virus epass-key

Bonjour,

Installe Ewido
Lance Ewido puis mets le à jour en cliquant sur " Update Now "
Ferme le programme.
Aide sur Ewido de Rub_Mic

Redémarre en mode sans échec

Relance Ewido puis choisis l'onglet " Scanner "
Fais un " Complete System Scan "
* Si un fichier est infecté, choisis l'option " Apply All Actions " en fin d'analyse *
Clique sur " Save Report " puis sur " Save Report As "
Enregistre ce fichier .txt sur ton bureau, Copie/Colle le ici en mode normal.

Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence; laisse [X]scan through Windows Explorer activé; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe

impossible d'acceder à F secure ...

Fais un scan Ewido et on verra apres.

+ Created at: 20:05:22 06/07/2006

+ Scan result:



HKLM\SOFTWARE\sais -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-1067759409-2395198915-2534018022-1010\Software\sais -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Cleaned with backup (quarantined).
C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\5877859.dll -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\WINDOWS\sideb.exe -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\doolsav.dat -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\elitedoolsav.dat -> Adware.EliteBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
C:\Program Files\Adverts\uninst.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pbfrv2.dll -> Adware.PowerSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\Documents and Settings\Jo\Local Settings\Temp\ICD2.tmp\egaccess4_1063.dll -> Dialer.EgroupDial.x : Cleaned with backup (quarantined).
C:\WINDOWS\system32\EGACCESS.dll -> Dialer.EgroupDial.x : Cleaned with backup (quarantined).
C:\WINDOWS\system32\egaccess4_1063.dll -> Dialer.EgroupDial.x : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1067759409-2395198915-2534018022-1010\Software\egdhtml -> Dialer.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\system32procia.exe -> Dialer.InstantAccess.f : Cleaned with backup (quarantined).
C:\WINDOWS\system32\EGDACCESS.dll -> Dialer.InstantAccess.m : Cleaned with backup (quarantined).
C:\WINDOWS\system32\EGDACCESS_1073.dll -> Dialer.InstantAccess.m : Cleaned with backup (quarantined).
C:\WINDOWS\system32\EGDACCESS_1074.dll -> Dialer.InstantAccess.m : Cleaned with backup (quarantined).
C:\Documents and Settings\Jo\Local Settings\Temp\ICD1.tmp\EGDACCESS_ASPIV4_1073.dll -> Dialer.InstantAccess.n : Cleaned with backup (quarantined).
C:\WINDOWS\system32\EGDACCESS_ASPIV4_1073.dll -> Dialer.InstantAccess.n : Cleaned with backup (quarantined).
C:\WINDOWS\system32\egaccess4_1060.dll -> Dialer.InstantAccess.r : Cleaned with backup (quarantined).
C:\WINDOWS\system32\egaccess4_1061.dll -> Dialer.InstantAccess.r : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.127:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.136:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.137:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.138:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Cookies\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.264:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.265:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.266:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.267:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.268:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.288:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@lsfnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.373:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.374:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.153:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.154:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.147:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.148:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.149:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.150:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.88:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Cookies\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.27:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.40:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Cookies\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.174:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Bpath : Cleaned.
:mozilla.176:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Bpath : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@ads13.bpath[1].txt -> TrackingCookie.Bpath : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@ads43.bpath[2].txt -> TrackingCookie.Bpath : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.314:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.315:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.316:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.234:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.439:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.118:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.119:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.120:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.121:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.429:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.10:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.42:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Cookies\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.24:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.87:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Cookies\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨@estat[1].txt -> TrackingCookie.Estat : Cleaned.
:mozilla.16:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.29:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.302:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.303:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.304:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.305:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.306:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Cookies\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.240:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.328:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.348:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.215:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.216:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.217:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.51:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.53:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.54:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.55:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.371:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.372:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.384:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.385:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.46:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.47:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.82:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Cookies\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.222:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.101:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.102:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.291:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.292:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.293:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.20:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.21:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.22:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.23:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.253:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.254:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.255:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.256:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.257:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Cookies\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Cookies\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.405:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.430:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.431:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.18:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.20:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.24:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.25:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.26:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.30:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.31:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.32:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Cookies\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.332:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.289:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.290:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.106:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.107:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.108:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.109:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.110:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.235:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.236:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.87:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.90:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.83:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.84:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.85:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.85:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.86:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.60:C:\Documents and Settings\¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨\Application Data\Mozilla\Firefox\Profiles\sa10vx50.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.287:C:\Documents and Settings\Jo\Application Data\Mozilla\Firefox\Profiles\xfc8xf27.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Jo\Cookies\jo@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Télécharge:

Ccleaner
Installe le dans un répertoire dédié.

Brute Force Uninstaller
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)

Va sur cette page
Tu fais le clic droit sur le premier lien, celui de metallica
Choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU).

**Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

Redémarre en mode sans échec.
Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.

Lance le nettoyage avec CCleaner.

Démarre le "Brute Force Uninstaller" en double-cliquant [/b]BFU.exe[/b] (du dossier C:\BFU)
Sous Scriptline to execute copie/colle cette ligne :

C:\bfu\ EGDACCESS.bfu

Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.
Clique Exit pour fermer le programme BFU.

Redemarre normalement

Bonsoir tous le monde,

Après avoir fait le BFU il serrait aussi interressant d'avoir un nouveau rapport HijackThis. :-D

Logfile of HijackThis v1.99.1
Scan saved at 21:05:12, on 06/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\mioengine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Jo\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\ELITET~1.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Pf3lFlfpN] C:\WINDOWS\siuulxs.exe
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Jo\LOCALS~1\Temp\bundle.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [ovnwicskm] c:\windows\system32\ovnwicskm.exe -start
O4 - HKLM\..\Run: [ntflapq] c:\windows\system32\ntflapq.exe -start
O4 - HKLM\..\Run: [yjvrutpgad] c:\windows\system32\yjvrutpgad.exe yjvrutpgad
O4 - HKLM\..\Run: [woztuv] c:\windows\system32\woztuv.exe woztuv
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1058.dll,InstantAccess
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Anti-Pub.lnk = ?
O4 - Startup: Barre TF1.lnk = C:\Documents and Settings\Jo\Application Data\mioObjects\[objects]\76QXAF2603YEBQ77.mio
O4 - Startup: Eurobarre.lnk = ?
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1CD4E2DC-2DA0-4154-8723-38CB04FB6A58} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {3616F4B5-F6AD-4E67-966A-C218673648A0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910...
O16 - DPF: {54579C3D-A58D-4623-B5B5-465552BDA45B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {624321F1-0581-49D8-99BD-2E952C2DF31B} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {7504F0D5-644A-4103-9D02-95488B6CB9A1} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {78F584DF-BBF5-4296-839C-31DE60914DBC} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {E1D20694-74D9-472D-AF03-08C26173A67F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {EF4DCD99-D26B-44A4-BA77-CFDCC97E7291} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} - http://install.premiumzone.de/InstallationsAssistent.oc...
O16 - DPF: {FA605711-8E72-46B2-AE49-BED11B2E729D} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {FA83E942-B796-46DE-9155-1632ECC5473B} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_d...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A140814-5836-4D02-9547-1CA2498DAC2C}: NameServer = 86.64.145.145 84.103.237.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{A92DBBBF-051F-447A-BD32-398048FB4EFE}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A140814-5836-4D02-9547-1CA2498DAC2C}: NameServer = 84.103.237.146 86.64.145.146
O17 - HKLM\System\CS3\Services\Tcpip\..\{0A140814-5836-4D02-9547-1CA2498DAC2C}: NameServer = 86.64.145.145 84.103.237.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

C'est bon ? :-o

As tu bien realise la procedure ?
Je ne pense pas...

As tu bien obtenue un fichier egdacces.bfu ?

oui j'ai reçu ce fichier. D'ailleurs depuis je réutilise explorer et le virus ne s'affiche pas ...

Par contre il est toujours la, je m'en occupe.

merci beaucoup ! :roll:

La procédure est longue et en partie en mode sans échec,
imprime ou mets dans un fichier texte les instructions.

Télécharge:

Ccleaner
Installe le dans un répertoire dédié.
Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"
Aide sur Ccleaner de Rub_Mic

Redémarre en mode sans échec

- Lance Hijackthis ->Do a system scan only
->Coche les lignes puis clique sur Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\ELITET~1.DLL (file missing)
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll (file missing)
O4 - HKLM\..\Run: [Pf3lFlfpN] C:\WINDOWS\siuulxs.exe
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Jo\LOCALS~1\Temp\bundle.exe
O4 - HKLM\..\Run: [ovnwicskm] c:\windows\system32\ovnwicskm.exe -start
O4 - HKLM\..\Run: [ntflapq] c:\windows\system32\ntflapq.exe -start
O4 - HKLM\..\Run: [yjvrutpgad] c:\windows\system32\yjvrutpgad.exe yjvrutpgad
O4 - HKLM\..\Run: [woztuv] c:\windows\system32\woztuv.exe woztuv
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1058.dll,InstantAccess
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {1CD4E2DC-2DA0-4154-8723-38CB04FB6A58} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {3616F4B5-F6AD-4E67-966A-C218673648A0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {54579C3D-A58D-4623-B5B5-465552BDA45B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {624321F1-0581-49D8-99BD-2E952C2DF31B} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {7504F0D5-644A-4103-9D02-95488B6CB9A1} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {78F584DF-BBF5-4296-839C-31DE60914DBC} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {E1D20694-74D9-472D-AF03-08C26173A67F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {EF4DCD99-D26B-44A4-BA77-CFDCC97E7291} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} - http://install.premiumzone.de/InstallationsAssistent.oc...
O16 - DPF: {FA605711-8E72-46B2-AE49-BED11B2E729D} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {FA83E942-B796-46DE-9155-1632ECC5473B} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
- Assure toi d'avoir accès aux dossiers/fichiers cachés
-> Démarrer
-> Panneau de configuration
-> Options des Dossiers, onglet Affichage :
. Clique sur Afficher les dossiers cachés
. Décoche Masquer les extensions des fichiers dont le type est connu
. Décoche Masquer les fichiers protégés du système d'exploitation

- Suppime ces fichiers ou dossiers s'ils existent encore:

C:\WINDOWS\EliteSideBar\
C:\WINDOWS\siuulxs.exe
C:\PROGRA~1\COMMON~1\tsa\
C:\Program Files\DeskAd Service\
C:\DOCUME~1\Jo\LOCALS~1\Temp\<- vide le dossier
c:\windows\system32\ovnwicskm.exe
c:\windows\system32\ntflapq.exe
c:\windows\system32\yjvrutpgad.exe
c:\windows\system32\woztuv.exe
c:\program files\mailskinner\
EGACCESS4_1058.dll

- Lance un nettoyage Ccleaner :
Clique sur le bouton "Analyse" puis "Lancer le Néttoyage"

Redémarre normalement.

- Fais un scan en ligne Kaspersky
Aide pour le scan en ligne
Sauvegarde puis colle le rapport en fin d'analyse.

J'ai pas réussi à vider tous les fichiers temporaires... Et Kapersky je ne sais comment comment obtenir le rapport donc j'ai pris celui d'hijack this :

Logfile of HijackThis v1.99.1
Scan saved at 18:04:09, on 07/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Jo\Bureau\HijackThis.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\mioengine.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Anti-Pub.lnk = ?
O4 - Startup: Barre TF1.lnk = C:\Documents and Settings\Jo\Application Data\mioObjects\[objects]\76QXAF2603YEBQ77.mio
O4 - Startup: Eurobarre.lnk = ?
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_d...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A140814-5836-4D02-9547-1CA2498DAC2C}: NameServer = 86.64.145.144 84.103.237.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{A92DBBBF-051F-447A-BD32-398048FB4EFE}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A140814-5836-4D02-9547-1CA2498DAC2C}: NameServer = 84.103.237.146 86.64.145.146
O17 - HKLM\System\CS3\Services\Tcpip\..\{0A140814-5836-4D02-9547-1CA2498DAC2C}: NameServer = 86.64.145.144 84.103.237.144
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Est ce tout de même ok ?
En tous cas déjà un grand merci !

Poste aussi un rapport Blacklight (de F-Secure) (nouveau lien)
https://europe.f-secure.com/blacklight/try.shtml
Clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence; laisse [X]scan through Windows Explorer activé; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse

07/07/06 18:39:08 [Info]: BlackLight Engine 1.0.42 initialized
07/07/06 18:39:08 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/07/06 18:39:12 [Note]: 7019 4
07/07/06 18:39:12 [Note]: 7005 0
07/07/06 18:39:28 [Note]: 7006 0
07/07/06 18:39:28 [Note]: 7011 432
07/07/06 18:39:29 [Note]: 7026 0
07/07/06 18:39:29 [Note]: 7026 0
07/07/06 18:39:29 [Note]: 7024 3
07/07/06 18:39:29 [Info]: Hidden process: C:\windows\system32\oexrkq.exe
07/07/06 18:39:29 [Note]: FSRAW library version 1.7.1019
07/07/06 18:39:33 [Info]: Hidden file: c:\Program Files\AVPersonal\INFECTED\MSPLOCK32.DLL.VIR
07/07/06 18:39:33 [Note]: 10002 1
07/07/06 18:44:46 [Note]: 4013 28377
07/07/06 18:44:46 [Note]: 4020 25302 4063232
07/07/06 18:44:46 [Note]: 4020 25302 4063232
07/07/06 18:44:46 [Note]: 4018 25302 4063232
07/07/06 18:44:46 [Note]: 4013 28377
07/07/06 18:44:46 [Note]: 4020 25302 4063232
07/07/06 18:44:46 [Note]: 4018 25302 4063232
07/07/06 18:48:48 [Info]: Hidden file: c:\WINDOWS\system32\oexrkq.dat
07/07/06 18:48:48 [Note]: 10002 1
07/07/06 18:48:54 [Info]: Hidden file: c:\WINDOWS\system32\msclock32.dll
07/07/06 18:48:54 [Note]: 10002 1
07/07/06 18:48:57 [Info]: Hidden file: C:\windows\system32\oexrkq.exe
07/07/06 18:48:57 [Note]: 10002 1
07/07/06 18:49:04 [Info]: Hidden file: c:\WINDOWS\system32\msplock32.dll
07/07/06 18:49:04 [Note]: 10002 1
07/07/06 18:49:05 [Info]: Hidden file: c:\WINDOWS\system32\MSPLOCK32.DLL.VIR
07/07/06 18:49:05 [Note]: 10002 1
07/07/06 18:49:07 [Info]: Hidden file: c:\WINDOWS\system32\oexrkq_nav.dat
07/07/06 18:49:07 [Note]: 10002 1
07/07/06 18:49:09 [Info]: Hidden file: c:\WINDOWS\system32\oexrkq_navps.dat
07/07/06 18:49:09 [Note]: 10002 1
07/07/06 18:49:10 [Info]: Hidden file: c:\WINDOWS\system32\oexrkq_navup.dat
07/07/06 18:49:10 [Note]: 10002 1
07/07/06 18:49:13 [Info]: Hidden file: c:\WINDOWS\PREFETCH\OEXRKQ.EXE-1B0BB428.pf
07/07/06 18:49:13 [Note]: 10002 1
07/07/06 18:53:09 [Note]: 7007 0

On continue

Prière d'imprimer ces instructions, ou de les coller dans un fichier texte pour lecture en mode Sans Échec.

Ouvre le Bloc-note et copie-colle les lignes en bleu ci-dessous

DllUnregister %SYSDIR%\msclock32.dll|1
DllUnregister %SYSDIR%\msplock32.dll|1

RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oexrkq
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|oexrkq

FileDelete %SYSDIR%\oexrkq_navps.dat
FileDelete %SYSDIR%\oexrkq_nav.dat
FileDelete %SYSDIR%\oexrkq.dat
FileDelete %SYSDIR%\oexrkq.exe
FileDelete %SYSDIR%\msclock32.dll
FileDelete %SYSDIR%\MSPLOCK32.DLL.VIR
FileDelete %SYSDIR%\msplock32.dll

SystemEmptyTempFolder
SystemEmptyRecycleBinF8[/b]; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

Fixme.bfu

- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Fixme.bfu

Clique sur Execute et laisse-le faire son travail.

Attendre que Complete script execution apparaîsse et clique sur OK.
Clique Exit pour fermer le programme BFU.

Redémarre normalement.

Nouveau BlackLight.

moi je vooyais cela : c:\BFU\Fixme.bfu.txt


voilà le rapport F secure : il na rien trouvé!

ou plutot si il disait ceci :
/06 08:52:10 [Info]: BlackLight Engine 1.0.42
initialized
07/08/06 08:52:10 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/08/06 08:52:11 [Note]: 7019 4
07/08/06 08:52:11 [Note]: 7005 0
07/08/06 08:52:30 [Error]: 6024 1
07/08/06 08:52:30 [Error]: 6024 1
07/08/06 08:52:30 [Note]: 7006 0
07/08/06 08:52:30 [Note]: 7011 796
07/08/06 08:52:31 [Note]: 7026 0
07/08/06 08:52:31 [Note]: 7026 0
07/08/06 08:52:31 [Error]: 6024 1
07/08/06 08:53:13 [Note]: FSRAW library version 1.7.1019
07/08/06 08:59:43 [Note]: 7007 0

Bonjour

Pour voir le fichier en BFU et non en texte, il faut faire ceci