Trojan clicker.cm dur a faire partir

Logiciel & apps Logiciel Général
1

Bjour à tous,
j’ai moi aussi un problème avec le trojan clicker.cm, il se manifeste dès que j’aouvre une page internet.
j’ai bitdefender 10 qui ledéplace car désinfection impossible et malgré cela il revient à chaque fois.Je suis sur xp version familiale sp3.
J’ai utilisé pour nettoyer, ccleaner, glry utility et a-squared free sans résultat.
J’ai vu sur les autres post de faire un scan avec HijackThis, le voici:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50: Bruno, on 14/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ppcbooster\ppcbooster.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Propriétaire\Mes documents\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: DrFlex IE Helper - {8EEB2711-9D21-4f9c-99A1-B7FC5A8CA56A} - C:\Program Files\QdrDrive\QdrDrive20.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 - HKLM…\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM…\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM…\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM…\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM…\Run: [ISUSScheduler] “C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM…\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM…\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM…\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM…\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM…\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM…\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM…\Run: [BDAgent] “C:\Program Files\Softwin\BitDefender10\bdagent.exe”
O4 - HKLM…\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [BitTorrent DNA] “C:\Program Files\DNA\btdna.exe”
O4 - HKCU…\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU…\Run: [TomTomHOME.exe] “C:\Program Files\TomTom HOME 2\HOMERunner.exe”
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - Startup: ppcbooster.lnk = C:\Program Files\ppcbooster\ppcbooster.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.7sur7.be…
O16 - DPF: CabBuilder - kiw.imgag.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - upload.facebook.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - dev.srtest.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - messenger.zone.msn.com
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - www.new2.foto.com
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - dl.google.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - cdn.scan.onecare.live.com
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - runob.spaces.live.com
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - belgacom.extrafilm.be…
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - messenger.zone.msn.com
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - wwwimages.adobe.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe


End of file - 10219 bytes
j’espère que vous pourrez m’aider , d’avance merci bye :slight_smile:

2

Salut
T es infecté !!

Telecharges Malwarebytes

www.clubic.com…

Fais une Analyse COMPLETE en MODE SANS ECHEC + SUPPRESSIONS des infections
poste le rapport

Tutoriel
www.malekal.com…

ensuite rends toi ici Bitdefender online scanner avec Explorer (en modevclassique [www.bitdefender.com...](http://www.bitdefender.com/scan8/ie.html)
N oublies pas de poster le rapport d Malwarebytes !!!!!
relancer hijackthis "Do A System Scan Only"

cocher cette ligne et clic ensuite sur FIX CHECKED

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

Faire
Démarrer==> Exécuter ==> Ecrire: services.msc
Dans le tableau qui s’ouvre chercher : Boonty Games
Double-clic dessus==> dans type de démarrage ==>Désactivé ==> en dessous
Arrêter <== si accessible et Clic ==> OK

supprimer

BOONTY Shared ==> dans C:\Program Files\Fichiers communs\

3

Salut

Fixe sa aussi

4

Bjour n j’ai fait analyse avec Malwarebytes, il m’a trouvé 15 trojans qui ont été supprimés.
Malheureusement lai enregistré le log du scan mais ne le retrouve plus dans mes documents.
C’est surement une fausse manipulation de ma part ,est-ce que je peut passer au reste de ce que tu as écrit sur ton post ou alors les infos de Malwarebytes étaient nécéssaire pour toi?
désolé .

5

Voici le résultat du scan bitdefenders en ligne:

BitDefender Online Scanner

Scan report generated at: Wed, Oct 15, 2008 - 08:24:31

Scan path: C:;D:;

Statistics

Time
01:29:20

Files
386476

Folders
7184

Boot Sectors
0

Archives
16454

Packed Files
26367

Results

Identified Viruses
2

Infected Files
2

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
2

Engines Info

Virus Definitions
1870141

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
16

Archive plugins
43

Unpack plugins
7

E-mail plugins
6

System plugins
4

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\CustomEmoticons\jjMDfiA3VNh2FdkuP2FIzSaY4X2FvQ=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\CustomEmoticons\jjMDfiA3VNh2FdkuP2FIzSaY4X2FvQ=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\CustomEmoticons\JOU9fFgZKIF9GBfCEjX2FU8GwCMA=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\CustomEmoticons\JOU9fFgZKIF9GBfCEjX2FU8GwCMA=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\CustomEmoticons\LESADjCW4WTxUK0+4gr2FsNOEeUU=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\CustomEmoticons\LESADjCW4WTxUK0+4gr2FsNOEeUU=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\CustomEmoticons\llC+pEgkgssNSb72NSaXGAG9YMI=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\CustomEmoticons\llC+pEgkgssNSb72NSaXGAG9YMI=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\CustomEmoticons\lSMOz45CpdxQjaRSHC1PYbyAIKU=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\CustomEmoticons\lSMOz45CpdxQjaRSHC1PYbyAIKU=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\CustomEmoticons\TJr51D0VCGcSnmhy+ryaszgBjLM=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\CustomEmoticons\TJr51D0VCGcSnmhy+ryaszgBjLM=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\axF7a0ekuiAc7WjQjNmjxYpRX6Q=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\axF7a0ekuiAc7WjQjNmjxYpRX6Q=.dt2=>background.jpg
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\axF7a0ekuiAc7WjQjNmjxYpRX6Q=.dt2=>Clocks.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\axF7a0ekuiAc7WjQjNmjxYpRX6Q=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\axF7a0ekuiAc7WjQjNmjxYpRX6Q=.dt2=>downlevel.jpg
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\axF7a0ekuiAc7WjQjNmjxYpRX6Q=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\B3VEl5u5DvNzgIua1+Zd4Uxt2FLs=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\B3VEl5u5DvNzgIua1+Zd4Uxt2FLs=.dt2=>background.jpg
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\B3VEl5u5DvNzgIua1+Zd4Uxt2FLs=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\B3VEl5u5DvNzgIua1+Zd4Uxt2FLs=.dt2=>downlevel.jpg
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\B3VEl5u5DvNzgIua1+Zd4Uxt2FLs=.dt2=>KoiPond.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\B3VEl5u5DvNzgIua1+Zd4Uxt2FLs=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\bnbNScyedcyT5ZuJ4gsiFuvEd+E=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\bnbNScyedcyT5ZuJ4gsiFuvEd+E=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\bnbNScyedcyT5ZuJ4gsiFuvEd+E=.dt2=>3083926f.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\bnbNScyedcyT5ZuJ4gsiFuvEd+E=.dt2=>3083926f.jpg
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\bnbNScyedcyT5ZuJ4gsiFuvEd+E=.dt2=>3083926d.jpg
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\bnbNScyedcyT5ZuJ4gsiFuvEd+E=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\hyiJu8sDcRCbJhl+Ccy2CjQR8lA=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\hyiJu8sDcRCbJhl+Ccy2CjQR8lA=.dt2=>background.jpg
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\hyiJu8sDcRCbJhl+Ccy2CjQR8lA=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\hyiJu8sDcRCbJhl+Ccy2CjQR8lA=.dt2=>downlevel.jpg
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\hyiJu8sDcRCbJhl+Ccy2CjQR8lA=.dt2=>mad_scientist.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\hyiJu8sDcRCbJhl+Ccy2CjQR8lA=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\jdI6F7DFhC2OSW2FJWOBKjulvAds=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\jdI6F7DFhC2OSW2FJWOBKjulvAds=.dt2=>Background.jpg
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\jdI6F7DFhC2OSW2FJWOBKjulvAds=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\jdI6F7DFhC2OSW2FJWOBKjulvAds=.dt2=>downlevel.jpg
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\jdI6F7DFhC2OSW2FJWOBKjulvAds=.dt2=>Pixies.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\DynamicBackgrounds\jdI6F7DFhC2OSW2FJWOBKjulvAds=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\objectstore.v2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\UserTile
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\UserTile\13kMjESRua4c+3MKiAgTwOQl0vw=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\UserTile\13kMjESRua4c+3MKiAgTwOQl0vw=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\UserTile\1dn0sxfe4NI68Qve7LloCgi5vCY=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\UserTile\1dn0sxfe4NI68Qve7LloCgi5vCY=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\UserTile\EBFwRGyqMldsvwqQP4arJO9wM3Q=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\UserTile\EBFwRGyqMldsvwqQP4arJO9wM3Q=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\UserTile\LvdOA8wBDVirVINRjMqzppG9Uhk=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\UserTile\LvdOA8wBDVirVINRjMqzppG9Uhk=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\UserTile\rTORQ6Y5FumqJchZFviPkY3pVnw=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\UserTile\rTORQ6Y5FumqJchZFviPkY3pVnw=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3+8UdQGeB2FwWIYG+mC+vuvUy9zEw=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3+8UdQGeB2FwWIYG+mC+vuvUy9zEw=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3+8UdQGeB2FwWIYG+mC+vuvUy9zEw=.dt2=>notes.png
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3+8UdQGeB2FwWIYG+mC+vuvUy9zEw=.dt2=>notes.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3+8UdQGeB2FwWIYG+mC+vuvUy9zEw=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\72FjqK0b2FzFkbJWZ+BlMs1OxQprI=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\72FjqK0b2FzFkbJWZ+BlMs1OxQprI=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\72FjqK0b2FzFkbJWZ+BlMs1OxQprI=.dt2=>bouncy_ball.png
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\72FjqK0b2FzFkbJWZ+BlMs1OxQprI=.dt2=>bouncy_ball.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\72FjqK0b2FzFkbJWZ+BlMs1OxQprI=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\alxGH2FFbmTzeLEdtRHmv6GBUzdw=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\alxGH2FFbmTzeLEdtRHmv6GBUzdw=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\alxGH2FFbmTzeLEdtRHmv6GBUzdw=.dt2=>kiss.png
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\alxGH2FFbmTzeLEdtRHmv6GBUzdw=.dt2=>kiss.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\alxGH2FFbmTzeLEdtRHmv6GBUzdw=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\AzBXDxf+Tcdvcans2TCRnoXh2Fjg=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\AzBXDxf+Tcdvcans2TCRnoXh2Fjg=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\AzBXDxf+Tcdvcans2TCRnoXh2Fjg=.dt2=>guitar_smash.png
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\AzBXDxf+Tcdvcans2TCRnoXh2Fjg=.dt2=>guitar_smash.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\AzBXDxf+Tcdvcans2TCRnoXh2Fjg=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\enMqwlYLN4AvpmaOrIfYLWsVAdA=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\enMqwlYLN4AvpmaOrIfYLWsVAdA=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\enMqwlYLN4AvpmaOrIfYLWsVAdA=.dt2=>eyeball.png
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\enMqwlYLN4AvpmaOrIfYLWsVAdA=.dt2=>eyeball.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\enMqwlYLN4AvpmaOrIfYLWsVAdA=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\hLeQUc1CsKf7n3K8UdkD1GYPcVs=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\hLeQUc1CsKf7n3K8UdkD1GYPcVs=.dt2=>0000000001_000000000000000416224.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\hLeQUc1CsKf7n3K8UdkD1GYPcVs=.dt2=>0000000001_000000000000000416225.gif
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\hLeQUc1CsKf7n3K8UdkD1GYPcVs=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\hLeQUc1CsKf7n3K8UdkD1GYPcVs=.dt2=>content.xml=>(unicode)
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\hLeQUc1CsKf7n3K8UdkD1GYPcVs=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\ioAfCdA6Kn0hKsu+Ga1jHJ1UCG8=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\ioAfCdA6Kn0hKsu+Ga1jHJ1UCG8=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\ioAfCdA6Kn0hKsu+Ga1jHJ1UCG8=.dt2=>lipstick_girl.png
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\ioAfCdA6Kn0hKsu+Ga1jHJ1UCG8=.dt2=>lipstick_girl.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\ioAfCdA6Kn0hKsu+Ga1jHJ1UCG8=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\J9+5k2FTpQP6WuWOj5y0n41qN5dc=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\J9+5k2FTpQP6WuWOj5y0n41qN5dc=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\J9+5k2FTpQP6WuWOj5y0n41qN5dc=.dt2=>frog.png
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\J9+5k2FTpQP6WuWOj5y0n41qN5dc=.dt2=>frog.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\J9+5k2FTpQP6WuWOj5y0n41qN5dc=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\lnHW2s0zHIsgKVjOiirk1ZBZ54g=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\lnHW2s0zHIsgKVjOiirk1ZBZ54g=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\lnHW2s0zHIsgKVjOiirk1ZBZ54g=.dt2=>silly_face.png
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\lnHW2s0zHIsgKVjOiirk1ZBZ54g=.dt2=>silly_face.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\lnHW2s0zHIsgKVjOiirk1ZBZ54g=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\MzanCNJjy1ea4cSMe2FxOw+A5+Nc=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\MzanCNJjy1ea4cSMe2FxOw+A5+Nc=.dt2=>Preview_10069.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\MzanCNJjy1ea4cSMe2FxOw+A5+Nc=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\MzanCNJjy1ea4cSMe2FxOw+A5+Nc=.dt2=>ThumbnailSmall_10069.gif
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\MzanCNJjy1ea4cSMe2FxOw+A5+Nc=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\Nt2FqWL50Iag4EvPJjVS0IoDBFQ4=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\Nt2FqWL50Iag4EvPJjVS0IoDBFQ4=.dt2=>bow.jpg
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\Nt2FqWL50Iag4EvPJjVS0IoDBFQ4=.dt2=>bow.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\Nt2FqWL50Iag4EvPJjVS0IoDBFQ4=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\Nt2FqWL50Iag4EvPJjVS0IoDBFQ4=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\rTeUDzJzwMepiafQ4bVfqDvados=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\rTeUDzJzwMepiafQ4bVfqDvados=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\rTeUDzJzwMepiafQ4bVfqDvados=.dt2=>dancing_pig.png
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\rTeUDzJzwMepiafQ4bVfqDvados=.dt2=>dancing_pig.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\rTeUDzJzwMepiafQ4bVfqDvados=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\rXcZb6ekO9S3jB29KleJkBOXYmY=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\rXcZb6ekO9S3jB29KleJkBOXYmY=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\rXcZb6ekO9S3jB29KleJkBOXYmY=.dt2=>knock.png
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\rXcZb6ekO9S3jB29KleJkBOXYmY=.dt2=>knock.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\rXcZb6ekO9S3jB29KleJkBOXYmY=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\Sgj64GS+QyVyVxkslxY2FFsRARkg=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\Sgj64GS+QyVyVxkslxY2FFsRARkg=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\Sgj64GS+QyVyVxkslxY2FFsRARkg=.dt2=>heart.png
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\Sgj64GS+QyVyVxkslxY2FFsRARkg=.dt2=>heart.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\Sgj64GS+QyVyVxkslxY2FFsRARkg=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\SrJJm7YJAcA15VowAhBWXri5yLc=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\SrJJm7YJAcA15VowAhBWXri5yLc=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\SrJJm7YJAcA15VowAhBWXri5yLc=.dt2=>stars.png
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\SrJJm7YJAcA15VowAhBWXri5yLc=.dt2=>stars.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\SrJJm7YJAcA15VowAhBWXri5yLc=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\tn+dOhziBZ+E4zoUS7frcglxoz0=.dt2
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\tn+dOhziBZ+E4zoUS7frcglxoz0=.dt2=>content.xml
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\tn+dOhziBZ+E4zoUS7frcglxoz0=.dt2=>love_letter.png
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\tn+dOhziBZ+E4zoUS7frcglxoz0=.dt2=>love_letter.swf
Clean

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Messenger\thebruno8@msn.com\ObjectStore\Winks3\tn+dOhziBZ+E4zoUS7frcglxoz0=.id2
Clean

C:\Documents and Settings\HP_Propriétaire\Mes documents\LimeWire\Radiotracker Platinum Multilangual 4 1 36 0+Crack [nfs][h33t].zip=>crack/crack.exe
Infected with: Trojan.Downloader.JLAZ

C:\Documents and Settings\HP_Propriétaire\Mes documents\LimeWire\Radiotracker Platinum Multilangual 4 1 36 0+Crack [nfs][h33t].zip=>crack/crack.exe
Deleted

C:\Documents and Settings\HP_Propriétaire\Mes documents\LimeWire\Radiotracker Platinum Multilangual 4 1 36 0+Crack [nfs][h33t].zip
Updated

C:\Documents and Settings\HP_Propriétaire\Mes documents\prog & jeux\Licence_Kaspersky_illimit_.rar=>Kaspersky illimit? V7.exe
Infected with: Trojan.Generic.389669

C:\Documents and Settings\HP_Propriétaire\Mes documents\prog & jeux\Licence_Kaspersky_illimit_.rar=>Kaspersky illimit? V7.exe
Deleted

C:\Documents and Settings\HP_Propriétaire\Mes documents\prog & jeux\Licence_Kaspersky_illimit_.rar
Update failed

6

Après toutes les manip voici le scan de hijackthis
( pour réponse à guigui 14100 je n’ai pas trouve les 2 lignes nomées si haut?)
Encore merci pour votre aide…

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43: Bruno, on 15/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ppcbooster\ppcbooster.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Propriétaire\Mes documents\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 - HKLM…\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM…\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM…\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM…\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM…\Run: [ISUSScheduler] “C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM…\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM…\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM…\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM…\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM…\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM…\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM…\Run: [BDAgent] “C:\Program Files\Softwin\BitDefender10\bdagent.exe”
O4 - HKLM…\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [BitTorrent DNA] “C:\Program Files\DNA\btdna.exe”
O4 - HKCU…\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - Startup: ppcbooster.lnk = C:\Program Files\ppcbooster\ppcbooster.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.7sur7.be…
O16 - DPF: CabBuilder - kiw.imgag.com…
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - upload.facebook.com…
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - dev.srtest.com…
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - messenger.zone.msn.com…
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - www.new2.foto.com…
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com…
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - dl.google.com…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com…
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - cdn.scan.onecare.live.com…
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - runob.spaces.live.com…
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - belgacom.extrafilm.be…
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - messenger.zone.msn.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - wwwimages.adobe.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe


End of file - 10498 bytes

7

Upload sa sur virus total

Et colle le rapport voir tutorial

MBAM a du les supprimer :wink:

8

slt voici le résultat du scan…

ppcbooster.exe reçu le 2008.10.15 00:04:55 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.15.0 2008.10.14 -
AntiVir 7.8.1.34 2008.10.14 TR/Agent.P.245
Authentium 5.1.0.4 2008.10.14 -
Avast 4.8.1248.0 2008.10.14 -
AVG 8.0.0.161 2008.10.14 -
BitDefender 7.2 2008.10.14 -
CAT-QuickHeal 9.50 2008.10.14 -
ClamAV 0.93.1 2008.10.15 -
DrWeb 4.44.0.09170 2008.10.14 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6147 2008.10.14 -
Ewido 4.0 2008.10.14 -
F-Prot 4.4.4.56 2008.10.14 -
F-Secure 8.0.14332.0 2008.10.14 -
Fortinet 3.113.0.0 2008.10.14 -
GData 19 2008.10.14 -
Ikarus T3.1.1.34.0 2008.10.14 -
K7AntiVirus 7.10.493 2008.10.14 -
Kaspersky 7.0.0.125 2008.10.14 -
McAfee 5405 2008.10.14 -
Microsoft 1.4005 2008.10.14 -
NOD32 3522 2008.10.14 -
Norman 5.80.02 2008.10.14 -
Panda 9.0.0.4 2008.10.14 -
PCTools 4.4.2.0 2008.10.14 -
Prevx1 V2 2008.10.15 -
Rising 20.66.12.00 2008.10.14 -
SecureWeb-Gateway 6.7.6 2008.10.14 Trojan.Agent.P.245
Sophos 4.34.0 2008.10.14 -
Sunbelt 3.1.1722.1 2008.10.14 -
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.110 2008.10.14 -
TrendMicro 8.700.0.1004 2008.10.14 -
VBA32 3.12.8.6 2008.10.14 -
ViRobot 2008.10.14.1419 2008.10.14 -
VirusBuster 4.5.11.0 2008.10.14 -

Information additionnelle
File size: 24576 bytes
MD5…: fae15a791ea261f454f5e977dbee53b7
SHA1…: fb5428f20d761a8764b4e146f521c3e430f56e30
SHA256: e4ffee74d71d993b874445206b3852d94d867056b6efcfe4263f2102797295ef
SHA512: 32e94b1d56799c8f4dcb927a18690e46ba907b8cca440a858e8796eead9c86f6
edd26358a9a2a4100063a853ae1521f790aab0518c0f28c99e702f9240a16c97
PEiD…: -
TrID…: File type identification
Win32 Executable Microsoft Visual Basic 6 (96.9%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401360
timedatestamp…: 0x48ecd18e (Wed Oct 08 15:28:14 2008)
machinetype…: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2038 0x3000 3.96 de257985d3fc31d051b5f71b0fe1dc67
.data 0x4000 0xa14 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x5000 0x8e0 0x1000 1.91 c1adb348478cca8b36995261392e7900

( 1 imports )
> MSVBVM60.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, _adj_fdiv_m64, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, _adj_fdivr_m16i, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaObjVar, DllFunctionCall, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, __vbaStrToUnicode, -, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaVarSetVar, __vbaI4Var, __vbaLateMemCall, __vbaStrToAnsi, __vbaVarCopy, -, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

( 0 exports )

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.15.0 2008.10.14 -
AntiVir 7.8.1.34 2008.10.14 TR/Agent.P.245
Authentium 5.1.0.4 2008.10.14 -
Avast 4.8.1248.0 2008.10.14 -
AVG 8.0.0.161 2008.10.14 -
BitDefender 7.2 2008.10.14 -
CAT-QuickHeal 9.50 2008.10.14 -
ClamAV 0.93.1 2008.10.15 -
DrWeb 4.44.0.09170 2008.10.14 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6147 2008.10.14 -
Ewido 4.0 2008.10.14 -
F-Prot 4.4.4.56 2008.10.14 -
F-Secure 8.0.14332.0 2008.10.14 -
Fortinet 3.113.0.0 2008.10.14 -
GData 19 2008.10.14 -
Ikarus T3.1.1.34.0 2008.10.14 -
K7AntiVirus 7.10.493 2008.10.14 -
Kaspersky 7.0.0.125 2008.10.14 -
McAfee 5405 2008.10.14 -
Microsoft 1.4005 2008.10.14 -
NOD32 3522 2008.10.14 -
Norman 5.80.02 2008.10.14 -
Panda 9.0.0.4 2008.10.14 -
PCTools 4.4.2.0 2008.10.14 -
Prevx1 V2 2008.10.15 -
Rising 20.66.12.00 2008.10.14 -
SecureWeb-Gateway 6.7.6 2008.10.14 Trojan.Agent.P.245
Sophos 4.34.0 2008.10.14 -
Sunbelt 3.1.1722.1 2008.10.14 -
Symantec 10 2008.10.14 -
TheHacker 6.3.1.0.110 2008.10.14 -
TrendMicro 8.700.0.1004 2008.10.14 -
VBA32 3.12.8.6 2008.10.14 -
ViRobot 2008.10.14.1419 2008.10.14 -
VirusBuster 4.5.11.0 2008.10.14 -

Information additionnelle
File size: 24576 bytes
MD5…: fae15a791ea261f454f5e977dbee53b7
SHA1…: fb5428f20d761a8764b4e146f521c3e430f56e30
SHA256: e4ffee74d71d993b874445206b3852d94d867056b6efcfe4263f2102797295ef
SHA512: 32e94b1d56799c8f4dcb927a18690e46ba907b8cca440a858e8796eead9c86f6
edd26358a9a2a4100063a853ae1521f790aab0518c0f28c99e702f9240a16c97
PEiD…: -
TrID…: File type identification
Win32 Executable Microsoft Visual Basic 6 (96.9%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401360
timedatestamp…: 0x48ecd18e (Wed Oct 08 15:28:14 2008)
machinetype…: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2038 0x3000 3.96 de257985d3fc31d051b5f71b0fe1dc67
.data 0x4000 0xa14 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x5000 0x8e0 0x1000 1.91 c1adb348478cca8b36995261392e7900

( 1 imports )
> MSVBVM60.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, _adj_fdiv_m64, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, _adj_fdivr_m16i, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaObjVar, DllFunctionCall, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, __vbaStrToUnicode, -, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaVarSetVar, __vbaI4Var, __vbaLateMemCall, __vbaStrToAnsi, __vbaVarCopy, -, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

( 0 exports )

9

2 résultat positif pour un malware…

Upload le fichier sur uploads.malwarebytes.org…[/url] afin que les éditeur de MBAM l’analyse et la [url=http://upload.malekal.com/]upload.malekal.com…

Supprime le fichier avec file assasin qui se trouve dans MBAM dans l’onglet autre outils

10

Ecoute j’ai fait upload du fichier C:\Program Files\ppcbooster\ppcbooster.exe et la j’ai eu comme message erreur : There was an error uploading the file .
Est ce le bon fichier a uploader?

11

Ok pas grave supprime le comme je t’ai dit

12

voila c fait, je vais attendre un peut pour voir le résultat?

13

Eh bien voila apparement plus de trace de virus :slight_smile: un grand merci pour votre disponibilite.
Merci a cricri58 et guigui14100 bye:clap:

14

De rien bonne journée :wink:

15

Ok

ouvre kijackthis
clique sur
Do a System scan Only
Coches ces lignes

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM…\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

cliques sur Fix checked

C:\WINDOWS\ALCXMNTR.EXE
est un logiciel espion de ( Realtek AC 97 ) pas bien dangereux ,(un petit Spyware )

autrement comme c est Ok !!!

16

Il n’est plus présent le spyware realtek la supprimer il y a déja un moment :wink:

17

salut

oui est a quel " moment " !!!dans le 2 eme log elle est encore là !!:wink:

poste un nouveau Log Hijackthis runob68 que l on voit si la ligne O4 - HKLM…\Run: [AlcxMonitor] ALCXMNTR.EXE est toujours présente
a moins que tu ne lai déja fixée,??,

18

Le fichier est toujours la mais l’espion dedans a été supprimer mais bon personnellement sa ne sert a rien le mieux est juste d’installer le driver :wink:

19

OUi B’soir à tous , j’ai été prit par mon travail et je n’ai pas su répondre avant, désolé.
En éffet le trojan clickers cm est encore présent sur mon pc, je poste un dernier log de hijackthis, mci pour votre aide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01: Bruno, on 20/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\HP_Propriétaire\Mes documents\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 - HKLM…\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM…\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM…\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM…\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM…\Run: [ISUSScheduler] “C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM…\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM…\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM…\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM…\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM…\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM…\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM…\Run: [BDAgent] “C:\Program Files\Softwin\BitDefender10\bdagent.exe”
O4 - HKLM…\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [BitTorrent DNA] “C:\Program Files\DNA\btdna.exe”
O4 - HKCU…\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.7sur7.be…
O16 - DPF: CabBuilder - kiw.imgag.com…
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - upload.facebook.com…
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - dev.srtest.com…
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - messenger.zone.msn.com…
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - www.new2.foto.com…
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com…
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - dl.google.com…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com…
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - cdn.scan.onecare.live.com…
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - runob.spaces.live.com…
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - belgacom.extrafilm.be…
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - messenger.zone.msn.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - wwwimages.adobe.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe


End of file - 10707 bytes

20

Il a lair clean ton hijackthis.

Tu as pas mal de logiciel inutile qui démarre au démarrage