ordinateur a nettoyer a fond :op

bonjour alors c'est mon autre ordi qui est reste plus d'un an sans anti virus puis un an eteint car du coup il buggait un chti peu...

alors j'ai deja fait:
**********************
SmitFaudFix, voici le rapport:

SmitFraudFix v2.81

Rapport fait à 13:38:10,33, lun. 21/08/2006
Executé à partir de C:\Documents and Settings\Vanessa\Bureau\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT

C:\WINNT\svchost.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32

C:\WINNT\system32\msbe.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Vanessa\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Vanessa\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

***************************
j'ai lance Ccleaner: analyse + nettoyage

*****************************

j'ai fait ewido mais pas en mode sans echec car il sous ce mode là il ne voulait pas se lancer...
voici le log:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 14:25:14 21/08/2006

+ Scan result:

C:\Program Files\BullsEye Network -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\BullsEye Network\bargains.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\exdl0.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\msbe.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINNT\system32\msxct.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Bargains -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADP.UrlCatcher.1 -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\eXactUtil -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Gator.com -> Adware.Gator : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Gator.com\Trickler -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer\optimize.exe -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1417001333-2111687655-854245398-1000\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1417001333-2111687655-854245398-1000\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1417001333-2111687655-854245398-1000\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\ISTsvc -> Adware.ISTBar : Cleaned with backup (quarantined).
C:\Program Files\ISTsvc\istsvc.exe -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ISTx.Installer -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ISTx.Installer\CLSID -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1417001333-2111687655-854245398-1000\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
[1116] c:\docume~1\vanessa\locals~1\temp\mewupyte.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\Program Files\Media Access -> Adware.MediaAccess : Cleaned with backup (quarantined).
C:\Program Files\Media Access\Info.txt -> Adware.MediaAccess : Cleaned with backup (quarantined).
C:\Program Files\Media Access\MediaAccC.dll -> Adware.MediaAccess : Cleaned with backup (quarantined).
C:\Program Files\Media Access\MediaAccK.exe -> Adware.MediaAccess : Cleaned with backup (quarantined).
C:\Program Files\Media Access\MediaAccess.exe -> Adware.MediaAccess : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup (quarantined).
C:\WINNT\system32\mt-uninstaller.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\mt-uninstaller.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINNT\bst9b3bl.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINNT\system32\54jmegp1.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINNT\system32\kpv1gjcb.dll -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINNT\system32\l0ck4aa4.exe -> Adware.Sahat : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer.1 -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CLSID -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CurVer -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller.1 -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CLSID -> Adware.Screensavers : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CurVer -> Adware.Screensavers : Cleaned with backup (quarantined).
C:\Program Files\SideFind -> Adware.SideFind : Cleaned with backup (quarantined).
C:\Program Files\SideFind\sfbho.dll -> Adware.SideFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\SideFind -> Adware.SideFind : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\MediaAccX.dll -> Adware.WinAD : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Adware.WinAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Adware.WinAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Adware.WinAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Adware.WinAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Adware.WinAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Media Access -> Adware.WinAD : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Access -> Adware.WinAD : Cleaned with backup (quarantined).
C:\WINNT\system32\cfmon.exe -> Backdoor.Codbot.ad : Cleaned with backup (quarantined).
C:\WINNT\system32\rrr.exe -> Backdoor.Codbot.ad : Cleaned with backup (quarantined).
C:\WINNT\system32\dfrgfat16.exe -> Backdoor.Codbot.ag : Cleaned with backup (quarantined).
C:\WINNT\system32\dhcpclient.exe -> Backdoor.Codbot.ag : Cleaned with backup (quarantined).
C:\WINNT\system32\mmm.exe -> Backdoor.Codbot.ag : Cleaned with backup (quarantined).
C:\WINNT\system32\upnpdrv.exe -> Backdoor.Codbot.ag : Cleaned with backup (quarantined).
[844] C:\WINNT\system32\upnpdrv.exe -> Backdoor.Codbot.ag : Error during cleaning.
C:\AVSCAN.exe -> Backdoor.IRCBot.ce : Cleaned with backup (quarantined).
C:\WINNT\system32\drivers\etc\test.exe/winserv.exe -> Backdoor.Iroffer.1220 : Error during cleaning.
C:\WINNT\system32\drivers\etc\winserv.exe -> Backdoor.Iroffer.1220 : Cleaned with backup (quarantined).
[896] c:\winnt\system32\drivers\etc\winserv.exe -> Backdoor.Iroffer.1220 : Error during cleaning.
C:\WINNT\system32\win-logon.exe -> Backdoor.Rbot.aie : Cleaned with backup (quarantined).
C:\WINNT\system32\KYSVCXD.EXE -> Backdoor.Rbot.mg : Cleaned with backup (quarantined).
C:\WINNT\system32\phqg.EXE -> Backdoor.Rbot.mg : Cleaned with backup (quarantined).
C:\WINNT\system32\jjj.exe -> Backdoor.SdBot : Cleaned with backup (quarantined).
C:\WINNT\system32\lll.exe -> Backdoor.SdBot : Cleaned with backup (quarantined).
C:\WINNT\system32\rpcclient.exe -> Backdoor.SdBot : Cleaned with backup (quarantined).
C:\WINNT\system32\phqghum.EXE -> Backdoor.SdBot.abb : Cleaned with backup (quarantined).
C:\WINNT\nem220.dll -> Downloader.Dyfuca : Cleaned with backup (quarantined).
C:\Internet Optimizer\optimize.exe -> Downloader.Dyfuca.ei : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\istactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\WINNT\vfgmh.exe -> Downloader.IstBar.ij : Cleaned with backup (quarantined).
C:\WINNT\system32\server.dll -> Dropper.Small.pu : Cleaned with backup (quarantined).
C:\Program Files\Sync Manager Demo\agent\syncagent.dll -> Logger.GhostKeyLogger.c : Cleaned with backup (quarantined).
C:\WINNT\system32\drivers\etc\Clear.exe -> Not-A-Virus.HackTool.Win32.Clearlog : Cleaned with backup (quarantined).
C:\WINNT\system32\drivers\etc\FireDaemon.exe -> Not-A-Virus.RemoteAdmin.Win32.RA.3826 : Cleaned with backup (quarantined).
[792] c:\winnt\system32\drivers\etc\FireDaemon.EXE -> Not-A-Virus.RemoteAdmin.Win32.RA.3826 : Error during cleaning.
[876] c:\winnt\system32\drivers\etc\FireDaemon.EXE -> Not-A-Virus.RemoteAdmin.Win32.RA.3826 : Error during cleaning.
C:\WINNT\system32\raddrv.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Cleaned with backup (quarantined).
C:\WINNT\system32\r_server.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.22 : Cleaned with backup (quarantined).
[652] C:\WINNT\system32\r_server.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.22 : Error during cleaning.
C:\WINNT\system32\wuamkops.exe -> Trojan.Crypt.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\870BV9QH\3e8ad79a0434[1].jpg/ransy.reg -> Trojan.LowZones.f : Error during cleaning.
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\870BV9QH\3e8ad79a0434[1].jpg/rany.reg -> Trojan.LowZones.f : Error during cleaning.
C:\WINNT\system32\e8ad79.exe/ransy.reg -> Trojan.LowZones.f : Error during cleaning.
C:\WINNT\system32\e8ad79.exe/rany.reg -> Trojan.LowZones.f : Error during cleaning.
C:\WINNT\system32\drivers\etc\secure.bat -> Worm.Muma : Cleaned with backup (quarantined).
C:\Documents and Settings\Vanessa\Application Data\TuneUp Software\TuneUp Utilities\Web\gbacklin.exe -> Worm.Rahak.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Vanessa\Application Data\TuneUp Software\TuneUp Utilities\Web\gcache.exe -> Worm.Rahak.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Vanessa\Application Data\TuneUp Software\TuneUp Utilities\Web\gsearch.exe -> Worm.Rahak.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Vanessa\Application Data\TuneUp Software\TuneUp Utilities\Web\gsimilar.exe -> Worm.Rahak.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Vanessa\Application Data\TuneUp Software\TuneUp Utilities\Web\gtransla.exe -> Worm.Rahak.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Vanessa\Application Data\TuneUp Software\TuneUp Utilities\Web\tuarch.exe -> Worm.Rahak.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Vanessa\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.exe -> Worm.Rahak.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Vanessa\Application Data\TuneUp Software\TuneUp Utilities\Web\tutrans.exe -> Worm.Rahak.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Vanessa\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomin.exe -> Worm.Rahak.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Vanessa\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomou.exe -> Worm.Rahak.a : Cleaned with backup (quarantined).
C:\WINNT\system32\mscolsrv.exe -> Worm.Rahak.a : Cleaned with backup (quarantined).
C:\WINNT\system32\svchsot.exe -> Worm.Rahak.a : Cleaned with backup (quarantined).
C:\WINNT\system32\syshid.exe -> Worm.Rahak.a : Cleaned with backup (quarantined).
C:\WUTemp\srvsxc.exe.$$$ -> Worm.Rahak.a : Cleaned with backup (quarantined).
[1124] C:\WINNT\system32\svchsot.exe -> Worm.Rahak.a : Error during cleaning.

::Report end

**********************************
et voici le log d'hijackthis apres tout ca

Logfile of HijackThis v1.99.1
Scan saved at 14:27:27, on 21/08/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\MSTask.exe
c:\winnt\system32\drivers\etc\svchost1.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\MESSEN~2\MsgPlus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\EWIDOA~1.0\ewido.exe
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\BACKWE~1.EXE
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\SAGEM\SAGEMF~1\dslmon.exe
C:\WINNT\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hgspmszzehksknjbyokx.com/NaKvRUvNFWkuhOfD0StGMlfokZjTDoUHptRkqCEKx4GQ9OdziZi/ReH7pR8brbvQ.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {6A16E024-8D5A-B58A-9A7A-0B035DF2EC42} - C:\DOCUME~1\Vanessa\APPLIC~1\CASH1~1\rdr site.exe
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\system32\msbe.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINNT\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SAVEBINBASHGRIM] C:\Documents and Settings\All Users\Application Data\Time Scr Save Bin\Metakind.exe
O4 - HKLM\..\Run: [Microsoft Windows Update Logon] WIN-LO~1.EXE
O4 - HKLM\..\Run: [!ewido] "C:\PROGRA~1\EWIDOA~1.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [Microsoft Windows Update Logon] WIN-LO~1.EXE
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [PEAK GPL] C:\DOCUME~1\Vanessa\APPLIC~1\PART2F~1\Ref spam.exe
O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\regclean.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: system.vbs
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: MSCoolServ - Unknown owner - C:\WINNT\system32\mscolsrv.exe" -service (file missing)
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\system32\r_server.exe" /service (file missing)
O23 - Service: FireDaemon Service: svchost (svchost) - Unknown owner - c:\winnt\system32\drivers\etc\FireDaemon.EXE (file missing)
O23 - Service: Universal Plug and Play device driver (upnpdrv) - Unknown owner - C:\WINNT\system32\upnpdrv.exe (file missing)
O23 - Service: VigService - Unknown owner - C:\Program Files\VIGUARD\SERVICE.EXE (file missing)
O23 - Service: FireDaemon Service: winserv32 (winserv32) - Unknown owner - c:\winnt\system32\drivers\etc\FireDaemon.EXE (file missing)

voilà


ps: petite precision cet ordinateur n'est pas connecte a internet....
je ne suis pas tres certaine de pouvoir installer la live box et tout le wifi dessus

Re .


I) Avec SmitFraudFix:

a) Redemarre en mode sans echec (tapotte la touche F8 au démarrage du système).

b) Double clique sur l'icône "smitfraudfix.cmd".

c) Sélectionne l'option 2 ( "intitulé Nettoyage") et presse Entrée.

d) Réponds par l'affirmative (o) aux questions qui te dont posées. Sauvegarde le rapport.

e) Redémarre ensuite normalement et post le rapport.




II) Télécharge KillBox ( Le premier lien ).


Selectionne ce texte en gras :

C:\WINNT\system32\upnpdrv.exe
C:\WINNT\system32\drivers\etc\test.exe/winserv.exe
c:\winnt\system32\drivers\etc\FireDaemon.EXE
C:\WINNT\system32\r_server.exe
C:\WINNT\system32\e8ad79.exe/ransy.reg
C:\WINNT\system32\e8ad79.exe/rany.reg



a) Ouvre Killbox.exe
b) Choisis "Delete on reboot"
c) Clique sur "File" et ensuite "Paste from Clipboard"
d) Clique sur All Files
e) Fais un copier coller de cete ligne dans le cadre blanc.
f) Apres appuie sur le rond rouge avec la croix blanche.


Supprime ce dossier : C:\!KillBox





III) Va sur Cette page et clic sur sur le lien "Download the trial" à droite.


a) Installe le et démare le
b) Il va te demander de télécharger la dernière définition, accepte
c) Ensuite, clic sur le bouton Options à gauche
d) Clic sur l'onglet Options
e) Coche ces options :

* Sweep Memory
* Sweep Registry
* Sweep Cookies
* Sweep All User Accounts
* Enable Direct Disk Sweeping
* Sweep Contents of Compressed Files
* Sweep for Rootkits

* Décoche Do not Sweep System Restore Folder. - Démarre SpySweeper

f) Clic sur "Sweep Now" à gauche
g) Clic sur le bouton "Start"
h) Quand le scan est terminé, clic sur le bouton "Next"
i) Assure toi que tout est coché et clic sur le bouton "Next"
j) Lorsque tous les éléments trouvés ont été supprimés
k) Clic sur "Session Log" en haut à droite, copie tous les élements du log.
l) Ferme les fenêtres et copie/colle tout le log ici.

N'hésite pas à consulter l'Aide de SpySweeper






IV) Télécharge et installe ATF-Cleaner (Par Attribune) :

a) Démarre ATF-Cleaner :

b) Coche ceci :

* Windows Temp
* Current User Temp
* All Users Temp
* Cookies
* Temporary Internet Files
* Prefetch
* Java Cache
* Recycle Bin

c) Clique sur Empty Selected et au message "Done Cleaning" sur Ok

sino plus simple tu formate le disque dur

21-08-2006 a 17:43, cartman93s :
sino plus simple tu formate le disque dur

Le formatage est la dernière solution. Il existe beaucoup d'utilitaire et autres pour désinfecter un ordinateur. Merci

ouais surtout que pour formater faut avoir les cd pour reinstaller, et c'est pas mon cas!!!!

ah d'accord

alors j'ai fait smitfraudfix (nettoyage):

SmitFraudFix v2.81

Rapport fait à 20:18:37,68, lun. 21/08/2006
Executé à partir de C:\Documents and Settings\Vanessa\Bureau\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINNT\svchost.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


apres j'ai fait kill box:

Pocket Killbox version 2.0.0.881
Running on Windows 2000 as Vanessa(Administrator)
was started @ lundi, août 21, 2006, 9:02 PM

# 1 [Delete on Reboot]
Path = C:\WINNT\system32\upnpdrv.exe


# 2 [Delete on Reboot]
Path = C:\WINNT\system32\drivers\etc\test.exe/winserv.exe


# 3 [Delete on Reboot]
Path = c:\winnt\system32\drivers\etc\FireDaemon.EXE


# 4 [Delete on Reboot]
Path = C:\WINNT\system32\r_server.exe


# 5 [Delete on Reboot]
Path = C:\WINNT\system32\e8ad79.exe/ransy.reg


# 6 [Delete on Reboot]
Path = C:\WINNT\system32\e8ad79.exe/rany.reg


PendingFileRenameOperations Registry Data has been Removed by External Process! @ 9:05:36 PM
# 7 [Delete on Reboot]
Path = C:\WINNT\system32\upnpdrv.exe


PendingFileRenameOperations Registry Data has been Removed by External Process! @ 9:06:22 PM
Killbox Closed(Exit) @ 9:06:31 PM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on Windows 2000 as Vanessa(Administrator)
was started @ lundi, août 21, 2006, 9:36 PM

Killbox Closed(Exit) @ 9:36:34 PM
__________________________________________________

et là au redemarrage (normal) apres installation de spy sweeper

pendant le demarrage de windows (2000)

ECRAN BLEU
*** STOP: 0x0000001E (0xC0000005, 0x20202020, 0x00000000, 0x20202020)
KMODE_EXCEPTION_NOT HANDLED

etc etc...


j'ai tente de redemarrer, meme ecran bleu a chaque fois!

qd je fais F8 AU DEMARRAGE
CA ME MARQUE

Tren ChipAway Virus (R) On Guard Ver 1.63A (en gras)
Detecting IDE......
[...]
Primary IDE channel no 80 conductor cable installed
Keyboard error or no keyboard present


F1 pour continuer
DEL pour setup

j'ai fait F1

puis encore F8 et là je peux demarrer en mode sans echec



donc HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Salut.

Désolé grosse panne de courant hier soir.

J'ai trouvé ça :

Erreurs liées aux pilotes de périphériques et de logiciels

N° de l'erreur Désignation
0x0000001E KMODE_EXCEPTION_NOT_HANDLED
0x000000D1 DRIVER_IRQL_NOT_LESS_OR_EQUAL
0x000000EA THREAD_STUCK_IN_DEVICE_DRIVER
0x00000050 PAGE_FAULT_IN_NONPAGED_AREA
0x0000000A IRQ_NOT_LESS_OR_EQUAL

Vu que tu as dit que ton ordinateur n'as pas tournée pendant longtemps. Autant que tu formate tout et que tu reparte à zero avec un ordinateur neuf.

Après avoir formaté surtout n'oubli pas de mettre à jour les pilotes de ton ordinateur (carte graphique et cie) ICI. Bonne journée.


[ Ce message a ete modifié par : : freeman206 le 22-08-2006 11:06 ]

ouais sauf que moi j'ai jamais formate, et que j'ai pas le cd de windows.... c'est fort bizarre qd meme parce qu'avant killbox, il n'y avait aucun ecran bleu