Votre question

Point d'exclamation jaune! [Résolu, merci xMichoux]

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Novembre 2007 21:51:55

Bonjour, tout d'abord, j'ai lu pas mal de posts à ce sujet sur plusieurs forums, mais je n'ai pas trouvé la solution à mon problème :( 

Alors, voila je m'explique depuis cet après-midi, j'ai dans la barre des une icône ressemblant à ça -> (elle clignote), j'ai régulièrement des messages d'erreurs en anglais me disant que mon PC est infecté, me conseillant de télécharger un soit disant anti-virus, et régulièrement aussi, s'ouvre une page Internet Explorer sur cette page -> http://www.savetheinformation.com/v1/?gai=hamm_h5_pop&g...

J'ai également deux raccourcis sur le bureau ("Online Security Guide" et "Live Safety Center") et une barre sous Internet Explorer... 'Security Toolbar 7.1); Internet Explorer dont aucun utilisateur sur ce PC ne se sert pourtant.

Le rapport HijackThis:


Logfile of HijackThis v1.99.1
Scan saved at 21:46:32, on 29/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Bureau\VundoFix.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\dvwvrgjm.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [9842ef28] rundll32.exe "C:\WINDOWS\system32\jxydulwq.dll",b
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld....
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://metaboli.clubic.com/components/Metaboli.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.cabourg.net/meteocam/AxisCamControl.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie0610100...
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/activex/HMAtchmt....
O17 - HKLM\System\CCS\Services\Tcpip\..\{635D08E8-5751-4858-8472-023CE38F031D}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E01D3B28-225B-4E4A-8288-49A1547ED52C}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{635D08E8-5751-4858-8472-023CE38F031D}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{635D08E8-5751-4858-8472-023CE38F031D}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe




Je ne sais pas du tout quoi faire, un peu d'aide serait vraiment très sympa, j'ai impérativement besoin du PC avant demain soir pour le boulot, et là je vais me coucher, merci d'avance :) 

Autres pages sur : point exclamation jaune resolu merci xmichoux

29 Novembre 2007 21:54:16

Désolé du double post, mais je joint également le rapport Vundofix (j'ai vu quelque part qu'on pouvait s'en servir...)


VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 21:32:16 29/11/2007

Listing files found while scanning....

C:\windows\system32\dvwvrgjm.dll
C:\windows\system32\dvwvrgjm.dllbox
C:\windows\system32\siixukwi.dll
C:\windows\system32\ypcpmswb.dllbox
29 Novembre 2007 21:58:57

Salut,

Ton rapport est incomplet.

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
Contenus similaires
29 Novembre 2007 22:05:26

Merci de la rapidité, sinon quel rapport est incomplet ?

Je lance le scan combofix :) 
29 Novembre 2007 22:36:47

Voila le rapport combofix:

ComboFix 07-11-19.4C - Propriétaire 2007-11-29 22:12:16.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.124 [GMT 1:00]
Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Administrateur\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\Pauline\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Pauline\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Pauline\Favoris\Online Security Guide.lnk
C:\Documents and Settings\Propriétaire\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Propriétaire\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Propriétaire\Favoris\Online Security Guide.lnk
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.ini2
C:\WINDOWS\system32\dvwvrgjm.dllbox
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\ypcpmswb.dllbox

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-29 ))))))))))))))))))))))))))))))))))))
.

2007-11-29 21:32 <REP> d-------- C:\VundoFix Backups
2007-11-29 21:23 2,996 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-29 21:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-29 21:22 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-29 20:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software
2007-11-29 20:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2007-11-29 20:28 <REP> d-------- C:\Program Files\Lavasoft
2007-11-29 19:28 77,888 --a------ C:\WINDOWS\system32\wxmjoray.dll
2007-11-28 13:19 37,376 --a------ C:\WINDOWS\system32\urqpnml.dll
2007-11-15 22:22 <REP> d-------- C:\Documents and Settings\Didou\Application Data\F-Secure
2007-11-15 22:21 <REP> d-------- C:\Documents and Settings\Didou\Application Data\ispnews
2007-11-15 17:05 <REP> d-------- C:\Documents and Settings\Pauline\Application Data\F-Secure
2007-11-15 17:04 <REP> d-------- C:\Documents and Settings\Pauline\Application Data\ispnews
2007-11-15 17:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-11-15 17:01 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-11-15 17:01 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-11-15 11:52 118,842 -r------- C:\WINDOWS\bwUnin-6.3.3.61-7431218L.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 21:32 --------- d-----w C:\Program Files\Wanadoo
2007-11-29 19:21 --------- d-----w C:\Program Files\eMule
2007-11-29 18:25 85,056 ----a-w C:\WINDOWS\system32\jxydulwq.dll
2007-11-29 18:19 145,984 ----a-w C:\WINDOWS\system32\dvwvrgjm.dll
2007-11-29 18:18 145,984 ----a-w C:\WINDOWS\system32\siixukwi.dll
2007-11-14 12:24 --------- d-----w C:\Program Files\World of Warcraft
2007-10-26 17:52 --------- d-----w C:\Program Files\Webtarot
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7ef36bf9-93a6-48ce-9073-098d8a877d32}]
2007-11-29 19:28 77888 --a------ C:\WINDOWS\system32\wxmjoray.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-29 19:19 145984 --a------ C:\WINDOWS\system32\dvwvrgjm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED203331-9C33-49D8-8714-D24A366A04EC}]
2007-11-28 13:19 37376 --a------ C:\WINDOWS\system32\urqpnml.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\dvwvrgjm.dll [2007-11-29 19:19 145984]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\dvwvrgjm.dll [2007-11-29 19:19 145984]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\Securitoo\av_fw\Common\FSM32.exe" [2005-10-26 02:51]
"F-Secure TNB"="C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" [2005-07-18 15:51]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 10:25]
"Tweak UI"="RUNDLL32.exe" [2004-08-19 21:05 C:\WINDOWS\system32\rundll32.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"F-Secure Startup Wizard"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.exe" [2005-10-18 09:29]
"News Service"="C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe" [2005-05-31 13:45]
"9842ef28"="C:\WINDOWS\system32\jxydulwq.dll" [2007-11-29 19:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 20:57]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\urqpnml.dll [2007-11-28 13:19 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dvwvrgjm]
dvwvrgjm.dll 2007-11-29 19:19 145984 C:\WINDOWS\system32\dvwvrgjm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpnml]
urqpnml.dll 2007-11-28 13:19 37376 C:\WINDOWS\system32\urqpnml.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhhe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
C:\Program Files\UberIcon\UberIcon Manager.exe

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R2 BackWeb Plug-in - 7431218;Antivirus Firewall;C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys
R2 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 Vcs;Vcs support;\??\C:\WINDOWS\system32\Drivers\Vcs.sys
S3 gsplittm;gsplittm;\??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\gsplittm.sys
S3 SiwvidStart;SiwvidStart;\??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\_ISTMP3.DIR\_ISTMP0.DIR\siwvid.sys
S4 Udf0wnb_crq;Udf0wnb_crq;C:\WINDOWS\system32\drivers\nikedrv.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-23 16:15:11 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-29 00:01:26 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe` /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\report.txt $C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1.SYSTEM'Tƒche ajout‚e par F-Secure Anti-Virus.
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 22:29:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-29 22:34:41 - machine was rebooted
.
--- E O F ---
29 Novembre 2007 23:53:28

Re,

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\urqpnml.dll
C:\WINDOWS\system32\dvwvrgjm.dll
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\jxydulwq.dll
C:\WINDOWS\system32\wxmjoray.dll
C:\WINDOWS\system32\siixukwi.dll
C:\WINDOWS\bwUnin-6.3.3.61-7431218L.exe

Folder::
C:\VundoFix Backups

Registry::
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{ED203331-9C33-49D8-8714-D24A366A04EC}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dvwvrgjm]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpnml]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"9842ef28"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7ef36bf9-93a6-48ce-9073-098d8a877d32}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED203331-9C33-49D8-8714-D24A366A04EC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
30 Novembre 2007 08:44:38

Salut! Merci infiniment, le virus a disparu apparemment :) 

Je te met quand-même les rapports:


Combofix:

ComboFix 07-11-19.4C - Propriétaire 2007-11-30 8:23:12.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.199 [GMT 1:00]
Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Propriétaire\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\bwUnin-6.3.3.61-7431218L.exe
C:\WINDOWS\system32\dvwvrgjm.dll
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\jxydulwq.dll
C:\WINDOWS\system32\siixukwi.dll
C:\WINDOWS\system32\urqpnml.dll
C:\WINDOWS\system32\wxmjoray.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\Propriétaire\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Propriétaire\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Propriétaire\Favoris\Online Security Guide.lnk
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\WINDOWS\bwUnin-6.3.3.61-7431218L.exe
C:\WINDOWS\system32\dvwvrgjm.dll
C:\WINDOWS\system32\dvwvrgjm.dllbox
C:\WINDOWS\system32\ehhkj.bak1
C:\WINDOWS\system32\ehhkj.ini
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\jxydulwq.dll
C:\WINDOWS\system32\siixukwi.dll
C:\WINDOWS\system32\urqpnml.dll
C:\WINDOWS\system32\wxmjoray.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))))))))
.

2007-11-29 20:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software
2007-11-29 20:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2007-11-29 20:28 <REP> d-------- C:\Program Files\Lavasoft
2007-11-15 22:22 <REP> d-------- C:\Documents and Settings\Didou\Application Data\F-Secure
2007-11-15 22:21 <REP> d-------- C:\Documents and Settings\Didou\Application Data\ispnews
2007-11-15 17:05 <REP> d-------- C:\Documents and Settings\Pauline\Application Data\F-Secure
2007-11-15 17:04 <REP> d-------- C:\Documents and Settings\Pauline\Application Data\ispnews
2007-11-15 17:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-11-15 17:01 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-11-15 17:01 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 07:11 --------- d-----w C:\Program Files\Wanadoo
2007-11-29 19:21 --------- d-----w C:\Program Files\eMule
2007-11-14 12:24 --------- d-----w C:\Program Files\World of Warcraft
2007-10-26 17:52 --------- d-----w C:\Program Files\Webtarot
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\Securitoo\av_fw\Common\FSM32.exe" [2005-10-26 02:51]
"F-Secure TNB"="C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" [2005-07-18 15:51]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 10:25]
"Tweak UI"="RUNDLL32.exe" [2004-08-19 21:05 C:\WINDOWS\system32\rundll32.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"F-Secure Startup Wizard"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.exe" [2005-10-18 09:29]
"News Service"="C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe" [2005-05-31 13:45]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 20:57]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
C:\Program Files\UberIcon\UberIcon Manager.exe

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R2 BackWeb Plug-in - 7431218;Antivirus Firewall;C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys
R2 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 Vcs;Vcs support;\??\C:\WINDOWS\system32\Drivers\Vcs.sys
S3 gsplittm;gsplittm;\??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\gsplittm.sys
S3 SiwvidStart;SiwvidStart;\??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\_ISTMP3.DIR\_ISTMP0.DIR\siwvid.sys
S4 Udf0wnb_crq;Udf0wnb_crq;C:\WINDOWS\system32\drivers\nikedrv.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-23 16:15:11 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-30 07:07:56 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe` /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\report.txt $C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1.SYSTEM'Tƒche ajout‚e par F-Secure Anti-Virus.
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 08:37:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-30 8:40:09 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-29 22:34
.
--- E O F ---


Et Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 08:44:28, on 30/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld....
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://metaboli.clubic.com/components/Metaboli.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.cabourg.net/meteocam/AxisCamControl.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie0610100...
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/activex/HMAtchmt....
O17 - HKLM\System\CCS\Services\Tcpip\..\{635D08E8-5751-4858-8472-023CE38F031D}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E01D3B28-225B-4E4A-8288-49A1547ED52C}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{635D08E8-5751-4858-8472-023CE38F031D}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{635D08E8-5751-4858-8472-023CE38F031D}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

Encore merci à toi!
30 Novembre 2007 11:02:47

Re,

C'est mieux ;) 

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
Le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
30 Novembre 2007 15:18:33

Re!

Voici le rapport de Clean:

30/11/2007 a 14:59:18,53

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND
"C:\Documents and Settings\Propriétaire\Application Data\ezpinst.exe" FOUND

*** Recherche des fichiers dans C:\Program Files

Le fichier est en cours d'up :) 
30 Novembre 2007 15:41:20

Re,

On continue ;) 

Télécharge AVG Anti-Spyware Installes-le.
Si le lien ne fonctionne pas : >Clique ici<
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
Ne fais pas d’analyse pour le moment.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Avg.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le ici.
&
Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.
30 Novembre 2007 18:02:55

Voici le rapport clean:

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 30/11/2007 a 17:54:21,75

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !


Rapport AVG:

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 17:52:48 30/11/2007

+ Résultat de l'analyse:



C:\WINDOWS\system32\bsdeff32.dll -> Adware.BHO : Nettoyé et sauvegardé (mise en quarantaine).
[868] C:\WINDOWS\System32\bsdeff32.dll -> Adware.BHO : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{6D1FAD80-DB2D-4D71-8A59-636D3F53C03A}\RP764\A0407235.exe -> Adware.NewDotNet : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\C\WINDOWS\NDNuninstall7_22.exe.vir -> Adware.NewDotNet : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{6D1FAD80-DB2D-4D71-8A59-636D3F53C03A}\RP767\A0407339.dll -> Not-A-Virus.Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\catchme2007-11-30_ 83706.53.zip/urqpnml.dll -> Not-A-Virus.Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.271:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.272:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.273:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.274:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.275:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.113:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.194:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.227:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.446:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.447:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.448:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.449:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.450:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.451:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.452:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.453:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.454:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.455:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.456:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.457:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.458:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.459:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.460:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.461:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.462:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.463:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.464:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.465:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.466:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.467:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.468:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.469:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.529:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.530:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.426:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.427:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.428:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.429:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.430:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.431:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.432:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.433:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.434:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.154:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.155:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.17:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\pe0syjv2.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.221:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.222:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.29:C:\Documents and Settings\Didou\Application Data\Mozilla\Firefox\Profiles\xwo1hqxw.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.229:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.230:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.233:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.29:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\pe0syjv2.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.30:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\pe0syjv2.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.31:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\pe0syjv2.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.32:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\pe0syjv2.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.59:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.60:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.61:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.62:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.63:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.257:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.123:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.255:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.30:C:\Documents and Settings\Didou\Application Data\Mozilla\Firefox\Profiles\xwo1hqxw.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.226:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.28:C:\Documents and Settings\Didou\Application Data\Mozilla\Firefox\Profiles\xwo1hqxw.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.39:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.783:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.784:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.785:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.102:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.103:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.153:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.156:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.157:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.196:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.26:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\pe0syjv2.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.27:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\pe0syjv2.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.28:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\pe0syjv2.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.215:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Coremetrics : Nettoyé.
:mozilla.206:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.20:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.23:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\pe0syjv2.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.39:C:\Documents and Settings\Didou\Application Data\Mozilla\Firefox\Profiles\xwo1hqxw.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.160:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.332:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.81:C:\Documents and Settings\Didou\Application Data\Mozilla\Firefox\Profiles\xwo1hqxw.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.39:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Etracker : Nettoyé.
:mozilla.542:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.240:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.241:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.250:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.251:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.252:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.139:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.140:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.262:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.263:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.264:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.265:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.266:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.269:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.238:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.260:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.287:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.721:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.870:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.871:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.343:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Hotlog : Nettoyé.
:mozilla.257:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.258:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.387:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.388:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.104:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Ivwbox : Nettoyé.
:mozilla.640:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Masterstats : Nettoyé.
:mozilla.104:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.105:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.144:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.24:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.655:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.656:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.80:C:\Documents and Settings\Didou\Application Data\Mozilla\Firefox\Profiles\xwo1hqxw.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.80:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.242:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.243:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.244:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.248:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.412:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.413:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.436:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
:mozilla.899:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.900:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.901:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.902:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.903:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.145:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.146:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.147:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.148:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.149:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.150:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.151:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.43:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.44:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.45:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.95:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.96:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.847:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.848:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.849:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.850:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.851:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.852:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.853:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.854:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.855:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.856:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.335:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Sexlist : Nettoyé.
:mozilla.336:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Sexlist : Nettoyé.
:mozilla.355:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.12:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.19:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.21:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.22:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.23:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.26:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.27:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.28:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.68:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.69:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.70:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.351:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Spylog : Nettoyé.
:mozilla.643:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.644:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.645:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.646:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.647:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.648:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.649:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.650:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.651:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.652:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.576:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.577:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.578:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.198:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.199:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.200:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.201:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.202:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.20:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\pe0syjv2.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.51:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.52:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.70:C:\Documents and Settings\Didou\Application Data\Mozilla\Firefox\Profiles\xwo1hqxw.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.71:C:\Documents and Settings\Didou\Application Data\Mozilla\Firefox\Profiles\xwo1hqxw.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.72:C:\Documents and Settings\Didou\Application Data\Mozilla\Firefox\Profiles\xwo1hqxw.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.786:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.66:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.67:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.69:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.81:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.82:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.83:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.94:C:\Documents and Settings\Didou\Application Data\Mozilla\Firefox\Profiles\xwo1hqxw.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.548:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
:mozilla.41:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.344:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé.
:mozilla.164:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.165:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.166:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.168:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.169:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.256:C:\Documents and Settings\Celine\Application Data\Mozilla\Firefox\Profiles\8bluelfk.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\System Volume Information\_restore{6D1FAD80-DB2D-4D71-8A59-636D3F53C03A}\RP764\A0407236.exe -> Trojan.FirstAd : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\C\WINDOWS\svchost.exe.vir -> Trojan.FirstAd : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport

30 Novembre 2007 18:39:21

Reposte un Hijackthis ;) 
30 Novembre 2007 19:22:47

Le voila!

Logfile of HijackThis v1.99.1
Scan saved at 19:22:33, on 30/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld....
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://metaboli.clubic.com/components/Metaboli.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.cabourg.net/meteocam/AxisCamControl.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie0610100...
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/activex/HMAtchmt....
O17 - HKLM\System\CCS\Services\Tcpip\..\{635D08E8-5751-4858-8472-023CE38F031D}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E01D3B28-225B-4E4A-8288-49A1547ED52C}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{635D08E8-5751-4858-8472-023CE38F031D}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{635D08E8-5751-4858-8472-023CE38F031D}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

30 Novembre 2007 20:07:11

Relance HiJackThis, do a system scan only, coche ces lignes :
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*

Puis Fix Checked !


Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer. (Tuto)
Autorise les active x.
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
Colle son rapport ici.

Puis reposte un Hijackthis.
1 Décembre 2007 12:04:33

Voici le rapport Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 01, 2007 12:02:37 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/12/2007
Kaspersky Anti-Virus database records: 469683
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\

Scan Statistics:
Total number of scanned objects: 81973
Number of viruses found: 17
Number of infected objects: 67
Number of suspicious objects: 0
Duration of the scan process: 01:05:49

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\1\79f85801-30c4267c/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\1\79f85801-30c4267c/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\1\79f85801-30c4267c/NewSecurityClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\1\79f85801-30c4267c/NewURLClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\1\79f85801-30c4267c ZIP: infected - 4 skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\16\11ef2150-53caead7/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\16\11ef2150-53caead7/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\16\11ef2150-53caead7/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\16\11ef2150-53caead7 ZIP: infected - 3 skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\18\7d41092-69333948/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\18\7d41092-69333948/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\18\7d41092-69333948/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\18\7d41092-69333948 ZIP: infected - 3 skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-4f6e1cca/Counter.class Infected: Trojan.Java.ClassLoader.i skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-4f6e1cca/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-4f6e1cca/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-4f6e1cca ZIP: infected - 3 skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-7d7e2f72/Counter.class Infected: Trojan.Java.ClassLoader.i skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-7d7e2f72/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-7d7e2f72/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-7d7e2f72 ZIP: infected - 3 skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\31\5facab1f-1de13997/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\31\5facab1f-1de13997 ZIP: infected - 1 skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\31\6abdaa1f-1fed50c4/Counter.class Infected: Trojan.Java.ClassLoader.i skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\31\6abdaa1f-1fed50c4/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\31\6abdaa1f-1fed50c4/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\31\6abdaa1f-1fed50c4 ZIP: infected - 3 skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\49\4db115b1-12813eb9/SuperMSClassLoader.class Infected: Trojan.Java.ClassLoader.aq skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\49\4db115b1-12813eb9/Installer.class Infected: Trojan-Downloader.Java.OpenStream.z skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0\49\4db115b1-12813eb9 ZIP: infected - 2 skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a26-17799ee4.zip/Counter.class Infected: Trojan.Java.ClassLoader.i skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a26-17799ee4.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a26-17799ee4.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a26-17799ee4.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-59778a4a.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-14e46f0-59778a4a.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-36ee5878.zip/SuperMSClassLoader.class Infected: Trojan.Java.ClassLoader.aq skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-36ee5878.zip/Installer.class Infected: Trojan-Downloader.Java.OpenStream.z skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-36ee5878.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-30494da3-50d95afd.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-30494da3-50d95afd.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-30494da3-50d95afd.zip/NewSecurityClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-30494da3-50d95afd.zip/NewURLClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-30494da3-50d95afd.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv519.jar-70353f5e-5eec0b69.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv519.jar-70353f5e-5eec0b69.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv519.jar-70353f5e-5eec0b69.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv519.jar-70353f5e-5eec0b69.zip ZIP: infected - 3 skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\ispnews\ispn.ini Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\ispnews\ispnc.items Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\ispnews\ispnr.items Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cert8.db Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\history.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\key3.db Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\parent.lock Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Propriétaire\Bureau\clean\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped
C:\Documents and Settings\Propriétaire\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\Cache\3CD27B45d01/clean/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\Cache\3CD27B45d01 ZIP: infected - 1 skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Temp\~DF31DB.tmp Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\ntuser.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Securitoo\av_fw\Anti-Virus\dbupdate.log Object is locked skipped
C:\Program Files\Securitoo\av_fw\Anti-Virus\Qrt.log Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\fsbwupst.log Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\L0000005.FCS Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Securitoo\av_fw\Common\admin.pub Object is locked skipped
C:\Program Files\Securitoo\av_fw\Common\policy.bpf Object is locked skipped
C:\Program Files\Securitoo\av_fw\Common\policy.ipf Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\dvwvrgjm.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jxydulwq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\siixukwi.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6D1FAD80-DB2D-4D71-8A59-636D3F53C03A}\RP767\A0407331.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6D1FAD80-DB2D-4D71-8A59-636D3F53C03A}\RP767\A0407332.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6D1FAD80-DB2D-4D71-8A59-636D3F53C03A}\RP767\A0407338.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6D1FAD80-DB2D-4D71-8A59-636D3F53C03A}\RP767\A0407344.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6D1FAD80-DB2D-4D71-8A59-636D3F53C03A}\RP767\change.log Object is locked skipped
C:\upload_moi_FLO.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/NDNuninstall7_22.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\upload_moi_FLO.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/jxydulwq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\upload_moi_FLO.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/siixukwi.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\upload_moi_FLO.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2007-11-30_ 83706.53.zip/dvwvrgjm.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\upload_moi_FLO.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2007-11-30_ 83706.53.zip/urqpnml.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.arm skipped
C:\upload_moi_FLO.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2007-11-30_ 83706.53.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.arm skipped
C:\upload_moi_FLO.tar.gz/upload_moi.tar Infected: not-a-virus:AdWare.Win32.Virtumonde.arm skipped
C:\upload_moi_FLO.tar.gz GZIP: infected - 7 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bsdeff32.dll Infected: not-a-virus:AdWare.Win32.BHO.ba skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Et le Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 12:04:33, on 01/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://metaboli.clubic.com/components/Metaboli.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.cabourg.net/meteocam/AxisCamControl.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{635D08E8-5751-4858-8472-023CE38F031D}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E01D3B28-225B-4E4A-8288-49A1547ED52C}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{635D08E8-5751-4858-8472-023CE38F031D}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{635D08E8-5751-4858-8472-023CE38F031D}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
1 Décembre 2007 12:17:54

Re,

Toujours des problèmes ?

Télécharge OTMoveIt > Tuto <

Sauvegarde-le sur le Bureau

Séléctionne l'encadré ci-dessous
C:\WINDOWS\system32\bsdeff32.dll
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\Cache\3CD27B45d01

Lance maintenant OTMoveIt .
Assure toi que la case unregister dll’s and ocx’s soit cochée.
Deux cadres apparaissent , clique droit sur le cadre de gauche , puis colle l'encadré ci desssus.
Et clique sur Movelt !

Si le programme te demande de redemarrer, accepte.

Poste le rapport qui se trouve dans : C:\_OTMoveIt\MovedFiles\date de création!

NOTE : Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
1 Décembre 2007 12:48:02

Re bonjour!

Le virus a bien été éradiqué (en tout cas le PC a retrouvé sa rapidité et je ne voie plus aucun signe que le virus soit la)

Le rapport OTMoveIt (il ne m'a pas demandé de redémarrer):

C:\WINDOWS\system32\bsdeff32.dll unregistered successfully.
C:\WINDOWS\system32\bsdeff32.dll moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\Cache\3CD27B45d01 moved successfully.

Created on 12/01/2007 12:46:19
1 Décembre 2007 16:51:02

Re,

Vide les dossiers en gras

C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\6.0
C:\Documents and Settings\Didou\Application Data\Sun\Java\Deployment\cache\javapi


Désactive-réactive la restauration système

Désinstalle, supprime tous les logiciels utilisés pour la désinfection ainsi que les dossiers créés correspondants.. Garde ccleaner, avg et antivir si nous les avons installé..

Refais une analyse en ligne et poste le rapport ;) 
2 Décembre 2007 12:35:01

Bonjour! Voici le rapport Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, December 02, 2007 12:34:32 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/12/2007
Kaspersky Anti-Virus database records: 470276
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\

Scan Statistics:
Total number of scanned objects: 84435
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 01:06:16

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\ispnews\ispn.ini Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\ispnews\ispnc.items Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\ispnews\ispnr.items Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\cert8.db Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\history.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\key3.db Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\parent.lock Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Propriétaire\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\51f5pi8z.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Historique\History.IE5\MSHist012007120220071203\index.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\ntuser.dat Object is locked skipped
C:\Documents and Settings\Propriétaire\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Securitoo\av_fw\Anti-Virus\dbupdate.log Object is locked skipped
C:\Program Files\Securitoo\av_fw\Anti-Virus\Qrt.log Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\fsbwupst.log Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\L0000006.FCS Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Securitoo\av_fw\backweb\7431218\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Securitoo\av_fw\Common\admin.pub Object is locked skipped
C:\Program Files\Securitoo\av_fw\Common\policy.bpf Object is locked skipped
C:\Program Files\Securitoo\av_fw\Common\policy.ipf Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6D1FAD80-DB2D-4D71-8A59-636D3F53C03A}\RP769\A0409553.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped
C:\System Volume Information\_restore{6D1FAD80-DB2D-4D71-8A59-636D3F53C03A}\RP769\A0409592.dll Infected: not-a-virus:AdWare.Win32.BHO.ba skipped
C:\System Volume Information\_restore{6D1FAD80-DB2D-4D71-8A59-636D3F53C03A}\RP769\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
2 Décembre 2007 12:37:10

Redésactive-réactive la restauration système ..

Toujours des problèmes ?

Désinstalle, supprime tous les logiciels utilisés pour la désinfection ainsi que les dossiers créés correspondants.. Garde ccleaner, avg et antivir si nous les avons installé..
Rapporte ton infection sur Malware Complaints >Tuto<
Ton(tes) infection(s) : Vundo

Puis regarde ces pages :

Sécuriser son Ordinateur
cracks/P2P

Bon week-end
2 Décembre 2007 17:51:48

Tout est résolu, un énorme merci à toi Michou!!!

Je rajoute résolu dans le titre du sujet :) 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS