en général C:\)

    ======================================
    25 Juin 2008 16:45:45

    Search Navipromo version 3.5.9 commencé le 25/06/2008 à 16:39:19,71

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "Paul"

    Mise à jour le 24.06.2008 à 18h00 par IL-MAFIOSO

    Microsoft Windows Vista 6.0.6001
    Internet Explorer : 7.0.6001.18000
    Système de fichiers : NTFS

    Recherche executé en mode normal

    *** Recherche Programmes installés ***


    *** Recherche dossiers dans "C:\Windows" ***


    *** Recherche dossiers dans "C:\Program Files" ***


    *** Recherche dossiers dans "C:\ProgramData" ***


    *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


    *** Recherche dossiers dans "c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs" ***


    *** Recherche dossiers dans "C:\Users\CLMENT~1\appdata\roaming\micros~1\windows\startm~1\programs" ***


    *** Recherche dossiers dans "C:\Users\Vezier\appdata\roaming\micros~1\windows\startm~1\programs" ***


    *** Recherche dossiers dans "C:\Users\Paul\AppData\Local\virtualstore\Program Files" ***


    *** Recherche dossiers dans "C:\Users\CLMENT~1\AppData\Local\virtualstore\Program Files" ***


    *** Recherche dossiers dans "C:\Users\Vezier\AppData\Local\virtualstore\Program Files" ***


    *** Recherche dossiers dans "C:\Users\Paul\AppData\Roaming" ***


    *** Recherche dossiers dans "C:\Users\CLMENT~1\appdata\roaming" ***


    *** Recherche dossiers dans "C:\Users\Vezier\appdata\roaming" ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier trouvé


    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\Windows\system32" *

    * Recherche dans "C:\Users\Paul\AppData\Local\Microsoft" *

    * Recherche dans "C:\Users\Paul\AppData\Local" *

    * Recherche dans "C:\Users\CLMENT~1\AppData\Local" *

    * Recherche dans "C:\Users\Vezier\AppData\Local" *



    *** Recherche fichiers ***



    *** Recherche clés spécifiques dans le Registre ***


    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans "C:\Windows\system32" :


    * Dans "C:\Users\Paul\AppData\Local\Microsoft" :


    * Dans "C:\Users\Paul\AppData\Local" :


    * Dans "C:\Users\CLMENT~1\AppData\Local" :


    * Dans "C:\Users\Vezier\AppData\Local" :


    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :



    *** Analyse terminée le 25/06/2008 à 16:44:51,32 ***
    25 Juin 2008 23:18:10

    bonsoir

    incroyable :/ 

    on cherche encore...

    1

    - Fais un nano/total scan avec panda en désactivant ton antivirus pendant le scan!
    - Enregistre-toi sur le site en créant un compte à partir du bouton Register Free à droite.
    - Après avoir indiqué une adresse mail valide et un mot de passe.. tu vas recevoir un mail.. clic sur le lien pour activer ton compte
    - Retourne sur le site et identifie toi dans la partie droite en indiquant ton adresse mail et ton mot de passe
    - Coche au milieu l'option Full Scan puis clic sur le bouton Scan now
    - Le site va te demander d'accepter l'installation du contrôle Activex.. accepte en cliquant sur le bouton Oui.
    - Le programme va télécharger les mises à jour puis le scan va se faire.. Il peut durer une heure.
    - Une fois le scan terminé.. clic en bas de la page de rapport sur le bouton Desinfect
    - Ensuite dans la partie haute, clic sur le petit bouton Save.. Cela va te permettre d'enregistrer un rapport sur ton bureau.
    - Ouvre ce rapport et Copie/colle le rapport panda ici

    AIDE : Si tu es perdu, tu peux suivre cette aide pour les scans en ligne)

    2

    reposte un log hijackthis
    26 Juin 2008 11:59:24

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2008-06-26 12:02:53
    PROTECTIONS: 3
    MALWARE: 33
    SUSPECTS: 1
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    Windows Defender 1.1.3007.0 No No
    McAfee Internet Security Suite 2007 8.1 No Yes
    McAfee VirusScan Plus 12.1 No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@casalemedia[1].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@doubleclick[2].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@doubleclick[2].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.doubleclick.net/]
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@doubleclick[2].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@doubleclick[2].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.doubleclick.net/]
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@atdmt[2].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.atdmt.com/]
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Microsoft\Windows\Cookies\vezier@atdmt[1].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Microsoft\Windows\Cookies\Low\vezier@atdmt[2].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@atdmt[2].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.atdmt.com/]
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@atdmt[2].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.atdmt.com/]
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@atdmt[2].txt
    00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe
    00139535 Application/Processor HackTools No 0 Yes No C:\Users\Paul\Desktop\SmitfraudFix\Process.exe
    00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Navilog1\Process.exe
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@tradedoubler[1].txt
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.tradedoubler.com/]
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.tradedoubler.com/]
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.tradedoubler.com/]
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.tradedoubler.com/]
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.tradedoubler.com/]
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.tradedoubler.com/]
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@tradedoubler[1].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@247realmedia[1].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.247realmedia.com/]
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@fastclick[2].txt
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.fastclick.net/]
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.fastclick.net/]
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@tribalfusion[1].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.mediaplex.com/]
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@mediaplex[1].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@mediaplex[1].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.mediaplex.com/]
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@mediaplex[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.com.com/]
    00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.yadro.ru/]
    00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.yadro.ru/]
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.xiti.com/]
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@xiti[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.xiti.com/]
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@xiti[1].txt
    00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[fe.lea.lycos.fr/]
    00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.statcounter.com/]
    00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.statcounter.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@ad.yieldmanager[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@ad.yieldmanager[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[ad.yieldmanager.com/]
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.apmebf.com/]
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@apmebf[2].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@serving-sys[1].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@serving-sys[2].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@serving-sys[1].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@serving-sys[2].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.serving-sys.com/]
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@bs.serving-sys[1].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.bs.serving-sys.com/]
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.bs.serving-sys.com/]
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@bs.serving-sys[2].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.bs.serving-sys.com/]
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@bs.serving-sys[2].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@bs.serving-sys[2].txt
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.weborama.fr/]
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.weborama.fr/]
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.weborama.fr/]
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.weborama.fr/]
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.weborama.fr/]
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Microsoft\Windows\Cookies\vezier@weborama[2].txt
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@weborama[2].txt
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.weborama.fr/]
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@weborama[1].txt
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@weborama[2].txt
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@weborama[2].txt
    00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@adtech[1].txt
    00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.adtech.de/]
    00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.adtech.de/]
    00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[fl01.ct2.comclick.com/]
    00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[fl01.ct2.comclick.com/]
    00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[fl01.ct2.comclick.com/]
    00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[fl01.ct2.comclick.com/]
    00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[fl01.ct2.comclick.com/]
    00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[fl01.ct2.comclick.com/]
    00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[fl01.ct2.comclick.com/]
    00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[fl01.ct2.comclick.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@advertising[1].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@advertising[1].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.advertising.com/]
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@ads.pointroll[1].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@ads.pointroll[1].txt
    00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.overture.com/]
    00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.overture.com/]
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.zedo.com/]
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@zedo[1].txt
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.zedo.com/]
    00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.metriweb.be/]
    00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.bluestreak.com/]
    00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.bluestreak.com/]
    00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@bluestreak[2].txt
    00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@bluestreak[2].txt
    00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@bluestreak[1].txt
    00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@bluestreak[2].txt
    00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Mozilla\Firefox\Profiles\i3cbfm8k.default\cookies.txt[.bluestreak.com/]
    00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.adrevolver.com/]
    00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.adrevolver.com/]
    00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.adrevolver.com/]
    00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.adrevolver.com/]
    00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.adrevolver.com/]
    00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.adrevolver.com/]
    00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.adrevolver.com/]
    00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.adrevolver.com/]
    00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.adultfriendfinder.com/]
    00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.adultfriendfinder.com/]
    00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.adultfriendfinder.com/]
    00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.adultfriendfinder.com/]
    00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.adultfriendfinder.com/]
    00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.adultfriendfinder.com/]
    00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.adultfriendfinder.com/]
    00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@adviva[2].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.smartadserver.com/]
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.smartadserver.com/]
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@smartadserver[2].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.smartadserver.com/]
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.smartadserver.com/]
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\clément@smartadserver[2].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Vezier\AppData\Roaming\Mozilla\Firefox\Profiles\g8g5ex9d.default\cookies.txt[.smartadserver.com/]
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Cookies\Low\clément@smartadserver[1].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\Low\paul@smartadserver[2].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.smartadserver.com/]
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.smartadserver.com/]
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.smartadserver.com/]
    01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.enhance.com/]
    01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ir5yik5m.default\cookies.txt[.enhance.com/]
    02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes Yes C:\Users\Paul\Desktop\SmitfraudFix\Reboot.exe
    02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes Yes C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe
    02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes Yes C:\Program Files\Navilog1\reboot.exe
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location 6�Up��
    3
    ;===================================================================================================================================================================================
    No C:\USERS\PAUL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IR5YIK5M.DEFAULT\EXTENSIONS\FIREBIT@FIREBIT\COMPONENTS\FIREBIT.DLL
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description 6�Up��
    3
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    26 Juin 2008 12:01:55

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:05:56, on 26/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\System32\nvraidservice.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Paul\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 9738 bytes
    26 Juin 2008 21:38:09

    bonsoir

    toujours rien...

    la pub que tu as c'est toujours Live-Player?
    as-tu installé ce programme?

    des helpers on testé le lien que tu m'avais donné, et il génère une infection connue (navipromo) qui crée des rootkits sur le pc infecté.
    Là, pas de rootkit, ni de trace de Live-Player dans tes programmes...
    Franchement, c'est à n'y rien comprendre :/ 


    on vide quand même les temp:

    Télécharge -AtfCleaner
    http://www.atribune.org/public-beta/ATF-Cleaner.exe

    Double-cliquer sur ATF-Cleaner.exe afin de lancer le programme.
    - Si vous utilisez IE
    Sous l'onglet Main, choisir : Select All
    Cliquer sur le bouton Empty Selected
    - Si vous utilisez le navigateur Firefox :
    Cliquer Firefox au haut et choisir : Select All
    Cliquer le bouton Empty Selected
    Note : Si vous voulez conserver les mots de passe sauvegardés, cliquer "No" à l'invite.
    - Si vous utilisez le navigateur Opera :
    Cliquer Opera au haut et choisir : Select All
    Cliquer le bouton Empty Selected
    Note : Si vous voulez conserver les mots de passe sauvegardés, cliquer "No" à l'invite.
    Cliquer Exit, du menu principal, afin de fermer le programme
    27 Juin 2008 12:59:55

    Non ce n'est pas toujours ça il y a aussi http:*****************
    quand je clique sur ca www.tortue.com et encore d autre site ..... et non je n'ai rien telecherge .
    27 Juin 2008 13:02:02

    voila c'est fait .
    27 Juin 2008 13:08:00

    27 Juin 2008 18:37:08

    bonsoir

    change le mot de passe de ta freebox
    puis vérifie tes DNS, tu dois avoir:
    DNS Server Search Order: 212.27.54.252
    DNS Server Search Order: 212.27.53.252

    28 Juin 2008 12:19:28

    Comment j peu connaitre mes DNS ? merci
    28 Juin 2008 13:30:50

    bonjour

    regarde cette page:
    http://www.dslvalley.com/dossiers/freebox/freebox-confi...


    à partir de :4.3 Changer ses paramètres réseaux (ethernet uniquement)

    tu dois avoir ces valeurs
    DNS Server Search Order: 212.27.54.252
    DNS Server Search Order: 212.27.53.252

    sur cet exemple:

    c'est dans le bas de l'image, DNS préféré, DNS auxiliaire


    30 Juin 2008 09:23:08

    je suis dsl mais j'arrive pas a trouver car je suis sur vista :sweat: 
    30 Juin 2008 21:19:02

    bonsoir
    vive V†sta :/ 

    tu dois avoir une documentation papier de ta freebox ou un cd avec les explications...

    sinon, crée un sujet ici:
    Section Internet & Réseaux
    titre du topic: vérifier les DNS de ma Freebox sous Vista

    tiens moi au courant
    30 Juin 2008 21:38:40

    Dacord je te dit ca ;) 
    30 Juin 2008 21:51:35

    re

    j'ai posté ton cas sur un forum privé car c'est très particulier...

    merci à tous les copains helpers qui me donnent un coup de main ^^

    voilà ce que tu vas faire:

    1
    Citation :
    Il faudrait jeter un coup d'oeil au log "Acer eNet Management".
    Quand ce log est actif, il prend le pas sur tous les réglages de configuration de la connexion.
    Si c'est lui qui à été détourné, ce n'est pas étonnant que rien n'apparaisse dans les rapports.

    Quand on est dans l'interface de ce log, il faut cliquer sur le bouton "Edition" pour accéder aux paramètres du profil, puis aller sur les onglets TCP/IP WLAN ou TCP/IP LAN suivant la connexion utilisée.


    Poste moi ce log

    2
    On va vérifier le fichier Hosts:
    Télécharge Lop S&D.exe sur ton bureau

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )

    ( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )

    2 Juillet 2008 17:23:35

    Je n'ai plus de Problème depuis quelque jour j'ai réinstaller firefox et tous roule veu tu vraiment que je te post le log ? en tous cas merci beaucoup pour votre aide vous êtes tous super .
    2 Juillet 2008 21:17:56

    bonsoir

    Tu n'as plus de problèmes depuis que tu as changé le mot de passe de ta freebox?
    Sinon, qu'as tu fait en particulier?
    J'ai besoin de ces infos car ça pourra resservir ;) 
    3 Juillet 2008 08:23:47

    Ba j'ai réinstaller la nouvelle version de firefox et changé de MDP et ca marche niquel ;) 
    3 Juillet 2008 18:51:25

    Bonjour
    tu peux essayer avec IE?
    histoire d'être sûr. ;) 
    4 Juillet 2008 17:49:43

    Je n'ai aucun problème ;) 
    4 Juillet 2008 21:51:24

    bonsoir
    parfait

    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS