Sujet Précédent Sujet Suivant

Virus et publicité intempestives

Fermé
cecilialanha Messages postés 11 Date d'inscription dimanche 15 octobre 2006 Statut Membre Dernière intervention 16 février 2007 - 15 oct. 2006 à 16:16
cecilialanha Messages postés 11 Date d'inscription dimanche 15 octobre 2006 Statut Membre Dernière intervention 16 février 2007 - 18 oct. 2006 à 20:46
Bonjour,
je viens ce jour, vous demander de l'aide...
Depuis que nous avons installé internet chez nous, nous avons pleins de problèmes de virus et la nouveauté... nous avons des fenêtres de publicité qui souvrent même lorsque que nous n'allons pas sur internet!!
ca deviens insuportable!!!
si quelqu'un pouvez nous aider ca serait vraiment super gentil
merci d'avance
cécilia
A voir également:

4 réponses

Réponse 1 / 4
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
15 oct. 2006 à 20:17
Slt,

Qu'a tu comme anti-virus ?
Comme Pare-feu ??



Il est important d’effectuer la manip dans sa totalité et dans l’ordre :

Télécharge (sauf si tu les as) et colle les 3 rapports dans l’ordre

A - ad-aware version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip

B - spybot version 1.4
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

C - Ccleaner : ( nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc..)
Télécharge ici :
https://www.ccleaner.com/ccleaner/download
Tutorial ici:
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

D – Ewido
https://www.malekal.com/tutorial-et-guide-ewido-v4/
ou
http://www.infos-du-net.com/telecharger/Ewido-Anti-Malware.html

Mets le à jour en cliquant update now.
Fais un "complete system scan".
A la fin du scan, vérifie qu'il y est bien marqué "delete à côté de chaque malware et clique seulement sur : "Apply all actions"
Ensuite, clique sur "Save Report " puis "Save report as" et sauve le rapport dans tes documents.

Copie/colle le rapport



E - Scan online avec BitDefender (fonctionne uniquement sous Internet Explorer en acceptant l’ activX)
https://assiste.com/404_La_page_demandee_n_existe_pas.php
http://www.bitdefender.fr/scan8/ie.html
Copie/COLLE le rapport entier

F - Hijackthis - Outil de diagnostic et réparation
lire démo
http://pageperso.aol.fr/balltrap34/Hijenr.gif
http://pageperso.aol.fr/balltrap34/demohijack.htm
Télécharge version française ici
http://telechargement.zebulon.fr/160-patch-francais-pour-hijackthis-1991.html
Copie/colle le rapport

Bon courage

A++





0
Réponse 2 / 4
cecilialanha Messages postés 11 Date d'inscription dimanche 15 octobre 2006 Statut Membre Dernière intervention 16 février 2007
16 oct. 2006 à 21:55
salut MARIE,
merci d'avance pour ton aide
voici les info que tu m'a demandé
mon antivirus est norton 2004
mon parefeu est celui de window je n'y connais pas grand chose!!!

et maintenant voici les rapports:

A - Ad-aware

Ad-Aware SE Build 1.06r1
Logfile Created on:lundi 16 octobre 2006 19:32:17
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R126 12.10.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Look2Me(TAC index:7):1 total references
MRU List(TAC index:0):18 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


16/10/2006 19:32:17 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 448
ThreadCreationTime : 16/10/2006 17:08:34
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 692
ThreadCreationTime : 16/10/2006 17:08:37
BasePriority : High


Adware.Look2Me Object Recognized!
Type : Process
Data : ktn2l75o1.dll
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : C:\WINDOWS\system32\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\ktn2l75o1.dll)


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 736
ThreadCreationTime : 16/10/2006 17:08:38
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 16/10/2006 17:08:38
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 928
ThreadCreationTime : 16/10/2006 17:08:40
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1116
ThreadCreationTime : 16/10/2006 17:08:40
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1704
ThreadCreationTime : 16/10/2006 17:08:42
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:8 [ccsetmgr.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 1804
ThreadCreationTime : 16/10/2006 17:08:42
BasePriority : Normal
FileVersion : 2.1.10.2
ProductVersion : 2.1.10.2
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:9 [mdm.exe]
FilePath : C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\
ProcessID : 1836
ThreadCreationTime : 16/10/2006 17:08:42
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:10 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1868
ThreadCreationTime : 16/10/2006 17:08:42
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:11 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1900
ThreadCreationTime : 16/10/2006 17:08:42
BasePriority : Normal
FileVersion : 6.14.10.6085
ProductVersion : 6.14.10.6085
ProductName : NVIDIA Driver Helper Service, Version 60.85
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 60.85
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:12 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1924
ThreadCreationTime : 16/10/2006 17:08:42
BasePriority : Normal

ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright (c) 2004 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:13 [snmp.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1992
ThreadCreationTime : 16/10/2006 17:08:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Service SNMP
InternalName : snmp.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : snmp.exe

#:14 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 148
ThreadCreationTime : 16/10/2006 17:08:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:15 [ccevtmgr.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 1492
ThreadCreationTime : 16/10/2006 17:08:45
BasePriority : Normal
FileVersion : 2.1.10.2
ProductVersion : 2.1.10.2
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:16 [symwsc.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\Security Center\
ProcessID : 532
ThreadCreationTime : 16/10/2006 17:08:47
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:17 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 1280
ThreadCreationTime : 16/10/2006 17:08:53
BasePriority : Normal
FileVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35
ProductVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:18 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 1320
ThreadCreationTime : 16/10/2006 17:08:53
BasePriority : Normal
FileVersion : 5.1.0.27
ProductVersion : 5.1.0.27
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:19 [pdvdserv.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 1332
ThreadCreationTime : 16/10/2006 17:08:53
BasePriority : Normal
FileVersion : 5.00.0000
ProductVersion : 5.00.0000
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright (c) CyberLink Corp. 1997-2002
OriginalFilename : PDVDSERV.EXE

#:20 [ccapp.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 1348
ThreadCreationTime : 16/10/2006 17:08:54
BasePriority : Normal
FileVersion : 2.1.10.2
ProductVersion : 2.1.10.2
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:21 [wkufind.exe]
FilePath : C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\
ProcessID : 1352
ThreadCreationTime : 16/10/2006 17:08:54
BasePriority : Normal
FileVersion : 9.00.0603.0
ProductVersion : 9.00.0603.0
ProductName : Update Detection Module
CompanyName : Microsoft® Corporation
FileDescription : Détection Microsoft® Works Update
InternalName : WkUFind
LegalCopyright : Copyright © 1987-2003 Microsoft Corporation.
OriginalFilename : WkUFind.exe

#:22 [nwnmff_e28.exe]
FilePath : C:\
ProcessID : 2088
ThreadCreationTime : 16/10/2006 17:08:58
BasePriority : Normal
FileVersion : 1.00.0389
ProductVersion : 1.00.0389
ProductName : Project1
CompanyName : ;wd3;43;4;;344;;34;43;43
InternalName : Project1
OriginalFilename : Project1.exe

#:23 [kybrdff_e31.exe]
FilePath : C:\
ProcessID : 2220
ThreadCreationTime : 16/10/2006 17:09:00
BasePriority : Normal
FileVersion : 1.00.0183
ProductVersion : 1.00.0183
ProductName : Project1
CompanyName : fdslj reditf8eru8turdtreduj54tr8u548
InternalName : kybrdff_18_a
OriginalFilename : kybrdff_18_a.exe

#:24 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2436
ThreadCreationTime : 16/10/2006 17:09:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Exécuter une DLL en tant qu'application
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : RUNDLL.EXE

#:25 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 2944
ThreadCreationTime : 16/10/2006 17:09:02
BasePriority : Normal
FileVersion : 8.0.0812.00
ProductVersion : 8.0.0812
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe

#:26 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1392
ThreadCreationTime : 16/10/2006 17:09:42
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Exécuter une DLL en tant qu'application
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : RUNDLL.EXE

#:27 [ad-aware.exe]
FilePath : C:\PROGRA~1\LAVASOFT\AD-AWA~1\
ProcessID : 2952
ThreadCreationTime : 16/10/2006 17:17:57
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:28 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 644
ThreadCreationTime : 16/10/2006 17:30:44
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:29 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2144
ThreadCreationTime : 16/10/2006 17:31:53
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Disk Scan Result for C:\DOCUME~1\Acer\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 1



MRU List Object Recognized!
Location: : C:\Documents and Settings\Acer\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\automap\11.0\findmru
Description : list of recently used find queries used in microsoft automap-based products


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer


MRU List Object Recognized!
Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\office\10.0\common\search\last query
Description : last query in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\office\10.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19

19:33:23 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:05.594
Objects scanned:84998
Objects identified:0
Objects ignored:0
New critical objects:0

B - Spybot
<souligne>j'ai pris ca dans le journal jespere que cest ca que tu veux!!!</souligne>
16/10/2006 19:43:12 Fichier de mise à jour téléchargé. (http://www.safer-networking.org/updates/spybotsd.ini)
16/10/2006 19:43:17 downloaded update Advanced detection library
16/10/2006 19:43:17 - URL: http://www.spybotupdates.com/updates/files/advcheck.zip
16/10/2006 19:43:17 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\advcheck.zip
16/10/2006 19:43:18 downloaded update Detection rules: Dialers
16/10/2006 19:43:18 - URL: http://www.spybotupdates.com/updates/files/includes.dialer.zip
16/10/2006 19:43:18 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.dialer.zip
16/10/2006 19:43:20 downloaded update Detection rules: Hijackers
16/10/2006 19:43:20 - URL: http://www.spybotupdates.com/updates/files/includes.hijackers.zip
16/10/2006 19:43:20 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.hijackers.zip
16/10/2006 19:43:20 downloaded update Detection rules: Keyloggers
16/10/2006 19:43:20 - URL: http://www.spybotupdates.com/updates/files/includes.keyloggers.zip
16/10/2006 19:43:20 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.keyloggers.zip
16/10/2006 19:43:22 downloaded update Detection rules: Malware
16/10/2006 19:43:22 - URL: http://www.spybotupdates.com/updates/files/includes.malware.zip
16/10/2006 19:43:22 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.malware.zip
16/10/2006 19:43:22 downloaded update Detection rules: PUPS
16/10/2006 19:43:22 - URL: http://www.spybotupdates.com/updates/files/includes.pups.zip
16/10/2006 19:43:22 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.pups.zip
16/10/2006 19:43:23 downloaded update Detection rules: Security
16/10/2006 19:43:23 - URL: http://www.spybotupdates.com/updates/files/includes.security.zip
16/10/2006 19:43:23 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.security.zip
16/10/2006 19:43:24 downloaded update Detection rules: Spybots
16/10/2006 19:43:24 - URL: http://www.spybotupdates.com/updates/files/includes.spybots.zip
16/10/2006 19:43:24 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.spybots.zip
16/10/2006 19:43:25 downloaded update Detection rules: Trojans
16/10/2006 19:43:25 - URL: http://www.spybotupdates.com/updates/files/includes.trojans.zip
16/10/2006 19:43:25 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.trojans.zip
16/10/2006 19:43:27 downloaded update Detection rules: Update
16/10/2006 19:43:27 - URL: http://www.spybotupdates.com/updates/files/includes.zip
16/10/2006 19:43:27 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
16/10/2006 19:43:29 downloaded update Detection support library
16/10/2006 19:43:29 - URL: http://www.spybotupdates.com/updates/files/tools.zip
16/10/2006 19:43:29 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\tools.zip
16/10/2006 19:43:31 downloaded update English descriptions
16/10/2006 19:43:31 - URL: http://www.spybotupdates.com/updates/files/desc.english.zip
16/10/2006 19:43:31 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\desc.english.zip
16/10/2006 19:43:32 downloaded update English help
16/10/2006 19:43:32 - URL: http://www.spybotupdates.com/updates/files/help.english.zip
16/10/2006 19:43:32 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\help.english.zip
16/10/2006 19:43:33 downloaded update English help for TeaTimer
16/10/2006 19:43:33 - URL: http://www.spybotupdates.com/updates/files/helpres.english.zip
16/10/2006 19:43:33 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\helpres.english.zip
16/10/2006 19:43:34 downloaded update Francais descriptions
16/10/2006 19:43:34 - URL: http://www.spybotupdates.com/updates/files/desc.francais.zip
16/10/2006 19:43:34 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\desc.francais.zip
16/10/2006 19:43:35 downloaded update Francais help
16/10/2006 19:43:35 - URL: http://www.spybotupdates.com/updates/files/help.francais.zip
16/10/2006 19:43:35 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\help.francais.zip
16/10/2006 19:43:36 downloaded update Francais help for TeaTimer
16/10/2006 19:43:36 - URL: http://www.spybotupdates.com/updates/files/helpres.francais.zip
16/10/2006 19:43:36 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\helpres.francais.zip
16/10/2006 19:43:37 downloaded update Francais language
16/10/2006 19:43:37 - URL: http://www.spybotupdates.com/updates/files/lang.francais.zip
16/10/2006 19:43:37 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.francais.zip
16/10/2006 19:43:40 downloaded update Immunization database
16/10/2006 19:43:40 - URL: http://www.spybotupdates.com/updates/files/clsid.zip
16/10/2006 19:43:40 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\clsid.zip
16/10/2006 19:43:40 downloaded update Main skins
16/10/2006 19:43:40 - URL: http://www.spybotupdates.com/updates/files/skins.main.zip
16/10/2006 19:43:40 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\skins.main.zip
16/10/2006 19:43:43 downloaded update Startup info
16/10/2006 19:43:43 - URL: http://www.spybotupdates.com/updates/files/startup.zip
16/10/2006 19:43:43 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\startup.zip

C - Ccleaner je l'avais déjà c le dernier rapport que j'avais dans le dossier mes document est-ce ca??
Windows Registry Editor Version 5.00


[HKEY_CLASSES_ROOT\DBTB00001.DBTB00001]
@="Search Bar"

[HKEY_CLASSES_ROOT\DBTB00001.DBTB00001\CLSID]
@="{D7CC80D4-376C-4586-B023-4F35C2CEB28E}"

[HKEY_CLASSES_ROOT\DBTB00001.DBTB00001\CurVer]
@="DBTB00001.DBTB00001.1"


[HKEY_CLASSES_ROOT\DBTB00001.DBTB00001.1]
@="Search Bar"

[HKEY_CLASSES_ROOT\DBTB00001.DBTB00001.1\CLSID]
@="{D7CC80D4-376C-4586-B023-4F35C2CEB28E}"


[HKEY_CLASSES_ROOT\DBTB00001.DeskBar]
@="Deskbar"

[HKEY_CLASSES_ROOT\DBTB00001.DeskBar\CLSID]
@="{D7CC80D4-376C-4586-B023-4F35C2CEB28E}"

[HKEY_CLASSES_ROOT\DBTB00001.DeskBar\CurVer]
@="DBTB00001.DeskBar.1"


[HKEY_CLASSES_ROOT\DBTB00001.DeskBar.1]
@="Deskbar"

[HKEY_CLASSES_ROOT\DBTB00001.DeskBar.1\CLSID]
@="{D7CC80D4-376C-4586-B023-4F35C2CEB28E}"


[HKEY_CLASSES_ROOT\DBTB00001.deskbarBHO]
@="DeskbarBHO"

[HKEY_CLASSES_ROOT\DBTB00001.deskbarBHO\CLSID]
@="{A8B28872-3324-4CD2-8AA3-7D555C872D96}"

[HKEY_CLASSES_ROOT\DBTB00001.deskbarBHO\CurVer]
@="ToolBand.deskbarBHO.1"


[HKEY_CLASSES_ROOT\DBTB00001.deskbarBHO.1]
@="DeskbarBHO"

[HKEY_CLASSES_ROOT\DBTB00001.deskbarBHO.1\CLSID]
@="{A8B28872-3324-4CD2-8AA3-7D555C872D96}"


[HKEY_CLASSES_ROOT\DBTB00001.DeskbarEnabler]
@="DeskbarEnabler"

[HKEY_CLASSES_ROOT\DBTB00001.DeskbarEnabler\CLSID]
@="{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38}"


[HKEY_CLASSES_ROOT\DBTB00001.DeskbarEnabler.1]
@="DeskbarEnabler"

[HKEY_CLASSES_ROOT\DBTB00001.DeskbarEnabler.1\CLSID]
@="{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38}"


[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}]
@="ActiveXPlugin Object"

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Control]

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\InprocServer32]
@="C:\\WINDOWS\\System32\\plugin.ocx"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\MiscStatus\1]
@="131473"

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\ProgID]
@="Microsoft.ActiveXPlugin.1"

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\ToolboxBitmap32]
@="C:\\WINDOWS\\System32\\plugin.ocx, 1"

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\TypeLib]
@="{06DD38D0-D187-11CF-A80D-00C04FD74AD8}"

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Version]
@="1.0"

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\VersionIndependentProgID]
@="Microsoft.ActiveXPlugin"


[HKEY_CLASSES_ROOT\CLSID\{526D3A23-F01C-4891-9B71-DC473ECABAA2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{526D3A23-F01C-4891-9B71-DC473ECABAA2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{526D3A23-F01C-4891-9B71-DC473ECABAA2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{526D3A23-F01C-4891-9B71-DC473ECABAA2}\InprocServer32]
@="C:\\WINDOWS\\system32\\wfhip6.dll"
"ThreadingModel"="Apartment"


[HKEY_CURRENT_USER\Software\livesvc]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AAW"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\deskbar.exe"="deskbar"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\Acer\\LOCALS~1\\Temp\\Temporary Internet Files\\Content.IE5\\GNARAT27\\aawsepersonal[1].exe"="Ad-Aware SE Personal"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\Acer\\LOCALS~1\\Temp\\Temporary Internet Files\\Content.IE5\\CVSZYD0J\\spybotsd14[1].exe"="Spybot - Search & Destroy Setup "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\Acer\\LOCALS~1\\Temp\\is-J5V79.tmp\\is-GSQHT.tmp"="Setup/Uninstall"

D- Ewido le seul truc que j'ai pas capté c'est quand tu me dis qu'il doit y avoir marqué delete à coté de chaque malware

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:34:18 16/10/2006

+ Scan result:



C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP132\A0023723.EXE -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP132\A0025988.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP134\A0026157.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP134\A0026160.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP143\A0026512.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP143\A0026521.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP193\A0030568.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP193\A0031953.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032032.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032045.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032058.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gpjol3131.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Deskbar\deskbar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032059.exe -> Adware.Zestyfind : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP19\A0004219.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP48\A0004937.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP134\A0026161.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\drsmartload45a45a45s.RB0 -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\drsmartload45a45a45s.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP132\A0023794.exe -> Downloader.Adload.gj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP132\A0023839.exe -> Downloader.Adload.gj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP132\A0024174.exe -> Downloader.Adload.gj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP132\A0024306.exe -> Downloader.Adload.gj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP132\A0024442.exe -> Downloader.Adload.gj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP134\A0026158.exe -> Downloader.Adload.gj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP134\A0026162.exe -> Downloader.Adload.gj : Cleaned with backup (quarantined).
C:\drsmartload.RB0 -> Downloader.Adload.gj : Cleaned with backup (quarantined).
C:\drsmartload.exe -> Downloader.Adload.gj : Cleaned with backup (quarantined).
C:\drsmartload1.RB0 -> Downloader.Adload.gj : Cleaned with backup (quarantined).
C:\drsmartload1.exe -> Downloader.Adload.gj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP134\A0026159.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP143\A0026519.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Documents and Settings\Acer\Application Data\errorsafefrenchnewreleaseinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP132\A0025547.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\WINDOWS\Downloaded Program Files\UERSV_0001_N91S2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\WINDOWS\Downloaded Program Files\UWAS6V_0001_N91M2208NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP134\A0026188.EXE -> Proxy.Agent.cv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP134\A0026194.EXE -> Proxy.Agent.cv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP134\A0026214.EXE -> Proxy.Agent.cv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP136\A0026303.EXE -> Proxy.Agent.cv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP137\A0026336.exe -> Proxy.Agent.cv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP143\A0026456.EXE -> Proxy.Agent.cv : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\acer@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\WINDOWS\Temp\Cookies\acer@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\WINDOWS\Temp\Cookies\acer@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Acer\Local Settings\Temp\Cookies\acer@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\WINDOWS\Temp\Cookies\acer@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

D- Scandefender

BitDefender Online Scanner - Rapport virus en temps réel
Généré à: Mon, Oct 16, 2006 - 21:38:04
Info d'analyse
Fichiers scannés 311387
Infectés Fichiers 47
Virus Détectés
Trojan.Downloader.Adload.EQ 2
Trojan.Downloader.Winfixer.O 6
Generic.Botget.7C6905E0 1
Trojan.Downloader.Adload.AQ 7
Win32.Mydoom.XT@mm 1
Trojan.Adload.RC 8
Trojan.Downloader.Small.BOJ 10
Generic.Malware.FM!Ydoe.DCD729E9 1
Backdoor.Poebot.AA 1
Generic.Sdbot.080F8265 1
Trojan.Agent.HU 1
BehavesLike:Trojan.Downloader 1
Trojan.Downloader.Small.BUY 2
Trojan.Canbede.L 3
Trojan.Qurl.3 2

F- hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 21:44:09, on 16/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\windows\system32\rgwxylfj.exe
C:\nwnmff_e28.exe
C:\kybrdff_e31.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\spider.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [rgwxylfj] c:\windows\system32\rgwxylfj.exe rgwxylfj
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e28.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e31.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1052.dll,InstantAccess
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2be62b13d4794221a5dd361ff6258689
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2be62b13d4794221a5dd361ff6258689
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net
O16 - DPF: {E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4} - http://es6-scripts.dlv4.com/binaries/egauth4/egauth4_1052_FR_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E201D2B-D0EF-495C-A3C2-17733AD9D598}: NameServer = 86.64.145.142,84.103.237.142
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\ktn2l75o1.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\slnceng.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)
0
Réponse 3 / 4
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
18 oct. 2006 à 11:07
Salut,

Pour Ewido, refais le correctement

D – Ewido
https://www.malekal.com/tutorial-et-guide-ewido-v4/
ou
http://www.infos-du-net.com/telecharger/Ewido-Anti-Malware.html

Mets le à jour en cliquant update now.
Fais un "complete system scan".
A la fin du scan, vérifie qu'il y est bien marqué "delete à côté de chaque malware et clique seulement sur : "Apply all actions"
Ensuite, clique sur "Save Report " puis "Save report as" et sauve le rapport dans tes documents.

Copie/colle le rapport

Ensuite fais ce qui suit :

Télécharge Blacklight(de F-Secure) a l’une des 2 adresses :
https://www.f-secure.com/en
https://www.f-secure.com/en

et sauvegarde le sur ton Bureau.

Double-clique blbeta.exeet accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).


A++
0
Réponse 4 / 4
cecilialanha Messages postés 11 Date d'inscription dimanche 15 octobre 2006 Statut Membre Dernière intervention 16 février 2007
18 oct. 2006 à 20:46
salut voici le rapport demandé

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:19:36 18/10/2006

+ Scan result:



C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Cleaned.
C:\WINDOWS\QWNlcg\command.exe -> Adware.CommAd : Cleaned.
[1212] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
[1500] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
[2148] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
[2160] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
[2168] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
[2176] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
[2192] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
[2204] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
[2244] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
[2280] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
[3768] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
[4064] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
C:\Documents and Settings\Acer\Local Settings\Temp\Temporary Internet Files\Content.IE5\CVSZYD0J\Installer[1].exe -> Adware.Look2Me : Cleaned.
C:\Documents and Settings\Acer\Local Settings\Temp\temp.frE22F -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032070.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032081.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032098.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032102.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032106.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032110.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032112.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032116.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\oveaccrc.dll -> Adware.Look2Me : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP -> Adware.Look2Me : Cleaned.
C:\Program Files\Deskbar\deskbar.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032072.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP132\A0024146.DLL -> Adware.WinAntiVirus : Cleaned.
C:\WINDOWS\system32\SpOrder.dll -> Adware.WinAntiVirus : Cleaned.
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032091.exe -> Downloader.Adload.fk : Cleaned.
C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032094.exe -> Downloader.Adload.fk : Cleaned.
C:\Documents and Settings\Acer\Local Settings\Temp\Temporary Internet Files\Content.IE5\CVSZYD0J\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned.
C:\Documents and Settings\Acer\Local Settings\Temp\Cookies\acer@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\WINDOWS\Temp\Cookies\acer@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Acer\Local Settings\Temp\Cookies\acer@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\WINDOWS\Temp\Cookies\acer@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Acer\Local Settings\Temp\Cookies\acer@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\WINDOWS\Temp\Cookies\acer@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Acer\Local Settings\Temp\Cookies\acer@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Acer\Local Settings\Temp\Cookies\acer@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\WINDOWS\Temp\Cookies\acer@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.


::Report end


je n'ai pas réussi a utiliser blacklight je l'ai téléchargé sur mon bureau et voici ce qu'il me marque lorsque j'essaie de l'utiliser:

F secure blacklight could not acquire necessary priveleges (sedebug privilege)
- your computer setting may prevent acquiring these privilege
- a malicious program might have disabled these priviliges

qu'est ce que je fais du coup????
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Message "Un bloqueur de publicité empêche la lecture..."
pistouri -
pistouri -

0 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
comment desactiver un bloqueur de pub
amour10 -
MPMP10 -

4 réponses