Virus et publicité intempestives

cecilialanha Messages postés 11 Statut Membre -  
cecilialanha Messages postés 11 Statut Membre -
Bonjour,
je viens ce jour, vous demander de l'aide...
Depuis que nous avons installé internet chez nous, nous avons pleins de problèmes de virus et la nouveauté... nous avons des fenêtres de publicité qui souvrent même lorsque que nous n'allons pas sur internet!!
ca deviens insuportable!!!
si quelqu'un pouvez nous aider ca serait vraiment super gentil
merci d'avance
cécilia

4 réponses

  1. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Slt,

    Qu'a tu comme anti-virus ?
    Comme Pare-feu ??


    Il est important d’effectuer la manip dans sa totalité et dans l’ordre :

    Télécharge (sauf si tu les as) et colle les 3 rapports dans l’ordre

    A - ad-aware version 1.06
    (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
    voir demo
    http://pageperso.aol.fr/balltrap34/adwseflash.zip

    B - spybot version 1.4
    (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
    voir demo d utilisation
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    C - Ccleaner : ( nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc..)
    Télécharge ici :
    https://www.ccleaner.com/ccleaner/download
    Tutorial ici:
    https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    D – Ewido
    https://www.malekal.com/tutorial-et-guide-ewido-v4/
    ou
    http://www.infos-du-net.com/telecharger/Ewido-Anti-Malware.html

    Mets le à jour en cliquant update now.
    Fais un "complete system scan".
    A la fin du scan, vérifie qu'il y est bien marqué "delete à côté de chaque malware et clique seulement sur : "Apply all actions"
    Ensuite, clique sur "Save Report " puis "Save report as" et sauve le rapport dans tes documents.

    Copie/colle le rapport

    E - Scan online avec BitDefender (fonctionne uniquement sous Internet Explorer en acceptant l’ activX)
    https://assiste.com/404_La_page_demandee_n_existe_pas.php
    http://www.bitdefender.fr/scan8/ie.html
    Copie/COLLE le rapport entier

    F - Hijackthis - Outil de diagnostic et réparation
    lire démo
    http://pageperso.aol.fr/balltrap34/Hijenr.gif
    http://pageperso.aol.fr/balltrap34/demohijack.htm
    Télécharge version française ici
    http://telechargement.zebulon.fr/160-patch-francais-pour-hijackthis-1991.html
    Copie/colle le rapport

    Bon courage

    A++

    0
  2. cecilialanha Messages postés 11 Statut Membre
     
    salut MARIE,
    merci d'avance pour ton aide
    voici les info que tu m'a demandé
    mon antivirus est norton 2004
    mon parefeu est celui de window je n'y connais pas grand chose!!!

    et maintenant voici les rapports:

    A - Ad-aware

    Ad-Aware SE Build 1.06r1
    Logfile Created on:lundi 16 octobre 2006 19:32:17
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R126 12.10.2006
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Adware.Look2Me(TAC index:7):1 total references
    MRU List(TAC index:0):18 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects

    16/10/2006 19:32:17 - Scan started. (Smart mode)

    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 448
    ThreadCreationTime : 16/10/2006 17:08:34
    BasePriority : Normal

    #:2 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 692
    ThreadCreationTime : 16/10/2006 17:08:37
    BasePriority : High

    Adware.Look2Me Object Recognized!
    Type : Process
    Data : ktn2l75o1.dll
    TAC Rating : 7
    Category : Adware
    Comment : iieshare.dll.dmp
    Object : C:\WINDOWS\system32\

    Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\ktn2l75o1.dll)

    #:3 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 736
    ThreadCreationTime : 16/10/2006 17:08:38
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Applications Services et Contrôleur
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : services.exe

    #:4 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 748
    ThreadCreationTime : 16/10/2006 17:08:38
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

    #:5 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 928
    ThreadCreationTime : 16/10/2006 17:08:40
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1116
    ThreadCreationTime : 16/10/2006 17:08:40
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:7 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1704
    ThreadCreationTime : 16/10/2006 17:08:42
    BasePriority : Normal
    FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
    ProductVersion : 5.1.2600.2696
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : spoolsv.exe

    #:8 [ccsetmgr.exe]
    FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
    ProcessID : 1804
    ThreadCreationTime : 16/10/2006 17:08:42
    BasePriority : Normal
    FileVersion : 2.1.10.2
    ProductVersion : 2.1.10.2
    ProductName : Common Client
    CompanyName : Symantec Corporation
    FileDescription : Common Client Settings Manager Service
    InternalName : ccSetMgr
    LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
    OriginalFilename : ccSetMgr.exe

    #:9 [mdm.exe]
    FilePath : C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\
    ProcessID : 1836
    ThreadCreationTime : 16/10/2006 17:08:42
    BasePriority : Normal
    FileVersion : 7.00.9064.9150
    ProductVersion : 7.00.9064.9150
    ProductName : Microsoft Development Environment
    CompanyName : Microsoft Corporation
    FileDescription : Machine Debug Manager
    InternalName : mdm.exe
    LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
    OriginalFilename : mdm.exe

    #:10 [navapsvc.exe]
    FilePath : C:\Program Files\Norton AntiVirus\
    ProcessID : 1868
    ThreadCreationTime : 16/10/2006 17:08:42
    BasePriority : Normal
    FileVersion : 10.00.2
    ProductVersion : 10.00.2
    ProductName : Norton AntiVirus
    CompanyName : Symantec Corporation
    FileDescription : Norton AntiVirus Auto-Protect Service
    InternalName : NAVAPSVC
    LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
    OriginalFilename : NAVAPSVC.EXE

    #:11 [nvsvc32.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1900
    ThreadCreationTime : 16/10/2006 17:08:42
    BasePriority : Normal
    FileVersion : 6.14.10.6085
    ProductVersion : 6.14.10.6085
    ProductName : NVIDIA Driver Helper Service, Version 60.85
    CompanyName : NVIDIA Corporation
    FileDescription : NVIDIA Driver Helper Service, Version 60.85
    InternalName : NVSVC
    LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
    OriginalFilename : nvsvc32.exe

    #:12 [savscan.exe]
    FilePath : C:\Program Files\Norton AntiVirus\
    ProcessID : 1924
    ThreadCreationTime : 16/10/2006 17:08:42
    BasePriority : Normal

    ProductVersion : 9.2
    ProductName : Symantec AntiVirus AutoProtect
    CompanyName : Symantec Corporation
    FileDescription : Symantec AntiVirus Scanner
    InternalName : SAVSCAN
    LegalCopyright : Copyright (c) 2004 Symantec Corporation
    OriginalFilename : SAVSCAN.EXE

    #:13 [snmp.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1992
    ThreadCreationTime : 16/10/2006 17:08:43
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Service SNMP
    InternalName : snmp.exe
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : snmp.exe

    #:14 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 148
    ThreadCreationTime : 16/10/2006 17:08:43
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:15 [ccevtmgr.exe]
    FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
    ProcessID : 1492
    ThreadCreationTime : 16/10/2006 17:08:45
    BasePriority : Normal
    FileVersion : 2.1.10.2
    ProductVersion : 2.1.10.2
    ProductName : Common Client
    CompanyName : Symantec Corporation
    FileDescription : Common Client Event Manager Service
    InternalName : ccEvtMgr
    LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
    OriginalFilename : ccEvtMgr.exe

    #:16 [symwsc.exe]
    FilePath : C:\Program Files\Fichiers communs\Symantec Shared\Security Center\
    ProcessID : 532
    ThreadCreationTime : 16/10/2006 17:08:47
    BasePriority : Normal
    FileVersion : 2005.1.2.20
    ProductVersion : 2005.1
    ProductName : Norton Security Center
    CompanyName : Symantec Corporation
    FileDescription : Norton Security Center Service
    InternalName : SymWSC.exe
    LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
    OriginalFilename : SymWSC.exe

    #:17 [agrsmmsg.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 1280
    ThreadCreationTime : 16/10/2006 17:08:53
    BasePriority : Normal
    FileVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35
    ProductVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35
    ProductName : Agere SoftModem Messaging Applet
    CompanyName : Agere Systems
    FileDescription : SoftModem Messaging Applet
    InternalName : smdmstat.exe
    LegalCopyright : Copyright © Agere Systems 1998-2000
    OriginalFilename : smdmstat.exe

    #:18 [soundman.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 1320
    ThreadCreationTime : 16/10/2006 17:08:53
    BasePriority : Normal
    FileVersion : 5.1.0.27
    ProductVersion : 5.1.0.27
    ProductName : Realtek Sound Manager
    CompanyName : Realtek Semiconductor Corp.
    FileDescription : Realtek Sound Manager
    InternalName : ALSMTray
    LegalCopyright : Copyright (c) 2001-2004 Realtek Semiconductor Corp.
    OriginalFilename : ALSMTray.exe
    Comments : Realtek AC97 Audio Sound Manager

    #:19 [pdvdserv.exe]
    FilePath : C:\Program Files\CyberLink\PowerDVD\
    ProcessID : 1332
    ThreadCreationTime : 16/10/2006 17:08:53
    BasePriority : Normal
    FileVersion : 5.00.0000
    ProductVersion : 5.00.0000
    ProductName : PowerDVD
    CompanyName : Cyberlink Corp.
    FileDescription : PowerDVD RC Service
    InternalName : PowerDVD RC Service
    LegalCopyright : Copyright (c) CyberLink Corp. 1997-2002
    OriginalFilename : PDVDSERV.EXE

    #:20 [ccapp.exe]
    FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
    ProcessID : 1348
    ThreadCreationTime : 16/10/2006 17:08:54
    BasePriority : Normal
    FileVersion : 2.1.10.2
    ProductVersion : 2.1.10.2
    ProductName : Common Client
    CompanyName : Symantec Corporation
    FileDescription : Common Client User Session
    InternalName : ccApp
    LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
    OriginalFilename : ccApp.exe

    #:21 [wkufind.exe]
    FilePath : C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\
    ProcessID : 1352
    ThreadCreationTime : 16/10/2006 17:08:54
    BasePriority : Normal
    FileVersion : 9.00.0603.0
    ProductVersion : 9.00.0603.0
    ProductName : Update Detection Module
    CompanyName : Microsoft® Corporation
    FileDescription : Détection Microsoft® Works Update
    InternalName : WkUFind
    LegalCopyright : Copyright © 1987-2003 Microsoft Corporation.
    OriginalFilename : WkUFind.exe

    #:22 [nwnmff_e28.exe]
    FilePath : C:\
    ProcessID : 2088
    ThreadCreationTime : 16/10/2006 17:08:58
    BasePriority : Normal
    FileVersion : 1.00.0389
    ProductVersion : 1.00.0389
    ProductName : Project1
    CompanyName : ;wd3;43;4;;344;;34;43;43
    InternalName : Project1
    OriginalFilename : Project1.exe

    #:23 [kybrdff_e31.exe]
    FilePath : C:\
    ProcessID : 2220
    ThreadCreationTime : 16/10/2006 17:09:00
    BasePriority : Normal
    FileVersion : 1.00.0183
    ProductVersion : 1.00.0183
    ProductName : Project1
    CompanyName : fdslj reditf8eru8turdtreduj54tr8u548
    InternalName : kybrdff_18_a
    OriginalFilename : kybrdff_18_a.exe

    #:24 [rundll32.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 2436
    ThreadCreationTime : 16/10/2006 17:09:00
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Exécuter une DLL en tant qu'application
    InternalName : rundll
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : RUNDLL.EXE

    #:25 [msnmsgr.exe]
    FilePath : C:\Program Files\MSN Messenger\
    ProcessID : 2944
    ThreadCreationTime : 16/10/2006 17:09:02
    BasePriority : Normal
    FileVersion : 8.0.0812.00
    ProductVersion : 8.0.0812
    ProductName : Messenger
    CompanyName : Microsoft Corporation
    FileDescription : Messenger
    InternalName : msnmsgr.exe
    LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
    OriginalFilename : msnmsgr.exe

    #:26 [rundll32.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1392
    ThreadCreationTime : 16/10/2006 17:09:42
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Exécuter une DLL en tant qu'application
    InternalName : rundll
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : RUNDLL.EXE

    #:27 [ad-aware.exe]
    FilePath : C:\PROGRA~1\LAVASOFT\AD-AWA~1\
    ProcessID : 2952
    ThreadCreationTime : 16/10/2006 17:17:57
    BasePriority : Normal
    FileVersion : 6.2.0.236
    ProductVersion : SE 106
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft AB Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    #:28 [msmsgs.exe]
    FilePath : C:\Program Files\Messenger\
    ProcessID : 644
    ThreadCreationTime : 16/10/2006 17:30:44
    BasePriority : Normal
    FileVersion : 4.7.3001
    ProductVersion : Version 4.7.3001
    ProductName : Messenger
    CompanyName : Microsoft Corporation
    FileDescription : Windows Messenger
    InternalName : msmsgs
    LegalCopyright : Copyright (c) Microsoft Corporation 2004
    LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
    OriginalFilename : msmsgs.exe

    #:29 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 2144
    ThreadCreationTime : 16/10/2006 17:31:53
    BasePriority : Normal
    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 6.00.2900.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Explorateur Windows
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : EXPLORER.EXE

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 1

    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 1

    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 1

    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 1

    Deep scanning and examining files...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for C:\WINDOWS
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 1

    Disk Scan Result for C:\WINDOWS\system32
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 1

    Disk Scan Result for C:\DOCUME~1\Acer\LOCALS~1\Temp\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 1

    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    0 entries scanned.
    New critical objects:0
    Objects found so far: 1

    MRU List Object Recognized!
    Location: : C:\Documents and Settings\Acer\recent
    Description : list of recently opened documents

    MRU List Object Recognized!
    Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\automap\11.0\findmru
    Description : list of recently used find queries used in microsoft automap-based products

    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct3d

    MRU List Object Recognized!
    Location: : software\microsoft\direct3d\mostrecentapplication
    Description : most recent application to use microsoft direct X

    MRU List Object Recognized!
    Location: : software\microsoft\directdraw\mostrecentapplication
    Description : most recent application to use microsoft directdraw

    MRU List Object Recognized!
    Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\mediaplayer\medialibraryui
    Description : last selected node in the microsoft windows media player media library

    MRU List Object Recognized!
    Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\mediaplayer\player\settings
    Description : last open directory used in jasc paint shop pro

    MRU List Object Recognized!
    Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\mediaplayer\preferences
    Description : last search path used in microsoft windows media player

    MRU List Object Recognized!
    Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\office\10.0\clip organizer\search\last query
    Description : last query in microsoft clip organizer

    MRU List Object Recognized!
    Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\office\10.0\common\general
    Description : list of recently used symbols in microsoft office

    MRU List Object Recognized!
    Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\office\10.0\common\search\last query
    Description : last query in microsoft office

    MRU List Object Recognized!
    Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\office\10.0\powerpoint\recent typeface list
    Description : list of recently used typefaces in microsoft powerpoint

    MRU List Object Recognized!
    Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
    Description : list of recent programs opened

    MRU List Object Recognized!
    Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
    Description : list of recently saved files, stored according to file extension

    MRU List Object Recognized!
    Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\windows\currentversion\explorer\recentdocs
    Description : list of recent documents opened

    MRU List Object Recognized!
    Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk

    MRU List Object Recognized!
    Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk

    MRU List Object Recognized!
    Location: : S-1-5-21-1296836545-1439906313-590260106-1005\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk

    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 19

    19:33:23 Scan Complete

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:01:05.594
    Objects scanned:84998
    Objects identified:0
    Objects ignored:0
    New critical objects:0

    B - Spybot
    <souligne>j'ai pris ca dans le journal jespere que cest ca que tu veux!!!
    </souligne>
    16/10/2006 19:43:12 Fichier de mise à jour téléchargé. (http://www.safer-networking.org/updates/spybotsd.ini)
    16/10/2006 19:43:17 downloaded update Advanced detection library
    16/10/2006 19:43:17 - URL: http://www.spybotupdates.com/updates/files/advcheck.zip
    16/10/2006 19:43:17 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\advcheck.zip
    16/10/2006 19:43:18 downloaded update Detection rules: Dialers
    16/10/2006 19:43:18 - URL: http://www.spybotupdates.com/updates/files/includes.dialer.zip
    16/10/2006 19:43:18 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.dialer.zip
    16/10/2006 19:43:20 downloaded update Detection rules: Hijackers
    16/10/2006 19:43:20 - URL: http://www.spybotupdates.com/updates/files/includes.hijackers.zip
    16/10/2006 19:43:20 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.hijackers.zip
    16/10/2006 19:43:20 downloaded update Detection rules: Keyloggers
    16/10/2006 19:43:20 - URL: http://www.spybotupdates.com/updates/files/includes.keyloggers.zip
    16/10/2006 19:43:20 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.keyloggers.zip
    16/10/2006 19:43:22 downloaded update Detection rules: Malware
    16/10/2006 19:43:22 - URL: http://www.spybotupdates.com/updates/files/includes.malware.zip
    16/10/2006 19:43:22 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.malware.zip
    16/10/2006 19:43:22 downloaded update Detection rules: PUPS
    16/10/2006 19:43:22 - URL: http://www.spybotupdates.com/updates/files/includes.pups.zip
    16/10/2006 19:43:22 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.pups.zip
    16/10/2006 19:43:23 downloaded update Detection rules: Security
    16/10/2006 19:43:23 - URL: http://www.spybotupdates.com/updates/files/includes.security.zip
    16/10/2006 19:43:23 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.security.zip
    16/10/2006 19:43:24 downloaded update Detection rules: Spybots
    16/10/2006 19:43:24 - URL: http://www.spybotupdates.com/updates/files/includes.spybots.zip
    16/10/2006 19:43:24 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.spybots.zip
    16/10/2006 19:43:25 downloaded update Detection rules: Trojans
    16/10/2006 19:43:25 - URL: http://www.spybotupdates.com/updates/files/includes.trojans.zip
    16/10/2006 19:43:25 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.trojans.zip
    16/10/2006 19:43:27 downloaded update Detection rules: Update
    16/10/2006 19:43:27 - URL: http://www.spybotupdates.com/updates/files/includes.zip
    16/10/2006 19:43:27 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
    16/10/2006 19:43:29 downloaded update Detection support library
    16/10/2006 19:43:29 - URL: http://www.spybotupdates.com/updates/files/tools.zip
    16/10/2006 19:43:29 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\tools.zip
    16/10/2006 19:43:31 downloaded update English descriptions
    16/10/2006 19:43:31 - URL: http://www.spybotupdates.com/updates/files/desc.english.zip
    16/10/2006 19:43:31 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\desc.english.zip
    16/10/2006 19:43:32 downloaded update English help
    16/10/2006 19:43:32 - URL: http://www.spybotupdates.com/updates/files/help.english.zip
    16/10/2006 19:43:32 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\help.english.zip
    16/10/2006 19:43:33 downloaded update English help for TeaTimer
    16/10/2006 19:43:33 - URL: http://www.spybotupdates.com/updates/files/helpres.english.zip
    16/10/2006 19:43:33 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\helpres.english.zip
    16/10/2006 19:43:34 downloaded update Francais descriptions
    16/10/2006 19:43:34 - URL: http://www.spybotupdates.com/updates/files/desc.francais.zip
    16/10/2006 19:43:34 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\desc.francais.zip
    16/10/2006 19:43:35 downloaded update Francais help
    16/10/2006 19:43:35 - URL: http://www.spybotupdates.com/updates/files/help.francais.zip
    16/10/2006 19:43:35 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\help.francais.zip
    16/10/2006 19:43:36 downloaded update Francais help for TeaTimer
    16/10/2006 19:43:36 - URL: http://www.spybotupdates.com/updates/files/helpres.francais.zip
    16/10/2006 19:43:36 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\helpres.francais.zip
    16/10/2006 19:43:37 downloaded update Francais language
    16/10/2006 19:43:37 - URL: http://www.spybotupdates.com/updates/files/lang.francais.zip
    16/10/2006 19:43:37 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.francais.zip
    16/10/2006 19:43:40 downloaded update Immunization database
    16/10/2006 19:43:40 - URL: http://www.spybotupdates.com/updates/files/clsid.zip
    16/10/2006 19:43:40 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\clsid.zip
    16/10/2006 19:43:40 downloaded update Main skins
    16/10/2006 19:43:40 - URL: http://www.spybotupdates.com/updates/files/skins.main.zip
    16/10/2006 19:43:40 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\skins.main.zip
    16/10/2006 19:43:43 downloaded update Startup info
    16/10/2006 19:43:43 - URL: http://www.spybotupdates.com/updates/files/startup.zip
    16/10/2006 19:43:43 - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\startup.zip

    C - Ccleaner je l'avais déjà c le dernier rapport que j'avais dans le dossier mes document est-ce ca??
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\DBTB00001.DBTB00001]
    @="Search Bar"

    [HKEY_CLASSES_ROOT\DBTB00001.DBTB00001\CLSID]
    @="{D7CC80D4-376C-4586-B023-4F35C2CEB28E}"

    [HKEY_CLASSES_ROOT\DBTB00001.DBTB00001\CurVer]
    @="DBTB00001.DBTB00001.1"

    [HKEY_CLASSES_ROOT\DBTB00001.DBTB00001.1]
    @="Search Bar"

    [HKEY_CLASSES_ROOT\DBTB00001.DBTB00001.1\CLSID]
    @="{D7CC80D4-376C-4586-B023-4F35C2CEB28E}"

    [HKEY_CLASSES_ROOT\DBTB00001.DeskBar]
    @="Deskbar"

    [HKEY_CLASSES_ROOT\DBTB00001.DeskBar\CLSID]
    @="{D7CC80D4-376C-4586-B023-4F35C2CEB28E}"

    [HKEY_CLASSES_ROOT\DBTB00001.DeskBar\CurVer]
    @="DBTB00001.DeskBar.1"

    [HKEY_CLASSES_ROOT\DBTB00001.DeskBar.1]
    @="Deskbar"

    [HKEY_CLASSES_ROOT\DBTB00001.DeskBar.1\CLSID]
    @="{D7CC80D4-376C-4586-B023-4F35C2CEB28E}"

    [HKEY_CLASSES_ROOT\DBTB00001.deskbarBHO]
    @="DeskbarBHO"

    [HKEY_CLASSES_ROOT\DBTB00001.deskbarBHO\CLSID]
    @="{A8B28872-3324-4CD2-8AA3-7D555C872D96}"

    [HKEY_CLASSES_ROOT\DBTB00001.deskbarBHO\CurVer]
    @="ToolBand.deskbarBHO.1"

    [HKEY_CLASSES_ROOT\DBTB00001.deskbarBHO.1]
    @="DeskbarBHO"

    [HKEY_CLASSES_ROOT\DBTB00001.deskbarBHO.1\CLSID]
    @="{A8B28872-3324-4CD2-8AA3-7D555C872D96}"

    [HKEY_CLASSES_ROOT\DBTB00001.DeskbarEnabler]
    @="DeskbarEnabler"

    [HKEY_CLASSES_ROOT\DBTB00001.DeskbarEnabler\CLSID]
    @="{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38}"

    [HKEY_CLASSES_ROOT\DBTB00001.DeskbarEnabler.1]
    @="DeskbarEnabler"

    [HKEY_CLASSES_ROOT\DBTB00001.DeskbarEnabler.1\CLSID]
    @="{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38}"

    [HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}]
    @="ActiveXPlugin Object"

    [HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Control]

    [HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Implemented Categories]

    [HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

    [HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

    [HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\InprocServer32]
    @="C:\\WINDOWS\\System32\\plugin.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\MiscStatus]
    @="0"

    [HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\MiscStatus\1]
    @="131473"

    [HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\ProgID]
    @="Microsoft.ActiveXPlugin.1"

    [HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\ToolboxBitmap32]
    @="C:\\WINDOWS\\System32\\plugin.ocx, 1"

    [HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\TypeLib]
    @="{06DD38D0-D187-11CF-A80D-00C04FD74AD8}"

    [HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Version]
    @="1.0"

    [HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\VersionIndependentProgID]
    @="Microsoft.ActiveXPlugin"

    [HKEY_CLASSES_ROOT\CLSID\{526D3A23-F01C-4891-9B71-DC473ECABAA2}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{526D3A23-F01C-4891-9B71-DC473ECABAA2}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{526D3A23-F01C-4891-9B71-DC473ECABAA2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{526D3A23-F01C-4891-9B71-DC473ECABAA2}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wfhip6.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CURRENT_USER\Software\livesvc]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AAW"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\deskbar.exe"="deskbar"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\DOCUME~1\\Acer\\LOCALS~1\\Temp\\Temporary Internet Files\\Content.IE5\\GNARAT27\\aawsepersonal[1].exe"="Ad-Aware SE Personal"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\DOCUME~1\\Acer\\LOCALS~1\\Temp\\Temporary Internet Files\\Content.IE5\\CVSZYD0J\\spybotsd14[1].exe"="Spybot - Search & Destroy Setup "

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\DOCUME~1\\Acer\\LOCALS~1\\Temp\\is-J5V79.tmp\\is-GSQHT.tmp"="Setup/Uninstall"

    D- Ewido le seul truc que j'ai pas capté c'est quand tu me dis qu'il doit y avoir marqué delete à coté de chaque malware

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 20:34:18 16/10/2006

    + Scan result:

    C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
    HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
    HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP132\A0023723.EXE -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP132\A0025988.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP134\A0026157.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP134\A0026160.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP143\A0026512.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP143\A0026521.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP193\A0030568.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP193\A0031953.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032032.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032045.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032058.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\gpjol3131.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\Program Files\Deskbar\deskbar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032059.exe -> Adware.Zestyfind : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP19\A0004219.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP48\A0004937.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP134\A0026161.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
    C:\drsmartload45a45a45s.RB0 -> Downloader.Adload.fu : Cleaned with backup (quarantined).
    C:\drsmartload45a45a45s.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP132\A0023794.exe -> Downloader.Adload.gj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP132\A0023839.exe -> Downloader.Adload.gj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP132\A0024174.exe -> Downloader.Adload.gj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP132\A0024306.exe -> Downloader.Adload.gj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP132\A0024442.exe -> Downloader.Adload.gj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP134\A0026158.exe -> Downloader.Adload.gj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP134\A0026162.exe -> Downloader.Adload.gj : Cleaned with backup (quarantined).
    C:\drsmartload.RB0 -> Downloader.Adload.gj : Cleaned with backup (quarantined).
    C:\drsmartload.exe -> Downloader.Adload.gj : Cleaned with backup (quarantined).
    C:\drsmartload1.RB0 -> Downloader.Adload.gj : Cleaned with backup (quarantined).
    C:\drsmartload1.exe -> Downloader.Adload.gj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP134\A0026159.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP143\A0026519.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
    C:\Documents and Settings\Acer\Application Data\errorsafefrenchnewreleaseinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP132\A0025547.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
    C:\WINDOWS\Downloaded Program Files\UERSV_0001_N91S2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
    C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
    C:\WINDOWS\Downloaded Program Files\UWAS6V_0001_N91M2208NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP134\A0026188.EXE -> Proxy.Agent.cv : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP134\A0026194.EXE -> Proxy.Agent.cv : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP134\A0026214.EXE -> Proxy.Agent.cv : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP136\A0026303.EXE -> Proxy.Agent.cv : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP137\A0026336.exe -> Proxy.Agent.cv : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP143\A0026456.EXE -> Proxy.Agent.cv : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\acer@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\WINDOWS\Temp\Cookies\acer@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned.
    C:\WINDOWS\Temp\Cookies\acer@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\Documents and Settings\Acer\Local Settings\Temp\Cookies\acer@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
    C:\WINDOWS\Temp\Cookies\acer@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.

    ::Report end

    D- Scandefender

    BitDefender Online Scanner - Rapport virus en temps réel
    Généré à: Mon, Oct 16, 2006 - 21:38:04
    Info d'analyse
    Fichiers scannés 311387
    Infectés Fichiers 47
    Virus Détectés
    Trojan.Downloader.Adload.EQ 2
    Trojan.Downloader.Winfixer.O 6
    Generic.Botget.7C6905E0 1
    Trojan.Downloader.Adload.AQ 7
    Win32.Mydoom.XT@mm 1
    Trojan.Adload.RC 8
    Trojan.Downloader.Small.BOJ 10
    Generic.Malware.FM!Ydoe.DCD729E9 1
    Backdoor.Poebot.AA 1
    Generic.Sdbot.080F8265 1
    Trojan.Agent.HU 1
    BehavesLike:Trojan.Downloader 1
    Trojan.Downloader.Small.BUY 2
    Trojan.Canbede.L 3
    Trojan.Qurl.3 2

    F- hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 21:44:09, on 16/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\windows\system32\rgwxylfj.exe
    C:\nwnmff_e28.exe
    C:\kybrdff_e31.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\system32\spider.exe
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [rgwxylfj] c:\windows\system32\rgwxylfj.exe rgwxylfj
    O4 - HKLM\..\Run: [newname] C:\\nwnmff_e28.exe
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e31.exe
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1052.dll,InstantAccess
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2be62b13d4794221a5dd361ff6258689
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2be62b13d4794221a5dd361ff6258689
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net
    O16 - DPF: {E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4} - http://es6-scripts.dlv4.com/binaries/egauth4/egauth4_1052_FR_XP.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E201D2B-D0EF-495C-A3C2-17733AD9D598}: NameServer = 86.64.145.142,84.103.237.142
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\ktn2l75o1.dll
    O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\slnceng.dll (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)
    0
  3. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Salut,

    Pour Ewido, refais le correctement

    D – Ewido
    https://www.malekal.com/tutorial-et-guide-ewido-v4/
    ou
    http://www.infos-du-net.com/telecharger/Ewido-Anti-Malware.html

    Mets le à jour en cliquant update now.
    Fais un "complete system scan".
    A la fin du scan, vérifie qu'il y est bien marqué "delete à côté de chaque malware et clique seulement sur : "Apply all actions"
    Ensuite, clique sur "Save Report " puis "Save report as" et sauve le rapport dans tes documents.

    Copie/colle le rapport

    Ensuite fais ce qui suit :

    Télécharge Blacklight(de F-Secure) a l’une des 2 adresses :
    https://www.f-secure.com/en
    https://www.f-secure.com/en

    et sauvegarde le sur ton Bureau.

    Double-clique blbeta.exeet accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next

    Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

    A++
    0
  4. cecilialanha Messages postés 11 Statut Membre
     
    salut voici le rapport demandé

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 20:19:36 18/10/2006

    + Scan result:

    C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Cleaned.
    C:\WINDOWS\QWNlcg\command.exe -> Adware.CommAd : Cleaned.
    [1212] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    [1500] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    [2148] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    [2160] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    [2168] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    [2176] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    [2192] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    [2204] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    [2244] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    [2280] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    [3768] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    [4064] C:\WINDOWS\QWNlcg\asappsrv.dll -> Adware.CommAd : Error during cleaning.
    C:\Documents and Settings\Acer\Local Settings\Temp\Temporary Internet Files\Content.IE5\CVSZYD0J\Installer[1].exe -> Adware.Look2Me : Cleaned.
    C:\Documents and Settings\Acer\Local Settings\Temp\temp.frE22F -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032070.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032081.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032098.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032102.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032106.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032110.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032112.dll -> Adware.Look2Me : Cleaned.
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032116.dll -> Adware.Look2Me : Cleaned.
    C:\WINDOWS\system32\oveaccrc.dll -> Adware.Look2Me : Cleaned.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP -> Adware.Look2Me : Cleaned.
    C:\Program Files\Deskbar\deskbar.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032072.dll -> Adware.Softomate : Cleaned.
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP132\A0024146.DLL -> Adware.WinAntiVirus : Cleaned.
    C:\WINDOWS\system32\SpOrder.dll -> Adware.WinAntiVirus : Cleaned.
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032091.exe -> Downloader.Adload.fk : Cleaned.
    C:\System Volume Information\_restore{A17A874F-C88D-4CDF-86AC-7B44375B3C3B}\RP194\A0032094.exe -> Downloader.Adload.fk : Cleaned.
    C:\Documents and Settings\Acer\Local Settings\Temp\Temporary Internet Files\Content.IE5\CVSZYD0J\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned.
    C:\Documents and Settings\Acer\Local Settings\Temp\Cookies\acer@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\WINDOWS\Temp\Cookies\acer@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\Documents and Settings\Acer\Local Settings\Temp\Cookies\acer@overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\WINDOWS\Temp\Cookies\acer@overture[1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Acer\Local Settings\Temp\Cookies\acer@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\WINDOWS\Temp\Cookies\acer@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\Documents and Settings\Acer\Local Settings\Temp\Cookies\acer@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
    C:\Documents and Settings\Acer\Local Settings\Temp\Cookies\acer@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
    C:\WINDOWS\Temp\Cookies\acer@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.

    ::Report end

    je n'ai pas réussi a utiliser blacklight je l'ai téléchargé sur mon bureau et voici ce qu'il me marque lorsque j'essaie de l'utiliser:

    F secure blacklight could not acquire necessary priveleges (sedebug privilege)
    - your computer setting may prevent acquiring these privilege
    - a malicious program might have disabled these priviliges

    qu'est ce que je fais du coup????
    0