/!\ SmitFraud-C.GP /!\

slt,



Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

Salut,

Tout d'abord merci à toi de m'avoir répondu. J'ai suivi tes instructions, mais j'ai un problème lorsuqe SDFIX essaye de nettoyer, celui-ci me dit:

Starting Repairs

Checking Running Processes and Services

Le chemin d'accès spécifié est introuvable
Le chemin d'accès spécifié est introuvable
Le chemin d'accès spécifié est introuvable
Le chemin d'accès spécifié est introuvable
Le chemin d'accès spécifié est introuvable
Le chemin d'accès spécifié est introuvable

Il me dit ça une bonne cinquantaine de fois, puis il se ferme et plus rien.

alors fais ceci




Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.


envoyer le fichier [b] C:\DOCUME~1\florian\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr pour faire evoluer msnfix

_____________


Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : http://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos-f45/tutorial-combofix-t121.htm

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

J'ai uploadé mon rapport comme tu me l'avais demandé sur le forum de MSNFIX.

Voici le rapport de msnFIX:

MSNFix 1.732

C:\Documents and Settings\Cathy\Bureau\MSNFix
Fix exécuté le 03/07/2008 - 18:54:30,04 By Cathy
mode sans échec

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\tmp.txt

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\tmp.txt



************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


Aucun Fichier trouvé



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\SmitfraudFix.exe] 38EA3ADADC8A126CDD8E5D3B3E4A4C4D

[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\Cathy\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 03072008_19001554.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,

Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Voici le rapport de COMBOFIX:

ComboFix 08-07-02.5 - Cathy 2008-07-03 19:45:04.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.343 [GMT 2:00]
Endroit: C:\Documents and Settings\Cathy\Bureau\kill.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Cathy\cftmon.exe
C:\Documents and Settings\Cathy\ftp34.dll
C:\Documents and Settings\LocalService\cftmon.exe
C:\Documents and Settings\LocalService\ftp34.dll
C:\Documents and Settings\Michel\Local Settings\Temporary Internet Files\MUZAoDA.cfg
C:\Documents and Settings\Michel\Local Settings\Temporary Internet Files\MUZAoDA0.che
C:\Documents and Settings\Michel\Local Settings\Temporary Internet Files\MUZAoDA1.che
C:\Documents and Settings\Michel\Local Settings\Temporary Internet Files\MUZAoDA2.che
C:\Documents and Settings\Michel\Local Settings\Temporary Internet Files\MUZAoDA3.che
C:\Documents and Settings\Michel\Local Settings\Temporary Internet Files\MUZAoDA4.che
C:\Documents and Settings\Michel\Local Settings\Temporary Internet Files\MUZAoDA5.che
C:\Documents and Settings\Michel\Local Settings\Temporary Internet Files\MUZAoDA6.che
C:\Documents and Settings\Michel\Local Settings\Temporary Internet Files\MUZAoDA7.che
C:\Documents and Settings\Michel\Local Settings\Temporary Internet Files\MUZAoDA8.che
C:\Documents and Settings\Michel\Local Settings\Temporary Internet Files\MUZAoDA9.che
C:\Documents and Settings\Thibault\Local Settings\Temporary Internet Files\MUZAoDA.cfg
C:\Documents and Settings\Thibault\Local Settings\Temporary Internet Files\MUZAoDA0.che
C:\Documents and Settings\Thibault\Local Settings\Temporary Internet Files\MUZAoDA1.che
C:\Documents and Settings\Thibault\Local Settings\Temporary Internet Files\MUZAoDA2.che
C:\Documents and Settings\Thibault\Local Settings\Temporary Internet Files\MUZAoDA3.che
C:\Documents and Settings\Thibault\Local Settings\Temporary Internet Files\MUZAoDA4.che
C:\Documents and Settings\Thibault\Local Settings\Temporary Internet Files\MUZAoDA5.che
C:\Documents and Settings\Thibault\Local Settings\Temporary Internet Files\MUZAoDA6.che
C:\Documents and Settings\Thibault\Local Settings\Temporary Internet Files\MUZAoDA7.che
C:\Documents and Settings\Thibault\Local Settings\Temporary Internet Files\MUZAoDA8.che
C:\Documents and Settings\Thibault\Local Settings\Temporary Internet Files\MUZAoDA9.che
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\ftp34.dll
C:\WINDOWS\system32\scactwn.dat
C:\WINDOWS\system32\scactwn_nav.dat
C:\WINDOWS\system32\scactwn_navps.dat

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-03 to 2008-07-03 ))))))))))))))))))))))))))))))))))))
.

2008-07-02 21:17 . 2008-07-02 21:17 <REP> d--h----- C:\Documents and Settings\Cathy\InstallAnywhere
2008-07-02 19:36 . 2008-07-02 19:36 2,126 --a------ C:\WINDOWS\system32\wpa.dbl
2008-07-02 16:42 . 2008-07-02 16:42 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-02 16:33 . 2008-07-02 16:33 25,068,737 --a------ C:\WINDOWS\VPTNFILE.379
2008-07-02 16:33 . 2008-07-02 16:33 25,068,737 --a------ C:\WINDOWS\LPT$VPN.379
2008-07-02 16:30 . 2008-07-02 16:33 <REP> d-------- C:\WINDOWS\AU_Temp
2008-07-02 15:25 . 2008-07-02 15:40 <REP> d-------- C:\Program Files\RegCleaner
2008-07-02 13:15 . 2008-07-03 03:12 636 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-02 13:15 . 2008-07-03 03:12 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-07-02 13:09 . 2008-07-02 13:09 <REP> d-------- C:\Documents and Settings\Cathy\Application Data\Malwarebytes
2008-07-02 13:09 . 2008-07-02 13:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-02 13:05 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-02 13:05 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-02 13:05 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-02 13:05 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-02 13:05 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-02 13:05 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-02 13:05 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-02 13:05 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-02 13:05 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-02 12:56 . 2008-07-02 12:56 <REP> d-------- C:\Program Files\CCleaner
2008-07-02 12:55 . 2008-07-02 13:07 <REP> d-------- C:\SmitfraudFix
2008-07-02 12:44 . 2008-07-02 12:44 1,477,906 --a------ C:\SmitfraudFix.exe
2008-07-01 00:07 . 2008-07-02 00:03 <REP> d-------- C:\Program Files\Everest Poker
2008-06-27 10:49 . 2008-06-27 10:48 29,760 --a------ C:\WINDOWS\system32\bkl67a7s.exe
2008-06-27 10:49 . 2008-06-27 10:49 0 --a------ C:\WINDOWS\system32\bkl67a7s.exe.a_a
2008-06-05 19:04 . 2008-06-05 19:04 <REP> d-------- C:\Program Files\DNA
2008-06-05 19:03 . 2008-06-07 00:51 <REP> d-------- C:\Documents and Settings\Cathy\Application Data\DNA

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 17:50 --------- d-----w C:\Documents and Settings\Cathy\Application Data\AVG7
2008-07-03 17:09 15,771 ----a-w C:\Documents and Settings\LocalService\mpr2.dat
2008-07-03 17:09 15,771 ----a-w C:\Documents and Settings\LocalService\mpr.dat
2008-07-03 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-02 19:17 --------- d--h--w C:\Program Files\Zero G Registry
2008-07-02 19:17 --------- d-----w C:\Program Files\Maple 10
2008-07-02 19:16 --------- d-----w C:\Documents and Settings\Cathy\Application Data\Dev-Cpp
2008-07-02 14:33 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-07-02 14:33 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-07-02 14:33 333,576 ----a-w C:\WINDOWS\TSC.exe
2008-07-02 14:33 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-07-02 00:57 --------- d-----w C:\Documents and Settings\Cathy\Application Data\BitTorrent
2008-06-28 17:56 --------- d-----w C:\Documents and Settings\Thibault\Application Data\AVG7
2008-06-28 17:55 15,771 ----a-w C:\Documents and Settings\Thibault\mpr2.dat
2008-06-28 17:55 15,771 ----a-w C:\Documents and Settings\Thibault\mpr.dat
2008-06-09 21:36 --------- d-----w C:\Program Files\Opera
2008-06-06 14:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-06 14:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-06 14:33 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-05 17:03 --------- d-----w C:\Program Files\BitTorrent
2008-05-24 06:14 --------- d-----w C:\Documents and Settings\Michel\Application Data\AVG7
2008-05-24 06:13 6,640 ----a-w C:\Documents and Settings\Michel\mpr2.dat
2008-05-24 06:13 6,640 ----a-w C:\Documents and Settings\Michel\mpr.dat
2008-05-23 00:43 --------- d-----w C:\Documents and Settings\Thibault\Application Data\BitTorrent
2008-05-21 20:00 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-05-21 20:00 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-05-21 20:00 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-05-08 20:54 --------- d-----w C:\Documents and Settings\Cathy\Application Data\AdobeUM
2008-05-05 15:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 11:45 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 11:41 579584]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2001-11-30 01:02 102453]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 11:45 13312]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 19:14 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 16:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-06-06 02:22 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Barre d'état système d'ATI CATALYST.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Barre d'état système d'ATI CATALYST.lnk
backup=C:\WINDOWS\pss\Barre d'état système d'ATI CATALYST.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
backup=C:\WINDOWS\pss\Démarrage d'Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk
backup=C:\WINDOWS\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
backup=C:\WINDOWS\pss\Microsoft Recherche accélérée.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-06 01:07 61440 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-06-05 19:04 289088 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
--a------ 2007-01-31 07:16 57344 C:\Program Files\MarkAny\ContentSafer\MaAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2002-08-29 11:45 1511453 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
--a------ 2007-09-20 08:23 132624 C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"SCardSvr"=3 (0x3)
"mnmsrvc"=3 (0x3)
"iPod Service"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2004-04-15 11:02]
R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);C:\WINDOWS\System32\drivers\ES1370MP.sys [2001-08-17 21:19]

.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\qttask.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 19:50:02
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-03 19:52:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-03 17:52:25

Pre-Run: 3,232,112,640 octets libres
Post-Run: 3,968,417,792 octets libres

195 --- E O F --- 2008-05-23 11:26:04

vire le fichier smitfraudfix en allant dans poste de travail puis C

SmitfraudFix.exe

__________________

colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://www.pandasoftware.fr/Activescan/Activescan.html

___________________

recolle un hijackhtis et dis tes soucis

Le scan a pris un peu de temps.

Voici le rapport de HiJackThis :

Logfile of HijackThis v1.99.1
Scan saved at 23:25:28, on 03/07/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Cathy\Bureau\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

;***********************************************************­************************************************************­************************************************************­
ANALYSIS: 2008-07-03 23:12:29
PROTECTIONS: 0
MALWARE: 87
SUSPECTS: 4
;***********************************************************­************************************************************­************************************************************­
PROTECTIONS
Description Version Active Updated
;===========================================================­============================================================­============================================================­
;===========================================================­============================================================­============================================================­
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===========================================================­============================================================­============================================================­
00017394 W32/Magistr.B Virus No 0 Yes No H:\Admin\Messageries\Messagerie Netscape-31-07-02.zip[Messageries/Messagerie Netscape/Users/msall/Mail/Trash][Erreuro.bat]
00017394 W32/Magistr.B Virus No 0 Yes No H:\Admin\Messageries\Messagerie Netscape-31-07-02.zip[Messageries/Messagerie Netscape/Users/msall/Mail/Inbox][texte.exe]
00017394 W32/Magistr.B Virus No 0 Yes No H:\Admin\Messageries\Messagerie Netscape-31-07-02.zip[Messageries/Messagerie Netscape/Users/msall/Mail/Inbox][pilote.bat]
00017394 W32/Magistr.B Virus No 0 Yes No H:\Admin\Messageries\Messagerie Netscape-31-07-02.zip[Messageries/Messagerie Netscape/Users/msall/Mail/bug][texte.exe]
00017394 W32/Magistr.B Virus No 0 Yes No H:\Admin\Messageries\Messagerie Netscape-31-07-02.zip[Messageries/Messagerie Netscape/Users/msall/Mail/Inbox][Erreuro.bat]
00017394 W32/Magistr.B Virus No 0 Yes No H:\Admin\Messageries\Messagerie Netscape-31-07-02.zip[Messageries/Messagerie Netscape/Users/msall/Mail/Archives][pilote.bat]
00024402 Exploit/iFrame HackTools No 0 Yes No H:\Admin\Messageries\Messagerie Netscape-31-07-02.zip[Messageries/Messagerie Netscape/Users/msall/Mail/Inbox][~0000320.~]
00024402 Exploit/iFrame HackTools No 0 Yes No H:\Admin\Messageries\Messagerie Netscape-31-07-02.zip[Messageries/Messagerie Netscape/Users/msall/Mail/Trash][~0000075.~]
00057631 W32/Klez.I Virus No 1 Yes No H:\Admin\Messageries\Messagerie Netscape-31-07-02.zip[Messageries/Messagerie Netscape/Users/msall/Mail/Trash][~0000069.~][value.pif]
00057631 W32/Klez.I Virus No 1 Yes No H:\Admin\Messageries\Messagerie Netscape-31-07-02.zip[Messageries/Messagerie Netscape/Users/msall/Mail/Inbox][~0000322.~][value.pif]
00062247 W32/Hybris Virus/Worm No 0 Yes No H:\Admin\Messageries\Messagerie Netscape-31-07-02.zip[Messageries/Messagerie Netscape/Users/msall/Old Mail/Inbox][enano porno.exe]
00062247 W32/Hybris Virus/Worm No 0 Yes No H:\Admin\Messageries\Messagerie Netscape-31-07-02.zip[Messageries/Messagerie Netscape/Users/msall/Old Mail/Inbox][blancheneige.exe]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@tr­afficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@tr­afficmp[2].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@tr­afficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@ca­salemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@ca­salemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@ca­salemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@do­ubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@do­ubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Michel\Cookies\michel@doublecl­ick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Thibault\Cookies\thibault@doub­leclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Michel\Cookies\michel@doublecl­ick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No J:\Window98\Windows-2\Profiles\Michel\Cookies\michel@doublec­lick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Cathy\Cookies\cathy@doubleclic­k[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No J:\Window98\Windows-3\Profiles\Michel\Cookies\michel@doublec­lick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Cathy\Cookies\cathy@doubleclic­k[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Guillaume\Cookies\guillaume@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Thomas\Cookies\thomas@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@at­dmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Michel\Cookies\michel@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Michel\Cookies\michel@atdmt[2]­.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Guillaume\Cookies\guillaume@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Michel\Cookies\michel@atdmt[2]­.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Thibault\Cookies\thibault@atdm­t[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No J:\Window98\Windows-2\Profiles\Michel\Cookies\michel@atdmt[2­].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No J:\Window98\Windows-3\Profiles\Michel\Cookies\michel@atdmt[2­].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@at­dmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Thibault\Cookies\thibault@atdm­t[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Thomas\Cookies\thomas@atdmt[1].txt
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{644D88E9-C31C-4E1F-8AA5-08269A7A0F08}\R­P265\A0134320.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Cathy\Bureau\MSNFix\incl\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Cathy\Cookies\cathy@tradedoubl­er[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Michel\Cookies\michel@tradedou­bler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Thibault\Cookies\thibault@trad­edoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Michel\Cookies\michel@tradedou­bler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Thomas\Cookies\thomas@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Michel\Cookies\michel@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@tr­adedoubler[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@tr­adedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@tr­adedoubler[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Cathy\Cookies\cathy@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Michel\Cookies\michel@247realm­edia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Michel\Cookies\michel@247realm­edia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@24­7realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@24­7realmedia[3].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@24­7realmedia[1].txt
00145427 Cookie/Kazaa Networks TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@de­sktop.kazaa[1].txt
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@ta­rgetnet[1].txt
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@ta­rgetnet[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@fa­stclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@fa­stclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Michel\Cookies\michel@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@fa­stclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@tr­ibalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@tr­ibalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Michel\Cookies\michel@tribalfu­sion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Michel\Cookies\michel@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@tr­ibalfusion[1].txt
00145732 Cookie/Falkag TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@as­-eu.falkag[1].txt
00145732 Cookie/Falkag TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@as­-eu.falkag[2].txt
00145732 Cookie/Falkag TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Michel\Cookies\michel@as-eu.fa­lkag[1].txt
00145732 Cookie/Falkag TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Michel\Cookies\michel@as-eu.fa­lkag[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Cathy\Cookies\cathy@mediaplex[­1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Cathy\Cookies\cathy@mediaplex[­1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Thomas\Cookies\thomas@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@me­diaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@me­diaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Michel\Cookies\michel@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@me­diaplex[2].txt
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@of­feroptimizer[1].txt
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Thibault\Cookies\thibault@myse­arch[2].txt
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Michel\Cookies\michel@mysearch­[2].txt
00145758 Cookie/Mysearch TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Cathy\Cookies\cathy@mysearch[1­].txt
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@sp­ylog[2].txt
00149046 Cookie/Casinotropez TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Michel\Cookies\michel@casinotr­opez[2].txt
00149046 Cookie/Casinotropez TrackingCookie No 0 Yes No C:\Documents and Settings\Thomas\Cookies\thomas@casinotropez[1].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@ma­xserving[2].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@ma­xserving[2].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@be­lnk[1].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@be­lnk[1].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Thibault\Cookies\thibault@beln­k[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@re­venue[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@re­venue[2].txt
00161883 Cookie/Twain-Tech TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@cl­iks[1].txt
00162730 Cookie/Belnk TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@di­st.belnk[2].txt
00162730 Cookie/Belnk TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@di­st.belnk[2].txt
00162730 Cookie/Belnk TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Thibault\Cookies\thibault@dist­.belnk[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Michel\Cookies\michel@com[3].t­xt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@co­m[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@co­m[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Cathy\Cookies\cathy@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Thibault\Cookies\thibault@com[­2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Michel\Cookies\michel@com[1].t­xt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Michel\Cookies\michel@com[2].t­xt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Cathy\Cookies\cathy@yadro[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@ya­dro[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@ya­dro[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Michel\Cookies\michel@xiti[1].­txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Michel\Cookies\michel@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Cathy\Cookies\cathy@xiti[1].tx­t
00167704 Cookie/Xiti TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Michel\Cookies\michel@xiti[1].­txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Guillaume\Cookies\guillaume@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@xi­ti[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Thibault\Cookies\thibault@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Thomas\Cookies\thomas@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Cathy\Cookies\cathy@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@xi­ti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Thibault\Cookies\thibault@xiti­[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@fe­.lea.lycos[1].txt
00167724 Cookie/HotLog TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@ho­tlog[1].txt
00167733 Cookie/Adserver TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@z1­.adserver[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@to­plist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@st­atcounter[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@st­atcounter[3].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Guillaume\Cookies\guillaume@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@st­atcounter[2].txt

C:\Documents and Settings\Michel\Cookies\michel@statcounter[1].txt
00167790 Cookie/Qsrch TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@qs­rch[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@ad­.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Thomas\Cookies\thomas@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@ad­.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Thibault\Cookies\thibault@ad.y­ieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@ad­.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@ap­mebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@ap­mebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Thomas\Cookies\thomas@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@bu­rstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@bu­rstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Cathy\Cookies\cathy@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@se­rving-sys[3].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Michel\Cookies\michel@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@se­rving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@se­rving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Michel\Cookies\michel@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@bs­.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@bs­.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Cathy\Cookies\cathy@bs.serving-sys[1].txt
00168101 Cookie/Falkag TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@as­-us.falkag[1].txt
00168102 Cookie/Falkag TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Michel\Cookies\michel@as1.falk­ag[2].txt
00168102 Cookie/Falkag TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@as­1.falkag[1].txt
00168102 Cookie/Falkag TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Michel\Cookies\michel@as1.falk­ag[2].txt
00168102 Cookie/Falkag TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@as­1.falkag[2].txt
00168102 Cookie/Falkag TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@as­1.falkag[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Cathy\Cookies\cathy@weborama[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Thibault\Cookies\thibault@webo­rama[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No J:\Window98\Windows-3\Profiles\Michel\Cookies\michel@weboram­a[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@we­borama[3].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@we­borama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Michel\Cookies\michel@weborama­[4].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Michel\Cookies\michel@weborama­[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Cathy\Cookies\cathy@weborama[2­].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Michel\Cookies\michel@weborama­[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@we­borama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Thibault\Cookies\thibault@webo­rama[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Thomas\Cookies\thomas@weborama[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No J:\Window98\Windows-2\Profiles\Michel\Cookies\michel@weboram­a[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Thibault\Cookies\thibault@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Guillaume\Cookies\guillaume@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Michel\Cookies\michel@weborama­[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@ad­tech[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Guillaume\Cookies\guillaume@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@ad­tech[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Thibault\Cookies\thibault@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@se­rver.iad.liveperson[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@se­rver.iad.liveperson[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Michel\Cookies\michel@server.i­ad.liveperson[2].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Cathy\Cookies\cathy@fl01.ct2.comclick[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Thomas\Cookies\thomas@fl01.ct2.comclick[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Thibault\Cookies\thibault@adve­rtising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Cathy\Cookies\cathy@advertisin­g[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@ad­vertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@ad­vertising[3].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@ad­vertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Michel\Cookies\michel@advertis­ing[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guillaume\Cookies\guillaume@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Michel\Cookies\michel@advertis­ing[1].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@ad­opt.hbmediapro[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@st­atse.webtrendslive[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@st­atse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@ad­s.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@ad­s.pointroll[3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Michel\Cookies\michel@ads.poin­troll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No J:\Window98\Windows-3\Profiles\Michel\Cookies\michel@ads.poi­ntroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@ad­s.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Michel\Cookies\michel@ads.poin­troll[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Michel\Cookies\michel@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Thomas\Cookies\thomas@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Guillaume\Cookies\guillaume@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@re­almedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@qu­estionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@qu­estionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Guillaume\Cookies\guillaume@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@ze­do[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@ze­do[3].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Thomas\Cookies\thomas@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Thibault\Cookies\thibault@zedo­[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@ze­do[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@bl­uestreak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Michel\Cookies\michel@bluestre­ak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Cathy\Cookies\cathy@bluestreak­[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Thibault\Cookies\thibault@blue­streak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No J:\Profiles\Profiles-12-03-06\Guillaume\Cookies\guillaume@bl­uestreak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Michel\Cookies\michel@bluestreak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Guillaume\Cookies\guillaume@bl­uestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Thomas\Cookies\thomas@bluestreak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Michel\Cookies\michel@bluestre­ak[3].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No J:\Profiles\Profiles-08-05-06\Michel\Cookies\michel@bluestre­ak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Guillaume\Cookies\guillaume@bluestreak[1].txt
00173905 Cookie/Xmts TrackingCookie No