Ordinateur très lent, pubs omniprésentes...

Carina -  
 guillaume -
Bonsoir,
Voilà j'ai un gros souci depuis 2 semaines avec mon ordi, il est très lent et lorsque je navigue sur internet, des fenêtres de pubs s'affichent continuellement, c'est de pire en pire ces jours-ci... En naviguant sur le web j'ai constaté que beaucioup de personnes avaient ce problème ces temps-ci...
Si quelqu'un pouvait m'aider à résoudre ce problème assez rapidement ce serait gentil...

Voici le rapport de mon scan HiJackThis...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:29:00, on 21/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Planetis
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SurfairyHlp Class - {E0B9B5FE-B66E-4FB0-A1D9-726F0E743CFD} - C:\Program Files\Surfairy\SurfairyPP.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb126\Dealio.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Help Creative Meow City] C:\Documents and Settings\All Users\Application Data\aim rect help creative\HOLD HIDE.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ford keep] C:\DOCUME~1\Carina\APPLIC~1\OPTION~1\2 Bin Flag.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - Global Startup: Hp psc 700 series.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Carina\Application Data\Dealio\kb126\res\DealioSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 9164 bytes
Configuration: Windows XP
Internet Explorer 7.0

20 réponses

  1. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Salut

    Fais un clic droit sur ce lien :
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Fais un clic droit sur navilog1.zip et choisis "tout extraire"
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

    Laisse-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
    Copie-colle l'intégralité dans une réponse. Referme le blocnote.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
    TUTO :: http://www.malekal.com/Adware.Magic_Control.php

    Bon courage
    A++
    1
  2. oertli
     
    Salut, comence par initialiser internet.
    Panneau de config/ option internet/ avancé/ initialisé
    A+
    0
  3. oertli
     
    Alors à tu toujours ton retour de pub sur le web?
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. Carina
     
    Oui oui toujours des pubs malheureusement...
    0
  6. oertli
     
    Dès l'ouverture de ta page d'acceuille on te cannarde? quel est ta page d'acceuille?
    0
  7. Carina
     
    Je n'ai pas de page d'accueil, j'ai simplment laissé une page vierge, mais dés que je commence à ouvrir des page web j'ai des pubs aussitôt. Mon ordi est lent et se bloque de temps en temps pendant de courts instants aussi bien sur internet que ds laes autres programmes... Je pense qu'il y a un virus, non ? Que dit mon scan HijackThis ?
    0
  8. Carina
     
    Merci pour ton aide, la recherche est lancée, je patiente. Par contre j'ai aussi fait l'analyse avec Malware bytes, Anti malware que Guillaume m'a conseillé plus haut, mais rien de suspect n'a été trouvé... Je ne comprends rien à ce qui se passe...
    0
  9. Carina
     
    Voilà (enfin !) le rapport avec Navilog1 :

    Search Navipromo version 3.6.5 commencé le 21/09/2008 à 11:55:29,67

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "Carina"

    Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.13
    Système de fichiers : NTFS

    Recherche executé en mode normal

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans "C:\WINDOWS" ***

    *** Recherche dossiers dans "C:\Program Files" ***

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Carina\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\ALAIN\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\Romain\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Carina\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\ALAIN\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\PROPRI~1\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\Romain\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Carina\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\ALAIN\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\Romain\menudm~1\progra~1" ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\Carina\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\ALAIN\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\PROPRI~1\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\Romain\locals~1\applic~1" *

    *** Recherche fichiers ***

    *** Recherche clés spécifiques dans le Registre ***

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :

    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :

    * Dans "C:\Documents and Settings\Carina\locals~1\applic~1" :

    * Dans "C:\DOCUME~1\ALAIN\locals~1\applic~1" :

    * Dans "C:\DOCUME~1\PROPRI~1\locals~1\applic~1" :

    * Dans "C:\DOCUME~1\Romain\locals~1\applic~1" :

    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :

    *** Analyse terminée le 21/09/2008 à 12:21:23,10 ***
    0
    1. guillaume
       
      Re

      Peux tu reposter un scan hijackhis
      0
  10. Carina
     
    Voilà le scan HijackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:41:13, on 21/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Apps\ActivBoard\nhksrv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\atiptaxx.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Apps\ActivBoard\MMKeybd.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Apps\ActivBoard\TrayMon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Apps\ActivBoard\OSD.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Planetis
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SurfairyHlp Class - {E0B9B5FE-B66E-4FB0-A1D9-726F0E743CFD} - C:\Program Files\Surfairy\SurfairyPP.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
    O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb126\Dealio.dll
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Help Creative Meow City] C:\Documents and Settings\All Users\Application Data\aim rect help creative\GRID PART.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ford keep] C:\DOCUME~1\Carina\APPLIC~1\OPTION~1\2 Bin Flag.exe
    O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
    O4 - Global Startup: Hp psc 700 series.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Carina\Application Data\Dealio\kb126\res\DealioSearch.html
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Suggestions - {2223664C-1942-4276-9A2D-E8D8F547C5D2} - res://EffiPeled (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
    O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    0
  11. guillaume
     
    Re

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)
    0
  12. Carina
     
    Voilà le rapport :

    -----------\\ ToolBar S&D 1.2.0 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) Processor )
    BIOS : Default System BIOS
    USER : Carina ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 080920-0] 4.8.1229 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total : 35 Go Free : 15 Go
    D:\ (Local Disk) - NTFS - Total : 74 Go Free : 58 Go
    Q:\ (CD or DVD)
    R:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 14-09-2008|23:30 )
    Option : [1] ( 21/09/2008|15:37 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\DOCUME~1\Carina\LOCALS~1\Temp\NERO14992\Toolbar.exe
    C:\DOCUME~1\ALAIN\APPLIC~1\Dealio
    C:\DOCUME~1\ALAIN\APPLIC~1\Dealio\kb126
    C:\DOCUME~1\Romain\APPLIC~1\Dealio
    C:\DOCUME~1\Romain\APPLIC~1\Dealio\kb126
    C:\WINDOWS\Prefetch\DEALIOAU.EXE-0D71B01B.pf
    C:\DOCUME~1\Carina\Cookies\carina@dealio[1].txt
    C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-30EFBC20.pf
    C:\DOCUME~1\ALAIN\APPLIC~1\Search Settings
    C:\DOCUME~1\ALAIN\APPLIC~1\Search Settings\kb126
    C:\DOCUME~1\Carina\APPLIC~1\Search Settings
    C:\DOCUME~1\Carina\APPLIC~1\Search Settings\kb126
    C:\DOCUME~1\Romain\APPLIC~1\Search Settings
    C:\DOCUME~1\Romain\APPLIC~1\Search Settings\kb126
    C:\Program Files\Search Settings
    C:\Program Files\Search Settings\kb126
    C:\Program Files\Search Settings\SearchSettings.exe

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="about:blank"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - 21/09/2008|15:42 - Option : [1]

    -----------\\ Fin du rapport a 15:42:16,37
    0
    1. guillaume
       
      Ok

      Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
      ! Ne ferme pas la fenêtre lors de la suppression !
      Un rapport sera généré, poste son contenu ici.

      NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
      Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
      Tape explorer puis valide.
      0
  13. Carina
     
    Merci, voilà le rapport :

    -----------\\ ToolBar S&D 1.2.0 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) Processor )
    BIOS : Default System BIOS
    USER : Carina ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 080920-0] 4.8.1229 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total : 35 Go Free : 15 Go
    D:\ (Local Disk) - NTFS - Total : 74 Go Free : 58 Go
    Q:\ (CD or DVD)
    R:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 14-09-2008|23:30 )
    Option : [2] ( 21/09/2008|16:04 )

    -----------\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\Carina\LOCALS~1\Temp\NERO14992\Toolbar.exe
    Supprime! - C:\DOCUME~1\ALAIN\APPLIC~1\Dealio\kb126
    Supprime! - C:\DOCUME~1\Romain\APPLIC~1\Dealio\kb126
    Supprime! - C:\WINDOWS\Prefetch\DEALIOAU.EXE-0D71B01B.pf
    Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-30EFBC20.pf
    Supprime! - C:\DOCUME~1\ALAIN\APPLIC~1\Search Settings\kb126
    Supprime! - C:\DOCUME~1\Carina\APPLIC~1\Search Settings\kb126
    Supprime! - C:\DOCUME~1\Romain\APPLIC~1\Search Settings\kb126
    Supprime! - C:\Program Files\Search Settings\kb126
    Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
    Supprime! - C:\DOCUME~1\ALAIN\APPLIC~1\Dealio
    Supprime! - C:\DOCUME~1\Romain\APPLIC~1\Dealio
    Supprime! - C:\DOCUME~1\ALAIN\APPLIC~1\Search Settings
    Supprime! - C:\DOCUME~1\Carina\APPLIC~1\Search Settings
    Supprime! - C:\DOCUME~1\Romain\APPLIC~1\Search Settings
    Supprime! - C:\Program Files\Search Settings

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\DOCUME~1\Carina\Cookies\carina@dealio[2].txt
    0
    1. Carina
       
      et la fin du rapport :

      ----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      "Start Page"="about:blank"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
      "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Start Page"="https://www.msn.com/fr-fr/"


      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !


      1 - "C:\ToolBar SD\TB_1.txt" - 21/09/2008|15:42 - Option : [1]
      2 - "C:\ToolBar SD\TB_2.txt" - 21/09/2008|16:12 - Option : [2]

      -----------\\ Fin du rapport a 16:12:32,45
      0
    2. guillaume
       
      Impeccable

      Télécharge ceci:https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
      ---> Double-clique dessus pour lancer l'installation
      ---> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
      ---> Séléctionne la langue souhaitée, puis choisis l'option 1 (Recherche)
      ---> Patiente jusqu'à la fin du scan
      ---> Poste le rapport généré (C:\lopR.txt)

      (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

      Si tu as un problème pour utiliser Lop S&D, regarde dans le tutorial :
      http://bibou0007.com/outils-specifiques-f78/tutorial-lop-sd-t956.htm#11431
      0
  14. Carina
     
    voici le rapport :

    --------------------\\ Lop S&D 4.2.4-4 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) Processor )
    BIOS : Default System BIOS
    USER : Carina ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 080920-0] 4.8.1229 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total : 35 Go Free : 15 Go
    D:\ (Local Disk) - NTFS - Total : 74 Go Free : 58 Go
    Q:\ (CD or DVD)
    R:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
    Option : [1] ( 21/09/2008|16:23 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [13/01/2008|01:32] C:\DOCUME~1\ALAIN\APPLIC~1\Adobe
    [22/02/2008|00:05] C:\DOCUME~1\ALAIN\APPLIC~1\AdobeUM
    [24/02/2008|20:31] C:\DOCUME~1\ALAIN\APPLIC~1\ArcSoft
    [13/01/2008|14:26] C:\DOCUME~1\ALAIN\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
    [16/01/2008|00:07] C:\DOCUME~1\ALAIN\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
    [13/01/2008|01:12] C:\DOCUME~1\ALAIN\APPLIC~1\Identities
    [13/01/2008|01:32] C:\DOCUME~1\ALAIN\APPLIC~1\InterTrust
    [13/01/2008|10:57] C:\DOCUME~1\ALAIN\APPLIC~1\Macromedia
    [07/09/2008|17:16] C:\DOCUME~1\ALAIN\APPLIC~1\Microsoft
    [01/09/2008|22:55] C:\DOCUME~1\ALAIN\APPLIC~1\OptionOnceBold

    [28/06/2008|17:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [14/08/2008|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [21/09/2008|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\aim rect help creative
    [19/02/2008|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Alexandra Ledermann 8
    [05/07/2008|22:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [05/07/2008|22:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [16/04/2008|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
    [21/09/2008|10:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [15/01/2008|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [15/04/2008|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [19/02/2008|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
    [15/08/2008|13:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    [14/08/2008|13:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero(2)
    [13/01/2008|01:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [26/04/2008|16:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
    [20/02/2008|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [15/04/2008|18:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [13/02/2008|15:06] C:\DOCUME~1\Carina\APPLIC~1\Adobe
    [28/06/2008|17:16] C:\DOCUME~1\Carina\APPLIC~1\AdobeUM
    [22/07/2008|20:08] C:\DOCUME~1\Carina\APPLIC~1\Ahead
    [05/07/2008|22:22] C:\DOCUME~1\Carina\APPLIC~1\Apple Computer
    [20/02/2008|16:00] C:\DOCUME~1\Carina\APPLIC~1\ArcSoft
    [14/08/2008|13:44] C:\DOCUME~1\Carina\APPLIC~1\Creative
    [13/01/2008|11:39] C:\DOCUME~1\Carina\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
    [06/04/2008|15:10] C:\DOCUME~1\Carina\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
    [14/08/2008|18:47] C:\DOCUME~1\Carina\APPLIC~1\GrabPro
    [20/02/2008|16:58] C:\DOCUME~1\Carina\APPLIC~1\Help
    [13/01/2008|01:12] C:\DOCUME~1\Carina\APPLIC~1\Identities
    [19/02/2008|18:40] C:\DOCUME~1\Carina\APPLIC~1\InstallShield
    [13/01/2008|01:32] C:\DOCUME~1\Carina\APPLIC~1\InterTrust
    [16/04/2008|20:23] C:\DOCUME~1\Carina\APPLIC~1\Macromedia
    [21/09/2008|10:35] C:\DOCUME~1\Carina\APPLIC~1\Malwarebytes
    [13/01/2008|12:24] C:\DOCUME~1\Carina\APPLIC~1\MGI
    [15/04/2008|18:39] C:\DOCUME~1\Carina\APPLIC~1\Microsoft
    [19/02/2008|17:46] C:\DOCUME~1\Carina\APPLIC~1\MSN6
    [17/07/2008|14:51] C:\DOCUME~1\Carina\APPLIC~1\OpenOffice.org2
    [21/09/2008|09:51] C:\DOCUME~1\Carina\APPLIC~1\OptionOnceBold
    [14/08/2008|18:55] C:\DOCUME~1\Carina\APPLIC~1\Orbit
    [20/02/2008|16:01] C:\DOCUME~1\Carina\APPLIC~1\Panasonic
    [20/02/2008|20:06] C:\DOCUME~1\Carina\APPLIC~1\SecuROM
    [13/01/2008|17:47] C:\DOCUME~1\Carina\APPLIC~1\vlc
    [15/04/2008|19:26] C:\DOCUME~1\Carina\APPLIC~1\Windows Live Writer
    [16/04/2008|19:12] C:\DOCUME~1\Carina\APPLIC~1\WinRAR

    [13/01/2008|01:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
    [13/01/2008|01:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [13/01/2008|01:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
    [13/01/2008|01:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [29/05/2008|22:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
    [13/01/2008|01:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [13/01/2008|01:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [13/01/2008|01:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
    [13/01/2008|01:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
    [13/01/2008|01:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\InterTrust
    [13/01/2008|01:00] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft

    [14/02/2008|18:44] C:\DOCUME~1\Romain\APPLIC~1\Adobe
    [17/02/2008|11:32] C:\DOCUME~1\Romain\APPLIC~1\AdobeUM
    [18/01/2008|18:18] C:\DOCUME~1\Romain\APPLIC~1\Ahead
    [27/07/2008|10:25] C:\DOCUME~1\Romain\APPLIC~1\Apple Computer
    [25/08/2008|19:11] C:\DOCUME~1\Romain\APPLIC~1\DivX
    [16/01/2008|00:42] C:\DOCUME~1\Romain\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
    [17/01/2008|19:11] C:\DOCUME~1\Romain\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
    [19/01/2008|11:08] C:\DOCUME~1\Romain\APPLIC~1\Help
    [13/01/2008|01:12] C:\DOCUME~1\Romain\APPLIC~1\Identities
    [13/01/2008|01:32] C:\DOCUME~1\Romain\APPLIC~1\InterTrust
    [17/01/2008|19:14] C:\DOCUME~1\Romain\APPLIC~1\Macromedia
    [25/08/2008|18:57] C:\DOCUME~1\Romain\APPLIC~1\Microsoft
    [30/08/2008|09:05] C:\DOCUME~1\Romain\APPLIC~1\OptionOnceBold

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [21/09/2008 16:00][--ah-----] C:\WINDOWS\tasks\AE9B38C79188A93B.job
    [21/09/2008 16:00][--ah-----] C:\WINDOWS\tasks\AB58F4AF91876BCB.job
    [21/09/2008 10:03][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [28/08/2001 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    ( AB58F4AF91876BCB.job )=( c:\docume~1\romain\applic~1\option~1\Funkitchplay.exe )
    ( AE9B38C79188A93B.job )=( c:\docume~1\carina\applic~1\option~1\Funkitchplay.exe )

    --------------------\\ Listing des dossiers dans C:\Program Files

    [28/06/2008|17:12] C:\Program Files\Adobe
    [13/01/2008|12:34] C:\Program Files\Alwil Software
    [05/07/2008|22:16] C:\Program Files\Apple Software Update
    [20/02/2008|15:49] C:\Program Files\ArcSoft
    [21/02/2008|17:35] C:\Program Files\ATI Technologies
    [13/01/2008|01:25] C:\Program Files\Audioneer
    [13/01/2008|01:23] C:\Program Files\BackWeb
    [13/01/2008|01:05] C:\Program Files\ComPlus Applications
    [13/01/2008|01:30] C:\Program Files\DesignPro 2000
    [19/02/2008|16:57] C:\Program Files\DivX
    [13/01/2008|11:02] C:\Program Files\D-Link
    [14/09/2008|16:20] C:\Program Files\EHMINSTALL
    [14/08/2008|13:11] C:\Program Files\Fichiers communs
    [13/01/2008|01:30] C:\Program Files\HandyBits
    [17/04/2008|10:35] C:\Program Files\Hewlett-Packard
    [14/08/2008|13:44] C:\Program Files\InstallShield Installation Information
    [14/08/2008|21:59] C:\Program Files\Internet Explorer
    [14/08/2008|22:03] C:\Program Files\Messenger
    [30/08/2008|09:04] C:\Program Files\Messenger Plus! Live
    [13/01/2008|12:24] C:\Program Files\MGI
    [26/04/2008|17:33] C:\Program Files\Micro Application
    [13/01/2008|01:08] C:\Program Files\microsoft frontpage
    [13/01/2008|11:49] C:\Program Files\Microsoft Games
    [13/01/2008|01:31] C:\Program Files\Microsoft Money
    [19/02/2008|16:55] C:\Program Files\Microsoft Office
    [15/04/2008|18:46] C:\Program Files\Microsoft SQL Server Compact Edition
    [13/01/2008|01:19] C:\Program Files\MouseWare
    [20/02/2008|21:01] C:\Program Files\Movie Maker
    [15/04/2008|18:54] C:\Program Files\MSN
    [13/01/2008|01:04] C:\Program Files\MSN Gaming Zone
    [21/09/2008|15:55] C:\Program Files\Navilog1
    [15/01/2008|17:23] C:\Program Files\Nero
    [20/02/2008|20:57] C:\Program Files\NetMeeting
    [16/04/2008|20:57] C:\Program Files\OpenOffice.org 2.1
    [16/03/2008|03:36] C:\Program Files\Outlook Express
    [20/02/2008|15:51] C:\Program Files\Panasonic
    [13/01/2008|02:06] C:\Program Files\Prassi PrimoDVD 2.0 (French)
    [05/07/2008|22:19] C:\Program Files\QuickTime
    [19/02/2008|16:57] C:\Program Files\QuickTime(2)
    [13/01/2008|01:31] C:\Program Files\SBApps
    [13/01/2008|17:33] C:\Program Files\Screensaver Wonder 4
    [13/01/2008|01:04] C:\Program Files\Services en ligne
    [26/06/2008|19:32] C:\Program Files\SimTractor 3.5
    [14/08/2008|13:44] C:\Program Files\SimTractor 4.0
    [13/01/2008|01:27] C:\Program Files\Surfairy
    [13/01/2008|11:06] C:\Program Files\TELE2
    [21/09/2008|00:28] C:\Program Files\Trend Micro
    [18/02/2008|22:36] C:\Program Files\Uninstall Information
    [13/01/2008|17:35] C:\Program Files\VideoLAN
    [16/04/2008|20:11] C:\Program Files\VirginMega
    [17/04/2008|11:02] C:\Program Files\Windows Live
    [19/09/2008|21:32] C:\Program Files\Windows Media Connect 2
    [15/04/2008|23:12] C:\Program Files\Windows Media Player
    [16/01/2008|00:16] C:\Program Files\Windows Messaging
    [20/02/2008|20:57] C:\Program Files\Windows NT
    [13/01/2008|14:49] C:\Program Files\WindowsUpdate
    [13/01/2008|01:08] C:\Program Files\xerox
    [15/08/2008|09:59] C:\Program Files\YesMessenger

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [12/02/2008|20:29] C:\Program Files\Fichiers communs\Adobe
    [15/08/2008|13:11] C:\Program Files\Fichiers communs\Ahead
    [05/07/2008|22:15] C:\Program Files\Fichiers communs\Apple
    [13/01/2008|01:29] C:\Program Files\Fichiers communs\Designer
    [14/08/2008|13:40] C:\Program Files\Fichiers communs\Elecard
    [20/02/2008|15:52] C:\Program Files\Fichiers communs\InstallShield
    [20/01/2008|16:51] C:\Program Files\Fichiers communs\LightScribe
    [13/01/2008|01:19] C:\Program Files\Fichiers communs\Logitech
    [13/01/2008|12:24] C:\Program Files\Fichiers communs\MGI Shared
    [15/04/2008|18:45] C:\Program Files\Fichiers communs\Microsoft Shared
    [13/01/2008|01:05] C:\Program Files\Fichiers communs\MSSoap
    [13/01/2008|01:00] C:\Program Files\Fichiers communs\ODBC
    [19/02/2008|16:10] C:\Program Files\Fichiers communs\Services
    [14/08/2008|13:40] C:\Program Files\Fichiers communs\Solveig Multimedia
    [13/01/2008|01:00] C:\Program Files\Fichiers communs\SpeechEngines
    [16/03/2008|03:36] C:\Program Files\Fichiers communs\System
    [04/08/2008|15:38] C:\Program Files\Fichiers communs\Teknum Systems
    [15/04/2008|18:44] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    --------------------\\ Process

    ( 48 Processes )

    iexplore.exe ~ [PID:176]

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\aim rect help creative
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\aim rect help creative\GRID PART.exe
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\aim rect help creative\HOLD HIDE.exe
    C:\DOCUME~1\ALAIN\APPLIC~1\option~1
    C:\DOCUME~1\ALAIN\APPLIC~1\option~1\2 Bin Flag.exe
    C:\DOCUME~1\Carina\APPLIC~1\option~1
    C:\DOCUME~1\Carina\APPLIC~1\option~1\2 Bin Flag.exe
    C:\DOCUME~1\Carina\APPLIC~1\option~1\fsbyknji.exe
    C:\DOCUME~1\Carina\APPLIC~1\option~1\Funk itch play.exe
    C:\DOCUME~1\Carina\APPLIC~1\option~1\gkgbssat.exe
    C:\DOCUME~1\Carina\APPLIC~1\option~1\lpjgzksa.exe
    C:\DOCUME~1\Carina\APPLIC~1\option~1\MPEGVGAOKAYCURB.exe
    C:\DOCUME~1\Romain\APPLIC~1\option~1
    C:\DOCUME~1\Romain\APPLIC~1\option~1\2 Bin Flag.exe
    C:\DOCUME~1\Romain\APPLIC~1\option~1\Funk itch play.exe
    C:\DOCUME~1\Romain\APPLIC~1\option~1\MPEGVGAOKAYCURB.exe
    C:\DOCUME~1\Romain\APPLIC~1\option~1\txghbxui.exe
    C:\DOCUME~1\Carina\Cookies\carina@advertstream[2].txt
    C:\DOCUME~1\Carina\Cookies\carina@orbitdownloader[1].txt
    C:\DOCUME~1\Carina\Cookies\carina@search.orbitdownloader[1].txt
    C:\DOCUME~1\Carina\Cookies\carina@www.orbitdownloader[1].txt
    C:\DOCUME~1\Carina\Cookies\carina@banner.casinoking[2].txt
    C:\DOCUME~1\Carina\Cookies\carina@casinoking[1].txt
    C:\DOCUME~1\Carina\Cookies\carina@banner.cotedazurpalace[2].txt
    C:\DOCUME~1\Carina\Cookies\carina@cotedazurpalace[2].txt
    C:\DOCUME~1\Carina\Cookies\carina@adopt.euroclick[2].txt
    C:\DOCUME~1\Carina\Cookies\carina@pacificpoker[1].txt
    C:\DOCUME~1\Carina\Cookies\carina@partypoker[1].txt
    C:\DOCUME~1\Carina\Cookies\carina@32vegas[2].txt
    C:\DOCUME~1\Carina\Cookies\carina@banner.32vegas[2].txt
    C:\DOCUME~1\Carina\Cookies\carina@blogs.lasvegasmagazine[2].txt
    C:\WINDOWS\Tasks\AB58F4AF91876BCB.job
    C:\WINDOWS\Tasks\AE9B38C79188A93B.job

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ford keep"="C:\\DOCUME~1\\Carina\\APPLIC~1\\OPTION~1\\2 Bin Flag.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Help Creative Meow City"="C:\\Documents and Settings\\All Users\\Application Data\\aim rect help creative\\GRID PART.exe"

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-21 16:25:44
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:3409][D:104]-> C:\DOCUME~1\Carina\LOCALS~1\Temp
    [F:811][D:0]-> C:\DOCUME~1\Carina\Cookies
    [F:6810][D:22]-> C:\DOCUME~1\Carina\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 21/09/2008|16:28 - Option : [1]

    --------------------\\ Fin du rapport a 16:28:03
    0
    1. guillaume
       
      Re

      ---> Relance Lop S&D
      ---> Choisis cette fois-ci l'option 2 (Suppression)
      ---> Ne ferme pas la fenêtre lors de la suppression !
      ---> Poste le rapport généré (C:\lopR.txt)

      (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
      0
  15. Carina
     
    C'est fait :
    --------------------\\ Lop S&D 4.2.4-4 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) Processor )
    BIOS : Default System BIOS
    USER : Carina ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 080920-0] 4.8.1229 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total : 35 Go Free : 15 Go
    D:\ (Local Disk) - NTFS - Total : 74 Go Free : 58 Go
    Q:\ (CD or DVD)
    R:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
    Option : [2] ( 21/09/2008|16:35 )

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\aim rect help creative\GRID PART.exe
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\aim rect help creative\HOLD HIDE.exe
    Supprime! - C:\DOCUME~1\ALAIN\APPLIC~1\option~1\2 Bin Flag.exe
    Supprime! - C:\DOCUME~1\Carina\APPLIC~1\option~1\2 Bin Flag.exe
    Supprime! - C:\DOCUME~1\Carina\APPLIC~1\option~1\fsbyknji.exe
    Supprime! - C:\DOCUME~1\Carina\APPLIC~1\option~1\Funk itch play.exe
    Supprime! - C:\DOCUME~1\Carina\APPLIC~1\option~1\gkgbssat.exe
    Supprime! - C:\DOCUME~1\Carina\APPLIC~1\option~1\lpjgzksa.exe
    Supprime! - C:\DOCUME~1\Carina\APPLIC~1\option~1\MPEGVGAOKAYCURB.exe
    Supprime! - C:\DOCUME~1\Romain\APPLIC~1\option~1\2 Bin Flag.exe
    Supprime! - C:\DOCUME~1\Romain\APPLIC~1\option~1\Funk itch play.exe
    Supprime! - C:\DOCUME~1\Romain\APPLIC~1\option~1\MPEGVGAOKAYCURB.exe
    Supprime! - C:\DOCUME~1\Romain\APPLIC~1\option~1\txghbxui.exe
    Supprime! - C:\DOCUME~1\Carina\Cookies\carina@advertstream[2].txt
    Supprime! - C:\DOCUME~1\Carina\Cookies\carina@orbitdownloader[1].txt
    Supprime! - C:\DOCUME~1\Carina\Cookies\carina@search.orbitdownloader[1].txt
    Supprime! - C:\DOCUME~1\Carina\Cookies\carina@www.orbitdownloader[1].txt
    Supprime! - C:\DOCUME~1\Carina\Cookies\carina@banner.casinoking[2].txt
    Supprime! - C:\DOCUME~1\Carina\Cookies\carina@casinoking[1].txt
    Supprime! - C:\DOCUME~1\Carina\Cookies\carina@banner.cotedazurpalace[2].txt
    Supprime! - C:\DOCUME~1\Carina\Cookies\carina@cotedazurpalace[2].txt
    Supprime! - C:\DOCUME~1\Carina\Cookies\carina@adopt.euroclick[2].txt
    Supprime! - C:\DOCUME~1\Carina\Cookies\carina@pacificpoker[1].txt
    Supprime! - C:\DOCUME~1\Carina\Cookies\carina@partypoker[1].txt
    Supprime! - C:\DOCUME~1\Carina\Cookies\carina@32vegas[2].txt
    Supprime! - C:\DOCUME~1\Carina\Cookies\carina@banner.32vegas[2].txt
    Supprime! - C:\DOCUME~1\Carina\Cookies\carina@blogs.lasvegasmagazine[2].txt
    Supprime! - C:\WINDOWS\Tasks\AB58F4AF91876BCB.job
    Supprime! - C:\WINDOWS\Tasks\AE9B38C79188A93B.job
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\aim rect help creative
    Supprime! - C:\DOCUME~1\ALAIN\APPLIC~1\option~1
    Supprime! - C:\DOCUME~1\Carina\APPLIC~1\option~1
    Supprime! - C:\DOCUME~1\Romain\APPLIC~1\option~1

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing des dossiers dans APPLIC~1

    [13/01/2008|01:32] C:\DOCUME~1\ALAIN\APPLIC~1\Adobe
    [22/02/2008|00:05] C:\DOCUME~1\ALAIN\APPLIC~1\AdobeUM
    [24/02/2008|20:31] C:\DOCUME~1\ALAIN\APPLIC~1\ArcSoft
    [13/01/2008|14:26] C:\DOCUME~1\ALAIN\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
    [16/01/2008|00:07] C:\DOCUME~1\ALAIN\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
    [13/01/2008|01:12] C:\DOCUME~1\ALAIN\APPLIC~1\Identities
    [13/01/2008|01:32] C:\DOCUME~1\ALAIN\APPLIC~1\InterTrust
    [13/01/2008|10:57] C:\DOCUME~1\ALAIN\APPLIC~1\Macromedia
    [07/09/2008|17:16] C:\DOCUME~1\ALAIN\APPLIC~1\Microsoft

    [28/06/2008|17:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [14/08/2008|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [19/02/2008|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Alexandra Ledermann 8
    [05/07/2008|22:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [05/07/2008|22:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [16/04/2008|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
    [21/09/2008|10:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [15/01/2008|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [15/04/2008|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [19/02/2008|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
    [15/08/2008|13:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    [14/08/2008|13:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero(2)
    [13/01/2008|01:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [26/04/2008|16:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
    [20/02/2008|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [15/04/2008|18:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [13/02/2008|15:06] C:\DOCUME~1\Carina\APPLIC~1\Adobe
    [28/06/2008|17:16] C:\DOCUME~1\Carina\APPLIC~1\AdobeUM
    [22/07/2008|20:08] C:\DOCUME~1\Carina\APPLIC~1\Ahead
    [05/07/2008|22:22] C:\DOCUME~1\Carina\APPLIC~1\Apple Computer
    [20/02/2008|16:00] C:\DOCUME~1\Carina\APPLIC~1\ArcSoft
    [14/08/2008|13:44] C:\DOCUME~1\Carina\APPLIC~1\Creative
    [13/01/2008|11:39] C:\DOCUME~1\Carina\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
    [06/04/2008|15:10] C:\DOCUME~1\Carina\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
    [14/08/2008|18:47] C:\DOCUME~1\Carina\APPLIC~1\GrabPro
    [20/02/2008|16:58] C:\DOCUME~1\Carina\APPLIC~1\Help
    [13/01/2008|01:12] C:\DOCUME~1\Carina\APPLIC~1\Identities
    [19/02/2008|18:40] C:\DOCUME~1\Carina\APPLIC~1\InstallShield
    [13/01/2008|01:32] C:\DOCUME~1\Carina\APPLIC~1\InterTrust
    [16/04/2008|20:23] C:\DOCUME~1\Carina\APPLIC~1\Macromedia
    [21/09/2008|10:35] C:\DOCUME~1\Carina\APPLIC~1\Malwarebytes
    [13/01/2008|12:24] C:\DOCUME~1\Carina\APPLIC~1\MGI
    [15/04/2008|18:39] C:\DOCUME~1\Carina\APPLIC~1\Microsoft
    [19/02/2008|17:46] C:\DOCUME~1\Carina\APPLIC~1\MSN6
    [17/07/2008|14:51] C:\DOCUME~1\Carina\APPLIC~1\OpenOffice.org2
    [14/08/2008|18:55] C:\DOCUME~1\Carina\APPLIC~1\Orbit
    [20/02/2008|16:01] C:\DOCUME~1\Carina\APPLIC~1\Panasonic
    [20/02/2008|20:06] C:\DOCUME~1\Carina\APPLIC~1\SecuROM
    [13/01/2008|17:47] C:\DOCUME~1\Carina\APPLIC~1\vlc
    [15/04/2008|19:26] C:\DOCUME~1\Carina\APPLIC~1\Windows Live Writer
    [16/04/2008|19:12] C:\DOCUME~1\Carina\APPLIC~1\WinRAR

    [13/01/2008|01:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
    [13/01/2008|01:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [13/01/2008|01:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
    [13/01/2008|01:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [29/05/2008|22:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
    [13/01/2008|01:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [13/01/2008|01:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [13/01/2008|01:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
    [13/01/2008|01:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
    [13/01/2008|01:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\InterTrust
    [13/01/2008|01:00] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft

    [14/02/2008|18:44] C:\DOCUME~1\Romain\APPLIC~1\Adobe
    [17/02/2008|11:32] C:\DOCUME~1\Romain\APPLIC~1\AdobeUM
    [18/01/2008|18:18] C:\DOCUME~1\Romain\APPLIC~1\Ahead
    [27/07/2008|10:25] C:\DOCUME~1\Romain\APPLIC~1\Apple Computer
    [25/08/2008|19:11] C:\DOCUME~1\Romain\APPLIC~1\DivX
    [16/01/2008|00:42] C:\DOCUME~1\Romain\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
    [17/01/2008|19:11] C:\DOCUME~1\Romain\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
    [19/01/2008|11:08] C:\DOCUME~1\Romain\APPLIC~1\Help
    [13/01/2008|01:12] C:\DOCUME~1\Romain\APPLIC~1\Identities
    [13/01/2008|01:32] C:\DOCUME~1\Romain\APPLIC~1\InterTrust
    [17/01/2008|19:14] C:\DOCUME~1\Romain\APPLIC~1\Macromedia
    [25/08/2008|18:57] C:\DOCUME~1\Romain\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [21/09/2008 10:03][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [28/08/2001 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [28/06/2008|17:12] C:\Program Files\Adobe
    [13/01/2008|12:34] C:\Program Files\Alwil Software
    [05/07/2008|22:16] C:\Program Files\Apple Software Update
    [20/02/2008|15:49] C:\Program Files\ArcSoft
    [21/02/2008|17:35] C:\Program Files\ATI Technologies
    [13/01/2008|01:25] C:\Program Files\Audioneer
    [13/01/2008|01:23] C:\Program Files\BackWeb
    [13/01/2008|01:05] C:\Program Files\ComPlus Applications
    [13/01/2008|01:30] C:\Program Files\DesignPro 2000
    [19/02/2008|16:57] C:\Program Files\DivX
    [13/01/2008|11:02] C:\Program Files\D-Link
    [14/09/2008|16:20] C:\Program Files\EHMINSTALL
    [14/08/2008|13:11] C:\Program Files\Fichiers communs
    [13/01/2008|01:30] C:\Program Files\HandyBits
    [17/04/2008|10:35] C:\Program Files\Hewlett-Packard
    [14/08/2008|13:44] C:\Program Files\InstallShield Installation Information
    [14/08/2008|21:59] C:\Program Files\Internet Explorer
    [14/08/2008|22:03] C:\Program Files\Messenger
    [30/08/2008|09:04] C:\Program Files\Messenger Plus! Live
    [13/01/2008|12:24] C:\Program Files\MGI
    [26/04/2008|17:33] C:\Program Files\Micro Application
    [13/01/2008|01:08] C:\Program Files\microsoft frontpage
    [13/01/2008|11:49] C:\Program Files\Microsoft Games
    [13/01/2008|01:31] C:\Program Files\Microsoft Money
    [19/02/2008|16:55] C:\Program Files\Microsoft Office
    [15/04/2008|18:46] C:\Program Files\Microsoft SQL Server Compact Edition
    [13/01/2008|01:19] C:\Program Files\MouseWare
    [20/02/2008|21:01] C:\Program Files\Movie Maker
    [15/04/2008|18:54] C:\Program Files\MSN
    [13/01/2008|01:04] C:\Program Files\MSN Gaming Zone
    [21/09/2008|15:55] C:\Program Files\Navilog1
    [15/01/2008|17:23] C:\Program Files\Nero
    [20/02/2008|20:57] C:\Program Files\NetMeeting
    [16/04/2008|20:57] C:\Program Files\OpenOffice.org 2.1
    [16/03/2008|03:36] C:\Program Files\Outlook Express
    [20/02/2008|15:51] C:\Program Files\Panasonic
    [13/01/2008|02:06] C:\Program Files\Prassi PrimoDVD 2.0 (French)
    [05/07/2008|22:19] C:\Program Files\QuickTime
    [19/02/2008|16:57] C:\Program Files\QuickTime(2)
    [13/01/2008|01:31] C:\Program Files\SBApps
    [13/01/2008|17:33] C:\Program Files\Screensaver Wonder 4
    [13/01/2008|01:04] C:\Program Files\Services en ligne
    [26/06/2008|19:32] C:\Program Files\SimTractor 3.5
    [14/08/2008|13:44] C:\Program Files\SimTractor 4.0
    [13/01/2008|01:27] C:\Program Files\Surfairy
    [13/01/2008|11:06] C:\Program Files\TELE2
    [21/09/2008|00:28] C:\Program Files\Trend Micro
    [18/02/2008|22:36] C:\Program Files\Uninstall Information
    [13/01/2008|17:35] C:\Program Files\VideoLAN
    [16/04/2008|20:11] C:\Program Files\VirginMega
    [17/04/2008|11:02] C:\Program Files\Windows Live
    [19/09/2008|21:32] C:\Program Files\Windows Media Connect 2
    [15/04/2008|23:12] C:\Program Files\Windows Media Player
    [16/01/2008|00:16] C:\Program Files\Windows Messaging
    [20/02/2008|20:57] C:\Program Files\Windows NT
    [13/01/2008|14:49] C:\Program Files\WindowsUpdate
    [13/01/2008|01:08] C:\Program Files\xerox
    [15/08/2008|09:59] C:\Program Files\YesMessenger

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [12/02/2008|20:29] C:\Program Files\Fichiers communs\Adobe
    [15/08/2008|13:11] C:\Program Files\Fichiers communs\Ahead
    [05/07/2008|22:15] C:\Program Files\Fichiers communs\Apple
    [13/01/2008|01:29] C:\Program Files\Fichiers communs\Designer
    [14/08/2008|13:40] C:\Program Files\Fichiers communs\Elecard
    [20/02/2008|15:52] C:\Program Files\Fichiers communs\InstallShield
    [20/01/2008|16:51] C:\Program Files\Fichiers communs\LightScribe
    [13/01/2008|01:19] C:\Program Files\Fichiers communs\Logitech
    [13/01/2008|12:24] C:\Program Files\Fichiers communs\MGI Shared
    [15/04/2008|18:45] C:\Program Files\Fichiers communs\Microsoft Shared
    [13/01/2008|01:05] C:\Program Files\Fichiers communs\MSSoap
    [13/01/2008|01:00] C:\Program Files\Fichiers communs\ODBC
    [19/02/2008|16:10] C:\Program Files\Fichiers communs\Services
    [14/08/2008|13:40] C:\Program Files\Fichiers communs\Solveig Multimedia
    [13/01/2008|01:00] C:\Program Files\Fichiers communs\SpeechEngines
    [16/03/2008|03:36] C:\Program Files\Fichiers communs\System
    [04/08/2008|15:38] C:\Program Files\Fichiers communs\Teknum Systems
    [15/04/2008|18:44] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    --------------------\\ Process

    ( 46 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-21 16:37:19
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:3409][D:104]-> C:\DOCUME~1\Carina\LOCALS~1\Temp
    [F:797][D:0]-> C:\DOCUME~1\Carina\Cookies
    [F:6864][D:22]-> C:\DOCUME~1\Carina\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 21/09/2008|16:28 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 21/09/2008|16:39 - Option : [2]

    --------------------\\ Fin du rapport a 16:39:21
    0
    1. guillaume
       
      ça devient bon

      Installe ccleaner ici:https://www.malekal.com/tutoriel-ccleaner/
      Dans l'onglet "options"; "avancé"; décoche "effacer uniquement les fichiers de plus de 48 H"
      Lance l'analyse et ensuite le nettoyage


      Ensuite reposte un scan hijackhis
      0
  16. Carina
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:18:17, on 21/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Apps\ActivBoard\nhksrv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\atiptaxx.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Apps\ActivBoard\MMKeybd.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    C:\Apps\ActivBoard\TrayMon.exe
    C:\Apps\ActivBoard\OSD.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Planetis
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
    O4 - Global Startup: Hp psc 700 series.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    0
    1. guillaume
       
      re

      relance un scan et fixe ces lignes superflues:
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

      Tuto si necessaire ici:http://www.malekal.com/tutorial_HijackThis.ph

      Ton log est propre

      Change d'anti virus :lis ça:https://forum.malekal.com/viewtopic.php?f=45&t=3528

      Fait ceci:http://www.libellules.ch/desactiver_restauration.php
      0
  17. Carina
     
    Merci, pour les lignes c'est fait. Par-contre, pourquoi dois-je désactiver la restauration du système, c'est indispensable ?
    0
    1. guillaume
       
      Re

      Cela est indispensable pour recréer un point de restauration sain
      Lis bien ce qui est ecrit ;il s'agit tout simplement de supprimer tous les points antérieurs à l'infection et à recréer un point exempt de toutes infections .
      0
  18. Carina
     
    Non, non plus aucun problème : pas de pubs, mon ordi fonctionne à un rythme normal, il ne se bloque plus...
    Merci beaucoup pour ton aide !
    0