[Resolu]Virus Win32
Forum Sécurité - Virus : [Resolu]Virus Win32
Bonjour,
J'ai un virus win32, je ne sais pas comment l'enlever. Pouvez-vous m'aider?
Merci
Message édité par mimi_li le 28-02-2008 à 20:15:40
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Sécurité / Prévention
Répondre à Egwene
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:19:01, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\PSIService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\WINDOWS\system32\LVCOMSX.EXE
H:\Program Files\Logitech\Video\LogiTray.exe
H:\Program Files\Winamp\winampa.exe
H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Search Settings\SearchSettings.exe
H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Picasa2\PicasaMediaDetector.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\OpenOffice.org 2.2\program\soffice.exe
H:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
H:\Program Files\Logitech\Video\FxSvr2.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\MSN Messenger\msnmsgr.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb126\SearchSettings.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - H:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - H:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - H:\WINDOWS\system32\wvutrqq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {2aec8fb5-379f-5128-2324-875082063c09} - {90c36028-0578-4232-8215-f9735bf8cea2} - H:\WINDOWS\system32\bowdfycw.dll (file missing)
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - H:\WINDOWS\system32\.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb126\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] H:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] H:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] H:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [H2O] H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SMSTray] H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SearchSettings] H:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "H:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: wvutrqq - H:\WINDOWS\SYSTEM32\wvutrqq.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exe
--
End of file - 8278 bytes
Merci de faire la procédure suivante en entier !!!
| Citation : Infection Vundo / Virtumonde |
1) Affiche les fichiers et dossiers cachés …
Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
Ensuite, clique sur > Outils > Options des dossiers ...
clique sur l' onglet « Affichage » et ...
coche ---> Afficher les fichiers et dossiers cachés
décoche > Masquer les extensions des fichiers dont le type est connu
décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
« Appliquer » et « OK ».
2) Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
- Double-clique VundoFix.exe afin de le lancer
- Clique sur le bouton Scan for Vundo
- Lorsque le scan est complété, clique sur le bouton Remove Vundo
- Une invite te demandera si tu veux supprimer les fichiers, clique YES
- Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
- Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
- Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".
3) Téléchargez VirtumundoBeGone sur votre bureau : http://secured2k.home.comcast.net/ [...] BeGone.exe
Double-cliquez ensuite sur VirtumundoBeGone.exe et suivez les instructions qui s'affichent à l'écran.
Une fois terminé, redémarrez votre PC.
PS : Ne vous inquiètez pas si vous voyez un écran bleu "Erreur fatale", c'est normal.
Poste le rapport généré par VirtumundoBeGone ^^
4) Télécharge Combofix de sUBs :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos [...] x-t121.htm
Redémarre en mode sans échecs : aide ici >>>
http://forum.telecharger.01net.com [...] ges-1.html
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
5) Copie/colle un nouveau rapport HiJackThis avec.
Sécurité / Prévention
Répondre à Egwene
Voici le rapport vundofix :
VundoFix V6.7.7
Checking Java version...
Scan started at 17:43:46 05/01/2008
Listing files found while scanning....
H:\WINDOWS\system32\awtsqol.dll
H:\WINDOWS\system32\awtttqp.dll
H:\WINDOWS\system32\bowdfycw.dll
H:\WINDOWS\system32\ddcbbba.dll
H:\WINDOWS\system32\ddccd.dll
H:\WINDOWS\system32\ddcywwx.dll
H:\WINDOWS\system32\hgggfec.dll
H:\WINDOWS\system32\iiffgef.dll
H:\WINDOWS\system32\jjkkj.ini
H:\WINDOWS\system32\jjkkj.ini2
H:\WINDOWS\system32\jkkhfdc.dll
H:\WINDOWS\system32\jkkjj.exe
H:\WINDOWS\system32\jkkkhed.dll
H:\WINDOWS\system32\mljghff.dll
H:\WINDOWS\system32\mljghhg.dll
H:\WINDOWS\system32\mljihfg.dll
H:\WINDOWS\system32\qomkkih.dll
H:\WINDOWS\system32\ssqnkkl.dll
H:\WINDOWS\system32\tuvvuvw.dll
H:\WINDOWS\system32\urqnkji.dll
H:\WINDOWS\system32\wvusrpo.dll
H:\WINDOWS\system32\xxywvvv.dll
H:\WINDOWS\system32\yayaaxv.dll
H:\WINDOWS\system32\ybdsqfpr.dll
Beginning removal...
Attempting to delete H:\WINDOWS\system32\awtsqol.dll
H:\WINDOWS\system32\awtsqol.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\awtttqp.dll
H:\WINDOWS\system32\awtttqp.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\bowdfycw.dll
H:\WINDOWS\system32\bowdfycw.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\ddcbbba.dll
H:\WINDOWS\system32\ddcbbba.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\ddccd.dll
H:\WINDOWS\system32\ddccd.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\ddcywwx.dll
H:\WINDOWS\system32\ddcywwx.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\hgggfec.dll
H:\WINDOWS\system32\hgggfec.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\iiffgef.dll
H:\WINDOWS\system32\iiffgef.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\jjkkj.ini
H:\WINDOWS\system32\jjkkj.ini Has been deleted!
Attempting to delete H:\WINDOWS\system32\jjkkj.ini2
H:\WINDOWS\system32\jjkkj.ini2 Has been deleted!
Attempting to delete H:\WINDOWS\system32\jkkhfdc.dll
H:\WINDOWS\system32\jkkhfdc.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\jkkjj.exe
H:\WINDOWS\system32\jkkjj.exe Has been deleted!
Attempting to delete H:\WINDOWS\system32\jkkkhed.dll
H:\WINDOWS\system32\jkkkhed.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\mljghff.dll
H:\WINDOWS\system32\mljghff.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\mljghhg.dll
H:\WINDOWS\system32\mljghhg.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\mljihfg.dll
H:\WINDOWS\system32\mljihfg.dll Could not be deleted.
Attempting to delete H:\WINDOWS\system32\qomkkih.dll
H:\WINDOWS\system32\qomkkih.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\ssqnkkl.dll
H:\WINDOWS\system32\ssqnkkl.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\tuvvuvw.dll
H:\WINDOWS\system32\tuvvuvw.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\urqnkji.dll
H:\WINDOWS\system32\urqnkji.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\wvusrpo.dll
H:\WINDOWS\system32\wvusrpo.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\xxywvvv.dll
H:\WINDOWS\system32\xxywvvv.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\yayaaxv.dll
H:\WINDOWS\system32\yayaaxv.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\ybdsqfpr.dll
H:\WINDOWS\system32\ybdsqfpr.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete H:\WINDOWS\system32\mljihfg.dll
H:\WINDOWS\system32\mljihfg.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.7.8
Checking Java version...
Scan started at 14:15:01 24/02/2008
Listing files found while scanning....
H:\windows\system32\awtqo.dll
H:\windows\system32\jkhhe.dll
H:\WINDOWS\system32\wvutrqq.dll
Beginning removal...
Attempting to delete H:\windows\system32\awtqo.dll
H:\windows\system32\awtqo.dll Has been deleted!
Attempting to delete H:\windows\system32\jkhhe.dll
H:\windows\system32\jkhhe.dll Has been deleted!
Attempting to delete H:\WINDOWS\system32\wvutrqq.dll
H:\WINDOWS\system32\wvutrqq.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Et voici le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:39, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\PSIService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\SOUNDMAN.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\WINDOWS\system32\LVCOMSX.EXE
H:\Program Files\Logitech\Video\LogiTray.exe
H:\Program Files\Winamp\winampa.exe
H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Search Settings\SearchSettings.exe
H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Picasa2\PicasaMediaDetector.exe
H:\Program Files\Logitech\Video\FxSvr2.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\OpenOffice.org 2.2\program\soffice.exe
H:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb126\SearchSettings.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - H:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - H:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {2aec8fb5-379f-5128-2324-875082063c09} - {90c36028-0578-4232-8215-f9735bf8cea2} - H:\WINDOWS\system32\bowdfycw.dll (file missing)
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - H:\WINDOWS\system32\.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb126\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] H:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] H:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] H:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [H2O] H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SMSTray] H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SearchSettings] H:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "H:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exe
--
End of file - 8116 bytes
J'attends la suite 
Sécurité / Prévention
Répondre à Egwene
[02/24/2008, 21:09:28] - VirtumundoBeGone v1.5 ( "H:\Documents and Settings\Laura\Bureau\VirtumundoBeGone.exe" )
[02/24/2008, 21:09:31] - Detected System Information:
[02/24/2008, 21:09:31] - Windows Version: 5.1.2600, Service Pack 2
[02/24/2008, 21:09:31] - Current Username: Laura (Admin)
[02/24/2008, 21:09:31] - Windows is in NORMAL mode.
[02/24/2008, 21:09:31] - Searching for Browser Helper Objects:
[02/24/2008, 21:09:31] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[02/24/2008, 21:09:31] - BHO 2: {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} (BrowserCmp)
[02/24/2008, 21:09:31] - BHO 3: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[02/24/2008, 21:09:31] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/24/2008, 21:09:31] - BHO 5: {90c36028-0578-4232-8215-f9735bf8cea2} ()
[02/24/2008, 21:09:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/24/2008, 21:09:31] - Checking for HKLM\...\Winlogon\Notify\bowdfycw
[02/24/2008, 21:09:31] - Key not found: HKLM\...\Winlogon\Notify\bowdfycw, continuing.
[02/24/2008, 21:09:31] - BHO 6: {9C8A568E-4201-478a-8536-526CF371D2E2} (ads_optimizer)
[02/24/2008, 21:09:31] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/24/2008, 21:09:31] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[02/24/2008, 21:09:31] - BHO 9: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} (SearchSettings Class)
[02/24/2008, 21:09:31] - Finished Searching Browser Helper Objects
[02/24/2008, 21:09:31] - Finishing up...
[02/24/2008, 21:09:31] - Nothing found! Exiting...
ComboFix 08-02-23.2 - Laura 2008-02-24 21:28:31.9 - NTFSx86 MINIMAL
Endroit: H:\Documents and Settings\Laura\Bureau\ComboFix.exe
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-24 to 2008-02-24 ))))))))))))))))))))))))))))))))))))
.
2008-02-24 14:30 . 2008-02-24 14:30 24,576 --a------ H:\WINDOWS\system32\VundoFixSVC.exe
2008-02-24 14:15 . 2008-02-24 14:40 <REP> d-------- H:\VundoFix Backups
2008-02-21 20:48 . 2008-02-21 20:48 26,048 --------- H:\WINDOWS\system32\wvutrqq.dll
2008-02-20 19:04 . 2008-02-20 19:04 <REP> d-------- H:\WINDOWS\system32\fr-fr
2008-02-13 20:01 . 1998-06-16 23:00 516,173 --a------ H:\WINDOWS\system32\MSVCP60D.DLL
2008-02-13 20:01 . 1998-06-16 23:00 385,100 --a------ H:\WINDOWS\system32\MSVCRTD.DLL
2008-02-13 20:01 . 2003-08-07 15:01 237,568 --a------ H:\WINDOWS\system32\lame_enc.dll
2008-02-12 22:30 . 2008-02-14 00:21 <REP> d-------- H:\Program Files\Dealio
2008-02-12 22:29 . 2005-02-24 12:10 2,084,864 --a------ H:\WINDOWS\system32\AudDesign.dll
2008-02-12 22:29 . 2005-03-11 17:37 1,986,560 --a------ H:\WINDOWS\system32\AudFile.dll
2008-02-12 22:29 . 2005-02-24 12:11 1,212,416 --a------ H:\WINDOWS\system32\AudioInfos.dll
2008-02-12 22:29 . 2005-02-24 12:11 479,232 --a------ H:\WINDOWS\system32\AudioVisu.dll
2008-02-12 22:29 . 2005-02-24 15:21 458,752 --a------ H:\WINDOWS\system32\AudPlayer.dll
2008-02-12 22:29 . 2005-03-10 16:00 454,656 --a------ H:\WINDOWS\system32\AudioRecord.dll
2008-02-12 22:29 . 2005-02-24 12:10 417,792 --a------ H:\WINDOWS\system32\AudDisplay.dll
2008-02-12 22:29 . 2005-02-24 11:51 348,160 --a------ H:\WINDOWS\system32\WMAFile.dll
2008-02-12 22:29 . 2005-01-10 12:54 116,296 --a------ H:\WINDOWS\system32\NCTWMAProfiles.prx
2008-02-12 20:13 . 2008-02-24 21:08 80,090 --a------ H:\WINDOWS\system32\adssite-remove.exe
2008-02-11 20:37 . 2008-02-11 20:37 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\Corel
2008-02-11 16:44 . 2008-02-11 16:44 <REP> d-------- H:\Documents and Settings\Laura\Application Data\Corel
2008-02-11 16:44 . 2008-02-20 18:16 88 -r-hs---- H:\WINDOWS\system32\EE4EB6D6A9.sys
2008-02-11 16:38 . 2008-02-11 16:40 <REP> d-------- H:\Program Files\Fichiers communs\Corel
2008-02-11 16:30 . 2008-02-11 16:44 <REP> d-------- H:\Documents and Settings\All Users\Application Data\Corel
2008-02-11 16:27 . 2008-02-20 18:16 2,516 --ahs---- H:\WINDOWS\system32\KGyGaAvL.sys
2008-02-11 16:25 . 2008-02-11 16:38 <REP> d-------- H:\Program Files\Corel
2008-02-11 16:25 . 2008-02-11 16:25 <REP> d-------- H:\Documents and Settings\Laura\Application Data\InstallShield
2008-02-09 19:07 . 2008-02-09 19:07 <REP> d-------- H:\Program Files\VirtualDJ
2008-02-09 18:49 . 2008-02-09 18:49 <REP> d-------- H:\Program Files\MyXOFT
2008-02-09 18:49 . 2008-02-09 18:50 <REP> d-------- H:\Documents and Settings\Antoine\DSS DJ Data
2008-02-09 18:49 . 2006-12-01 22:03 626,688 --a------ H:\WINDOWS\system32\msvcr80.dll
2008-02-09 18:49 . 2006-12-01 22:03 548,864 --a------ H:\WINDOWS\system32\msvcp80.dll
2008-02-09 18:49 . 2006-12-02 06:22 479,232 --a------ H:\WINDOWS\system32\msvcm80.dll
2008-02-09 18:49 . 2006-12-01 22:03 1,869 --a------ H:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
2008-02-07 17:49 . 2008-02-07 17:49 80,896 --a------ H:\WINDOWS\system32\.dll
2008-02-03 22:24 . 2008-02-04 21:37 <REP> d-------- H:\Program Files\WarRock
2008-01-29 12:37 . 2008-01-29 12:37 46,300 --a------ H:\WINDOWS\system32\AdssiteSocial-uninstall.exe
2008-01-27 21:35 . 2008-02-12 23:00 <REP> d-------- H:\Documents and Settings\Laura\Application Data\Search Settings
2008-01-27 19:45 . 2008-02-13 20:03 <REP> d-------- H:\Program Files\Search Settings
2008-01-25 12:02 . 2008-01-27 10:24 <REP> d-------- H:\djp
2008-01-25 12:00 . 2008-02-20 19:02 1,374 --a------ H:\WINDOWS\imsins.BAK
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 20:11 --------- d-----w H:\Documents and Settings\Laura\Application Data\OpenOffice.org2
2008-02-24 20:04 --------- d-----w H:\Documents and Settings\Antoine\Application Data\OpenOffice.org2
2008-02-24 17:43 --------- d-----w H:\Program Files\Steam
2008-02-23 11:57 --------- d-----w H:\Program Files\Fichiers communs\Adobe
2008-02-20 16:45 --------- d-----w H:\Documents and Settings\Frederique\Application Data\OpenOffice.org2
2008-02-19 13:34 --------- d-----w H:\Documents and Settings\Laura\Application Data\LimeWire
2008-02-19 13:33 --------- d-----w H:\Program Files\LimeWire
2008-02-18 16:05 --------- d-----w H:\Documents and Settings\Antoine\Application Data\LimeWire
2008-02-15 17:01 --------- d-----w H:\Documents and Settings\Frederique\Application Data\Search Settings
2008-02-13 19:02 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Dealio
2008-02-13 19:01 --------- d-----w H:\Program Files\Free Audio Pack
2008-02-12 21:42 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Search Settings
2008-02-07 16:49 80,896 ----a-w H:\WINDOWS\system32\.dll
2008-02-04 20:37 --------- d--h--w H:\Program Files\InstallShield Installation Information
2008-02-04 19:48 22,328 ----a-w H:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-04 19:47 107,832 ----a-w H:\WINDOWS\system32\PnkBstrB.exe
2008-01-27 18:41 --------- d---a-w H:\Documents and Settings\All Users\Application Data\TEMP
2008-01-27 17:49 --------- d-----w H:\Program Files\Fichiers communs\InstallShield
2008-01-21 10:36 --------- d-----w H:\Documents and Settings\Laura\Application Data\Skype
2008-01-20 19:37 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Skype
2008-01-19 17:47 --------- d-----w H:\Documents and Settings\Antoine\Application Data\GetRightToGo
2008-01-18 10:06 294,912 ----a-w H:\WINDOWS\system32\iebrowserc.dll
2008-01-17 19:03 --------- d-----w H:\Documents and Settings\Laura\Application Data\DataCast
2008-01-13 21:49 --------- d-----w H:\Program Files\Stardock
2008-01-11 18:42 --------- d-----w H:\Program Files\Avira
2008-01-11 18:00 --------- d-----w H:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 17:55 --------- d-----w H:\Program Files\CCleaner
2008-01-08 19:18 --------- d-----w H:\Program Files\Trend Micro
2008-01-08 18:55 --------- d-----w H:\Program Files\Nostale(FR)
2008-01-06 15:00 --------- d-----w H:\Program Files\Winamp
2008-01-06 15:00 --------- d-----w H:\Program Files\Picasa2
2008-01-06 15:00 --------- d-----w H:\Program Files\MSN Messenger
2008-01-06 10:13 221,184 ----a-w H:\WINDOWS\system32\LVCOMSX.EXE
2007-12-29 10:50 --------- d-----w H:\Documents and Settings\Laura\Application Data\Winamp
2007-12-28 21:50 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Winamp
2007-12-28 21:47 --------- d-----w H:\Program Files\Winamp Remote
2007-12-28 21:47 --------- d-----w H:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-12-27 17:44 134 ----a-w H:\n.bat
2007-12-27 16:41 --------- d-----w H:\Program Files\Google
2007-12-27 16:38 --------- d-----w H:\Program Files\VstPlugins
2007-12-27 16:38 --------- d-----w H:\Program Files\Image-Line
2007-12-27 14:16 --------- d-----w H:\Program Files\Wolfenstein - Enemy Territory
2007-12-26 19:56 --------- d-----w H:\Program Files\eMule
2007-12-26 19:27 286,720 ----a-w H:\WINDOWS\vsnpstd2.exe
2007-12-26 19:12 147,456 ----a-w H:\WINDOWS\system32\vbzip10.dll
2007-12-26 15:54 --------- d-----w H:\Program Files\Messenger Plus! Live
2007-12-25 07:52 --------- d-----w H:\Documents and Settings\Antoine\Application Data\DataCast
2007-12-24 21:18 65,024 ----a-w H:\WINDOWS\IFinst26.exe
2007-12-24 21:18 --------- d-----w H:\Program Files\Lame MP3 Codec
2007-12-24 21:17 --------- d-----w H:\Program Files\Samsung
2007-12-24 21:17 --------- d-----w H:\Program Files\MarkAny
2007-12-24 21:17 --------- d-----w H:\Documents and Settings\Antoine\Application Data\InstallShield
2007-12-21 14:39 10,752 ----a-w H:\WINDOWS\system32\WhoisCL.exe
2007-12-14 16:19 40,960 ------w H:\WINDOWS\system32\MAMACExtract.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93}]
2008-01-18 11:06 294912 --a------ H:\WINDOWS\system32\iebrowserc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90c36028-0578-4232-8215-f9735bf8cea2}]
H:\WINDOWS\system32\bowdfycw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
2008-02-07 17:49 80896 --a------ H:\WINDOWS\system32\.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2008-02-06 17:47 1160544 --a------ H:\Program Files\Search Settings\kb126\SearchSettings.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="H:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 11:13 5674352]
"Skype"="H:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 11:14 22880040]
"LogitechSoftwareUpdate"="H:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 11:13 196608]
"Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-01-06 11:13 443968]
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 09:42 90112 H:\WINDOWS\soundman.exe]
"NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [2005-10-10 14:49 7286784]
"nwiz"="nwiz.exe" [2005-10-10 14:49 1519616 H:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 14:49 86016]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 11:13 132496]
"LVCOMSX"="H:\WINDOWS\system32\LVCOMSX.EXE" [2008-01-06 11:13 221184]
"LogitechVideoRepair"="H:\Program Files\Logitech\Video\ISStart.exe" [ ]
"LogitechVideoTray"="H:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 11:13 217088]
"WinampAgent"="H:\Program Files\Winamp\winampa.exe" [2008-01-06 11:13 37376]
"H2O"="H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2008-01-06 11:13 200069]
"SMSTray"="H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2008-01-06 11:13 132624]
"avgnt"="H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-12 19:43 249896]
"SearchSettings"="H:\Program Files\Search Settings\SearchSettings.exe" [2008-02-06 17:47 1036640]
"Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Corel Photo Downloader"="H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-01-06 11:13 443968]
H:\Documents and Settings\Antoine\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56 393216]
SM.lnk - H:\Program Files\SM\skymessnet.exe [2007-09-28 08:42:08 651264]
H:\Documents and Settings\Frederique\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56 393216]
H:\Documents and Settings\Laura\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56 393216]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= H:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"H:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"H:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"H:\\Program Files\\MSN Messenger\\livecall.exe"=
"H:\\Program Files\\Steam\\SteamApps\\antoine68200\\day of defeat source\\hl2.exe"=
"H:\\Program Files\\Steam\\SteamApps\\antoine68200\\counter-strike source\\hl2.exe"=
"H:\\Program Files\\LimeWire\\LimeWire.exe"=
"H:\\Program Files\\Steam\\SteamApps\\antoine68200\\half-life 2 deathmatch\\hl2.exe"=
"H:\\StubInstaller.exe"=
"H:\\Program Files\\Steam\\SteamApps\\antoine68200\\dedicated server\\hlds.exe"=
"H:\\Program Files\\Steam\\SteamApps\\antoine68200\\source sdk base\\hl2.exe"=
R3 CLEDX;Team H2O CLEDX service;H:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
S3 vncmirror;vncmirror;H:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-08-15 16:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53e190fa-41a8-11dc-88fb-00138f6995d2}]
\Shell\1\Command - autorun.pif
\Shell\2\Command - autorun.pif
\Shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 21:32:20
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-24 21:33:31
ComboFix2.txt 2008-02-24 20:19:35
ComboFix3.txt 2008-02-24 14:09:39
ComboFix4.txt 2008-01-21 20:22:13
ComboFix5.txt 2008-01-10 19:08:46
.
2007-12-25 13:19:17 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:18, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\PSIService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\SOUNDMAN.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\WINDOWS\system32\LVCOMSX.EXE
H:\Program Files\Logitech\Video\LogiTray.exe
H:\Program Files\Winamp\winampa.exe
H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Search Settings\SearchSettings.exe
H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Picasa2\PicasaMediaDetector.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\OpenOffice.org 2.2\program\soffice.exe
H:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
H:\Program Files\Logitech\Video\FxSvr2.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb126\SearchSettings.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - H:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - H:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {2aec8fb5-379f-5128-2324-875082063c09} - {90c36028-0578-4232-8215-f9735bf8cea2} - H:\WINDOWS\system32\bowdfycw.dll (file missing)
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - H:\WINDOWS\system32\.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb126\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] H:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] H:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] H:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [H2O] H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SMSTray] H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SearchSettings] H:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "H:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exe
--
End of file - 8241 bytes
1) Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :
| Citation : File::
|
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
S'il n'y a pas de redémarrage, poste quand même les rapports.
2) Fais analyser ce(s) fichier(s) sur VirusTotal :
| Citation : H:\WINDOWS\system32\EE4EB6D6A9.sys |
ici: http://www.virustotal.com/fr/
Tutorial ici : http://bibou0007.com/tutos-f45/tut [...] l-t190.htm
Une fois sur le site, faites "Parcourir", Naviguez dans l'explorateur Windows, jusqu'à trouver le fichier concerné, une fois le fichier trouvé, faites "Ouvrir". Puis cliquez sur "Envoyer le fichier".
Patientez pendant la file d'attente et le temps de l'analyse du fichier...
Une fois le scan du fichier fini, copiez-moi tous les résultats de tous les Antivirus, et collez les dans votre prochaine réponse.
Sécurité / Prévention
Répondre à Egwene
ComboFix 08-02-24.4 - Laura 2008-02-25 16:15:08.10 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.573 [GMT 1:00]
Endroit: H:\Documents and Settings\Laura\Bureau\ComboFix.exe
Command switches used :: H:\Documents and Settings\Laura\Bureau\CFScript.txt..txt
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
H:\Documents and Settings\Laura\Application Data\Search Settings\
H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\ErrorPageTemplate.css
H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\help.gif
H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\pixel.gif
H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\tab_icon.png
H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\tabdata.js
H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\tablib.js
H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\tabwelcome_en.html
H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\toolbar_background.gif
H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\vista_directions.png
H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\xp_directions.png
H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\res\yahoo_search.gif
H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\temp\ws-13918.log
H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\temp\ws-13919.log
H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\temp\ws-13920.log
H:\Documents and Settings\Laura\Application Data\Search Settings\\kb125\temp\ws-13921.log
H:\Documents and Settings\Laura\Application Data\Search Settings\\kb126\temp\ws-13931.log
H:\Documents and Settings\Laura\Application Data\Search Settings\\kb126\temp\ws-13932.log
H:\Documents and Settings\Laura\Application Data\Search Settings\\kb126\temp\ws-13933.log
H:\Documents and Settings\Laura\Application Data\Search Settings\\kb126\temp\ws-13934.log
H:\Program Files\Dealio\
H:\Program Files\Search Settings\
H:\Program Files\Search Settings\\kb126\SearchSettings.dll
H:\Program Files\Search Settings\\SearchSettings.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))))))))
.
2008-02-24 14:30 . 2008-02-24 14:30 24,576 --a------ H:\WINDOWS\system32\VundoFixSVC.exe
2008-02-24 14:15 . 2008-02-24 14:40 <REP> d-------- H:\VundoFix Backups
2008-02-21 20:48 . 2008-02-21 20:48 26,048 --------- H:\WINDOWS\system32\wvutrqq.dll
2008-02-20 19:04 . 2008-02-20 19:04 <REP> d-------- H:\WINDOWS\system32\fr-fr
2008-02-13 20:01 . 1998-06-16 23:00 516,173 --a------ H:\WINDOWS\system32\MSVCP60D.DLL
2008-02-13 20:01 . 1998-06-16 23:00 385,100 --a------ H:\WINDOWS\system32\MSVCRTD.DLL
2008-02-13 20:01 . 2003-08-07 15:01 237,568 --a------ H:\WINDOWS\system32\lame_enc.dll
2008-02-12 22:29 . 2005-02-24 12:10 2,084,864 --a------ H:\WINDOWS\system32\AudDesign.dll
2008-02-12 22:29 . 2005-03-11 17:37 1,986,560 --a------ H:\WINDOWS\system32\AudFile.dll
2008-02-12 22:29 . 2005-02-24 12:11 1,212,416 --a------ H:\WINDOWS\system32\AudioInfos.dll
2008-02-12 22:29 . 2005-02-24 12:11 479,232 --a------ H:\WINDOWS\system32\AudioVisu.dll
2008-02-12 22:29 . 2005-02-24 15:21 458,752 --a------ H:\WINDOWS\system32\AudPlayer.dll
2008-02-12 22:29 . 2005-03-10 16:00 454,656 --a------ H:\WINDOWS\system32\AudioRecord.dll
2008-02-12 22:29 . 2005-02-24 12:10 417,792 --a------ H:\WINDOWS\system32\AudDisplay.dll
2008-02-12 22:29 . 2005-02-24 11:51 348,160 --a------ H:\WINDOWS\system32\WMAFile.dll
2008-02-12 22:29 . 2005-01-10 12:54 116,296 --a------ H:\WINDOWS\system32\NCTWMAProfiles.prx
2008-02-12 20:13 . 2008-02-24 21:08 80,090 --a------ H:\WINDOWS\system32\adssite-remove.exe
2008-02-11 20:37 . 2008-02-11 20:37 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\Corel
2008-02-11 16:44 . 2008-02-11 16:44 <REP> d-------- H:\Documents and Settings\Laura\Application Data\Corel
2008-02-11 16:44 . 2008-02-25 11:23 88 -r-hs---- H:\WINDOWS\system32\EE4EB6D6A9.sys
2008-02-11 16:38 . 2008-02-11 16:40 <REP> d-------- H:\Program Files\Fichiers communs\Corel
2008-02-11 16:30 . 2008-02-11 16:44 <REP> d-------- H:\Documents and Settings\All Users\Application Data\Corel
2008-02-11 16:27 . 2008-02-25 11:33 2,516 --ahs---- H:\WINDOWS\system32\KGyGaAvL.sys
2008-02-11 16:25 . 2008-02-11 16:38 <REP> d-------- H:\Program Files\Corel
2008-02-11 16:25 . 2008-02-11 16:25 <REP> d-------- H:\Documents and Settings\Laura\Application Data\InstallShield
2008-02-09 19:07 . 2008-02-09 19:07 <REP> d-------- H:\Program Files\VirtualDJ
2008-02-09 18:49 . 2008-02-09 18:49 <REP> d-------- H:\Program Files\MyXOFT
2008-02-09 18:49 . 2008-02-09 18:50 <REP> d-------- H:\Documents and Settings\Antoine\DSS DJ Data
2008-02-09 18:49 . 2006-12-01 22:03 626,688 --a------ H:\WINDOWS\system32\msvcr80.dll
2008-02-09 18:49 . 2006-12-01 22:03 548,864 --a------ H:\WINDOWS\system32\msvcp80.dll
2008-02-09 18:49 . 2006-12-02 06:22 479,232 --a------ H:\WINDOWS\system32\msvcm80.dll
2008-02-09 18:49 . 2006-12-01 22:03 1,869 --a------ H:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
2008-02-07 17:49 . 2008-02-07 17:49 80,896 --a------ H:\WINDOWS\system32\.dll
2008-02-03 22:24 . 2008-02-04 21:37 <REP> d-------- H:\Program Files\WarRock
2008-01-29 12:37 . 2008-01-29 12:37 46,300 --a------ H:\WINDOWS\system32\AdssiteSocial-uninstall.exe
2008-01-25 12:02 . 2008-01-27 10:24 <REP> d-------- H:\djp
2008-01-25 12:00 . 2008-02-20 19:02 1,374 --a------ H:\WINDOWS\imsins.BAK
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 15:20 --------- d-----w H:\Documents and Settings\Laura\Application Data\OpenOffice.org2
2008-02-25 12:26 --------- d-----w H:\Documents and Settings\Antoine\Application Data\OpenOffice.org2
2008-02-25 11:43 --------- d-----w H:\Program Files\Steam
2008-02-23 11:57 --------- d-----w H:\Program Files\Fichiers communs\Adobe
2008-02-20 16:45 --------- d-----w H:\Documents and Settings\Frederique\Application Data\OpenOffice.org2
2008-02-19 13:34 --------- d-----w H:\Documents and Settings\Laura\Application Data\LimeWire
2008-02-19 13:33 --------- d-----w H:\Program Files\LimeWire
2008-02-18 16:05 --------- d-----w H:\Documents and Settings\Antoine\Application Data\LimeWire
2008-02-15 17:01 --------- d-----w H:\Documents and Settings\Frederique\Application Data\Search Settings
2008-02-13 19:02 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Dealio
2008-02-13 19:01 --------- d-----w H:\Program Files\Free Audio Pack
2008-02-12 21:42 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Search Settings
2008-02-04 20:37 --------- d--h--w H:\Program Files\InstallShield Installation Information
2008-02-04 19:48 22,328 ----a-w H:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-27 18:41 --------- d---a-w H:\Documents and Settings\All Users\Application Data\TEMP
2008-01-27 17:49 --------- d-----w H:\Program Files\Fichiers communs\InstallShield
2008-01-21 10:36 --------- d-----w H:\Documents and Settings\Laura\Application Data\Skype
2008-01-20 19:37 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Skype
2008-01-19 17:47 --------- d-----w H:\Documents and Settings\Antoine\Application Data\GetRightToGo
2008-01-17 19:03 --------- d-----w H:\Documents and Settings\Laura\Application Data\DataCast
2008-01-13 21:49 --------- d-----w H:\Program Files\Stardock
2008-01-11 18:42 --------- d-----w H:\Program Files\Avira
2008-01-11 18:00 --------- d-----w H:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 17:55 --------- d-----w H:\Program Files\CCleaner
2008-01-08 19:18 --------- d-----w H:\Program Files\Trend Micro
2008-01-08 18:55 --------- d-----w H:\Program Files\Nostale(FR)
2008-01-06 15:00 --------- d-----w H:\Program Files\Winamp
2008-01-06 15:00 --------- d-----w H:\Program Files\Picasa2
2008-01-06 15:00 --------- d-----w H:\Program Files\MSN Messenger
2007-12-29 10:50 --------- d-----w H:\Documents and Settings\Laura\Application Data\Winamp
2007-12-28 21:50 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Winamp
2007-12-28 21:47 --------- d-----w H:\Program Files\Winamp Remote
2007-12-28 21:47 --------- d-----w H:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-12-27 17:44 134 ----a-w H:\n.bat
2007-12-27 16:41 --------- d-----w H:\Program Files\Google
2007-12-27 16:38 --------- d-----w H:\Program Files\VstPlugins
2007-12-27 16:38 --------- d-----w H:\Program Files\Image-Line
2007-12-27 14:16 --------- d-----w H:\Program Files\Wolfenstein - Enemy Territory
2007-12-26 19:56 --------- d-----w H:\Program Files\eMule
2007-12-26 19:27 286,720 ----a-w H:\WINDOWS\vsnpstd2.exe
2007-12-26 15:54 --------- d-----w H:\Program Files\Messenger Plus! Live
2007-12-25 07:52 --------- d-----w H:\Documents and Settings\Antoine\Application Data\DataCast
2007-12-24 21:18 65,024 ----a-w H:\WINDOWS\IFinst26.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="H:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 11:13 5674352]
"Skype"="H:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 11:14 22880040]
"LogitechSoftwareUpdate"="H:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 11:13 196608]
"Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-01-06 11:13 443968]
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 09:42 90112 H:\WINDOWS\soundman.exe]
"NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [2005-10-10 14:49 7286784]
"nwiz"="nwiz.exe" [2005-10-10 14:49 1519616 H:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 14:49 86016]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 11:13 132496]
"LVCOMSX"="H:\WINDOWS\system32\LVCOMSX.EXE" [2008-01-06 11:13 221184]
"LogitechVideoRepair"="H:\Program Files\Logitech\Video\ISStart.exe" [ ]
"LogitechVideoTray"="H:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 11:13 217088]
"WinampAgent"="H:\Program Files\Winamp\winampa.exe" [2008-01-06 11:13 37376]
"H2O"="H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2008-01-06 11:13 200069]
"SMSTray"="H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2008-01-06 11:13 132624]
"avgnt"="H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-12 19:43 249896]
"SearchSettings"="H:\Program Files\Search Settings\SearchSettings.exe" [ ]
"Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Corel Photo Downloader"="H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-01-06 11:13 443968]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= H:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"H:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"H:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"H:\\Program Files\\MSN Messenger\\livecall.exe"=
"H:\\Program Files\\Steam\\SteamApps\\antoine68200\\day of defeat source\\hl2.exe"=
"H:\\Program Files\\Steam\\SteamApps\\antoine68200\\counter-strike source\\hl2.exe"=
"H:\\Program Files\\LimeWire\\LimeWire.exe"=
"H:\\Program Files\\Steam\\SteamApps\\antoine68200\\half-life 2 deathmatch\\hl2.exe"=
"H:\\StubInstaller.exe"=
"H:\\Program Files\\Steam\\SteamApps\\antoine68200\\dedicated server\\hlds.exe"=
"H:\\Program Files\\Steam\\SteamApps\\antoine68200\\source sdk base\\hl2.exe"=
R3 CLEDX;Team H2O CLEDX service;H:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 vncmirror;vncmirror;H:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-08-15 16:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53e190fa-41a8-11dc-88fb-00138f6995d2}]
\Shell\1\Command - autorun.pif
\Shell\2\Command - autorun.pif
\Shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 16:20:51
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\PSIService.exe
H:\WINDOWS\system32\wdfmgr.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\OpenOffice.org 2.2\program\soffice.exe
H:\Program Files\Logitech\Video\FxSvr2.exe
H:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-25 16:24:31 - machine was rebooted [Laura]
ComboFix-quarantined-files.txt 2008-02-25 15:24:27
ComboFix2.txt 2008-02-24 20:33:32
ComboFix3.txt 2008-02-24 20:19:35
ComboFix4.txt 2008-02-24 14:09:39
ComboFix5.txt 2008-01-21 20:22:13
.
2007-12-25 13:19:17 --- E O F ---
ET le rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:26:22, on 25/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\PSIService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\WINDOWS\system32\LVCOMSX.EXE
H:\Program Files\Logitech\Video\LogiTray.exe
H:\Program Files\Winamp\winampa.exe
H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Picasa2\PicasaMediaDetector.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\OpenOffice.org 2.2\program\soffice.exe
H:\Program Files\Logitech\Video\FxSvr2.exe
H:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
H:\WINDOWS\explorer.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - H:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] H:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] H:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] H:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [H2O] H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SMSTray] H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SearchSettings] H:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "H:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exe
--
End of file - 7560 bytes
Fichier EE4EB6D6A9.sys reçu le 2008.02.24 16:28:06 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 10.
L'heure estimée de démarrage est entre 66 et 95 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.22.0 2008.02.22 -
AntiVir 7.6.0.67 2008.02.22 -
Authentium 4.93.8 2008.02.24 -
Avast 4.7.1098.0 2008.02.23 -
AVG 7.5.0.516 2008.02.24 -
BitDefender 7.2 2008.02.24 -
CAT-QuickHeal 9.50 2008.02.22 -
ClamAV 0.92.1 2008.02.24 -
DrWeb 4.44.0.09170 2008.02.24 -
eSafe 7.0.15.0 2008.02.21 -
eTrust-Vet 31.3.5557 2008.02.23 -
Ewido 4.0 2008.02.24 -
FileAdvisor 1 2008.02.24 -
Fortinet 3.14.0.0 2008.02.24 -
F-Prot 4.4.2.54 2008.02.23 -
F-Secure 6.70.13260.0 2008.02.23 -
Ikarus T3.1.1.20 2008.02.24 -
Kaspersky 7.0.0.125 2008.02.24 -
McAfee 5236 2008.02.22 -
Microsoft 1.3204 2008.02.24 -
NOD32v2 2898 2008.02.23 -
Norman 5.80.02 2008.02.22 -
Panda 9.0.0.4 2008.02.24 -
Prevx1 V2 2008.02.24 -
Rising 20.32.62.00 2008.02.24 -
Sophos 4.26.0 2008.02.24 -
Sunbelt 3.0.893.0 2008.02.23 -
Symantec 10 2008.02.24 -
TheHacker 6.2.9.228 2008.02.23 -
VBA32 3.12.6.1 2008.02.21 -
VirusBuster 4.3.26:9 2008.02.23 -
Webwasher-Gateway 6.6.2 2008.02.23 -
Information additionnelle
File size: 88 bytes
MD5: 1890835c6ccd2771530f9b60291bafba
SHA1: 55c9e1e904b5f33e946f2b1de825025b5dd8fa64
PEiD: -
1) Relance HijackThis, clique sur "do a system scan only", coche ces lignes puis clique sur "Fix Checked" et referme HijackThis :
| Citation : R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
|
2) Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
Ou si le lien ne marche pas ici : http://up.sur-la-toile.com/iadW
- Double-clique sur OTMoveIt.exe pour le lancer.
- Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée !!!
- Copie le texte qui se trouve dans l'encadré ci-dessous, sans le mot citation, et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved.
| Citation : H:\WINDOWS\system32\wvutrqq.dll
|
- Clique sur MoveIt! pour lancer la suppression.
- Si OTMoveIt propose de redémarrer ton PC, accepte.
- Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.
- Dans ta future réponse, envoie le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles.
3) Et refais-moi un nouveau rapport hijackthis.
Sécurité / Prévention
Répondre à Egwene
Je ne trouve pas le rapport de OTMoveIt 
Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
Execute.. laisse le scan se faire.
Poste le ou les rapports ici, en plusieurs messages si nécessaire.
Sécurité / Prévention
Répondre à Egwene
No disabled devices found.
-- Files created between 2008-01-26 and 2008-02-26 -----------------------------
2008-02-25 16:14:39 68096 --a------ H:\WINDOWS\system32\zip.exe
2008-02-25 16:14:39 98816 --a------ H:\WINDOWS\system32\sed.exe
2008-02-25 16:14:39 80412 --a------ H:\WINDOWS\system32\grep.exe
2008-02-25 16:14:39 73728 --a------ H:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-24 14:30:29 24576 --a------ H:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-02-24 14:15:01 0 d-------- H:\VundoFix Backups
2008-02-20 19:04:31 0 d-------- H:\WINDOWS\system32\fr-fr
2008-02-13 20:01:17 237568 --a------ H:\WINDOWS\system32\lame_enc.dll
2008-02-12 22:29:12 348160 --a------ H:\WINDOWS\system32\WMAFile.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL>
2008-02-12 22:29:12 458752 --a------ H:\WINDOWS\system32\AudPlayer.dll <Not Verified; NCT Company Ltd.; NCTAudioPlayer2 ActiveX DLL>
2008-02-12 22:29:12 479232 --a------ H:\WINDOWS\system32\AudioVisu.dll <Not Verified; NCT Company Ltd.; NCTAudioVisualization2 ActiveX DLL>
2008-02-12 22:29:12 454656 --a------ H:\WINDOWS\system32\AudioRecord.dll <Not Verified; NCT Company Ltd.; NCTAudioRecord2 ActiveX DLL>
2008-02-12 22:29:12 1212416 --a------ H:\WINDOWS\system32\AudioInfos.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation2 ActiveX DLL>
2008-02-12 22:29:12 1986560 --a------ H:\WINDOWS\system32\AudFile.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2008-02-12 22:29:12 417792 --a------ H:\WINDOWS\system32\AudDisplay.dll <Not Verified; NCT Company Ltd.; NCTAudioDisplay2 ActiveX DLL>
2008-02-12 22:29:11 2084864 --a------ H:\WINDOWS\system32\AudDesign.dll <Not Verified; NCT Company Ltd.; NCTAudioDesign2 ActiveX DLL>
2008-02-11 20:37:42 0 d-------- H:\Documents and Settings\Antoine\Application Data\Corel
2008-02-11 16:44:46 88 -r-hs---- H:\WINDOWS\system32\EE4EB6D6A9.sys
2008-02-11 16:44:27 0 d-------- H:\Documents and Settings\Laura\Application Data\Corel
2008-02-11 16:38:20 0 d-------- H:\Program Files\Fichiers communs\Corel
2008-02-11 16:30:42 0 d-------- H:\Documents and Settings\All Users\Application Data\Corel
2008-02-11 16:27:20 2516 --ahs---- H:\WINDOWS\system32\KGyGaAvL.sys
2008-02-11 16:25:52 0 d-------- H:\Program Files\Corel
2008-02-11 16:25:37 0 d-------- H:\Documents and Settings\Laura\Application Data\InstallShield
2008-02-09 19:07:49 0 d-------- H:\Program Files\VirtualDJ
2008-02-09 18:49:12 0 d-------- H:\Documents and Settings\Antoine\DSS DJ Data
2008-02-09 18:49:07 0 d-------- H:\Program Files\MyXOFT
2008-02-03 22:24:19 0 d-------- H:\Program Files\WarRock
2008-01-27 17:31:00 0 d-------- H:\Documents and Settings\Antoine\Application Data\Help
-- Find3M Report ---------------------------------------------------------------
2008-02-26 17:44:38 0 d-------- H:\Documents and Settings\Laura\Application Data\OpenOffice.org2
2008-02-26 13:53:28 0 d-------- H:\Program Files\Steam
2008-02-23 16:57:54 209 --a------ H:\Documents and Settings\Laura\Application Data\urlredir.cfg
2008-02-23 12:59:39 0 d-------- H:\Documents and Settings\Laura\Application Data\Adobe
2008-02-23 12:57:05 0 d-------- H:\Program Files\Fichiers communs\Adobe
2008-02-19 14:34:02 0 d-------- H:\Documents and Settings\Laura\Application Data\LimeWire
2008-02-19 14:33:38 0 d-------- H:\Program Files\LimeWire
2008-02-13 20:01:25 0 d-------- H:\Program Files\Free Audio Pack
2008-02-11 16:38:20 0 d-------- H:\Program Files\Fichiers communs
2008-02-04 21:37:07 0 d--h----- H:\Program Files\InstallShield Installation Information
2008-01-27 18:49:18 0 d-------- H:\Program Files\Fichiers communs\InstallShield
2008-01-21 11:36:30 0 d-------- H:\Documents and Settings\Laura\Application Data\Skype
2008-01-18 11:06:18 294912 --a------ H:\WINDOWS\system32\iebrowserc.dll <Not Verified; ; IeBrowserCmp Module>
2008-01-17 20:03:50 0 d-------- H:\Documents and Settings\Laura\Application Data\DataCast
2008-01-13 22:49:25 0 d-------- H:\Program Files\Stardock
2008-01-11 19:42:17 0 d-------- H:\Program Files\Avira
2008-01-11 18:55:13 0 d-------- H:\Program Files\CCleaner
2008-01-08 20:18:03 0 d-------- H:\Program Files\Trend Micro
2008-01-08 19:55:39 0 d-------- H:\Program Files\Nostale(FR)
2008-01-06 16:00:44 0 d-------- H:\Program Files\Winamp
2008-01-06 16:00:44 0 d-------- H:\Program Files\Picasa2
2008-01-06 16:00:44 0 d-------- H:\Program Files\MSN Messenger
2008-01-06 16:00:44 0 d-------- H:\Program Files\Messenger
2007-12-29 11:50:27 0 d-------- H:\Documents and Settings\Laura\Application Data\Winamp
2007-12-28 22:47:49 0 d-------- H:\Program Files\Winamp Remote
2007-12-27 18:44:07 134 --a------ H:\n.bat
2007-12-27 17:41:21 0 d-------- H:\Program Files\Google
2007-12-27 17:38:12 0 d-------- H:\Program Files\VstPlugins
2007-12-27 17:38:12 0 d-------- H:\Program Files\Image-Line
2007-12-27 15:16:54 0 d-------- H:\Program Files\Wolfenstein - Enemy Territory
2007-12-26 20:56:35 0 d-------- H:\Program Files\eMule
2007-12-26 20:27:03 286720 --a------ H:\WINDOWS\vsnpstd2.exe <Not Verified; ; CameraMonitor Application>
2007-12-26 20:12:06 147456 --a------ H:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-12-26 16:54:04 0 d-------- H:\Program Files\Messenger Plus! Live
2007-12-24 22:18:25 65024 --a------ H:\WINDOWS\IFinst26.exe
2007-12-21 15:39:14 10752 --a------ H:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>
2007-12-19 16:56:43 464838 --a------ H:\WINDOWS\system32\perfh00C.dat
2007-12-19 16:56:43 73488 --a------ H:\WINDOWS\system32\perfc00C.dat
2007-12-14 17:19:56 40960 -----n--- H:\WINDOWS\system32\MAMACExtract.dll <Not Verified; ???????; ??????? MAMACExtract>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [22/09/2005 09:42 H:\WINDOWS\soundman.exe]
"NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [10/10/2005 14:49]
"nwiz"="nwiz.exe" [10/10/2005 14:49 H:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [10/10/2005 14:49]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [06/01/2008 11:13]
"LVCOMSX"="H:\WINDOWS\system32\LVCOMSX.EXE" [06/01/2008 11:13]
"LogitechVideoRepair"="H:\Program Files\Logitech\Video\ISStart.exe" []
"LogitechVideoTray"="H:\Program Files\Logitech\Video\LogiTray.exe" [06/01/2008 11:13]
"WinampAgent"="H:\Program Files\Winamp\winampa.exe" [06/01/2008 11:13]
"H2O"="H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [06/01/2008 11:13]
"SMSTray"="H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [06/01/2008 11:13]
"avgnt"="H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12/01/2008 19:43]
"Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"Corel Photo Downloader"="H:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [28/08/2007 12:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="H:\Program Files\MSN Messenger\MsnMsgr.exe" [06/01/2008 11:13]
"Skype"="H:\Program Files\Skype\Phone\Skype.exe" [06/01/2008 11:14]
"LogitechSoftwareUpdate"="H:\Program Files\Logitech\Video\ManifestEngine.exe" [06/01/2008 11:13]
"Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [06/01/2008 11:13]
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [05/08/2004 13:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=H:\Program Files\Picasa2\PicasaMediaDetector.exe
H:\Documents and Settings\Laura\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [02/02/2007 16:54:56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= H:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [23/11/2004 16:51 192512]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53e190fa-41a8-11dc-88fb-00138f6995d2}]
1\Command- autorun.pif
2\Command- autorun.pif
AutoRun\command- H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif
-- End of Deckard's System Scanner: finished at 2008-02-26 18:12:18 ------------
1) Télécharge sur ton bureau : http://www.malekal.com/download/clean.zip
Aide pour clean : http://mickael.barroux.free.fr/securite/clean.php
Une fois sur le bureau, tu fais un clic droit sur ton fichier clean.zip et dans le menu déroulant, tu clics sur extrait tout ou extraire ici.
Cela va créer un dossier clean.
Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
Double-clic sur clean. Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier.
Clean va travailler.
Un rapport Va etre généré, colle le contenu entier ici (si tu ne trouves pas le rapport, il est ici : C:\rapport_clean.txt)
2) Comment va le PC ? Toujours des problèmes ?
Bonne nuit à demain
Sécurité / Prévention
Répondre à Egwene
1 ) 27/02/2008 a 16:20:41,23
*** Recherche des fichiers dans H:
H:\StubInstaller.exe FOUND
*** Recherche des fichiers dans H:\WINDOWS\
*** Recherche des fichiers dans H:\WINDOWS\system32
*** Recherche des fichiers dans H:\Program Files
"H:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll" FOUND
*** Fin du rapport !
2 ) Le pc va mieux, je n'ai plus d'alertes de virus win32, je ne suis plus infecté ? Par contre j'avais une petite question, je vois sur le forum, que je ne suis pas la seule a etre infecté de ce virus win32, d'ou vient-il ? Comment fait-on pour en etre infecté et surtout pour ne plus etre infecté car ce n'est pas la premiere fois que cela m'arrive.
Coucou, Moi aussi je viiend de me faiire contamiiné par msn ! je vOudrai biien savOir comment on s'en débarasse svp ! Le fichier winlogon se situe dans CWINDOWS/system32
Maiis mon virus N'arive aps a le supprimé , a l'ouvrir tout cour !
Aidé mOi svp iil piirate mOn cOmpte msn.
je voudrai une technike simple car je suis vraiment nul nivO pc!
Vlad, crée ton propre sujet.
mimi :
Télécharge AVG Anti-Spyware Installes-le.
Si le lien ne fonctionne pas : >Clique ici<
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
Ne fais pas d’analyse pour le moment.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Avg.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le ici.
&
Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.
Répondre à XmichouX
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 20:24:30 28/02/2008
+ Résultat de l'analyse:
H:\Documents and Settings\Laura\Shared\03 Track 3.wma -> Downloader.Wimad.l : Nettoyé.
H:\Documents and Settings\Antoine\Shared\postal 2 share the pain.zip/setup.exe -> Not-A-Virus.Adware.NewWeb : Nettoyé.
:mozilla.360:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.361:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.181:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.284:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.474:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.512:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.61:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.62:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.64:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.66:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.67:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.68:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.69:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.6:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.7:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.87:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@fnac.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@himedia.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@imeem.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@msnaccountservices.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@msnportalintlbeetoffice2007.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@notrefamille.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@sfr.122.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@msnportalintlbeetoffice2007.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@dminsite.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.417:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.418:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@4.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@rotator.its.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@adrevolver[3].txt -> TrackingCookie.Adrevolver : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.179:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.180:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.150:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.151:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.152:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.153:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.154:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.558:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@adviva[1].txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.101:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.64:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@bfast[1].txt -> TrackingCookie.Bfast : Nettoyé.
:mozilla.157:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.552:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@burstnet[1].txt -> TrackingCookie.Burstnet : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@www.burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyé.
:mozilla.120:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@casalemedia[2].txt -> TrackingCookie.Casalemedia : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.340:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyé.
:mozilla.341:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Nettoyé.
:mozilla.23:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.24:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.25:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.29:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.30:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.31:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Nettoyé.
:mozilla.123:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@e-2dj6wcl4qndzghp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@e-2dj6wal4kmcpcko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.19:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.45:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@www.etracker[1].txt -> TrackingCookie.Etracker : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.194:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.195:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@findwhat[1].txt -> TrackingCookie.Findwhat : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@hit.gemius[1].txt -> TrackingCookie.Gemius : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@goclick[2].txt -> TrackingCookie.Goclick : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Nettoyé.
:mozilla.378:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.380:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.79:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.80:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.81:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@ehg-bestwestern.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@ehg-citenumerique.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@ehg-veohnetworksinc.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@ehg-youtube.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@im.impact[1].txt -> TrackingCookie.Impact : Nettoyé.
:mozilla.229:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.230:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.124:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Information : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@searchportal.information[2].txt -> TrackingCookie.Information : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@searchportal.information[1].txt -> TrackingCookie.Information : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@komtrack[2].txt -> TrackingCookie.Komtrack : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.355:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.535:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
:mozilla.536:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
:mozilla.561:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Msn : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@auto.search.msn[2].txt -> TrackingCookie.Msn : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@ie.search.msn[2].txt -> TrackingCookie.Msn : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@auto.search.msn[1].txt -> TrackingCookie.Msn : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@ie.search.msn[2].txt -> TrackingCookie.Msn : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.14:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.47:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.48:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.49:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@ads.planetactive[2].txt -> TrackingCookie.Planetactive : Nettoyé.
:mozilla.534:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.537:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.538:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.539:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.540:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.559:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.560:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@qksrv[1].txt -> TrackingCookie.Qksrv : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@real[1].txt -> TrackingCookie.Real : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@realmedia[1].txt -> TrackingCookie.Realmedia : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.411:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@revenue[1].txt -> TrackingCookie.Revenue : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@revenue[2].txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.488:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.489:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@revsci[2].txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.110:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.111:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.112:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.113:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.114:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.115:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.116:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.35:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.36:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.37:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.38:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.39:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.40:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.41:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@counter2.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé.
:mozilla.133:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.134:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.345:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.346:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.396:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.72:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@skype[1].txt -> TrackingCookie.Skype : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@welcome.skype[1].txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.32:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.35:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.36:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.37:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@h.starware[2].txt -> TrackingCookie.Starware : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@try.starware[2].txt -> TrackingCookie.Starware : Nettoyé.
:mozilla.401:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.402:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.403:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.223:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.225:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.226:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@tacoda[2].txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.81:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.82:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.83:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.91:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.445:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@valueclick[1].txt -> TrackingCookie.Valueclick : Nettoyé.
:mozilla.381:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Vegasred : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@vegasred[1].txt -> TrackingCookie.Vegasred : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@www.vegasred[1].txt -> TrackingCookie.Vegasred : Nettoyé.
:mozilla.24:H:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\luk3hmb0.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.96:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.97:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.98:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@yadro[2].txt -> TrackingCookie.Yadro : Nettoyé.
:mozilla.139:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.140:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.141:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.142:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.143:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.144:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
H:\Documents and Settings\Frederique\Cookies\frederique@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.184:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.185:H:\Documents and Settings\Antoine\Application Data\Mozilla\Firefox\Profiles\ycgxkiwu.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
H:\Documents and Settings\Antoine\Cookies\antoine@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé.
H:\Documents and Settings\Laura\Cookies\laura@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
H:\Documents and Settings\Antoine\Shared\Postal 2 Keygen.zip/Crack.exe -> Trojan.Agent.cmn : Nettoyé.
H:\Documents and Settings\Antoine\Shared\Postal 2 Share The Pain Keygen.zip/Crack.exe -> Trojan.Agent.cmn : Nettoyé.
Fin du rapport
Par contre, impossible de lancer clean car il me dit qu'il n'y a pas de disque.
Re,
Télécharge OTMoveIt > Tuto <
Sauvegarde-le sur le Bureau
Séléctionne l'encadré ci-dessous
H:\StubInstaller.exe
|
Lance maintenant OTMoveIt .
Assure toi que la case unregister dll’s and ocx’s soit cochée.
Deux cadres apparaissent , clique droit sur le cadre de gauche , puis colle l'encadré ci desssus.
Et clique sur Movelt !
Si le programme te demande de redemarrer, accepte.
Poste le rapport qui se trouve dans : C:\_OTMoveIt\MovedFiles\date de création!
NOTE : Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
Répondre à XmichouX
File/Folder H:\StubInstaller.exe not found.
LoadLibrary failed for H:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
H:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll NOT unregistered.
H:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll moved successfully.
OTMoveIt2 v1.0.20 log created on 02282008_204804
C'est ce qu'il y avait dans le cadre de droite car je n'ai pas trouvé de rapport.
Je laisse Meryllim finir
Répondre à XmichouX
Hum ok. Par contre peut etre pourras tu me répondre :
Suis-je encore infecté car je ne recois plus d'alertes?
Je vois sur le forum, que je ne suis pas la seule a etre infecté de ce virus win32, d'ou vient-il ? Comment fait-on pour en etre infecté et surtout pour ne plus etre infecté car ce n'est pas la premiere fois que cela m'arrive.
Merci d'avoir fait avancer XmichouX ( j'étais malade 
)
mimi_li... comment va le PC maintenant ?
Sécurité / Prévention
Répondre à Egwene
Il ya beaucoup de vecteurs d'infection possibles:
regarde ce dossier : Sécurité/Prévention
Répondre à XmichouX
Il va mieux. Je n'ai plus d'alertes. Suis-je encore infecté ?
C’est OK, tu n’es plus infecté(e)
1) Télécharge ToolsCleaner sur ton bureau.
http://www.commentcamarche.net/tel [...] nions.php3
Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.
- Clique sur Recherche et laisse le scan agir ...
- Clique sur Suppression pour finaliser.
- Tu peux, si tu le souhaites, te servir des Options facultatives.
- Clique sur Quitter pour obtenir le rapport.
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
- Tutorial ici : http://bibou0007.com/tutos-f45/tutorial-toolscleaner-2-t375.htm
2) Télécharge et installe Ccleaner :
http://www.01net.com/telecharger/w [...] leurs(...)
- Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Clique sur l'onglet "Nettoyeur" puis sur "Lancer le Nettoyage".
- Ensuite clique sur l'onglet Registre, clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées". Il est inutile de faire des sauvegardes des clés. Répète l'opération autant de fois qu'il le faut jusqu'à qu'il ne trouve plus d'erreurs.
- Tutorial ici : http://bibou0007.com/tutos-f45/tut [...] r-t362.htm
3)
- Désactive ta restauration systeme
- Réactive ta restauration systeme
- Tutorial ici : http://bibou0007.com/tutos-f45/pur [...] e-t151.htm
********************************************************************************
- Edite ton premier message et mets [resolu] devant le titre de ton sujet.
- Rapporte ton infection pour faire condamner les auteurs sur Malware-Complaints.
Pour faire entendre notre voix, nous devons être le plus nombreux possibles, alors rapport ton infection :
- Voir les règles de Malware-Complaints
- Enregistre sur le forum à partir du bouton register en haut :
Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age
Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age
Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://www.malwarecomplaints.info/ [...] 5873f(...)
Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet "Autres infections" conforme au règle du forum (age, ville, département etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10
a+ et bon surf
Quelques liens intéressants :
http://mickael.barroux.free.fr/securite/
http://www.malekal.com/
http://bibou0007.forumpro.fr/portal.htm
Sécurité / Prévention
Répondre à Egwene
-->- Recherche:
H:\Vundofix backups: trouvé !
H:\Qoobox: trouvé !
H:\_OtMoveIt: trouvé !
H:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
H:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
H:\Documents and Settings\Antoine\Bureau\Raccourcis Bureau non utilisés\vundoFix.exe: trouvé !
H:\Documents and Settings\Laura\Bureau\Dss.exe: trouvé !
H:\Documents and Settings\Laura\Bureau\Clean.zip: trouvé !
H:\Documents and Settings\Laura\Bureau\VirtumundoBeGone.exe: trouvé !
H:\Documents and Settings\Laura\Bureau\OtMoveIt.exe: trouvé !
H:\Documents and Settings\Laura\Bureau\ComboFix.exe: trouvé !
H:\Documents and Settings\Laura\Bureau\vundoFix.exe: trouvé !
H:\Documents and Settings\Laura\Bureau\HJTInstall.exe: trouvé !
H:\Documents and Settings\Laura\Bureau\Clean: trouvé !
H:\Program Files\Trend Micro\HijackThis: trouvé !
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
---------------------------------
-->- Suppression:
H:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
H:\Documents and Settings\Antoine\Bureau\Raccourcis Bureau non utilisés\vundoFix.exe: supprimé !
H:\Documents and Settings\Laura\Bureau\Dss.exe: supprimé !
H:\Documents and Settings\Laura\Bureau\Clean.zip: supprimé !
H:\Documents and Settings\Laura\Bureau\VirtumundoBeGone.exe: supprimé !
H:\Documents and Settings\Laura\Bureau\OtMoveIt.exe: supprimé !
H:\Documents and Settings\Laura\Bureau\ComboFix.exe: supprimé !
H:\Documents and Settings\Laura\Bureau\vundoFix.exe: supprimé !
H:\Documents and Settings\Laura\Bureau\HJTInstall.exe: supprimé !
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
H:\Vundofix backups: supprimé !
H:\Qoobox: supprimé !
H:\_OtMoveIt: supprimé !
H:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
H:\Documents and Settings\Laura\Bureau\Clean: supprimé !
H:\Program Files\Trend Micro\HijackThis: supprimé !
Il y a 2008 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
