Votre question

[Resolu]Virus Win32

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Février 2008 13:10:44

Bonjour,

J'ai un virus win32, je ne sais pas comment l'enlever. Pouvez-vous m'aider?

Merci

Autres pages sur : resolu virus win32

23 Février 2008 13:18:54

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:19:01, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\PSIService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\WINDOWS\system32\LVCOMSX.EXE
H:\Program Files\Logitech\Video\LogiTray.exe
H:\Program Files\Winamp\winampa.exe
H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Search Settings\SearchSettings.exe
H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Picasa2\PicasaMediaDetector.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\OpenOffice.org 2.2\program\soffice.exe
H:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
H:\Program Files\Logitech\Video\FxSvr2.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\MSN Messenger\msnmsgr.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb126\SearchSettings.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - H:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - H:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - H:\WINDOWS\system32\wvutrqq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {2aec8fb5-379f-5128-2324-875082063c09} - {90c36028-0578-4232-8215-f9735bf8cea2} - H:\WINDOWS\system32\bowdfycw.dll (file missing)
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - H:\WINDOWS\system32\.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb126\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] H:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] H:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] H:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [H2O] H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SMSTray] H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SearchSettings] H:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "H:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: wvutrqq - H:\WINDOWS\SYSTEM32\wvutrqq.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exe

--
End of file - 8278 bytes
Contenus similaires
23 Février 2008 13:58:15

:hello:  Merci de faire la procédure suivante en entier !!!

Citation :
Infection Vundo / Virtumonde


1) Affiche les fichiers et dossiers cachés …
Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
Ensuite, clique sur > Outils > Options des dossiers ...
clique sur l' onglet « Affichage » et ...
coche ---> Afficher les fichiers et dossiers cachés
décoche > Masquer les extensions des fichiers dont le type est connu
décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
« Appliquer » et « OK ».

2) Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

http://www.atribune.org/ccount/click.php?id=4

  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

    Note:
    Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".

    3) Téléchargez VirtumundoBeGone sur votre bureau : http://secured2k.home.comcast.net/tools/VirtumundoBeGon...

    Double-cliquez ensuite sur VirtumundoBeGone.exe et suivez les instructions qui s'affichent à l'écran.

    Une fois terminé, redémarrez votre PC.

    PS : Ne vous inquiètez pas si vous voyez un écran bleu "Erreur fatale", c'est normal.

    Poste le rapport généré par VirtumundoBeGone ^^

    4) Télécharge Combofix de sUBs :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos-f45/tutorial-combofi...

    Redémarre en mode sans échecs : aide ici >>>

    http://forum.telecharger.01net.com/telecharger/virus_et...
    /!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.


    5) Copie/colle un nouveau rapport HiJackThis avec.
    23 Février 2008 14:39:28

    Voici le rapport vundofix :


    VundoFix V6.7.7

    Checking Java version...

    Scan started at 17:43:46 05/01/2008

    Listing files found while scanning....

    H:\WINDOWS\system32\awtsqol.dll
    H:\WINDOWS\system32\awtttqp.dll
    H:\WINDOWS\system32\bowdfycw.dll
    H:\WINDOWS\system32\ddcbbba.dll
    H:\WINDOWS\system32\ddccd.dll
    H:\WINDOWS\system32\ddcywwx.dll
    H:\WINDOWS\system32\hgggfec.dll
    H:\WINDOWS\system32\iiffgef.dll
    H:\WINDOWS\system32\jjkkj.ini
    H:\WINDOWS\system32\jjkkj.ini2
    H:\WINDOWS\system32\jkkhfdc.dll
    H:\WINDOWS\system32\jkkjj.exe
    H:\WINDOWS\system32\jkkkhed.dll
    H:\WINDOWS\system32\mljghff.dll
    H:\WINDOWS\system32\mljghhg.dll
    H:\WINDOWS\system32\mljihfg.dll
    H:\WINDOWS\system32\qomkkih.dll
    H:\WINDOWS\system32\ssqnkkl.dll
    H:\WINDOWS\system32\tuvvuvw.dll
    H:\WINDOWS\system32\urqnkji.dll
    H:\WINDOWS\system32\wvusrpo.dll
    H:\WINDOWS\system32\xxywvvv.dll
    H:\WINDOWS\system32\yayaaxv.dll
    H:\WINDOWS\system32\ybdsqfpr.dll

    Beginning removal...

    Attempting to delete H:\WINDOWS\system32\awtsqol.dll
    H:\WINDOWS\system32\awtsqol.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\awtttqp.dll
    H:\WINDOWS\system32\awtttqp.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\bowdfycw.dll
    H:\WINDOWS\system32\bowdfycw.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\ddcbbba.dll
    H:\WINDOWS\system32\ddcbbba.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\ddccd.dll
    H:\WINDOWS\system32\ddccd.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\ddcywwx.dll
    H:\WINDOWS\system32\ddcywwx.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\hgggfec.dll
    H:\WINDOWS\system32\hgggfec.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\iiffgef.dll
    H:\WINDOWS\system32\iiffgef.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\jjkkj.ini
    H:\WINDOWS\system32\jjkkj.ini Has been deleted!

    Attempting to delete H:\WINDOWS\system32\jjkkj.ini2
    H:\WINDOWS\system32\jjkkj.ini2 Has been deleted!

    Attempting to delete H:\WINDOWS\system32\jkkhfdc.dll
    H:\WINDOWS\system32\jkkhfdc.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\jkkjj.exe
    H:\WINDOWS\system32\jkkjj.exe Has been deleted!

    Attempting to delete H:\WINDOWS\system32\jkkkhed.dll
    H:\WINDOWS\system32\jkkkhed.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\mljghff.dll
    H:\WINDOWS\system32\mljghff.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\mljghhg.dll
    H:\WINDOWS\system32\mljghhg.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\mljihfg.dll
    H:\WINDOWS\system32\mljihfg.dll Could not be deleted.

    Attempting to delete H:\WINDOWS\system32\qomkkih.dll
    H:\WINDOWS\system32\qomkkih.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\ssqnkkl.dll
    H:\WINDOWS\system32\ssqnkkl.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\tuvvuvw.dll
    H:\WINDOWS\system32\tuvvuvw.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\urqnkji.dll
    H:\WINDOWS\system32\urqnkji.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\wvusrpo.dll
    H:\WINDOWS\system32\wvusrpo.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\xxywvvv.dll
    H:\WINDOWS\system32\xxywvvv.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\yayaaxv.dll
    H:\WINDOWS\system32\yayaaxv.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\ybdsqfpr.dll
    H:\WINDOWS\system32\ybdsqfpr.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete H:\WINDOWS\system32\mljihfg.dll
    H:\WINDOWS\system32\mljihfg.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.8

    Checking Java version...

    Scan started at 14:15:01 24/02/2008

    Listing files found while scanning....

    H:\windows\system32\awtqo.dll
    H:\windows\system32\jkhhe.dll
    H:\WINDOWS\system32\wvutrqq.dll

    Beginning removal...

    Attempting to delete H:\windows\system32\awtqo.dll
    H:\windows\system32\awtqo.dll Has been deleted!

    Attempting to delete H:\windows\system32\jkhhe.dll
    H:\windows\system32\jkhhe.dll Has been deleted!

    Attempting to delete H:\WINDOWS\system32\wvutrqq.dll
    H:\WINDOWS\system32\wvutrqq.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!




    Et voici le rapport Hijackthis :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:39:39, on 24/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    H:\WINDOWS\system32\nvsvc32.exe
    H:\WINDOWS\system32\PnkBstrA.exe
    H:\WINDOWS\system32\PSIService.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\Explorer.EXE
    H:\WINDOWS\SOUNDMAN.EXE
    H:\WINDOWS\system32\RUNDLL32.EXE
    H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    H:\WINDOWS\system32\LVCOMSX.EXE
    H:\Program Files\Logitech\Video\LogiTray.exe
    H:\Program Files\Winamp\winampa.exe
    H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    H:\Program Files\Search Settings\SearchSettings.exe
    H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    H:\Program Files\MSN Messenger\MsnMsgr.Exe
    H:\Program Files\Skype\Phone\Skype.exe
    H:\Program Files\Picasa2\PicasaMediaDetector.exe
    H:\Program Files\Logitech\Video\FxSvr2.exe
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    H:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    H:\Program Files\Internet Explorer\iexplore.exe
    H:\Program Files\MSN Messenger\usnsvc.exe
    H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb126\SearchSettings.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - H:\WINDOWS\system32\iebrowserc.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - H:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: {2aec8fb5-379f-5128-2324-875082063c09} - {90c36028-0578-4232-8215-f9735bf8cea2} - H:\WINDOWS\system32\bowdfycw.dll (file missing)
    O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - H:\WINDOWS\system32\.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb126\SearchSettings.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [LVCOMSX] H:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] H:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] H:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [H2O] H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [SMSTray] H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SearchSettings] H:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Corel Photo Downloader] "H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "H:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.2.lnk = H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exe

    --
    End of file - 8116 bytes
    23 Février 2008 16:26:32

    J'attends la suite :p 
    23 Février 2008 21:09:22


    [02/24/2008, 21:09:28] - VirtumundoBeGone v1.5 ( "H:\Documents and Settings\Laura\Bureau\VirtumundoBeGone.exe" )
    [02/24/2008, 21:09:31] - Detected System Information:
    [02/24/2008, 21:09:31] - Windows Version: 5.1.2600, Service Pack 2
    [02/24/2008, 21:09:31] - Current Username: Laura (Admin)
    [02/24/2008, 21:09:31] - Windows is in NORMAL mode.
    [02/24/2008, 21:09:31] - Searching for Browser Helper Objects:
    [02/24/2008, 21:09:31] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [02/24/2008, 21:09:31] - BHO 2: {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} (BrowserCmp)
    [02/24/2008, 21:09:31] - BHO 3: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
    [02/24/2008, 21:09:31] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [02/24/2008, 21:09:31] - BHO 5: {90c36028-0578-4232-8215-f9735bf8cea2} ()
    [02/24/2008, 21:09:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/24/2008, 21:09:31] - Checking for HKLM\...\Winlogon\Notify\bowdfycw
    [02/24/2008, 21:09:31] - Key not found: HKLM\...\Winlogon\Notify\bowdfycw, continuing.
    [02/24/2008, 21:09:31] - BHO 6: {9C8A568E-4201-478a-8536-526CF371D2E2} (ads_optimizer)
    [02/24/2008, 21:09:31] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [02/24/2008, 21:09:31] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [02/24/2008, 21:09:31] - BHO 9: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} (SearchSettings Class)
    [02/24/2008, 21:09:31] - Finished Searching Browser Helper Objects
    [02/24/2008, 21:09:31] - Finishing up...
    [02/24/2008, 21:09:31] - Nothing found! Exiting...
    23 Février 2008 21:37:01

    ComboFix 08-02-23.2 - Laura 2008-02-24 21:28:31.9 - NTFSx86 MINIMAL
    Endroit: H:\Documents and Settings\Laura\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-24 to 2008-02-24 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-24 14:30 . 2008-02-24 14:30 24,576 --a------ H:\WINDOWS\system32\VundoFixSVC.exe
    2008-02-24 14:15 . 2008-02-24 14:40 <REP> d-------- H:\VundoFix Backups
    2008-02-21 20:48 . 2008-02-21 20:48 26,048 --------- H:\WINDOWS\system32\wvutrqq.dll
    2008-02-20 19:04 . 2008-02-20 19:04 <REP> d-------- H:\WINDOWS\system32\fr-fr
    2008-02-13 20:01 . 1998-06-16 23:00 516,173 --a------ H:\WINDOWS\system32\MSVCP60D.DLL
    2008-02-13 20:01 . 1998-06-16 23:00 385,100 --a------ H:\WINDOWS\system32\MSVCRTD.DLL
    2008-02-13 20:01 . 2003-08-07 15:01 237,568 --a------ H:\WINDOWS\system32\lame_enc.dll
    2008-02-12 22:30 . 2008-02-14 00:21 <REP> d-------- H:\Program Files\Dealio
    2008-02-12 22:29 . 2005-02-24 12:10 2,084,864 --a------ H:\WINDOWS\system32\AudDesign.dll
    2008-02-12 22:29 . 2005-03-11 17:37 1,986,560 --a------ H:\WINDOWS\system32\AudFile.dll
    2008-02-12 22:29 . 2005-02-24 12:11 1,212,416 --a------ H:\WINDOWS\system32\AudioInfos.dll
    2008-02-12 22:29 . 2005-02-24 12:11 479,232 --a------ H:\WINDOWS\system32\AudioVisu.dll
    2008-02-12 22:29 . 2005-02-24 15:21 458,752 --a------ H:\WINDOWS\system32\AudPlayer.dll
    2008-02-12 22:29 . 2005-03-10 16:00 454,656 --a------ H:\WINDOWS\system32\AudioRecord.dll
    2008-02-12 22:29 . 2005-02-24 12:10 417,792 --a------ H:\WINDOWS\system32\AudDisplay.dll
    2008-02-12 22:29 . 2005-02-24 11:51 348,160 --a------ H:\WINDOWS\system32\WMAFile.dll
    2008-02-12 22:29 . 2005-01-10 12:54 116,296 --a------ H:\WINDOWS\system32\NCTWMAProfiles.prx
    2008-02-12 20:13 . 2008-02-24 21:08 80,090 --a------ H:\WINDOWS\system32\adssite-remove.exe
    2008-02-11 20:37 . 2008-02-11 20:37 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\Corel
    2008-02-11 16:44 . 2008-02-11 16:44 <REP> d-------- H:\Documents and Settings\Laura\Application Data\Corel
    2008-02-11 16:44 . 2008-02-20 18:16 88 -r-hs---- H:\WINDOWS\system32\EE4EB6D6A9.sys
    2008-02-11 16:38 . 2008-02-11 16:40 <REP> d-------- H:\Program Files\Fichiers communs\Corel
    2008-02-11 16:30 . 2008-02-11 16:44 <REP> d-------- H:\Documents and Settings\All Users\Application Data\Corel
    2008-02-11 16:27 . 2008-02-20 18:16 2,516 --ahs---- H:\WINDOWS\system32\KGyGaAvL.sys
    2008-02-11 16:25 . 2008-02-11 16:38 <REP> d-------- H:\Program Files\Corel
    2008-02-11 16:25 . 2008-02-11 16:25 <REP> d-------- H:\Documents and Settings\Laura\Application Data\InstallShield
    2008-02-09 19:07 . 2008-02-09 19:07 <REP> d-------- H:\Program Files\VirtualDJ
    2008-02-09 18:49 . 2008-02-09 18:49 <REP> d-------- H:\Program Files\MyXOFT
    2008-02-09 18:49 . 2008-02-09 18:50 <REP> d-------- H:\Documents and Settings\Antoine\DSS DJ Data
    2008-02-09 18:49 . 2006-12-01 22:03 626,688 --a------ H:\WINDOWS\system32\msvcr80.dll
    2008-02-09 18:49 . 2006-12-01 22:03 548,864 --a------ H:\WINDOWS\system32\msvcp80.dll
    2008-02-09 18:49 . 2006-12-02 06:22 479,232 --a------ H:\WINDOWS\system32\msvcm80.dll
    2008-02-09 18:49 . 2006-12-01 22:03 1,869 --a------ H:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
    2008-02-07 17:49 . 2008-02-07 17:49 80,896 --a------ H:\WINDOWS\system32\.dll
    2008-02-03 22:24 . 2008-02-04 21:37 <REP> d-------- H:\Program Files\WarRock
    2008-01-29 12:37 . 2008-01-29 12:37 46,300 --a------ H:\WINDOWS\system32\AdssiteSocial-uninstall.exe
    2008-01-27 21:35 . 2008-02-12 23:00 <REP> d-------- H:\Documents and Settings\Laura\Application Data\Search Settings
    2008-01-27 19:45 . 2008-02-13 20:03 <REP> d-------- H:\Program Files\Search Settings
    2008-01-25 12:02 . 2008-01-27 10:24 <REP> d-------- H:\djp
    2008-01-25 12:00 . 2008-02-20 19:02 1,374 --a------ H:\WINDOWS\imsins.BAK

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-24 20:11 --------- d-----w H:\Documents and Settings\Laura\Application Data\OpenOffice.org2
    2008-02-24 20:04 --------- d-----w H:\Documents and Settings\Antoine\Application Data\OpenOffice.org2
    2008-02-24 17:43 --------- d-----w H:\Program Files\Steam
    2008-02-23 11:57 --------- d-----w H:\Program Files\Fichiers communs\Adobe
    2008-02-20 16:45 --------- d-----w H:\Documents and Settings\Frederique\Application Data\OpenOffice.org2
    2008-02-19 13:34 --------- d-----w H:\Documents and Settings\Laura\Application Data\LimeWire
    2008-02-19 13:33 --------- d-----w H:\Program Files\LimeWire
    2008-02-18 16:05 --------- d-----w H:\Documents and Settings\Antoine\Application Data\LimeWire
    2008-02-15 17:01 --------- d-----w H:\Documents and Settings\Frederique\Application Data\Search Settings
    2008-02-13 19:02 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Dealio
    2008-02-13 19:01 --------- d-----w H:\Program Files\Free Audio Pack
    2008-02-12 21:42 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Search Settings
    2008-02-07 16:49 80,896 ----a-w H:\WINDOWS\system32\.dll
    2008-02-04 20:37 --------- d--h--w H:\Program Files\InstallShield Installation Information
    2008-02-04 19:48 22,328 ----a-w H:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-02-04 19:47 107,832 ----a-w H:\WINDOWS\system32\PnkBstrB.exe
    2008-01-27 18:41 --------- d---a-w H:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-27 17:49 --------- d-----w H:\Program Files\Fichiers communs\InstallShield
    2008-01-21 10:36 --------- d-----w H:\Documents and Settings\Laura\Application Data\Skype
    2008-01-20 19:37 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Skype
    2008-01-19 17:47 --------- d-----w H:\Documents and Settings\Antoine\Application Data\GetRightToGo
    2008-01-18 10:06 294,912 ----a-w H:\WINDOWS\system32\iebrowserc.dll
    2008-01-17 19:03 --------- d-----w H:\Documents and Settings\Laura\Application Data\DataCast
    2008-01-13 21:49 --------- d-----w H:\Program Files\Stardock
    2008-01-11 18:42 --------- d-----w H:\Program Files\Avira
    2008-01-11 18:00 --------- d-----w H:\Documents and Settings\All Users\Application Data\Avira
    2008-01-11 17:55 --------- d-----w H:\Program Files\CCleaner
    2008-01-08 19:18 --------- d-----w H:\Program Files\Trend Micro
    2008-01-08 18:55 --------- d-----w H:\Program Files\Nostale(FR)
    2008-01-06 15:00 --------- d-----w H:\Program Files\Winamp
    2008-01-06 15:00 --------- d-----w H:\Program Files\Picasa2
    2008-01-06 15:00 --------- d-----w H:\Program Files\MSN Messenger
    2008-01-06 10:13 221,184 ----a-w H:\WINDOWS\system32\LVCOMSX.EXE
    2007-12-29 10:50 --------- d-----w H:\Documents and Settings\Laura\Application Data\Winamp
    2007-12-28 21:50 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Winamp
    2007-12-28 21:47 --------- d-----w H:\Program Files\Winamp Remote
    2007-12-28 21:47 --------- d-----w H:\Documents and Settings\All Users\Application Data\OrbNetworks
    2007-12-27 17:44 134 ----a-w H:\n.bat
    2007-12-27 16:41 --------- d-----w H:\Program Files\Google
    2007-12-27 16:38 --------- d-----w H:\Program Files\VstPlugins
    2007-12-27 16:38 --------- d-----w H:\Program Files\Image-Line
    2007-12-27 14:16 --------- d-----w H:\Program Files\Wolfenstein - Enemy Territory
    2007-12-26 19:56 --------- d-----w H:\Program Files\eMule
    2007-12-26 19:27 286,720 ----a-w H:\WINDOWS\vsnpstd2.exe
    2007-12-26 19:12 147,456 ----a-w H:\WINDOWS\system32\vbzip10.dll
    2007-12-26 15:54 --------- d-----w H:\Program Files\Messenger Plus! Live
    2007-12-25 07:52 --------- d-----w H:\Documents and Settings\Antoine\Application Data\DataCast
    2007-12-24 21:18 65,024 ----a-w H:\WINDOWS\IFinst26.exe
    2007-12-24 21:18 --------- d-----w H:\Program Files\Lame MP3 Codec
    2007-12-24 21:17 --------- d-----w H:\Program Files\Samsung
    2007-12-24 21:17 --------- d-----w H:\Program Files\MarkAny
    2007-12-24 21:17 --------- d-----w H:\Documents and Settings\Antoine\Application Data\InstallShield
    2007-12-21 14:39 10,752 ----a-w H:\WINDOWS\system32\WhoisCL.exe
    2007-12-14 16:19 40,960 ------w H:\WINDOWS\system32\MAMACExtract.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93}]
    2008-01-18 11:06 294912 --a------ H:\WINDOWS\system32\iebrowserc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90c36028-0578-4232-8215-f9735bf8cea2}]
    H:\WINDOWS\system32\bowdfycw.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
    2008-02-07 17:49 80896 --a------ H:\WINDOWS\system32\.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
    2008-02-06 17:47 1160544 --a------ H:\Program Files\Search Settings\kb126\SearchSettings.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="H:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 11:13 5674352]
    "Skype"="H:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 11:14 22880040]
    "LogitechSoftwareUpdate"="H:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 11:13 196608]
    "Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-01-06 11:13 443968]
    "ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2005-09-22 09:42 90112 H:\WINDOWS\soundman.exe]
    "NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [2005-10-10 14:49 7286784]
    "nwiz"="nwiz.exe" [2005-10-10 14:49 1519616 H:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 14:49 86016]
    "SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 11:13 132496]
    "LVCOMSX"="H:\WINDOWS\system32\LVCOMSX.EXE" [2008-01-06 11:13 221184]
    "LogitechVideoRepair"="H:\Program Files\Logitech\Video\ISStart.exe" [ ]
    "LogitechVideoTray"="H:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 11:13 217088]
    "WinampAgent"="H:\Program Files\Winamp\winampa.exe" [2008-01-06 11:13 37376]
    "H2O"="H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2008-01-06 11:13 200069]
    "SMSTray"="H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2008-01-06 11:13 132624]
    "avgnt"="H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-12 19:43 249896]
    "SearchSettings"="H:\Program Files\Search Settings\SearchSettings.exe" [2008-02-06 17:47 1036640]
    "Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "Corel Photo Downloader"="H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
    "Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-01-06 11:13 443968]

    H:\Documents and Settings\Antoine\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.2.lnk - H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56 393216]
    SM.lnk - H:\Program Files\SM\skymessnet.exe [2007-09-28 08:42:08 651264]

    H:\Documents and Settings\Frederique\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.2.lnk - H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56 393216]

    H:\Documents and Settings\Laura\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.2.lnk - H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56 393216]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{88485281-8b4b-4f8d-9ede-82e29a064277}"= H:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "H:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
    "H:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "H:\\Program Files\\MSN Messenger\\livecall.exe"=
    "H:\\Program Files\\Steam\\SteamApps\\antoine68200\\day of defeat source\\hl2.exe"=
    "H:\\Program Files\\Steam\\SteamApps\\antoine68200\\counter-strike source\\hl2.exe"=
    "H:\\Program Files\\LimeWire\\LimeWire.exe"=
    "H:\\Program Files\\Steam\\SteamApps\\antoine68200\\half-life 2 deathmatch\\hl2.exe"=
    "H:\\StubInstaller.exe"=
    "H:\\Program Files\\Steam\\SteamApps\\antoine68200\\dedicated server\\hlds.exe"=
    "H:\\Program Files\\Steam\\SteamApps\\antoine68200\\source sdk base\\hl2.exe"=

    R3 CLEDX;Team H2O CLEDX service;H:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
    S3 vncmirror;vncmirror;H:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-08-15 16:15]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53e190fa-41a8-11dc-88fb-00138f6995d2}]
    \Shell\1\Command - autorun.pif
    \Shell\2\Command - autorun.pif
    \Shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-24 21:32:20
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-24 21:33:31
    ComboFix2.txt 2008-02-24 20:19:35
    ComboFix3.txt 2008-02-24 14:09:39
    ComboFix4.txt 2008-01-21 20:22:13
    ComboFix5.txt 2008-01-10 19:08:46
    .
    2007-12-25 13:19:17 --- E O F ---
    23 Février 2008 21:37:53

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:38:18, on 24/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    H:\WINDOWS\system32\nvsvc32.exe
    H:\WINDOWS\system32\PnkBstrA.exe
    H:\WINDOWS\system32\PSIService.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\Explorer.EXE
    H:\WINDOWS\SOUNDMAN.EXE
    H:\WINDOWS\system32\RUNDLL32.EXE
    H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    H:\WINDOWS\system32\LVCOMSX.EXE
    H:\Program Files\Logitech\Video\LogiTray.exe
    H:\Program Files\Winamp\winampa.exe
    H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    H:\Program Files\Search Settings\SearchSettings.exe
    H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    H:\Program Files\MSN Messenger\MsnMsgr.Exe
    H:\Program Files\Skype\Phone\Skype.exe
    H:\Program Files\Picasa2\PicasaMediaDetector.exe
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    H:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    H:\Program Files\Logitech\Video\FxSvr2.exe
    H:\Program Files\MSN Messenger\usnsvc.exe
    H:\WINDOWS\system32\wuauclt.exe
    H:\WINDOWS\system32\wuauclt.exe
    H:\Program Files\Internet Explorer\iexplore.exe
    H:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
    H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb126\SearchSettings.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - H:\WINDOWS\system32\iebrowserc.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - H:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: {2aec8fb5-379f-5128-2324-875082063c09} - {90c36028-0578-4232-8215-f9735bf8cea2} - H:\WINDOWS\system32\bowdfycw.dll (file missing)
    O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - H:\WINDOWS\system32\.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb126\SearchSettings.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [LVCOMSX] H:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] H:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] H:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [H2O] H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [SMSTray] H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SearchSettings] H:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Corel Photo Downloader] "H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "H:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.2.lnk = H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exe

    --
    End of file - 8241 bytes
    24 Février 2008 13:11:31

    :hello: 

    1) Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

    Citation :
    File::
    H:\WINDOWS\system32\wvutrqq.dll
    H:\WINDOWS\system32\adssite-remove.exe
    H:\WINDOWS\system32\AdssiteSocial-uninstall.exe
    H:\WINDOWS\system32\iebrowserc.dll
    H:\WINDOWS\system32\.dll
    H:\WINDOWS\system32\bowdfycw.dll
    H:\WINDOWS\system32\mljihfg.dll

    Folder::
    H:\Program Files\Dealio\
    H:\Documents and Settings\Laura\Application Data\Search Settings\
    H:\Program Files\Search Settings\

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90c36028-0578-4232-8215-f9735bf8cea2}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SearchSettings"=-


    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
    S'il n'y a pas de redémarrage, poste quand même les rapports.


    2) Fais analyser ce(s) fichier(s) sur VirusTotal :

    Citation :
    H:\WINDOWS\system32\EE4EB6D6A9.sys


    ici: http://www.virustotal.com/fr/

    Tutorial ici : http://bibou0007.com/tutos-f45/tutorial-sur-virustotal-...

    Une fois sur le site, faites "Parcourir", Naviguez dans l'explorateur Windows, jusqu'à trouver le fichier concerné, une fois le fichier trouvé, faites "Ouvrir". Puis cliquez sur "Envoyer le fichier".

    Patientez pendant la file d'attente et le temps de l'analyse du fichier...


    Une fois le scan du fichier fini, copiez-moi tous les résultats de tous les Antivirus, et collez les dans votre prochaine réponse.
    24 Février 2008 16:25:43

    ComboFix 08-02-24.4 - Laura 2008-02-25 16:15:08.10 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.573 [GMT 1:00]
    Endroit: H:\Documents and Settings\Laura\Bureau\ComboFix.exe
    Command switches used :: H:\Documents and Settings\Laura\Bureau\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    H:\Documents and Settings\Laura\Application Data\Search Settings\
    H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\ErrorPageTemplate.css
    H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\help.gif
    H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\pixel.gif
    H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\tab_icon.png
    H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\tabdata.js
    H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\tablib.js
    H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\tabwelcome_en.html
    H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\toolbar_background.gif
    H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\vista_directions.png
    H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\xp_directions.png
    H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\yahoo_search.gif
    H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\temp\ws-13918.log
    H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\temp\ws-13919.log
    H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\temp\ws-13920.log
    H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\temp\ws-13921.log
    H:\Documents and Settings\Laura\Application Data\Search Settings\\kb126\temp\ws-13931.log
    H:\Documents and Settings\Laura\Application Data\Search Settings\\kb126\temp\ws-13932.log
    H:\Documents and Settings\Laura\Application Data\Search Settings\\kb126\temp\ws-13933.log
    H:\Documents and Settings\Laura\Application Data\Search Settings\\kb126\temp\ws-13934.log
    H:\Program Files\Dealio\
    H:\Program Files\Search Settings\
    H:\Program Files\Search Settings\\kb126\SearchSettings.dll
    H:\Program Files\Search Settings\\SearchSettings.exe

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-24 14:30 . 2008-02-24 14:30 24,576 --a------ H:\WINDOWS\system32\VundoFixSVC.exe
    2008-02-24 14:15 . 2008-02-24 14:40 <REP> d-------- H:\VundoFix Backups
    2008-02-21 20:48 . 2008-02-21 20:48 26,048 --------- H:\WINDOWS\system32\wvutrqq.dll
    2008-02-20 19:04 . 2008-02-20 19:04 <REP> d-------- H:\WINDOWS\system32\fr-fr
    2008-02-13 20:01 . 1998-06-16 23:00 516,173 --a------ H:\WINDOWS\system32\MSVCP60D.DLL
    2008-02-13 20:01 . 1998-06-16 23:00 385,100 --a------ H:\WINDOWS\system32\MSVCRTD.DLL
    2008-02-13 20:01 . 2003-08-07 15:01 237,568 --a------ H:\WINDOWS\system32\lame_enc.dll
    2008-02-12 22:29 . 2005-02-24 12:10 2,084,864 --a------ H:\WINDOWS\system32\AudDesign.dll
    2008-02-12 22:29 . 2005-03-11 17:37 1,986,560 --a------ H:\WINDOWS\system32\AudFile.dll
    2008-02-12 22:29 . 2005-02-24 12:11 1,212,416 --a------ H:\WINDOWS\system32\AudioInfos.dll
    2008-02-12 22:29 . 2005-02-24 12:11 479,232 --a------ H:\WINDOWS\system32\AudioVisu.dll
    2008-02-12 22:29 . 2005-02-24 15:21 458,752 --a------ H:\WINDOWS\system32\AudPlayer.dll
    2008-02-12 22:29 . 2005-03-10 16:00 454,656 --a------ H:\WINDOWS\system32\AudioRecord.dll
    2008-02-12 22:29 . 2005-02-24 12:10 417,792 --a------ H:\WINDOWS\system32\AudDisplay.dll
    2008-02-12 22:29 . 2005-02-24 11:51 348,160 --a------ H:\WINDOWS\system32\WMAFile.dll
    2008-02-12 22:29 . 2005-01-10 12:54 116,296 --a------ H:\WINDOWS\system32\NCTWMAProfiles.prx
    2008-02-12 20:13 . 2008-02-24 21:08 80,090 --a------ H:\WINDOWS\system32\adssite-remove.exe
    2008-02-11 20:37 . 2008-02-11 20:37 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\Corel
    2008-02-11 16:44 . 2008-02-11 16:44 <REP> d-------- H:\Documents and Settings\Laura\Application Data\Corel
    2008-02-11 16:44 . 2008-02-25 11:23 88 -r-hs---- H:\WINDOWS\system32\EE4EB6D6A9.sys
    2008-02-11 16:38 . 2008-02-11 16:40 <REP> d-------- H:\Program Files\Fichiers communs\Corel
    2008-02-11 16:30 . 2008-02-11 16:44 <REP> d-------- H:\Documents and Settings\All Users\Application Data\Corel
    2008-02-11 16:27 . 2008-02-25 11:33 2,516 --ahs---- H:\WINDOWS\system32\KGyGaAvL.sys
    2008-02-11 16:25 . 2008-02-11 16:38 <REP> d-------- H:\Program Files\Corel
    2008-02-11 16:25 . 2008-02-11 16:25 <REP> d-------- H:\Documents and Settings\Laura\Application Data\InstallShield
    2008-02-09 19:07 . 2008-02-09 19:07 <REP> d-------- H:\Program Files\VirtualDJ
    2008-02-09 18:49 . 2008-02-09 18:49 <REP> d-------- H:\Program Files\MyXOFT
    2008-02-09 18:49 . 2008-02-09 18:50 <REP> d-------- H:\Documents and Settings\Antoine\DSS DJ Data
    2008-02-09 18:49 . 2006-12-01 22:03 626,688 --a------ H:\WINDOWS\system32\msvcr80.dll
    2008-02-09 18:49 . 2006-12-01 22:03 548,864 --a------ H:\WINDOWS\system32\msvcp80.dll
    2008-02-09 18:49 . 2006-12-02 06:22 479,232 --a------ H:\WINDOWS\system32\msvcm80.dll
    2008-02-09 18:49 . 2006-12-01 22:03 1,869 --a------ H:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
    2008-02-07 17:49 . 2008-02-07 17:49 80,896 --a------ H:\WINDOWS\system32\.dll
    2008-02-03 22:24 . 2008-02-04 21:37 <REP> d-------- H:\Program Files\WarRock
    2008-01-29 12:37 . 2008-01-29 12:37 46,300 --a------ H:\WINDOWS\system32\AdssiteSocial-uninstall.exe
    2008-01-25 12:02 . 2008-01-27 10:24 <REP> d-------- H:\djp
    2008-01-25 12:00 . 2008-02-20 19:02 1,374 --a------ H:\WINDOWS\imsins.BAK

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-25 15:20 --------- d-----w H:\Documents and Settings\Laura\Application Data\OpenOffice.org2
    2008-02-25 12:26 --------- d-----w H:\Documents and Settings\Antoine\Application Data\OpenOffice.org2
    2008-02-25 11:43 --------- d-----w H:\Program Files\Steam
    2008-02-23 11:57 --------- d-----w H:\Program Files\Fichiers communs\Adobe
    2008-02-20 16:45 --------- d-----w H:\Documents and Settings\Frederique\Application Data\OpenOffice.org2
    2008-02-19 13:34 --------- d-----w H:\Documents and Settings\Laura\Application Data\LimeWire
    2008-02-19 13:33 --------- d-----w H:\Program Files\LimeWire
    2008-02-18 16:05 --------- d-----w H:\Documents and Settings\Antoine\Application Data\LimeWire
    2008-02-15 17:01 --------- d-----w H:\Documents and Settings\Frederique\Application Data\Search Settings
    2008-02-13 19:02 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Dealio
    2008-02-13 19:01 --------- d-----w H:\Program Files\Free Audio Pack
    2008-02-12 21:42 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Search Settings
    2008-02-04 20:37 --------- d--h--w H:\Program Files\InstallShield Installation Information
    2008-02-04 19:48 22,328 ----a-w H:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-01-27 18:41 --------- d---a-w H:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-27 17:49 --------- d-----w H:\Program Files\Fichiers communs\InstallShield
    2008-01-21 10:36 --------- d-----w H:\Documents and Settings\Laura\Application Data\Skype
    2008-01-20 19:37 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Skype
    2008-01-19 17:47 --------- d-----w H:\Documents and Settings\Antoine\Application Data\GetRightToGo
    2008-01-17 19:03 --------- d-----w H:\Documents and Settings\Laura\Application Data\DataCast
    2008-01-13 21:49 --------- d-----w H:\Program Files\Stardock
    2008-01-11 18:42 --------- d-----w H:\Program Files\Avira
    2008-01-11 18:00 --------- d-----w H:\Documents and Settings\All Users\Application Data\Avira
    2008-01-11 17:55 --------- d-----w H:\Program Files\CCleaner
    2008-01-08 19:18 --------- d-----w H:\Program Files\Trend Micro
    2008-01-08 18:55 --------- d-----w H:\Program Files\Nostale(FR)
    2008-01-06 15:00 --------- d-----w H:\Program Files\Winamp
    2008-01-06 15:00 --------- d-----w H:\Program Files\Picasa2
    2008-01-06 15:00 --------- d-----w H:\Program Files\MSN Messenger
    2007-12-29 10:50 --------- d-----w H:\Documents and Settings\Laura\Application Data\Winamp
    2007-12-28 21:50 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Winamp
    2007-12-28 21:47 --------- d-----w H:\Program Files\Winamp Remote
    2007-12-28 21:47 --------- d-----w H:\Documents and Settings\All Users\Application Data\OrbNetworks
    2007-12-27 17:44 134 ----a-w H:\n.bat
    2007-12-27 16:41 --------- d-----w H:\Program Files\Google
    2007-12-27 16:38 --------- d-----w H:\Program Files\VstPlugins
    2007-12-27 16:38 --------- d-----w H:\Program Files\Image-Line
    2007-12-27 14:16 --------- d-----w H:\Program Files\Wolfenstein - Enemy Territory
    2007-12-26 19:56 --------- d-----w H:\Program Files\eMule
    2007-12-26 19:27 286,720 ----a-w H:\WINDOWS\vsnpstd2.exe
    2007-12-26 15:54 --------- d-----w H:\Program Files\Messenger Plus! Live
    2007-12-25 07:52 --------- d-----w H:\Documents and Settings\Antoine\Application Data\DataCast
    2007-12-24 21:18 65,024 ----a-w H:\WINDOWS\IFinst26.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="H:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 11:13 5674352]
    "Skype"="H:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 11:14 22880040]
    "LogitechSoftwareUpdate"="H:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 11:13 196608]
    "Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-01-06 11:13 443968]
    "ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2005-09-22 09:42 90112 H:\WINDOWS\soundman.exe]
    "NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [2005-10-10 14:49 7286784]
    "nwiz"="nwiz.exe" [2005-10-10 14:49 1519616 H:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 14:49 86016]
    "SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 11:13 132496]
    "LVCOMSX"="H:\WINDOWS\system32\LVCOMSX.EXE" [2008-01-06 11:13 221184]
    "LogitechVideoRepair"="H:\Program Files\Logitech\Video\ISStart.exe" [ ]
    "LogitechVideoTray"="H:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 11:13 217088]
    "WinampAgent"="H:\Program Files\Winamp\winampa.exe" [2008-01-06 11:13 37376]
    "H2O"="H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2008-01-06 11:13 200069]
    "SMSTray"="H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2008-01-06 11:13 132624]
    "avgnt"="H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-12 19:43 249896]
    "SearchSettings"="H:\Program Files\Search Settings\SearchSettings.exe" [ ]
    "Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "Corel Photo Downloader"="H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
    "Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-01-06 11:13 443968]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{88485281-8b4b-4f8d-9ede-82e29a064277}"= H:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "H:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
    "H:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "H:\\Program Files\\MSN Messenger\\livecall.exe"=
    "H:\\Program Files\\Steam\\SteamApps\\antoine68200\\day of defeat source\\hl2.exe"=
    "H:\\Program Files\\Steam\\SteamApps\\antoine68200\\counter-strike source\\hl2.exe"=
    "H:\\Program Files\\LimeWire\\LimeWire.exe"=
    "H:\\Program Files\\Steam\\SteamApps\\antoine68200\\half-life 2 deathmatch\\hl2.exe"=
    "H:\\StubInstaller.exe"=
    "H:\\Program Files\\Steam\\SteamApps\\antoine68200\\dedicated server\\hlds.exe"=
    "H:\\Program Files\\Steam\\SteamApps\\antoine68200\\source sdk base\\hl2.exe"=

    R3 CLEDX;Team H2O CLEDX service;H:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
    R3 vncmirror;vncmirror;H:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-08-15 16:15]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53e190fa-41a8-11dc-88fb-00138f6995d2}]
    \Shell\1\Command - autorun.pif
    \Shell\2\Command - autorun.pif
    \Shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-25 16:20:51
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    H:\WINDOWS\system32\nvsvc32.exe
    H:\WINDOWS\system32\PnkBstrA.exe
    H:\WINDOWS\system32\PSIService.exe
    H:\WINDOWS\system32\wdfmgr.exe
    H:\WINDOWS\system32\RUNDLL32.EXE
    H:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    H:\Program Files\Logitech\Video\FxSvr2.exe
    H:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-25 16:24:31 - machine was rebooted [Laura]
    ComboFix-quarantined-files.txt 2008-02-25 15:24:27
    ComboFix2.txt 2008-02-24 20:33:32
    ComboFix3.txt 2008-02-24 20:19:35
    ComboFix4.txt 2008-02-24 14:09:39
    ComboFix5.txt 2008-01-21 20:22:13
    .
    2007-12-25 13:19:17 --- E O F ---






    ET le rapport Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:26:22, on 25/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    H:\WINDOWS\System32\smss.exe
    H:\WINDOWS\system32\winlogon.exe
    H:\WINDOWS\system32\services.exe
    H:\WINDOWS\system32\lsass.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\System32\svchost.exe
    H:\WINDOWS\system32\spoolsv.exe
    H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    H:\WINDOWS\system32\nvsvc32.exe
    H:\WINDOWS\system32\PnkBstrA.exe
    H:\WINDOWS\system32\PSIService.exe
    H:\WINDOWS\system32\svchost.exe
    H:\WINDOWS\SOUNDMAN.EXE
    H:\WINDOWS\system32\RUNDLL32.EXE
    H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    H:\WINDOWS\system32\LVCOMSX.EXE
    H:\Program Files\Logitech\Video\LogiTray.exe
    H:\Program Files\Winamp\winampa.exe
    H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    H:\Program Files\MSN Messenger\MsnMsgr.Exe
    H:\Program Files\Skype\Phone\Skype.exe
    H:\Program Files\Picasa2\PicasaMediaDetector.exe
    H:\WINDOWS\system32\ctfmon.exe
    H:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    H:\Program Files\Logitech\Video\FxSvr2.exe
    H:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    H:\WINDOWS\explorer.exe
    H:\WINDOWS\system32\wuauclt.exe
    H:\WINDOWS\system32\wuauclt.exe
    H:\Program Files\Internet Explorer\iexplore.exe
    H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - H:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [LVCOMSX] H:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] H:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] H:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [H2O] H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [SMSTray] H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SearchSettings] H:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Corel Photo Downloader] "H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "H:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.2.lnk = H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exe

    --
    End of file - 7560 bytes
    24 Février 2008 16:39:29

    Fichier EE4EB6D6A9.sys reçu le 2008.02.24 16:28:06 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


    Résultat: 0/32 (0%)
    en train de charger les informations du serveur...
    Votre fichier est dans la file d'attente, en position: 10.
    L'heure estimée de démarrage est entre 66 et 95 secondes.
    Ne fermez pas la fenêtre avant la fin de l'analyse.
    L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
    Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
    Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
    les résultats seront affichés au fur et à mesure de leur génération.
    Formaté Impression des résultats
    Votre fichier a expiré ou n'existe pas.
    Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

    Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
    Email:


    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.2.22.0 2008.02.22 -
    AntiVir 7.6.0.67 2008.02.22 -
    Authentium 4.93.8 2008.02.24 -
    Avast 4.7.1098.0 2008.02.23 -
    AVG 7.5.0.516 2008.02.24 -
    BitDefender 7.2 2008.02.24 -
    CAT-QuickHeal 9.50 2008.02.22 -
    ClamAV 0.92.1 2008.02.24 -
    DrWeb 4.44.0.09170 2008.02.24 -
    eSafe 7.0.15.0 2008.02.21 -
    eTrust-Vet 31.3.5557 2008.02.23 -
    Ewido 4.0 2008.02.24 -
    FileAdvisor 1 2008.02.24 -
    Fortinet 3.14.0.0 2008.02.24 -
    F-Prot 4.4.2.54 2008.02.23 -
    F-Secure 6.70.13260.0 2008.02.23 -
    Ikarus T3.1.1.20 2008.02.24 -
    Kaspersky 7.0.0.125 2008.02.24 -
    McAfee 5236 2008.02.22 -
    Microsoft 1.3204 2008.02.24 -
    NOD32v2 2898 2008.02.23 -
    Norman 5.80.02 2008.02.22 -
    Panda 9.0.0.4 2008.02.24 -
    Prevx1 V2 2008.02.24 -
    Rising 20.32.62.00 2008.02.24 -
    Sophos 4.26.0 2008.02.24 -
    Sunbelt 3.0.893.0 2008.02.23 -
    Symantec 10 2008.02.24 -
    TheHacker 6.2.9.228 2008.02.23 -
    VBA32 3.12.6.1 2008.02.21 -
    VirusBuster 4.3.26:9 2008.02.23 -
    Webwasher-Gateway 6.6.2 2008.02.23 -
    Information additionnelle
    File size: 88 bytes
    MD5: 1890835c6ccd2771530f9b60291bafba
    SHA1: 55c9e1e904b5f33e946f2b1de825025b5dd8fa64
    PEiD: -
    24 Février 2008 19:28:55

    1) Relance HijackThis, clique sur "do a system scan only", coche ces lignes puis clique sur "Fix Checked" et referme HijackThis :

    Citation :
    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - H:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O4 - HKLM\..\Run: [SearchSettings] H:\Program Files\Search Settings\SearchSettings.exe



    2) Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
    Ou si le lien ne marche pas ici : http://up.sur-la-toile.com/iadW

  • Double-clique sur OTMoveIt.exe pour le lancer.
  • Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée !!!
  • Copie le texte qui se trouve dans l'encadré ci-dessous, sans le mot citation, et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved.

    Citation :
    H:\WINDOWS\system32\wvutrqq.dll
    H:\WINDOWS\system32\adssite-remove.exe
    H:\WINDOWS\system32\.dll
    H:\WINDOWS\system32\AdssiteSocial-uninstall.exe
    H:\Program Files\Search Settings\


  • Clique sur MoveIt! pour lancer la suppression.
  • Si OTMoveIt propose de redémarrer ton PC, accepte.
  • Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.

  • Dans ta future réponse, envoie le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles.

    3) Et refais-moi un nouveau rapport hijackthis.
    24 Février 2008 20:01:18

    Je ne trouve pas le rapport de OTMoveIt :fou: 
    24 Février 2008 20:33:19

    Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
    Execute.. laisse le scan se faire.

    Poste le ou les rapports ici, en plusieurs messages si nécessaire.

    ;) 
    25 Février 2008 18:12:38

    No disabled devices found.


    -- Files created between 2008-01-26 and 2008-02-26 -----------------------------

    2008-02-25 16:14:39 68096 --a------ H:\WINDOWS\system32\zip.exe
    2008-02-25 16:14:39 98816 --a------ H:\WINDOWS\system32\sed.exe
    2008-02-25 16:14:39 80412 --a------ H:\WINDOWS\system32\grep.exe
    2008-02-25 16:14:39 73728 --a------ H:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-02-24 14:30:29 24576 --a------ H:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
    2008-02-24 14:15:01 0 d-------- H:\VundoFix Backups
    2008-02-20 19:04:31 0 d-------- H:\WINDOWS\system32\fr-fr
    2008-02-13 20:01:17 237568 --a------ H:\WINDOWS\system32\lame_enc.dll
    2008-02-12 22:29:12 348160 --a------ H:\WINDOWS\system32\WMAFile.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL>
    2008-02-12 22:29:12 458752 --a------ H:\WINDOWS\system32\AudPlayer.dll <Not Verified; NCT Company Ltd.; NCTAudioPlayer2 ActiveX DLL>
    2008-02-12 22:29:12 479232 --a------ H:\WINDOWS\system32\AudioVisu.dll <Not Verified; NCT Company Ltd.; NCTAudioVisualization2 ActiveX DLL>
    2008-02-12 22:29:12 454656 --a------ H:\WINDOWS\system32\AudioRecord.dll <Not Verified; NCT Company Ltd.; NCTAudioRecord2 ActiveX DLL>
    2008-02-12 22:29:12 1212416 --a------ H:\WINDOWS\system32\AudioInfos.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation2 ActiveX DLL>
    2008-02-12 22:29:12 1986560 --a------ H:\WINDOWS\system32\AudFile.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
    2008-02-12 22:29:12 417792 --a------ H:\WINDOWS\system32\AudDisplay.dll <Not Verified; NCT Company Ltd.; NCTAudioDisplay2 ActiveX DLL>
    2008-02-12 22:29:11 2084864 --a------ H:\WINDOWS\system32\AudDesign.dll <Not Verified; NCT Company Ltd.; NCTAudioDesign2 ActiveX DLL>
    2008-02-11 20:37:42 0 d-------- H:\Documents and Settings\Antoine\Application Data\Corel
    2008-02-11 16:44:46 88 -r-hs---- H:\WINDOWS\system32\EE4EB6D6A9.sys
    2008-02-11 16:44:27 0 d-------- H:\Documents and Settings\Laura\Application Data\Corel
    2008-02-11 16:38:20 0 d-------- H:\Program Files\Fichiers communs\Corel
    2008-02-11 16:30:42 0 d-------- H:\Documents and Settings\All Users\Application Data\Corel
    2008-02-11 16:27:20 2516 --ahs---- H:\WINDOWS\system32\KGyGaAvL.sys
    2008-02-11 16:25:52 0 d-------- H:\Program Files\Corel
    2008-02-11 16:25:37 0 d-------- H:\Documents and Settings\Laura\Application Data\InstallShield
    2008-02-09 19:07:49 0 d-------- H:\Program Files\VirtualDJ
    2008-02-09 18:49:12 0 d-------- H:\Documents and Settings\Antoine\DSS DJ Data
    2008-02-09 18:49:07 0 d-------- H:\Program Files\MyXOFT
    2008-02-03 22:24:19 0 d-------- H:\Program Files\WarRock
    2008-01-27 17:31:00 0 d-------- H:\Documents and Settings\Antoine\Application Data\Help


    -- Find3M Report ---------------------------------------------------------------

    2008-02-26 17:44:38 0 d-------- H:\Documents and Settings\Laura\Application Data\OpenOffice.org2
    2008-02-26 13:53:28 0 d-------- H:\Program Files\Steam
    2008-02-23 16:57:54 209 --a------ H:\Documents and Settings\Laura\Application Data\urlredir.cfg
    2008-02-23 12:59:39 0 d-------- H:\Documents and Settings\Laura\Application Data\Adobe
    2008-02-23 12:57:05 0 d-------- H:\Program Files\Fichiers communs\Adobe
    2008-02-19 14:34:02 0 d-------- H:\Documents and Settings\Laura\Application Data\LimeWire
    2008-02-19 14:33:38 0 d-------- H:\Program Files\LimeWire
    2008-02-13 20:01:25 0 d-------- H:\Program Files\Free Audio Pack
    2008-02-11 16:38:20 0 d-------- H:\Program Files\Fichiers communs
    2008-02-04 21:37:07 0 d--h----- H:\Program Files\InstallShield Installation Information
    2008-01-27 18:49:18 0 d-------- H:\Program Files\Fichiers communs\InstallShield
    2008-01-21 11:36:30 0 d-------- H:\Documents and Settings\Laura\Application Data\Skype
    2008-01-18 11:06:18 294912 --a------ H:\WINDOWS\system32\iebrowserc.dll <Not Verified; ; IeBrowserCmp Module>
    2008-01-17 20:03:50 0 d-------- H:\Documents and Settings\Laura\Application Data\DataCast
    2008-01-13 22:49:25 0 d-------- H:\Program Files\Stardock
    2008-01-11 19:42:17 0 d-------- H:\Program Files\Avira
    2008-01-11 18:55:13 0 d-------- H:\Program Files\CCleaner
    2008-01-08 20:18:03 0 d-------- H:\Program Files\Trend Micro
    2008-01-08 19:55:39 0 d-------- H:\Program Files\Nostale(FR)
    2008-01-06 16:00:44 0 d-------- H:\Program Files\Winamp
    2008-01-06 16:00:44 0 d-------- H:\Program Files\Picasa2
    2008-01-06 16:00:44 0 d-------- H:\Program Files\MSN Messenger
    2008-01-06 16:00:44 0 d-------- H:\Program Files\Messenger
    2007-12-29 11:50:27 0 d-------- H:\Documents and Settings\Laura\Application Data\Winamp
    2007-12-28 22:47:49 0 d-------- H:\Program Files\Winamp Remote
    2007-12-27 18:44:07 134 --a------ H:\n.bat
    2007-12-27 17:41:21 0 d-------- H:\Program Files\Google
    2007-12-27 17:38:12 0 d-------- H:\Program Files\VstPlugins
    2007-12-27 17:38:12 0 d-------- H:\Program Files\Image-Line
    2007-12-27 15:16:54 0 d-------- H:\Program Files\Wolfenstein - Enemy Territory
    2007-12-26 20:56:35 0 d-------- H:\Program Files\eMule
    2007-12-26 20:27:03 286720 --a------ H:\WINDOWS\vsnpstd2.exe <Not Verified; ; CameraMonitor Application>
    2007-12-26 20:12:06 147456 --a------ H:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
    2007-12-26 16:54:04 0 d-------- H:\Program Files\Messenger Plus! Live
    2007-12-24 22:18:25 65024 --a------ H:\WINDOWS\IFinst26.exe
    2007-12-21 15:39:14 10752 --a------ H:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>
    2007-12-19 16:56:43 464838 --a------ H:\WINDOWS\system32\perfh00C.dat
    2007-12-19 16:56:43 73488 --a------ H:\WINDOWS\system32\perfc00C.dat
    2007-12-14 17:19:56 40960 -----n--- H:\WINDOWS\system32\MAMACExtract.dll <Not Verified; ???????; ??????? MAMACExtract>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [22/09/2005 09:42 H:\WINDOWS\soundman.exe]
    "NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [10/10/2005 14:49]
    "nwiz"="nwiz.exe" [10/10/2005 14:49 H:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [10/10/2005 14:49]
    "SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [06/01/2008 11:13]
    "LVCOMSX"="H:\WINDOWS\system32\LVCOMSX.EXE" [06/01/2008 11:13]
    "LogitechVideoRepair"="H:\Program Files\Logitech\Video\ISStart.exe" []
    "LogitechVideoTray"="H:\Program Files\Logitech\Video\LogiTray.exe" [06/01/2008 11:13]
    "WinampAgent"="H:\Program Files\Winamp\winampa.exe" [06/01/2008 11:13]
    "H2O"="H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [06/01/2008 11:13]
    "SMSTray"="H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [06/01/2008 11:13]
    "avgnt"="H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12/01/2008 19:43]
    "Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
    "Corel Photo Downloader"="H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [28/08/2007 12:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="H:\Program Files\MSN Messenger\MsnMsgr.exe" [06/01/2008 11:13]
    "Skype"="H:\Program Files\Skype\Phone\Skype.exe" [06/01/2008 11:14]
    "LogitechSoftwareUpdate"="H:\Program Files\Logitech\Video\ManifestEngine.exe" [06/01/2008 11:13]
    "Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [06/01/2008 11:13]
    "ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [05/08/2004 13:00]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Picasa Media Detector"=H:\Program Files\Picasa2\PicasaMediaDetector.exe

    H:\Documents and Settings\Laura\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.2.lnk - H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [02/02/2007 16:54:56]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{88485281-8b4b-4f8d-9ede-82e29a064277}"= H:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [23/11/2004 16:51 192512]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53e190fa-41a8-11dc-88fb-00138f6995d2}]
    1\Command- autorun.pif
    2\Command- autorun.pif
    AutoRun\command- H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif




    -- End of Deckard's System Scanner: finished at 2008-02-26 18:12:18 ------------
    25 Février 2008 22:27:59

    1) Télécharge sur ton bureau : http://www.malekal.com/download/clean.zip

    Aide pour clean : http://mickael.barroux.free.fr/securite/clean.php

    Une fois sur le bureau, tu fais un clic droit sur ton fichier clean.zip et dans le menu déroulant, tu clics sur extrait tout ou extraire ici.
    Cela va créer un dossier clean.
    Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
    Double-clic sur clean. Cela va ouvrir une fenêtre noire.
    Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier.
    Clean va travailler.
    Un rapport Va etre généré, colle le contenu entier ici (si tu ne trouves pas le rapport, il est ici : C:\rapport_clean.txt)

    2) Comment va le PC ? Toujours des problèmes ?

    Bonne nuit à demain :hello: 
    26 Février 2008 16:28:01

    1 ) 27/02/2008 a 16:20:41,23

    *** Recherche des fichiers dans H:
    H:\StubInstaller.exe FOUND

    *** Recherche des fichiers dans H:\WINDOWS\

    *** Recherche des fichiers dans H:\WINDOWS\system32

    *** Recherche des fichiers dans H:\Program Files
    "H:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll" FOUND
    *** Fin du rapport !




    2 ) Le pc va mieux, je n'ai plus d'alertes de virus win32, je ne suis plus infecté ? Par contre j'avais une petite question, je vois sur le forum, que je ne suis pas la seule a etre infecté de ce virus win32, d'ou vient-il ? Comment fait-on pour en etre infecté et surtout pour ne plus etre infecté car ce n'est pas la premiere fois que cela m'arrive.
    26 Février 2008 21:36:23

    Coucou, Moi aussi je viiend de me faiire contamiiné par msn ! je vOudrai biien savOir comment on s'en débarasse svp ! Le fichier winlogon se situe dans CWINDOWS/system32
    Maiis mon virus N'arive aps a le supprimé , a l'ouvrir tout cour !
    Aidé mOi svp iil piirate mOn cOmpte msn.
    je voudrai une technike simple car je suis vraiment nul nivO pc!
    27 Février 2008 13:57:32

    Vlad, crée ton propre sujet.

    mimi :

    Télécharge AVG Anti-Spyware Installes-le.
    Si le lien ne fonctionne pas : >Clique ici<
    Lance AVG et fais une mise à jour.
    Clique sur le bouton Analyse (de la barre d'outils)
    Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
    Ne fais pas d’analyse pour le moment.
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
    Relance Avg.
    Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
    A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
    Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
    Poste le ici.
    &
    Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.
    27 Février 2008 20:34:04

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 20:24:30 28/02/2008

    + Résultat de l'analyse:



    H:\Documents and Settings\Laura\Shared\03 Track 3.wma -> Downloader.Wimad.l : Nettoyé.
    H:\Documents and Settings\Antoine\Shared\postal 2 share the pain.zip/setup.exe -> Not-A-Virus.Adware.NewWeb : Nettoyé.
    :mozilla.360:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.361:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.181:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.284:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.474:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.512:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.61:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.62:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.64:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.66:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.67:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.68:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.69:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.6:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.7:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.87:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@fnac.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@himedia.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@imeem.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@msnaccountservices.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@msnportalintlbeetoffice2007.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@notrefamille.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@sfr.122.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@msnportalintlbeetoffice2007.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@dminsite.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.417:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
    :mozilla.418:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@4.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@rotator.its.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@adrevolver[3].txt -> TrackingCookie.Adrevolver : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.179:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
    :mozilla.180:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé.
    :mozilla.150:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.151:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.152:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.153:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.154:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.558:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@adviva[1].txt -> TrackingCookie.Adviva : Nettoyé.
    :mozilla.101:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
    :mozilla.64:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@bfast[1].txt -> TrackingCookie.Bfast : Nettoyé.
    :mozilla.157:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    :mozilla.552:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@burstnet[1].txt -> TrackingCookie.Burstnet : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@www.burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyé.
    :mozilla.120:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@casalemedia[2].txt -> TrackingCookie.Casalemedia : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.340:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyé.
    :mozilla.341:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Nettoyé.
    :mozilla.23:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.24:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.25:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.29:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.30:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.31:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Nettoyé.
    :mozilla.123:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@e-2dj6wcl4qndzghp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@e-2dj6wal4kmcpcko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
    :mozilla.19:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
    :mozilla.45:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@www.etracker[1].txt -> TrackingCookie.Etracker : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Nettoyé.
    :mozilla.194:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.195:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@findwhat[1].txt -> TrackingCookie.Findwhat : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@hit.gemius[1].txt -> TrackingCookie.Gemius : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@goclick[2].txt -> TrackingCookie.Goclick : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Nettoyé.
    :mozilla.378:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.380:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.79:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.80:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.81:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@ehg-bestwestern.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@ehg-citenumerique.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@ehg-veohnetworksinc.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@ehg-youtube.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@im.impact[1].txt -> TrackingCookie.Impact : Nettoyé.
    :mozilla.229:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
    :mozilla.230:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
    :mozilla.124:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Information : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@searchportal.information[2].txt -> TrackingCookie.Information : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@searchportal.information[1].txt -> TrackingCookie.Information : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@komtrack[2].txt -> TrackingCookie.Komtrack : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Nettoyé.
    :mozilla.355:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé.
    :mozilla.535:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
    :mozilla.536:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
    :mozilla.561:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@auto.search.msn[2].txt -> TrackingCookie.Msn : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@ie.search.msn[2].txt -> TrackingCookie.Msn : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@auto.search.msn[1].txt -> TrackingCookie.Msn : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@ie.search.msn[2].txt -> TrackingCookie.Msn : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
    :mozilla.14:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.47:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.48:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.49:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@ads.planetactive[2].txt -> TrackingCookie.Planetactive : Nettoyé.
    :mozilla.534:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
    :mozilla.537:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
    :mozilla.538:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
    :mozilla.539:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
    :mozilla.540:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
    :mozilla.559:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
    :mozilla.560:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@qksrv[1].txt -> TrackingCookie.Qksrv : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@real[1].txt -> TrackingCookie.Real : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@realmedia[1].txt -> TrackingCookie.Realmedia : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.411:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@revenue[1].txt -> TrackingCookie.Revenue : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@revenue[2].txt -> TrackingCookie.Revenue : Nettoyé.
    :mozilla.488:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
    :mozilla.489:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@revsci[2].txt -> TrackingCookie.Revsci : Nettoyé.
    :mozilla.110:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.111:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.112:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.113:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.114:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.115:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.116:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.35:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.36:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.37:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.38:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.39:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.40:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.41:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@counter2.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé.
    :mozilla.133:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.134:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.345:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.346:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.396:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
    :mozilla.72:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@skype[1].txt -> TrackingCookie.Skype : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@welcome.skype[1].txt -> TrackingCookie.Skype : Nettoyé.
    :mozilla.32:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.35:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.36:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.37:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@h.starware[2].txt -> TrackingCookie.Starware : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@try.starware[2].txt -> TrackingCookie.Starware : Nettoyé.
    :mozilla.401:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.402:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.403:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.223:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
    :mozilla.225:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
    :mozilla.226:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@tacoda[2].txt -> TrackingCookie.Tacoda : Nettoyé.
    :mozilla.81:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.82:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.83:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.91:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.445:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@valueclick[1].txt -> TrackingCookie.Valueclick : Nettoyé.
    :mozilla.381:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Vegasred : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@vegasred[1].txt -> TrackingCookie.Vegasred : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@www.vegasred[1].txt -> TrackingCookie.Vegasred : Nettoyé.
    :mozilla.24:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.96:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.97:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.98:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@yadro[2].txt -> TrackingCookie.Yadro : Nettoyé.
    :mozilla.139:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.140:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.141:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.142:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.143:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.144:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
    H:\Documents and Settings\Frederique\Cookies\frederique@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.184:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
    :mozilla.185:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
    H:\Documents and Settings\Antoine\Cookies\antoine@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé.
    H:\Documents and Settings\Laura\Cookies\laura@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
    H:\Documents and Settings\Antoine\Shared\Postal 2 Keygen.zip/Crack.exe -> Trojan.Agent.cmn : Nettoyé.
    H:\Documents and Settings\Antoine\Shared\Postal 2 Share The Pain Keygen.zip/Crack.exe -> Trojan.Agent.cmn : Nettoyé.


    Fin du rapport





    Par contre, impossible de lancer clean car il me dit qu'il n'y a pas de disque.
    27 Février 2008 20:44:40

    Re,

    Télécharge OTMoveIt > Tuto <

    Sauvegarde-le sur le Bureau

    Séléctionne l'encadré ci-dessous
    H:\StubInstaller.exe
    H:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll

    Lance maintenant OTMoveIt .
    Assure toi que la case unregister dll’s and ocx’s soit cochée.
    Deux cadres apparaissent , clique droit sur le cadre de gauche , puis colle l'encadré ci desssus.
    Et clique sur Movelt !

    Si le programme te demande de redemarrer, accepte.

    Poste le rapport qui se trouve dans : C:\_OTMoveIt\MovedFiles\date de création!

    NOTE : Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
    27 Février 2008 20:48:20

    File/Folder H:\StubInstaller.exe not found.
    LoadLibrary failed for H:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
    H:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll NOT unregistered.
    H:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll moved successfully.

    OTMoveIt2 v1.0.20 log created on 02282008_204804
    27 Février 2008 20:48:58

    C'est ce qu'il y avait dans le cadre de droite car je n'ai pas trouvé de rapport.
    27 Février 2008 21:55:28

    Je laisse Meryllim finir ;) 
    27 Février 2008 21:59:46

    Hum ok. Par contre peut etre pourras tu me répondre :

    Suis-je encore infecté car je ne recois plus d'alertes?

    Je vois sur le forum, que je ne suis pas la seule a etre infecté de ce virus win32, d'ou vient-il ? Comment fait-on pour en etre infecté et surtout pour ne plus etre infecté car ce n'est pas la premiere fois que cela m'arrive.
    27 Février 2008 22:10:11

    :hello: 

    Merci d'avoir fait avancer XmichouX ( j'étais malade :(  )

    mimi_li... comment va le PC maintenant ?
    27 Février 2008 22:19:57

    Il va mieux. Je n'ai plus d'alertes. Suis-je encore infecté ?
    27 Février 2008 22:34:04

    C’est OK, tu n’es plus infecté(e) :p 

    1) Télécharge ToolsCleaner sur ton bureau.
    http://www.commentcamarche.net/telecharger/toolscleaner...

    Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

  • Clique sur Recherche et laisse le scan agir ...
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
  • Tutorial ici : http://bibou0007.com/tutos-f45/tutorial-toolscleaner-2-...

    2) Télécharge et installe Ccleaner :
    http://www.01net.com/telecharger/windows/Utilitaire/net...(...)
  • Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Clique sur l'onglet "Nettoyeur" puis sur "Lancer le Nettoyage".
  • Ensuite clique sur l'onglet Registre, clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées". Il est inutile de faire des sauvegardes des clés. Répète l'opération autant de fois qu'il le faut jusqu'à qu'il ne trouve plus d'erreurs.
  • Tutorial ici : http://bibou0007.com/tutos-f45/tutorial-ccleaner-t362.h...

    3)
  • Désactive ta restauration systeme

  • Réactive ta restauration systeme

  • Tutorial ici : http://bibou0007.com/tutos-f45/purger-la-restauration-d...

    ********************************************************************************

  • Edite ton premier message et mets [resolu] devant le titre de ton sujet.

  • Rapporte ton infection pour faire condamner les auteurs sur Malware-Complaints.
    Pour faire entendre notre voix, nous devons être le plus nombreux possibles, alors rapport ton infection :
    - Voir les règles de Malware-Complaints
    - Enregistre sur le forum à partir du bouton register en haut :
    Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age
    Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age

    Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10&si...(...)

    Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet "Autres infections" conforme au règle du forum (age, ville, département etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10

    a+ et bon surf :hello: 


    Quelques liens intéressants :

    http://mickael.barroux.free.fr/securite/
    http://www.malekal.com/
    http://bibou0007.forumpro.fr/portal.htm
    28 Février 2008 19:59:19

    -->- Recherche:

    H:\Vundofix backups: trouvé !
    H:\Qoobox: trouvé !
    H:\_OtMoveIt: trouvé !
    H:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    H:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    H:\Documents and Settings\Antoine\Bureau\Raccourcis Bureau non utilisés\vundoFix.exe: trouvé !
    H:\Documents and Settings\Laura\Bureau\Dss.exe: trouvé !
    H:\Documents and Settings\Laura\Bureau\Clean.zip: trouvé !
    H:\Documents and Settings\Laura\Bureau\VirtumundoBeGone.exe: trouvé !
    H:\Documents and Settings\Laura\Bureau\OtMoveIt.exe: trouvé !
    H:\Documents and Settings\Laura\Bureau\ComboFix.exe: trouvé !
    H:\Documents and Settings\Laura\Bureau\vundoFix.exe: trouvé !
    H:\Documents and Settings\Laura\Bureau\HJTInstall.exe: trouvé !
    H:\Documents and Settings\Laura\Bureau\Clean: trouvé !
    H:\Program Files\Trend Micro\HijackThis: trouvé !
    H:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    H:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    H:\Documents and Settings\Antoine\Bureau\Raccourcis Bureau non utilisés\vundoFix.exe: supprimé !
    H:\Documents and Settings\Laura\Bureau\Dss.exe: supprimé !
    H:\Documents and Settings\Laura\Bureau\Clean.zip: supprimé !
    H:\Documents and Settings\Laura\Bureau\VirtumundoBeGone.exe: supprimé !
    H:\Documents and Settings\Laura\Bureau\OtMoveIt.exe: supprimé !
    H:\Documents and Settings\Laura\Bureau\ComboFix.exe: supprimé !
    H:\Documents and Settings\Laura\Bureau\vundoFix.exe: supprimé !
    H:\Documents and Settings\Laura\Bureau\HJTInstall.exe: supprimé !
    H:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    H:\Vundofix backups: supprimé !
    H:\Qoobox: supprimé !
    H:\_OtMoveIt: supprimé !
    H:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    H:\Documents and Settings\Laura\Bureau\Clean: supprimé !
    H:\Program Files\Trend Micro\HijackThis: supprimé !
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS