Mon pc est blindé de virus !!!

Bonsoir à tous !

j'ai un gros problèmes concernant les virus : avec Panda, j'ai fait un scan en ligne et la, le résultat est très choquant, j'ai plus de 30 virus, + de 8 spywares et un dossier suspects!! Avec panda, j'ai essayer de supprimer tous ceci, mais ça n'a pas suffit pour tous supprimer, il affichait à l'écran pour la majorité, impossible d'effacer ou erreur ...

J'ai l'antivirus Securitoo installé sur mon pc, mais cet antivirus ne détecte absolument rien, enfin si, il affiche 7 infection à l'écran, mais quand je clique sur rechercher des virus, l'antivirus ne détecte rien ... très bizare ..
S'il vous plait, pouvez vous m'aider, je sais vraiment plus quoi j'essaye tout, mais bon je suis une as de l'informatique donc c'est assez difficile !

* Windows Xp familial
* Securitoo antivirus Firewall (qui ne detecte rien !)

et hier j'avais télécharger Avast , en suspendant Securitoo; et lui par contre m'a detecté certains virus, pas tous, mais je n'ai pas reussi a les supprimer la non plus !!
donc en clair, comment est ce que je peut me debarasser de ces virus, spywares et Cie, rapidement ??? car quand je vois les degats que peuvent les virus ... ça m'inquiète vraiment,
voila, j'attend impatiament votre aide, et je vous en remercie d'avance, bonne soirée a tous !!!

Salut miss. pour les spywares ici pour les virus crie Sickness ou Freeman et ils vont rappliquer . bonne soirée.

merci azaza pour ta réponse, a bientot, je vais les essayer.

Salut

-------------------------------------------------------------------------------------------

01-09-2006 à 21:43, missmlo :

J'ai l'antivirus Securitoo installé sur mon pc, mais cet antivirus ne détecte absolument rien, enfin si, il affiche 7 infection à l'écran, mais quand je clique sur rechercher des virus, l'antivirus ne détecte rien ... très bizare ..
S'il vous plait, pouvez vous m'aider, je sais vraiment plus quoi j'essaye tout, mais bon je suis une as de l'informatique donc c'est assez difficile !


et hier j'avais télécharger Avast , en suspendant Securitoo; et lui par contre m'a detecté certains virus, pas tous, mais je n'ai pas reussi a les supprimer la non plus !!

Voila juste un exemple flagrant.
-------------------------------------------------------------------------------------------



Revenons à nos problèmes :


@ AZAZA : Nous en sommes à la version A squarred 2.0





@ Missmlo :

1\ Télécharge Ewido V4.

Lancer Ewido puis :

a) Le mettre à jour en cliquant update now.
b) Redémarrer en mode sans échec (tapoter la touche F8 au démarage de ton ordinateur)
c) Dans l'onglet "Scanner", aller dans Settings puis sous "How to act" choisir Quarantine
d) Maitenant dans l'onglet "Scanner", choisir le "complete system scan".
e) A la fin du scan, cliquer seulement sur : "Apply all actions"
f) Ensuite, cliquer sur "Save Report " puis "Save report as", enregistrer le rapport dans les documents et redémarrer normalement.


Si tu as des problèmes et avant de poser une question sur l'utilisation de ce logiciel, regarder ce tuto explicatif by Rub_Mic.



2\ Télécharge HijackThis et clique sur "Do a system scan only". A la fin du scan fait "save log" et enregistre le sur ton bureau,post le ensuite en fesant un copier-coller

ok, merci à toi freeman j'esaaye tou de suite !! a bientot

alors, j'ai suivie ton conseil Freeman, et voici ce que ça donne :

* avec Ewidoo :

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:57:33 02/09/2006

+ Scan result:



C:\Program Files\INSTAFINK -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK\Cache -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK\Cache\ErrorLog.txt -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK\Cache\NewCfg -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK\Cache\instafinktb0302.cfg -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK\Uninstall.exe -> Adware.404Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BHO.CSBHO -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BHO.CSBHO.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BHO.CSBHO\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BHO.CSBHO\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSBand.HorizontalIEBand -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSBand.HorizontalIEBand.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSBand.HorizontalIEBand\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSBand.HorizontalIEBand\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSBand.VerticalIEBand -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSBand.VerticalIEBand.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSBand.VerticalIEBand\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSBand.VerticalIEBand\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSEng.CSEngine -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSEng.CSEngine.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSEng.CSEngine\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSEng.CSEngine\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSEng.CSHost -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSEng.CSHost.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSEng.CSHost\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSEng.CSHost\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSEng.EvHandler -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSEng.EvHandler.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSEng.EvHandler\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSEng.EvHandler\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSIP.CSCollection -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSIP.CSCollection.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSIP.CSCollection\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSIP.CSCollection\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSIP.CSIPDispatch -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSIP.CSIPDispatch.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSIP.CSIPDispatch\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSIP.CSIPDispatch\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSIP.CSIPPacket -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSIP.CSIPPacket.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSIP.CSIPPacket\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSIP.CSIPPacket\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ComUtil.FCParam -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ComUtil.FCParam.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ComUtil.FCParam\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ComUtil.FCParam\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ComUtil.FctCall -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ComUtil.FctCall.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ComUtil.FctCall\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ComUtil.FctCall\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CometAppUtil.CometUIEvents -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CometAppUtil.CometUIEvents.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CometAppUtil.CometUIEvents\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CometAppUtil.CometUIEvents\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CometCursor.CometCursor -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CometCursor.CometCursor.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CometCursor.CometCursor\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CometCursor.CometCursor\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CometIEToolbar.CometToolbar -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CometIEToolbar.CometToolbar.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CometIEToolbar.CometToolbar\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CometIEToolbar.CometToolbar\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ContextParser.CSRegExp -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ContextParser.CSRegExp.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ContextParser.CSRegExp\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ContextParser.CSRegExp\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ContextParser.ContextProxy -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ContextParser.ContextProxy.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ContextParser.ContextProxyMgr -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ContextParser.ContextProxyMgr.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ContextParser.ContextProxyMgr\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ContextParser.ContextProxyMgr\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ContextParser.ContextProxy\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ContextParser.ContextProxy\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ContextParser.URLContextParser -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ContextParser.URLContextParser.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ContextParser.URLContextParser\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ContextParser.URLContextParser\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.BHO1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.BHO1.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.BHO1\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.BHO1\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.BrowserAppProxy -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.BrowserAppProxy.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.BrowserAppProxy\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.BrowserAppProxy\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.CometFrame -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.CometFrame.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.CometFrame\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.CometFrame\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.CometWindow -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.CometWindow.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.CometWindow\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.CometWindow\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.FileInfo -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.FileInfo.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.FileInfo\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.FileInfo\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.HttpComm -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.HttpComm.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.HttpComm\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.HttpComm\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.MyBrowser1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.MyBrowser1.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.MyBrowser1\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.MyBrowser1\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.SelfUpdater -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.SelfUpdater.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.SelfUpdater\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.SelfUpdater\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.System -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.System.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.System\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.System\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.WindowProxy -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.WindowProxy.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.WindowProxy\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Core.WindowProxy\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMServer.DMNotify -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMServer.DMNotify.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMServer.DMNotify\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMServer.DMNotify\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SkinUI.ActiveWindow -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SkinUI.ActiveWindow.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SkinUI.ActiveWindow\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SkinUI.ActiveWindow\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SkinUI.CSkinUI -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SkinUI.CSkinUI.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SkinUI.CSkinUI\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SkinUI.CSkinUI\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SkinUI.WebBrowserSink -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SkinUI.WebBrowserSink.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SkinUI.WebBrowserSink\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SkinUI.WebBrowserSink\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SkinUI.WindowsHelper -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SkinUI.WindowsHelper.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SkinUI.WindowsHelper\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SkinUI.WindowsHelper\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Cydoor -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\Cydoor -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\INSTAFINK -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\INSTAFINK\Stat -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\INSTAFINK -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\INSTAFINK\Stat -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38477 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38479 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38480 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38481 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38485 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38486 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38515 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38565 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38618 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38639 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38657 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38693 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38723 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38728 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38731 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38731\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38731\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38732 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38732\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38732\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38738 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38738\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38738\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38745 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38745\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38745\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38746 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38746\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38746\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38753 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38754 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38754\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38754\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38760 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38760\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38760\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38761 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38762 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38763 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38763\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38763\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38764 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38764\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38764\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38765 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38765\Objects -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38765\Objects\5 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Reports\38766 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\INSTAFINK\Stat -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned with backup (quarantined).
C:\WINDOWS\MediaGateway.exe -> Adware.WinAD : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SysWebTelecom.SysWebTelecom -> Dialer.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SysWebTelecom.SysWebTelecom\CurVer -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\Coulomb -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-162025716-2409960447-2018322775-1003\Software\Coulomb\mp3arsivleri.ne -> Dialer.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Hayati\Cookies\hayati@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@ad.adocean[2].txt -> TrackingCookie.Adocean : Cleaned with backup (quarantined).
C:\Documents and Settings\Hayati\Cookies\hayati@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Hayati\Cookies\hayati@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Hayati\Cookies\hayati@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Hayati\Cookies\hayati@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
C:\Documents and Settings\Hayati\Cookies\hayati@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@weborama[1].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Documents and Settings\derya\Cookies\derya@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Program Files\xtreme\Push N' Pop\PushNPop.exe -> Trojan.Butano : Cleaned with backup (quarantined).
C:\Program Files\xtreme\SnakesandLadders\Ladders.EXE -> Trojan.Butano : Cleaned with backup (quarantined).


::Report end


*** C'est très long !!


et voici le résultat avec Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 17:05:44, on 02/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSLAUNCH.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRA~1\COMETS~1\bin\autosearch_5.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Icône AOL.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSYYYYYYYYFR
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\AIM.EXE (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://jeux.wanadoo.fr/online2/insaniquarium/zylomgamesplayer.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://jeuxentelechargement.orange.fr/online2/insaniquarium/Oberongamesloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Voila tout !!! Je ne comprend rien du tout à ces longues listes!!!

et merci encore à toi freeman


bonne après midi !! a bientot


Attachement: Report-Scan-20060902-155733.txt

Bonjour.


I) Relance Hijackthis, coche les lignes qui suivent et clique sur fix checked :

O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRA~1\COMETS~1\bin\autosearch_5.dll (file missing)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSYYYYYYYYFR

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\AIM.EXE (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitial Setup1.0.0.8-2.cab

II) Assure toi d'avoir accés au fichier caché :

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer l'option : Afficher les fichiers et dossiers cachés
Désactiver l'option : Masquer les extensions des fichiers dont le type est connu
Désactiver l'option : Masquer les fichiers protégés du système d'exploitation
Puis cliquer sur "Appliquer à tous les dossiers"

III) Redémarre en mode sans échec et supprime ce fichier :

C:\Program Files\hp center\137903\Program\BackWeb-137903.exe




IV) Va sur Cette page et clic sur sur le lien "Download the trial" à droite.


a) Installe le et démare le
b) Il va te demander de télécharger la dernière définition, accepte
c) Ensuite, clic sur le bouton Options à gauche
d) Clic sur l'onglet Options
e) Coche ces options :

* Sweep Memory
* Sweep Registry
* Sweep Cookies
* Sweep All User Accounts
* Enable Direct Disk Sweeping
* Sweep Contents of Compressed Files
* Sweep for Rootkits

* Décoche Do not Sweep System Restore Folder. - Démarre SpySweeper

f) Clic sur "Sweep Now" à gauche
g) Clic sur le bouton "Start"
h) Quand le scan est terminé, clic sur le bouton "Next"
i) Assure toi que tout est coché et clic sur le bouton "Next"
j) Lorsque tous les éléments trouvés ont été supprimés
k) Clic sur "Session Log" en haut à droite, copie tous les élements du log.
l) Ferme les fenêtres et copie/colle tout le log ici.

N'hésite pas à consulter l'Aide de SpySweeper





V) Télécharge F-Secure Blacklight : https://europe.f-secure.com/blacklight/try.shtml

Lance-le en double-cliquant sur le fichier blbeta.exe
Accepte la licence, et clique enfin sur "Scan"
- Poste le rapport qui a été créé dans le fichier fsbl-bxxxx.log en l'ouvrant avec le bloc-note.
Tu peux consulter le tutorial de F-Secure BlackLight