Bonjour,
 
Mon problème le voici : Quand je suis sur internet, par exemple je tape google.fr, je vais sur le site mais 2 secondes après le site change et c'est un site publicitaire qui s'affiche. Ou sinon c'est aléatoirement : je reste 2 mn sur un site et quand je clique sur un lien hop je vais sur un autre site. Donc je pense que c'est un malware ou une chose de ce genre...Aussi je me suis rendu compte que j'avais des programmes sur mon bureau dont je n'en connais pas l'existence   ils apparaissent en gros...
 
J"ai exécuté, norton 2005, ad-aware, spybot, CCleaner et hijackthis.
Voilà le log hijackthis:
 

 
Merci
(J'utilise FireFox, pas IE ni AOL malgré le navigateur intégré)

je connais pas  - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033. c'est normal qu'ils soit lancer au démarrage ?

Oui c'est normal.
http://img329.imageshack.us/img329/7509/bug8ve.jpg (c'est une capture de mon bureau)

celui là me paraît suspecte C:\WINDOWS\System32\UAService7.exe , je ne l'ai pas sur mon poste .. .

tu dvrais le tuer dans la liste des taches, puis tu fais un test. si c'est mieux supprime le fichier ( ou renome le si tu n'est pas sur de toi)

Je peux pas le terminer dans la liste des taches, il me met "Accès refusé". Donc je vais tenter de le supprimer.
 
EDIT : impossible de le suppprimer ce fichier (protége en ecriture, utilisé actuellement)

reboot en mode sans echec, et renome le ( tu pouras pas le faire sur windows si il est en utilisation) . c'est moin risquer, tu pourras le remmetre si il te mets la panade sur ton poste

OK je vais tester .

Bon alors je l'ai renomer quand j'étais en mode sans échec, et après 10 minutes le problème revient. Je dois le supprimer ?

c'est ptête pas utiles, si le problème vient pas delà ton fichiers est peut être utile à un soft que je ne connais pas.
 
Vérifies quand même qu'il ne ce soit pas recréés, çà arrive que des virus recréer d'eux même des éxécutables ...

 
Non je crois pas qu'il s'es recréé
 

Toujours ce problème; j'ai refaire l'antivirusn ad-aware, et tout : ça fait pareil...  
voilà un exemple de site qui se remplace à la place : http://popunder.paypopup.com/defau [...] ubid=23782

Bonsoir,
 
Télécharge L2MRemover.zip
Dézippe le (voici un décompresseur gratuit si tu n'en as pas QuickZip)
Installe l'exécutable dans C:\Program Files\Look2meRemover\
 
Supprime le Système de restauration
 
1. Clique sur L2MRemover.exe pour lancer le programme.
2. Clique sur "About" > "Check for updates..." dans le menu du programme pour le mettre à jour.
3. Clique sur "Scan" et attendre que le scan complet soit fait.

 
4. Clique sur le bouton "Delete Keys" pour nettoyer la base de registre.
 
(Si tu n'es pas sûr, tu peux cocher "Save before delete"
pour avoir une sauvegarde des clés supprimées; ceci créera un fichier reg)
 

 
Remettre le Système de restauration

 
Dès que je lance : http://img220.imageshack.us/img220/5387/bug26al.jpg

Essaie avec ça:
http://www.simplytech.it/L2MRemover/setup.zip

Oui j'avais déja essayé, j'ai encore réessayé et ça ne marche toujours pas.

Bien...
 
Télécharge L2mfix (de Shadowwar) de l'un de ces liens :
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
 
Sauvegarde-le sur ton Bureau et double-clique l2mfix.exe. Clique sur le bouton Install pour en extraire le contenu et suis les directives, puis ouvre le nouveau dossier "l2mfix" qui se trouve sur le Bureau. Double-clique l2mfix.bat et choisi l'option #1 pour Run Find Log en tapant 1 et ensuite Entrée. Le scan débutera sans générer d'indications, puis, après une minute ou deux, un fichier texte apparaîtra. Copie/colle le contenu de ce rapport ("report.txt" ) dans ta prochaine réponse.
 
IMPORTANT : NE PAS lancer l'option #2 OU autres fichiers situés dans le dossier "l2mfix".

Le texte c'est afficher même pas 5 secondes après :
 

Ferme toutes les applications en cours, car cette étape nécessite un redémarrage.
 
Du dossier l2mfix situé sur ton Bureau, double-clique l2mfix.bat et choisi l'option #2 pour Run Fix en tapant 2 et ensuite "Entrée". Les icônes du Bureau vont disparaître (tout à fait normal). L2mfix poursuivra le scan et lorsque terminé, il sera prêt à redémarrer le PC. Appuie sur n'importe quelle touche pour redémarrer. Après le redémarrage, un fichier texte devrait apparaître. Copie/colle le contenu de ce rapport dans ta prochaine réponse, et poste un nouveau rapport HijackThis! également.
 
IMPORTANT: NE PAS lancer d'autres fichiers situés dans le dossier "l2mfix" sans en être avisé! Ne pas lancer cet outil en mode Sans Échec !!
**Si le fichier texte (rapport) n'apparaît pas au redémarrage, double-clique sur le fichier texte ("log.txt" ) situé dans le dossier "l2mfix".
 
Merci de ne pas mettre les rapports en citation (confort de lecture...)

J'ai fait exactement comme tu me là dis, mais lorsqu'il scan, il affiche un message : "erreur pour importer shell.reg" donc j'ai fais OK, ensuite il demande de redémarrer. Ensuite au démarrage je n'est aucun fichier texte, et il y a écrit dans le fichier log.txt : Checking for L2mfix account (0=no 1=yes)  0
 

Décidemment...
 
Télécharge SpySweeper (de Webroot) [color=red]ICI[/color] (version d'essai - 14 jours):[list]

• Clic sur le lien Free Trial sous la rubrique "SpySweeper".
• Installe le programme. Une fois installé, il se lancera.
• L'option de le mettre à jour s'affichera; clic Yes.
• Lorsque les mises à jour seront installées, clic Options sur la gauche.
• Clic sur l'onglet Sweep Options.
• Sous What to Sweep, coche les options suivantes:

[list]

• Sweep Memory
• Sweep Registry
• Sweep Cookies
• Sweep All User Accounts
• Enable Direct Disk Sweeping
• Sweep Contents of Compressed Files
• Sweep for Rootkits
• DÉCOCHE [color=blue]Do not Sweep System Restore Folder[/color].[/list]
• Clic Sweep Now sur la gauche.
• Clic sur Start.
• Quand le scan est terminé, clic sur Next.
• Assure-toi que tous les items sont cochés, puis clic sur Next.
• Tous les items cochés seront éliminés.
• Si Spy Sweeper veut redémarrer pour terminer le nettoyage : ACCEPTE.
• Clic Session Log au haut - à droite, et copie tout ce qu'il y a dans la fenêtre.
• Clic sur l'onglet Summary, puis clic sur Finish.
• Colle le contenu du "Session Log" dans ta prochaine réponse.

[/list]

********
11:01: |       Start of Session, vendredi 2 décembre 2005       |
11:01: Spy Sweeper started
11:01: Sweep initiated using definitions version 576
11:01: Starting Memory Sweep
11:02:   Found Adware: icannnews
11:02:   Detected running threat: C:\WINDOWS\system32\jtpm0771e.dll (ID = 83)
11:02:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:02:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:02:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:02:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:03:   Detected running threat: C:\WINDOWS\system32\mdrmsg.dll (ID = 83)
11:03: Memory Sweep Complete, Elapsed Time: 00:01:50
11:03: Starting Registry Sweep
11:03: Registry Sweep Complete, Elapsed Time:00:00:09
11:03: Starting Cookie Sweep
11:03:   Found Spy Cookie: falkag cookie
11:03:   guillaume@as1.falkag[1].txt (ID = 2650)
11:03:   Found Spy Cookie: bluestreak cookie
11:03:   guillaume@bluestreak[1].txt (ID = 2314)
11:03:   Found Spy Cookie: weborama cookie
11:03:   guillaume@weborama[2].txt (ID = 3658)
11:03: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:03: Starting File Sweep
11:04:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:04:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:04:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:04:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:05:   Found Trojan Horse: trojan-backdoor-us15info
11:05:   tool4.exe (ID = 183857)
11:05:   tool5.exe (ID = 183857)
11:05:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:05:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:05:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:05:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:05:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:05:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:05:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:05:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:06:   Found Adware: targetsaver
11:06:   tsuninst.exe (ID = 193501)
11:06:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:06:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:06:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:06:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:07:   Found Adware: look2me
11:07:   icont.exe (ID = 65722)
11:07:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:07:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:07:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:07:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:07:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:07:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:07:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:07:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:08:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:08:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:08:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:08:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:08:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:08:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:08:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:08:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:09:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:09:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:09:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:09:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:09:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:09:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:09:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:09:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:10:   class-barrel (ID = 78229)
11:10:   zqfmc.dll (ID = 195129)
11:10:   vocabulary (ID = 78283)
11:10:   n2p4lc7q1f.dll (ID = 159)
11:10:   o6840glqe6qe0.dll (ID = 159)
11:10:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:10:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:10:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:10:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:11:   nnobjapi.dll (ID = 159)
11:11:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:11:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:11:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:11:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:11:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:11:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:11:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:11:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:11:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:11:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:11:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:11:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:11:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:11:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   mcpmsp.dll (ID = 159)
11:12:   aaferror.dll (ID = 159)
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:12:   jtpm0771e.dll (ID = 159)
11:12:   o6660gjse6o60.dll (ID = 159)
11:12:   mdrmsg.dll (ID = 159)
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:12:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:13:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:13:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:13:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:13:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:13:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:13:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:13:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:13:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:13:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:13:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:13:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:13:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:14:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:14:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:14:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:14:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:14:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:14:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:14:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:14:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:16:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:16:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:16:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:16:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:16:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:16:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:16:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:16:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:16:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:16:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:16:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:16:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:16:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:16:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:16:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:16:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:16:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:16:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:17:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:17:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:17:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:17:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:17:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:17:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:17:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:17:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:17:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:17:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:17:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:17:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:18:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:18:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:18:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:18:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:18:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:18:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:18:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:18:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:19:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:19:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:19:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:19:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:19:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:19:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:19:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:19:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:20:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:20:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:20:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:20:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:21:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:21:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:21:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:21:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:22:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:22:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:22:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:22:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:22:   Found Adware: spysheriff
11:22:   secure32.html (ID = 184319)
11:22:   Found System Monitor: potentially rootkit-masked files
11:22:   nude shannon elizabeth  +americanpie03  naked celebrities actresses models porn sex topless real hentai lolita startrek disney britney spears(1).jpg (ID = 0)
11:22:   nude shannon elizabeth  +americanpie03  naked celebrities actresses models porn sex topless real hentai lolita startrek disney britney spears.jpg (ID = 0)
11:22:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:22:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:22:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:22:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:23:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:23:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:23:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:23:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:23:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:23:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:23:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:23:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:24:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:24:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:24:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:24:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:24: File Sweep Complete, Elapsed Time: 00:20:53
11:24: Full Sweep has completed.  Elapsed time 00:23:00
11:24: Traces Found: 23
11:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:25: Removal process initiated
11:25:   Quarantining All Traces: icannnews
11:25:   icannnews is in use.  It will be removed on reboot.
11:25:     C:\WINDOWS\system32\jtpm0771e.dll is in use.  It will be removed on reboot.
11:25:     C:\WINDOWS\system32\mdrmsg.dll is in use.  It will be removed on reboot.
11:25:   Quarantining All Traces: look2me
11:25:   look2me is in use.  It will be removed on reboot.
11:25:     jtpm0771e.dll is in use.  It will be removed on reboot.
11:25:     o6660gjse6o60.dll is in use.  It will be removed on reboot.
11:25:     mdrmsg.dll is in use.  It will be removed on reboot.
11:25:   Quarantining All Traces: potentially rootkit-masked files
11:25:   potentially rootkit-masked files is in use.  It will be removed on reboot.
11:25:     nude shannon elizabeth  +americanpie03  naked celebrities actresses models porn sex topless real hentai lolita startrek disney britney spears(1).jpg is in use.  It will be removed on reboot.
11:25:     nude shannon elizabeth  +americanpie03  naked celebrities actresses models porn sex topless real hentai lolita startrek disney britney spears.jpg is in use.  It will be removed on reboot.
11:25:   Quarantining All Traces: spysheriff
11:25:   Quarantining All Traces: trojan-backdoor-us15info
11:25:   Quarantining All Traces: targetsaver
11:26:   Quarantining All Traces: bluestreak cookie
11:26:   Quarantining All Traces: falkag cookie
11:26:   Quarantining All Traces: weborama cookie
11:26:   Warning: Launched explorer.exe
11:26:   Warning: Quarantine process could not restart Explorer.
11:26:   Preparing to restart your computer. Please wait...
11:26: Removal process completed.  Elapsed time 00:01:10
********
10:59: |       Start of Session, vendredi 2 décembre 2005       |
10:59: Spy Sweeper started
11:00: Your spyware definitions have been updated.
11:01: |       End of Session, vendredi 2 décembre 2005       |
 
 
(Merci)

Je crois que ça doit être bon, plus rien ne s'affiche; par contre défois j'ai de la pub pour winfixer 2005.

bonjour tt le monde !!
mon probleme es pareil ke certain dentre vs, en fait d ke jvai sur internet des pages de publicité safiche (casino,cdiscount...) et impossible dareter sa, meme en lisan vo reponse ji ariv pa jcompren rien. alor sil vs plai aidez moi...  

je pige pas vraiment !
si  vous activer le bloqueur de fenetre intenpestive vous ne devrier pas avoir ses fameuse fenetre !

ben mon blokeur de fenetre est activé et sa change rien.

Bonjour
 
En cas d'infection, les bloqueurs de pub ne servent à rien.
 
Télécharge le logiciel HijackThis v1.99.1
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm
 
Fais un scan et poste l'analyse.
 
Poste aussi ce rapport.
Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.
https://europe.f-secure.com/blacklight/try.shtml
Clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence; clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse.

An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=win.ini, sSection=windows, sValue=load)
Error #5 - Invalid procedure call or argument
 
Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible
 
Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1
 
This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

dsl jme sui trompé

Logfile of HijackThis v1.99.1
Scan saved at 01:19:42, on 28/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\VM_STI.EXE
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi- [...] key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.fr/8SEFRFR020100/FRWCompleteAddIns
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [antebookjugsmeta] C:\Documents and Settings\All Users\Application Data\Live Itch Ante Book\RectFace.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: TrayMin300.exe.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/n [...] 0.0.15.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

09/28/06 01:22:25 [Info]: BlackLight Engine 1.0.46 initialized
09/28/06 01:22:25 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/28/06 01:22:25 [Note]: 7019 4
09/28/06 01:22:25 [Note]: 7005 0
09/28/06 01:22:29 [Note]: 7006 0
09/28/06 01:22:29 [Note]: 7011 1616
09/28/06 01:22:29 [Note]: 7026 0
09/28/06 01:22:29 [Note]: 7026 0
09/28/06 01:22:29 [Note]: 7015 344
09/28/06 01:22:29 [Note]: 7015 5
09/28/06 01:22:29 [Note]: 7015 912
09/28/06 01:22:29 [Note]: 7015 5
09/28/06 01:22:29 [Note]: 7024 3
09/28/06 01:22:29 [Info]: Hidden process: C:\windows\system32\mnteuxaoh.exe
09/28/06 01:22:29 [Note]: 7015 1520
09/28/06 01:22:29 [Note]: 7015 5
09/28/06 01:22:29 [Note]: FSRAW library version 1.7.1019
09/28/06 01:22:33 [Error]: 6019 0
09/28/06 01:22:33 [Error]: 6017 0
09/28/06 01:23:33 [Note]: 7007 0

Bonjour
 
Plusieurs fichiers infectieux.
On commence.
 
Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les  manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.
 
1 Télécharge  
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
 
Ewido
http://www.ewido.net/en/download/
Tu l'installes.
Lance Ewido et clique sur le bouton Update (barre d'outils - au haut).  
Sous Manual Update clique Start update. Patiente jusqu'à l'affichage "Update successful".
 
2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.  
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
 
3 Relance un scan HijackThis et coche les lignes ci-dessous :
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm  
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell  
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx  
O2 - BHO: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll  
O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll  
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot  
O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE  
O4 - HKLM\..\Run: [antebookjugsmeta] C:\Documents and Settings\All Users\Application Data\Live Itch Ante Book\RectFace.exe  
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe  
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000  
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL  
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm  
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/n [...] 0.0.15.cab  
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB  
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab  
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab  
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab  
 
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
 
4 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer
 
5 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :
 
C:\WINDOWS\system32\pbfrv2.dll
C:\windows\system32\mnteuxaoh.exe
C:\WINDOWS\NsUpdate.exe
C:\Documents and Settings\All Users\Application Data\Live Itch Ante Book
 
Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.
 
6 Lance le nettoyage avec CCleaner.
 
7 Lance Ewido.  
Clique sur le bouton Scanner (de la barre d'outils)
Puis sur l'onglets Settings, pour How to Act. Clique sur Recommanded Actions. Sélectionne Quarantine.
Reviens a l'onglet Scan. Clique Complete system Scan
A la fin du scan, choisis l'option " Apply All Actions " en bas.  
Clique sur "Save Report", puis "Save Report As". Ceci génère un rapport en fichier texte. Assure-toi de le sauvegarder dans un endroit facile à retrouver.
 
8 Redémarre normalement et poste un nouveau log HijackThis avec le rapport d'Ewido.
 
Quel est ton parefeu ?

tu peu me dir se ques un repertoire dédié stp ou si jinstal ccleaner sur le bureau c bon ?

Va sur ce lien, lettre E.
 
http://forum.pcastuces.com/sujet.asp?SUJET_ID=291882

ben je sai pa ce kes exactement un pare feu mai mon antivirus est kaspersky anti-virus personnal pro je sai pa si ya un rapor repondez moi svp. et voici les rapor...

Logfile of HijackThis v1.99.1
Scan saved at 04:27:40, on 29/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\VM_STI.EXE
C:\apps\ABoard\AOSD.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi- [...] key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.fr/8SEFRFR020100/FRWCompleteAddIns
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [mnteuxaoh] c:\windows\system32\mnteuxaoh.exe mnteuxaoh
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: TrayMin300.exe.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
 
 
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
 
 + Created at: 04:04:10 29/09/2006
 
 + Scan result:  
 
 
 
HKLM\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-2041892279-848296084-3185487583-1011\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\EMediaCodec.Chl -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\EMediaCodec.Chl\CLSID -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msplock32.dll -> Adware.NaviPromo : Cleaned with backup (quarantined).
C:\Program Files\License_Manager\license_manager.exe -> Adware.WeirWeb : Cleaned with backup (quarantined).
C:\WINDOWS\iaccess32.exe -> Dialer.EgroupDial.w : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2041892279-848296084-3185487583-1011\Dc35\NsUpdate.exe -> Dialer.Generic : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2041892279-848296084-3185487583-1011\Dc36.exe -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2041892279-848296084-3185487583-1011\Software\GlobalCS -> Dialer.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@msnuk.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@adserver.71i[1].txt -> TrackingCookie.71i : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@ad.adnet[1].txt -> TrackingCookie.Adnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@casinodelrio[1].txt -> TrackingCookie.Casinodelrio : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@www.casinodelrio[1].txt -> TrackingCookie.Casinodelrio : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@crbanner.casinopays[1].txt -> TrackingCookie.Casinopays : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@casinopays[1].txt -> TrackingCookie.Casinopays : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@crbanner.casinopays[2].txt -> TrackingCookie.Casinopays : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@banner.clubdicecasino[2].txt -> TrackingCookie.Clubdicecasino : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@clubdicecasino[1].txt -> TrackingCookie.Clubdicecasino : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@www.88.com.29965.fb.dbbsrv[2].txt -> TrackingCookie.Dbbsrv : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@www.etracker[2].txt -> TrackingCookie.Etracker : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@www.etracker[1].txt -> TrackingCookie.Etracker : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@cityclub.gamingpromo[2].txt -> TrackingCookie.Gamingpromo : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@gamingpromo[2].txt -> TrackingCookie.Gamingpromo : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@ehg-playboy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@ehg-ads.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@ehg-neuftelecom.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@ehg-sonyesolutions.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@ehg-ads.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@ehg-nokiafin.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@lop[1].txt -> TrackingCookie.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@lop[1].txt -> TrackingCookie.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@counter10.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@spylog[2].txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@www.tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@weborama[1].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Documents and Settings\Invité\Cookies\invité@wreport.weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@weborama[1].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\MOHAMMED\Cookies\mohammed@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Moh@mmed\Cookies\moh@mmed@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Program Files\MailSkinner\MailSkinner.exe -> Trojan.Mailskinner.A : Cleaned with backup (quarantined).
C:\Program Files\eMedia Codec -> Trojan.Small : Cleaned with backup (quarantined).
C:\Program Files\eMedia Codec\uninst.exe -> Trojan.Small : Cleaned with backup (quarantined).
 
 
::Report end
 
 

Bonsoir
 
Gros travail d'Ewido
Les rapports montrent 3 choses :
- Une infection Instant Access.
- Un fichier aléatoire résistant (c:\windows\system32\mnteuxaoh.exe ).
- Un fichier résistant (C:\WINDOWS\NsUpdate.exe ).
 
On continue.
 
Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les  manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.
 
$$ Télécharge Brute Force Uninstaller (de Merijn).
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)
 
$$ FAIS UN CLIC-DROIT ICI et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).
 
$$ Clique sur ce lien
http://www.sendspace.com/file/4bwwd4
FAIS UN CLIC-DROIT sur le fichier Gentlemen.bfu et choisis "Enregistrer la cible sous..." afin de télécharger Gentlemen.bfu. Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utilises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers".
 
$$ Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ou F5; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
 
$$ Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
 
---- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :
 
EGDACCESS.bfu
 
Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.
 
---- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :
 
Gentlemen.bfu
 
Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Gentlemen.bfu
Clique sur Execute et laisse-le faire son travail.
 
Quand BFU disparait, redémarre normalement et poste un nouveau hijackthis avec le rapport situé ici C:\egd.txt

je croi ke g fai kelke ereur mai voila le rapor...
 
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SoundMan"="SOUNDMAN.EXE"
"PCMService"="\"c:\\Apps\\Powercinema\\PCMService.exe\""
"ACTIVBOARD"="c:\\apps\\ABoard\\ABoard.exe"
"BigDogPath"="C:\\WINDOWS\\VM_STI.EXE Philips SPC 200NC PC Camera"
"CanalPlayer"="C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe /iconic"
"KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\kav.exe\" /minimize"
"mnteuxaoh"="c:\\windows\\system32\\mnteuxaoh.exe mnteuxaoh"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"NsUpdate"="C:\\WINDOWS\\NsUpdate.exe UPDATE"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
 

Bonsoir
 
Je pense que la manip avec Edgaccess a bien fonctionné, mais pas celle avec Gentlemen.bfu.
 
Recommence ceci.
 

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SoundMan"="SOUNDMAN.EXE"
"PCMService"="\"c:\\Apps\\Powercinema\\PCMService.exe\""
"ACTIVBOARD"="c:\\apps\\ABoard\\ABoard.exe"
"BigDogPath"="C:\\WINDOWS\\VM_STI.EXE Philips SPC 200NC PC Camera"
"CanalPlayer"="C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe /iconic"
"KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\kav.exe\" /minimize"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"